Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
f8a0e27af4b7dccf34efacd67fa9ad7857233e47f9742764bcc09f89bde84424.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
f8a0e27af4b7dccf34efacd67fa9ad7857233e47f9742764bcc09f89bde84424.exe
Resource
win10v2004-20240802-en
Target
f8a0e27af4b7dccf34efacd67fa9ad7857233e47f9742764bcc09f89bde84424.exe
Size
1006KB
MD5
3b28e3d07c4dd156f221c72f4f2b53ea
SHA1
c9f2ecb67b7ef1910af459d44386882d9238d72f
SHA256
f8a0e27af4b7dccf34efacd67fa9ad7857233e47f9742764bcc09f89bde84424
SHA512
2e363e989868342043553f80a346fa82fe01cb4988111a037172fa8e031ed82951b7beb49a28f53617ec307b204eafc75d0d1c16296f5b026d4c00a04a2df4db
SSDEEP
24576:fxj1COA6fYrK4O7+FZTYPhFrjuDl+QlclC:x1COZfT4O4ZTYX6Plc
resource | yara_rule |
---|---|
sample | family_hijackloader |
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
docsvw32.pdb
UrlCreateFromPathW
PathFindFileNameW
SHCreateStreamOnFileW
CreateAsyncBindCtx
RegisterBindStatusCallback
IsValidURL
CreateURLMoniker
FindMimeFromData
GetClassFileOrMime
CoInternetCreateSecurityManager
OpenProcess
QueryFullProcessImageNameW
GetCurrentThreadId
FreeLibrary
LoadLibraryW
MulDiv
GetTickCount
OpenEventW
WaitForSingleObject
SetEvent
CreateFileW
CreateEventW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalLock
GlobalUnlock
SetDllDirectoryW
ResetEvent
GetLastError
ReadFile
GetPrivateProfileStringW
TerminateProcess
OutputDebugStringW
WriteFile
DeleteFileW
Sleep
lstrlenW
GetFileAttributesW
CopyFileExW
FindFirstFileExW
FindClose
GetShortPathNameW
SetFileAttributesW
GetModuleFileNameW
GetTempPathW
GetSystemTime
FindNextFileW
SetFilePointerEx
FlushFileBuffers
GetCurrentProcessId
LoadLibraryExW
MultiByteToWideChar
WideCharToMultiByte
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentVariableW
RaiseException
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
ExitProcess
HeapFree
TlsSetValue
HeapAlloc
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetProcAddress
GetModuleHandleW
CloseHandle
SetLastError
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
HeapSize
HeapReAlloc
GetConsoleOutputCP
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
GetEnvironmentStringsW
GetConsoleMode
DecodePointer
GetCurrentProcess
WriteConsoleW
SetTimer
GetMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
PeekMessageW
SetWindowsHookExW
UnhookWindowsHookEx
RegisterClassExW
PostQuitMessage
SystemParametersInfoW
UpdateLayeredWindow
PostMessageW
SetWindowPos
SendMessageW
MoveWindow
DefWindowProcW
EndPaint
GetSysColorBrush
SetFocus
BeginPaint
SetWindowLongW
CreateWindowExW
UnregisterClassW
RegisterClassW
LoadCursorW
ReleaseDC
GetDC
DestroyWindow
CreateAcceleratorTableW
SetRectEmpty
DestroyAcceleratorTable
GetClientRect
GetWindowRect
GetWindowLongW
GetFocus
IsChild
GetCursorPos
WindowFromPoint
IsWindowEnabled
IsWindowVisible
IsWindow
GetWindow
GetWindowThreadProcessId
GetParent
CopyRect
ShowWindow
RedrawWindow
LoadImageW
FillRect
GetSysColor
CreateCompatibleDC
SetLayout
DeleteDC
SelectObject
GetObjectW
CreateDIBSection
GetDeviceCaps
DeleteObject
RegGetValueW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SHGetDesktopFolder
GetCurrentProcessExplicitAppUserModelID
CoFreeLibrary
CoLoadLibrary
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID
CLSIDFromString
OleUninitialize
CoDisconnectObject
CoReleaseMarshalData
OleLockRunning
CoMarshalInterface
CreateStreamOnHGlobal
OleInitialize
CoRegisterMessageFilter
CoUninitialize
CoInitialize
CoGetMalloc
CreateBindCtx
CreateFileMoniker
OleDestroyMenuDescriptor
CoCreateInstance
OleRun
GetClassFile
OleGetAutoConvert
GetHGlobalFromStream
VariantInit
VariantClear
SysFreeString
SysAllocString
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ