2024-08-06_b9a1feda4c934fc66ef95e2e694c903c_hijackloader_mafia_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-08-06_b9a1feda4c934fc66ef95e2e694c903c_hijackloader_mafia_magniber
Size

3.2MB
MD5

b9a1feda4c934fc66ef95e2e694c903c
SHA1

b35f43c29ed5c693b8b02df8c38e9a39949fdaa2
SHA256

962af150c127a2a7dd4c42618e7af772ac7867373115816c78a43e799c54f20a
SHA512

47f0737a4385d36787b4b1eaa1d1d2b9dd7dd50c52f7171e094cc5a182046261f73c2500f94d570b23293e8fa1aedd4406cf252e5f84c78d0424c9ff1e6f34fb
SSDEEP

49152:QXlX7UTC4Jb26xUwSsZwHl3y7/W2aOhMyHLZGv5/3ThNNl1HTd:QVX74pJb26S7sZw47/d6yrZi5

Score

1^/10

Malware Config

Signatures

Files

2024-08-06_b9a1feda4c934fc66ef95e2e694c903c_hijackloader_mafia_magniber
.exe windows:5 windows x86 arch:x86

54eb47a0aa69a976f2e79a6b1f21c9c6

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:95:54:98:df:cb:dc:e1:df:2f:9f:99:7a:65:a8:61
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

03-08-2021 00:00

Not After

02-08-2023 23:59

Subject

CN=SHENZHEN SHINETEK TECHNOLOGY CO.\,LTD,O=SHENZHEN SHINETEK TECHNOLOGY CO.\,LTD,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:85:68:1c:ec:10:11:fa:70:bd:b4:48:c4:ae:06:81:9c:a2:98:9e:15:7a:73:42:06:e3:1a:98:b9:44:47:f7
Signer

Actual PE Digest

2b:85:68:1c:ec:10:11:fa:70:bd:b4:48:c4:ae:06:81:9c:a2:98:9e:15:7a:73:42:06:e3:1a:98:b9:44:47:f7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Workspace\drive\180\京博汇\G652\project\G652 Sades Khanda-V6取消插拔键盘关闭驱动\Release\ShinetekTools.pdb

Imports

kernel32

LoadLibraryW
GetProcAddress
MulDiv
GetTickCount
InitializeCriticalSection
HeapCreate
HeapAlloc
HeapFree
HeapDestroy
DeleteCriticalSection
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
GetDriveTypeW
GetCurrentDirectoryW
PeekNamedPipe
GetFullPathNameA
DeleteFileA
GetFileAttributesA
CreateDirectoryA
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenA
GetFileSizeEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFileInformationByHandle
OutputDebugStringA
EnterCriticalSection
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
SetCurrentDirectoryW
GetModuleFileNameW
GetCurrentThreadId
SetEnvironmentVariableA
GetProcessHeap
SetEndOfFile
CreateFileA
FlushFileBuffers
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FatalAppExitA
FreeLibrary
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetStdHandle
IsProcessorFeaturePresent
WriteConsoleW
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
LCMapStringW
GetCPInfo
CompareStringW
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
HeapReAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
LocalFree
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
LockResource
LoadResource
SizeofResource
GetModuleHandleA
LoadLibraryA
GetModuleHandleW
GetVersionExA
GetLocalTime
GetVersionExW
IsBadReadPtr
GetFullPathNameW
FreeResource
SetLastError
FindFirstFileW
FindClose
GetTimeZoneInformation
CreateThread
Sleep
InterlockedIncrement
InterlockedDecrement
SetEvent
CreateEventW
ReadFile
CancelIo
GetOverlappedResult
WaitForMultipleObjects
ResetEvent
WriteFile
CreateFileW
GetLastError
CreateMutexA
OpenMutexA
CreateMutexW
OpenMutexW
ReleaseMutex
WaitForSingleObject
CloseHandle
FindResourceW

user32

AppendMenuW
CreatePopupMenu
SetMenuContextHelpId
InsertMenuW
GetSystemMetrics
SystemParametersInfoA
DrawTextW
CharLowerBuffW
MapVirtualKeyA
UpdateLayeredWindow
DeleteMenu
GetWindowPlacement
SetWindowsHookExW
IsMenu
DestroyMenu
TrackPopupMenu
SetMenuInfo
GetMenuInfo
GetKeyboardLayout
MapVirtualKeyExW
SetPropW
RemovePropW
ClientToScreen
DestroyWindow
ShowWindow
PostMessageW
keybd_event
MapVirtualKeyW
SystemParametersInfoW
LockWorkStation
OffsetRect
GetCursorPos
ScreenToClient
IsRectEmpty
PtInRect
GetWindow
GetDesktopWindow
IsWindow
GetPropW
IsIconic
IsWindowVisible
SetForegroundWindow
GetActiveWindow
InflateRect
CopyRect
CheckMenuItem
GetMenuItemCount
GetMenuItemInfoW
CallNextHookEx
LoadImageW
LoadBitmapW
EnableMenuItem
GetSysColor
UnhookWindowsHookEx
MessageBoxW
GetForegroundWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
CharNextW
GetIconInfo
GetKeyState
GetFocus
SetLayeredWindowAttributes
BeginPaint
EndPaint
GetClassNameW
TrackMouseEvent
AnimateWindow
IsZoomed
SetCaretPos
GetCaretBlinkTime
CreateCaret
HideCaret
GetCapture
ReleaseCapture
SetWindowTextW
SetFocus
SetCapture
ReleaseDC
GetDC
InvalidateRect
UpdateWindow
RegisterClassExW
CreateWindowExW
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
UnregisterClassW
SetWindowLongW
CallWindowProcW
DefWindowProcW
GetDlgItem
GetParent
IsWindowEnabled
EnableWindow
SetActiveWindow
PostQuitMessage
SetWindowPos
GetWindowLongW
LoadCursorW
DestroyCursor
DrawIconEx
SetCursor
UnionRect
IntersectRect
EqualRect
SetRect
DestroyIcon
KillTimer
RegisterWindowMessageW
SetTimer
RegisterDeviceNotificationW
wsprintfW
SendMessageW
LoadIconW
GetWindowThreadProcessId
CreateIconFromResource

gdi32

Rectangle
SetViewportOrgEx
StretchBlt
EnumFontsW
CreateSolidBrush
SetBkMode
GetStockObject
GetObjectW
CreateFontIndirectW
GetClipBox
GetDCOrgEx
CreateRoundRectRgn
CreateBitmap
CreateCompatibleDC
SelectObject
DeleteDC
GetDeviceCaps
SetGraphicsMode
DeleteObject
BitBlt
CreateDIBSection
GetRegionData
SelectClipRgn
ExtCreateRegion
IntersectClipRect
GetViewportOrgEx
GetCurrentObject
GetGlyphOutlineW
GetFontData
GetTextMetricsW
GetOutlineTextMetricsW
RemoveFontMemResourceEx
GetGlyphIndicesW
GdiFlush
ExtTextOutW
SetWorldTransform
SetTextColor
SetTextAlign
GetTextFaceW
GetFontUnicodeRanges
GetTextExtentPointI
GetCharABCWidthsW
EnumFontFamiliesExW
AddFontMemResourceEx
CreateCompatibleBitmap

shell32

ShellExecuteW
Shell_NotifyIconW

ole32

OleLockRunning
CLSIDFromString
CLSIDFromProgID
OleUninitialize
CreateBindCtx
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
CoCreateGuid
IIDFromString

oleaut32

CreateErrorInfo
SetErrorInfo
VariantInit
VariantClear
SysFreeString
VariantChangeType
GetErrorInfo
SysAllocString

shlwapi

StrToIntExW

hid

HidD_SetFeature
HidD_SetOutputReport
HidD_GetInputReport
HidD_GetAttributes
HidD_GetPreparsedData
HidP_GetCaps
HidD_FreePreparsedData
HidD_GetSerialNumberString
HidD_GetManufacturerString
HidD_GetProductString
HidD_GetFeature

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList

imm32

ImmIsIME
ImmReleaseContext
ImmAssociateContext
ImmGetContext

gdiplus

GdiplusShutdown
GdipDrawImageRectI
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCloneImage
GdipCreateBitmapFromFile
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusStartup
GdipCreateBitmapFromFileICM

usp10

ScriptShape
ScriptItemize
ScriptFreeCache

opengl32

wglGetCurrentContext
wglGetProcAddress

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 585KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54eb47a0aa69a976f2e79a6b1f21c9c6

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:95:54:98:df:cb:dc:e1:df:2f:9f:99:7a:65:a8:61Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

2b:85:68:1c:ec:10:11:fa:70:bd:b4:48:c4:ae:06:81:9c:a2:98:9e:15:7a:73:42:06:e3:1a:98:b9:44:47:f7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

hid

setupapi

imm32

gdiplus

usp10

opengl32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 585KB - Virtual size: 584KB

.data Size: 67KB - Virtual size: 162KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 123KB - Virtual size: 123KB

.reloc Size: 147KB - Virtual size: 147KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:95:54:98:df:cb:dc:e1:df:2f:9f:99:7a:65:a8:61
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

2b:85:68:1c:ec:10:11:fa:70:bd:b4:48:c4:ae:06:81:9c:a2:98:9e:15:7a:73:42:06:e3:1a:98:b9:44:47:f7
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 585KB - Virtual size: 584KB

.data
Size: 67KB - Virtual size: 162KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 123KB - Virtual size: 123KB

.reloc
Size: 147KB - Virtual size: 147KB