2024-08-28_cda037a7d99f981ab7f36d5a02d121eb_hijackloader_mafia_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-28_cda037a7d99f981ab7f36d5a02d121eb_hijackloader_mafia_revil
Size

58.7MB
MD5

cda037a7d99f981ab7f36d5a02d121eb
SHA1

4b38e813c52584af2e0af08adeedb875e23bf460
SHA256

0de4140035ba13b0fc31d8d344dbbf3ebfd11e5cc65e21f2e47cba5e97191bc0
SHA512

b47cd8d94cf53392923d9f376a2aa24c5da19f3680dac36a3962d8372b01ce3e25d368a55c05ac3c1a59411f6cf7465bd0de8bdfff59b996898c2bd0d571d3fd
SSDEEP

1572864:qEsiW3RB5wGmJy+OZAxFE5l2aOlZK8hVsz9x7Lg2CR+f:oBaif5l2aMs1Iqf

Score

1^/10

Malware Config

Signatures

Files

2024-08-28_cda037a7d99f981ab7f36d5a02d121eb_hijackloader_mafia_revil
.exe windows:5 windows x86 arch:x86

ac0316d45eb5028e97b7632075b0676e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:44:53:70:9c:84:72:5b:99:03:71:85:6b:0e:50:e0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/10/2021, 00:00

Not After

23/10/2024, 23:59

Subject

SERIALNUMBER=91330000788831167A,CN=NetEase (Hangzhou) Network Co.\, Ltd,O=NetEase (Hangzhou) Network Co.\, Ltd,L=杭州市,ST=浙江省,C=CN,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b599e6b19fe79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dc:03:72:6e:f6:0a:fb:80:e1:ee:0e:82:71:e0:86:58:9c:b5:eb:e6:76:a1:f9:a9:fb:c0:6c:97:cf:4c:ad:7c
Signer

Actual PE Digest

dc:03:72:6e:f6:0a:fb:80:e1:ee:0e:82:71:e0:86:58:9c:b5:eb:e6:76:a1:f9:a9:fb:c0:6c:97:cf:4c:ad:7c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\jobs\CLIENT_CHAN_BACKUP\workspace\uuclient\install\install.pdb

Imports

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

SetLastError
GetEnvironmentVariableW
GetVersion
GetFileAttributesA
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
SetEvent
WaitForMultipleObjects
TerminateThread
SetThreadPriority
GetCurrentThreadId
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
QueryPerformanceCounter
GetSystemTimeAsFileTime
FileTimeToSystemTime
QueryPerformanceFrequency
FileTimeToLocalFileTime
HeapCreate
IsValidCodePage
GetOEMCP
GetLocaleInfoW
GetSystemDirectoryW
IsProcessorFeaturePresent
HeapSize
IsDebuggerPresent
FreeEnvironmentStringsW
UnhandledExceptionFilter
LCMapStringW
SleepEx
GetCPInfo
GetFileInformationByHandle
GetModuleHandleExW
FindFirstFileExA
GetDriveTypeA
SetConsoleCtrlHandler
GetConsoleCP
HeapReAlloc
HeapAlloc
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapFree
ExitThread
DecodePointer
EncodePointer
InterlockedDecrement
InterlockedIncrement
RaiseException
GetEnvironmentStringsW
CreateThread
SetHandleCount
PeekNamedPipe
GetStringTypeW
WriteConsoleW
ExpandEnvironmentStringsA
SetStdHandle
GetFullPathNameA
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
FormatMessageA
IsValidLocale
SetEndOfFile
InterlockedExchangeAdd
DeleteFiber
InterlockedExchange
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
GlobalAlloc
GetFileSizeEx
GlobalLock
GlobalUnlock
GetLocalTime
GetFileSize
SetFileTime
DosDateTimeToFileTime
SystemTimeToFileTime
ConvertFiberToThread
ReadFile
CreateFileW
DuplicateHandle
GetFileType
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SetFilePointer
FormatMessageW
LocalFree
GetACP
ExitProcess
GetCurrentDirectoryW
GetCurrentProcessId
LoadLibraryW
FreeLibrary
GetDiskFreeSpaceExW
OpenMutexW
CreateMutexW
WriteFile
CreateFileA
GetFileAttributesW
CreateProcessW
GetStdHandle
GetVersionExW
GetModuleFileNameW
MulDiv
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
VerifyVersionInfoW
VerSetConditionMask
OutputDebugStringW
TerminateProcess
Sleep
Process32NextW
OpenProcess
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
FindClose
FindNextFileW
FindFirstFileW
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetTickCount
MoveFileExW
CopyFileW
SetEnvironmentVariableA
WinExec
GetExitCodeProcess
ResetEvent
InitializeCriticalSection
CreateEventW
WaitForSingleObject
GetProcAddress
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetLastError
GetModuleHandleW
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
GetProcessHeap
GetDriveTypeW
GetTimeZoneInformation
CompareStringW
SetUnhandledExceptionFilter

ws2_32

ioctlsocket
bind
htons
WSAGetLastError
WSASetEvent
recv
send
WSASetLastError
__WSAFDIsSet
select
socket
WSACleanup
WSAStartup
WSAIoctl
setsockopt
getsockname
ntohs
getsockopt
getpeername
connect
sendto
recvfrom
closesocket
gethostname
ntohl
htonl
getaddrinfo
freeaddrinfo
listen
accept

wldap32

ord46
ord41
ord27
ord301
ord216
ord79
ord142
ord127
ord147
ord133
ord26
ord208
ord145
ord73
ord167
ord219
ord14
ord118

crypt32

CertEnumCertificatesInStore
CertOpenStore
CryptStringToBinaryW
CertCloseStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CryptQueryObject
CertGetNameStringW
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertGetCertificateChain
CertCreateCertificateChainEngine
CertFindCertificateInStore

user32

SetWindowTextW
CloseWindow
GetUserObjectInformationW
GetProcessWindowStation
MsgWaitForMultipleObjectsEx
PeekMessageW
CallMsgFilterW
GetQueueStatus
WaitMessage
UnregisterClassW
FillRect
IntersectRect
MoveWindow
GetWindowRgn
CharNextW
wvsprintfW
SetCursor
OffsetRect
MessageBoxW
SetWindowRgn
GetClassInfoExW
RegisterClassExW
LoadCursorW
RegisterClassW
SetPropW
GetPropW
CallWindowProcW
MonitorFromWindow
EnableWindow
DefWindowProcW
GetMessageW
TranslateMessage
DispatchMessageW
GetWindowTextLengthW
GetWindow
BeginPaint
IsRectEmpty
UpdateLayeredWindow
EndPaint
GetUpdateRect
MapWindowPoints
CreateWindowExW
SetFocus
GetFocus
DestroyWindow
LoadStringW
SetWindowPos
PostMessageW
ReleaseCapture
SetCapture
InvalidateRect
GetWindowLongW
SetWindowLongW
GetDC
IsWindow
PostQuitMessage
KillTimer
SetTimer
PtInRect
LoadImageW
SendMessageW
IsZoomed
GetClientRect
ScreenToClient
ReleaseDC
EnumDisplaySettingsW
GetMonitorInfoW
EnumDisplayMonitors
GetCursorPos
GetKeyState
GetWindowRect
IsIconic
InvalidateRgn
GetCaretPos
CreateAcceleratorTableW
GetWindowTextW
GetSysColor
SetCaretPos
ShowWindow
ShowCaret
HideCaret
CreateCaret
ClientToScreen
SetRect
CharPrevW
GetParent
DrawTextW

gdi32

CreateRectRgnIndirect
ExtSelectClipRgn
SelectClipRgn
CreateRectRgn
PtInRegion
CreateRoundRectRgn
CreateCompatibleDC
CreateDIBSection
SaveDC
BitBlt
RestoreDC
GetClipBox
SetWindowOrgEx
DeleteDC
CreatePen
GetTextMetricsW
GetTextExtentPoint32W
CombineRgn
GetObjectW
GetStockObject
DeleteObject
SelectObject
CreateFontIndirectW
CreateDCW
StretchBlt
SetStretchBltMode
ExtTextOutW
SetBkColor
CreateSolidBrush
LineTo
GetDeviceCaps
MoveToEx
GetObjectA
GetCharABCWidthsW
TextOutW
SetBkMode
SetTextColor
RoundRect
Rectangle
CreatePenIndirect

advapi32

RegCloseKey
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptSetHashParam
CryptSignHashW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptDestroyKey
CryptEnumProvidersW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
DeleteService
ControlService
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW

shell32

ShellExecuteW
SHGetFolderPathW
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
SHGetSpecialFolderLocation

ole32

CoInitialize
OleLockRunning
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString

shlwapi

PathFileExistsW

gdiplus

GdipSetStringFormatAlign
GdipCreateLineBrushI
GdipSetStringFormatLineAlign
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdipFree
GdipDeleteBrush
GdiplusShutdown
GdipCreateFromHDC
GdipCloneImage
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipSetImageAttributesColorMatrix
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipFillPath
GdipDrawPath
GdipSetSmoothingMode
GdipReleaseDC
GdipAddPathCurveI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdiplusStartup
GdipSetTextRenderingHint

msimg32

AlphaBlend

comctl32

_TrackMouseEvent
ord17

imm32

ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext

winmm

timeGetTime

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56.2MB - Virtual size: 56.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac0316d45eb5028e97b7632075b0676e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:44:53:70:9c:84:72:5b:99:03:71:85:6b:0e:50:e0Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

dc:03:72:6e:f6:0a:fb:80:e1:ee:0e:82:71:e0:86:58:9c:b5:eb:e6:76:a1:f9:a9:fb:c0:6c:97:cf:4c:ad:7cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

version

kernel32

ws2_32

wldap32

crypt32

user32

gdi32

advapi32

shell32

ole32

shlwapi

gdiplus

msimg32

comctl32

imm32

winmm

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 500KB - Virtual size: 499KB

.data Size: 21KB - Virtual size: 49KB

.rsrc Size: 56.2MB - Virtual size: 56.2MB

.reloc Size: 240KB - Virtual size: 239KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:44:53:70:9c:84:72:5b:99:03:71:85:6b:0e:50:e0
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

dc:03:72:6e:f6:0a:fb:80:e1:ee:0e:82:71:e0:86:58:9c:b5:eb:e6:76:a1:f9:a9:fb:c0:6c:97:cf:4c:ad:7c
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 500KB - Virtual size: 499KB

.data
Size: 21KB - Virtual size: 49KB

.rsrc
Size: 56.2MB - Virtual size: 56.2MB

.reloc
Size: 240KB - Virtual size: 239KB