2024-09-12_e4e579981ec2bf30aa9ba00b1b345a9c_hijackloader_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-12_e4e579981ec2bf30aa9ba00b1b345a9c_hijackloader_magniber
Size

1.6MB
MD5

e4e579981ec2bf30aa9ba00b1b345a9c
SHA1

d33bc753149f03942781304dbe2801098275f447
SHA256

17a5b885bae391f8549d961732a970a33bc2196b38f65c4d8502e204932a6e6a
SHA512

be331d425fda66cb8af2146fcb2a5051b6636d1fb86034673d239b90aa3e86878ab22fc3e831918f25fbeef93c748dc4537e929a7a9768cfe9e305c91b87f29e
SSDEEP

49152:6aW/lvd3F97bEvZkT301FoxFhUL2tO1ZIc:6aW/lvpEvZkT38FrHd

Score

1^/10

Malware Config

Signatures

Files

2024-09-12_e4e579981ec2bf30aa9ba00b1b345a9c_hijackloader_magniber
.exe windows:6 windows x86 arch:x86

a659cf2e9b8d730f788b7c89ed918d61

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:07:8e:70:ea:ee:48:ff:eb:95:76:bd:d4:00:be:98
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/05/2024, 00:00

Not After

20/05/2027, 23:59

Subject

SERIALNUMBER=91510100394487762T,CN=成都奇鲁科技有限公司,O=成都奇鲁科技有限公司,L=成都市,ST=四川省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c21e68890e983bde9ab98e696b0e68a80e69cafe4baa7e4b89ae5bc80e58f91e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e59b9be5b79de79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:9b:28:59:3a:29:ac:bf:e0:ac:89:28:a0:fc:67:63:91:07:4e:60:2b:37:39:1a:7a:3c:52:ad:70:cf:84:ad
Signer

Actual PE Digest

09:9b:28:59:3a:29:ac:bf:e0:ac:89:28:a0:fc:67:63:91:07:4e:60:2b:37:39:1a:7a:3c:52:ad:70:cf:84:ad

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\MGame\Ultra Uninstaller\Uninstaller_inst_uninst\Uinst\uninst_exe.pdb

Imports

kernel32

CompareFileTime
FindFirstChangeNotificationW
FindCloseChangeNotification
SetFileTime
GetTempFileNameW
GetShortPathNameW
CreateDirectoryW
SearchPathW
GetFileInformationByHandle
RtlCaptureStackBackTrace
lstrcmpiW
LoadLibraryExW
GetSystemDirectoryW
Sleep
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
VerifyVersionInfoW
SetLastError
VerSetConditionMask
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
WriteConsoleW
SetEndOfFile
ReadConsoleW
GetStringTypeW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetModuleHandleW
FreeLibrary
FindResourceExW
DeleteFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
OpenProcess
GetCurrentProcessId
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLongPathNameW
GetLastError
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
ExitProcess
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwind
WaitForMultipleObjectsEx
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
HeapDestroy
CloseHandle
SetFilePointer
ReleaseSemaphore
DuplicateHandle
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetFileAttributesExW
CreateFileW
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
InitializeCriticalSectionEx
WaitForSingleObject
CreateProcessW
GetStartupInfoW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLogicalDriveStringsW
QueryDosDeviceW
ReadFile
RemoveDirectoryW
SetFileAttributesW
GetTickCount
MoveFileExW
GetFileSizeEx
GetLocalTime
OutputDebugStringA
OutputDebugStringW
GetCurrentProcess
lstrcpynW
SetEvent
GetEnvironmentVariableW
GetVersionExW
GetWindowsDirectoryW
MoveFileW
CreateFileA
DeleteFileA
WriteFile
GetTempPathA
GetTempFileNameA
TerminateProcess
GetExitCodeProcess
CreateEventW
WaitForMultipleObjects
LocalAlloc
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
TryEnterCriticalSection
FormatMessageW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedCompareExchange
FreeResource
GetSystemWindowsDirectoryW
DeviceIoControl
lstrcmpA
lstrcmpiA
WaitForSingleObjectEx
SignalObjectAndWait
CreateThread
SetThreadPriority
ResetEvent

user32

TranslateMessage
GetMessageW
GetClassInfoExW
RegisterClassExW
IsDialogMessageW
SendMessageTimeoutW
CopyRect
RegisterWindowMessageW
SendNotifyMessageW
FindWindowW
OffsetRect
UnionRect
EqualRect
DrawFocusRect
DestroyCursor
MoveWindow
UnregisterClassA
PeekMessageW
EndDialog
GetMonitorInfoW
MonitorFromWindow
LoadImageW
LoadCursorW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
MapWindowPoints
ScreenToClient
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
GetSystemMetrics
ReleaseCapture
DispatchMessageW
GetAsyncKeyState
GetActiveWindow
DialogBoxParamW
IsIconic
CharNextW
SetCursor
PtInRect
SendMessageW
DestroyWindow
DefWindowProcW
SetCapture
PostQuitMessage
CallWindowProcW
UnregisterClassW
CreateWindowExW
IsWindow
ShowWindow
UpdateLayeredWindow
SetWindowPos
IsWindowVisible
GetWindowThreadProcessId
FindWindowExW
PostMessageW
KillTimer
SetTimer
wsprintfW
SetFocus

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgnIndirect
DeleteDC
DeleteObject
OffsetViewportOrgEx
SaveDC
EnumFontFamiliesW
SelectObject
CreateDIBSection
GetObjectW
SetViewportOrgEx
RectVisible
CreateFontW
RestoreDC
SelectClipRgn

advapi32

ChangeServiceConfigW
RegOpenKeyExA
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptContextAddRef
RegEnumKeyExA
GetTokenInformation
UnlockServiceDatabase
StartServiceW
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
RegQueryValueExA
RegDeleteKeyValueW
RegDeleteTreeW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
ControlService
ChangeServiceConfig2W
CloseServiceHandle

shell32

ord165
SHGetSpecialFolderPathW
SHFileOperationW
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW
SHCreateDirectoryExW

ole32

CoInitializeSecurity
CLSIDFromProgID
CreateStreamOnHGlobal
CoCreateGuid
OleRun
CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize

oleaut32

VariantCopy
VarUI4FromStr
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantInit
SysStringLen
VariantClear

shlwapi

SHGetValueW
PathRemoveFileSpecW
PathAppendW
wnsprintfW
PathFindFileNameW
PathFindFileNameA
PathIsRelativeW
PathIsPrefixW
StrTrimA
StrStrIA
StrStrIW
StrCmpIW
StrToIntExW
SHGetValueA
PathCombineW
PathFileExistsW
PathIsRootW
SHSetValueA
SHDeleteKeyW
SHSetValueW
PathRenameExtensionA
PathFindExtensionW
StrCmpNIW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipAlloc
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipGetImageWidth
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdiplusStartup
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipFillRectangleI
GdiplusShutdown
GdipCreateStringFormat

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

EnumProcesses
GetProcessImageFileNameW
GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

setupapi

SetupIterateCabinetW

Exports

Exports

_BasicEntry@8

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a659cf2e9b8d730f788b7c89ed918d61

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:07:8e:70:ea:ee:48:ff:eb:95:76:bd:d4:00:be:98Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

09:9b:28:59:3a:29:ac:bf:e0:ac:89:28:a0:fc:67:63:91:07:4e:60:2b:37:39:1a:7a:3c:52:ad:70:cf:84:adSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

psapi

iphlpapi

wininet

urlmon

setupapi

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 262KB - Virtual size: 261KB

.data Size: 26KB - Virtual size: 65KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 65KB - Virtual size: 65KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:07:8e:70:ea:ee:48:ff:eb:95:76:bd:d4:00:be:98
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

09:9b:28:59:3a:29:ac:bf:e0:ac:89:28:a0:fc:67:63:91:07:4e:60:2b:37:39:1a:7a:3c:52:ad:70:cf:84:ad
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 262KB - Virtual size: 261KB

.data
Size: 26KB - Virtual size: 65KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 65KB - Virtual size: 65KB