2024-09-14_0f848a4601a9d33a1dda8a6eea50a497_hijackloader_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-14_0f848a4601a9d33a1dda8a6eea50a497_hijackloader_magniber_revil
Size

12.4MB
MD5

0f848a4601a9d33a1dda8a6eea50a497
SHA1

9d8ad47e574c83eeddab1942a6fe8ab10b2c92a7
SHA256

bf5204763ffe1b091d17d5ba6f619b23039dee6b48284e5c53c435c6eb1b46c4
SHA512

94cf3dc8e351a6106e1d2a74997788a6e24f59ae17ccc61a46e912b4a6ab3d34582a1ecda9fbc7489d532c42839c522c9bcd0edec37d091e5e6116b94c2c7e9d
SSDEEP

196608:Vq8gKt/zcb+CsJjobFf1VS9C86JQtK5YzLhUBbBuUhT1GZDX9w3eGvUR:88gKtg8joxf1x8KQtK4OBbButX9wXm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-14_0f848a4601a9d33a1dda8a6eea50a497_hijackloader_magniber_revil

Files

2024-09-14_0f848a4601a9d33a1dda8a6eea50a497_hijackloader_magniber_revil
.exe windows:5 windows x86 arch:x86

0afa05ee6dc319aa3c1016669653b0fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\aicleaner-install\install_uninstall_code\Release\Install.pdb

Imports

kernel32

InterlockedDecrement
ExitThread
Sleep
lstrcmpiW
LoadLibraryExW
GetCommandLineW
WritePrivateProfileStringW
SetEvent
CreateEventW
GetDriveTypeW
RtlCaptureStackBackTrace
GetFileInformationByHandle
CompareFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
SearchPathW
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
InterlockedIncrement
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
WaitForSingleObject
CreateThread
lstrcpynW
GetLocalTime
LocalFree
LoadLibraryW
TerminateProcess
GetCurrentProcess
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
GetModuleHandleW
GetTickCount
GetProcAddress
CreateFileW
ReadFile
GetFileSize
UnlockFile
LockFile
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
CreateMutexW
LeaveCriticalSection
SetEndOfFile
WriteConsoleW
SetFilePointerEx
EnterCriticalSection
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
InitializeCriticalSection
GetCurrentProcessId
OpenProcess
GetLongPathNameW
MoveFileExW
MoveFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetFullPathNameW
RemoveDirectoryW
GetWindowsDirectoryW
GetTempPathW
FindResourceExW
FindResourceW
lstrlenW
FindClose
SizeofResource
LoadResource
SetLastError
GetLastError
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
DeleteFileA
CreateFileA
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ResumeThread
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
lstrcmpiA
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
FreeResource
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalFree
GetTempFileNameA
GetTempPathA
CloseHandle
GlobalUnlock
GlobalLock
GlobalAlloc
FlushFileBuffers
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TryEnterCriticalSection
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
LoadLibraryExA
VirtualFree
VirtualAlloc
WriteFile
ReadConsoleW
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetShortPathNameW
OpenEventW
InterlockedCompareExchange
InterlockedExchange
WaitForMultipleObjects
SetFilePointer
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetFileAttributesExW
GetExitCodeProcess
GetLogicalDriveStringsW
QueryDosDeviceW
CopyFileW
GetFileSizeEx
OutputDebugStringA
OutputDebugStringW
ResetEvent
GetSystemInfo
LocalAlloc
FormatMessageW
lstrlenA
GetPrivateProfileStringW
GetTempFileNameW
GetEnvironmentVariableW
GetSystemDirectoryW
GetDiskFreeSpaceExW

user32

CallWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindow
DefWindowProcW
SendMessageW
UnregisterClassW
LoadStringW
GetShellWindow
GetWindowThreadProcessId
FindWindowExW
PostMessageW
KillTimer
SetTimer
FillRect
DestroyWindow
IsDialogMessageW
GetActiveWindow
EndDialog
DialogBoxParamW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
MapWindowPoints
RedrawWindow
SetForegroundWindow
GetSystemMetrics
EnableWindow
SetFocus
IsIconic
IsWindowVisible
MoveWindow
PostQuitMessage
CharNextW
BringWindowToTop
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
wsprintfW
SendMessageTimeoutW
FindWindowW
ShowWindow
UnionRect
OffsetRect
EqualRect
PtInRect
SetCursor
DrawFocusRect
UnregisterClassA
GetParent
SetWindowLongW
GetWindowLongW
CopyRect
ScreenToClient
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DrawTextW
IsWindowEnabled
ReleaseCapture
SetCapture
GetAsyncKeyState
GetFocus
SetWindowPos
UpdateLayeredWindow

gdi32

BitBlt
CreateCompatibleBitmap
CreateRectRgnIndirect
DeleteDC
DeleteObject
GetStockObject
RestoreDC
CreateFontW
SelectClipRgn
SelectObject
SetBkMode
SetTextColor
CreateDIBSection
GetObjectW
SetViewportOrgEx
EnumFontFamiliesW
RectVisible
SaveDC
OffsetViewportOrgEx
CreateCompatibleDC

advapi32

RegQueryValueExA
CryptContextAddRef
CryptDecrypt
CryptEncrypt
CryptImportKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExA
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
GetTrusteeNameW
BuildExplicitAccessWithNameW
GetExplicitEntriesFromAclW
LookupAccountNameW
LookupAccountSidW
DeleteAce
EqualSid
CheckTokenMembership
GetTokenInformation
FreeSid
AllocateAndInitializeSid
RegEnumKeyExA
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
GetUserNameW
CreateWellKnownSid

shell32

SHFileOperationW
ord165
ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetFolderPathW
CommandLineToArgvW
SHGetPathFromIDListW
SHBrowseForFolderW
SHChangeNotify
ShellExecuteExW

ole32

CoCreateGuid
CoInitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
OleRun
OleUninitialize
OleInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr
VariantCopy
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VarBstrCmp
VariantClear
SysAllocString

shlwapi

PathIsDirectoryW
wnsprintfW
AssocQueryStringW
SHSetValueA
PathIsRootW
SHSetValueW
PathIsPrefixW
StrStrIW
PathRemoveFileSpecW
SHGetValueW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathCombineW
PathAppendW
PathRenameExtensionA
PathFindFileNameA
StrToIntExW
StrCmpIW
StrStrIA
StrTrimA
StrCmpNIW
SHGetValueA
PathIsRelativeW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipCreatePath
GdipFree
GdipAlloc
GdipFillPath
GdiplusShutdown
GdipDeletePath
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipClosePathFigure
GdipCloneBrush
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipAddPathArcI
GdipCreateBitmapFromFileICM
GdipCreateImageAttributes
GdipFillRectangle
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateLineBrushI
GdiplusStartup
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipGetImageHeight
GdipDeleteBrush
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags

psapi

GetModuleFileNameExW
EnumProcesses
GetProcessImageFileNameW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

setupapi

SetupIterateCabinetW

Exports

Exports

BasicEntry
InstallEntryW
Start
_BasicEntryEx@12

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0afa05ee6dc319aa3c1016669653b0fc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

iphlpapi

wininet

urlmon

version

setupapi

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 253KB - Virtual size: 252KB

.data Size: 27KB - Virtual size: 64KB

.rsrc Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 58KB - Virtual size: 58KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 253KB - Virtual size: 252KB

.data
Size: 27KB - Virtual size: 64KB

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 58KB - Virtual size: 58KB