2024-09-14_ea4c444c7fdc93306c8001856aced297_hijackloader_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-14_ea4c444c7fdc93306c8001856aced297_hijackloader_magniber
Size

164.7MB
MD5

ea4c444c7fdc93306c8001856aced297
SHA1

b797408d3150e26a262c769f616a2c41b89aea4b
SHA256

9ce634e62d3486923b0e6a55b63738d96f47e50d1a200e432afbf30bd450adbd
SHA512

070090d30f90692074daf3feb824af11b6b2efaf8efa712d80f6c70cb55d60302e6b03cb51bf748313cc8fe4e16fb99f4c5dbaa0f0f1e2cdbb4f1c17152dae1a
SSDEEP

3145728:f7EeT192XXs+2LEj+SfdqY66ZLzhtack9/dSUvwsdMZ1NNhfrkD9iq6YYwgenA5:foeT1xg+KHk1d5NMZFhfrkD9iq6VTenu

Score

1^/10

Malware Config

Signatures

Files

2024-09-14_ea4c444c7fdc93306c8001856aced297_hijackloader_magniber
.exe windows:6 windows x86 arch:x86

a52b0d6e68a672369339ad8663ac1b80

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:07:8e:70:ea:ee:48:ff:eb:95:76:bd:d4:00:be:98
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/05/2024, 00:00

Not After

20/05/2027, 23:59

Subject

SERIALNUMBER=91510100394487762T,CN=成都奇鲁科技有限公司,O=成都奇鲁科技有限公司,L=成都市,ST=四川省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c21e68890e983bde9ab98e696b0e68a80e69cafe4baa7e4b89ae5bc80e58f91e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e59b9be5b79de79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:66:57:3a:67:b6:ca:46:40:d7:a6:71:8c:f5:dd:39:68:fe:73:63:38:c3:22:db:5e:87:66:6d:44:ab:25:f9
Signer

Actual PE Digest

7d:66:57:3a:67:b6:ca:46:40:d7:a6:71:8c:f5:dd:39:68:fe:73:63:38:c3:22:db:5e:87:66:6d:44:ab:25:f9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\install_project\install_main\install_and_uninstall\Release\Install.pdb

Imports

kernel32

GetStartupInfoW
GetVersion
GetPrivateProfileStringW
GetPrivateProfileIntW
OpenEventW
GlobalAddAtomW
GetFileSizeEx
GetCommandLineW
DecodePointer
LoadLibraryExW
lstrcmpiW
LoadLibraryA
CopyFileW
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
CreateProcessW
OutputDebugStringA
ResetEvent
GetSystemInfo
GetLongPathNameW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForMultipleObjects
CreateDirectoryW
GetShortPathNameW
FormatMessageW
GetEnvironmentVariableW
IsDebuggerPresent
EncodePointer
InitializeSListHead
WriteProcessMemory
GetTempFileNameW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
WideCharToMultiByte
MoveFileW
lstrlenW
GetWindowsDirectoryW
SetLastError
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateEventW
LocalAlloc
GetTickCount
Sleep
GetLastError
WritePrivateProfileStringW
WriteConsoleW
ReadConsoleW
SetStdHandle
WaitForSingleObjectEx
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCurrentThread
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetACP
GetModuleFileNameA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSectionEx
RaiseException
MultiByteToWideChar
UnlockFile
LockFile
GetFileSize
MulDiv
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalFindAtomW
GlobalDeleteAtom
OpenProcess
GetCurrentProcessId
MoveFileExW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
FindResourceExW
GetVersionExW
DeviceIoControl
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileAttributesExW
CreateFileW
LoadLibraryW
DosDateTimeToFileTime
GetProcAddress
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
OutputDebugStringW
SetFilePointer
ReadFile
LocalFileTimeToFileTime
GetTempFileNameA
GetTempPathA
CloseHandle
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
CreateMutexW
WaitForSingleObject
LocalFree
SetEvent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SwitchToThread
ExitProcess
GetTimeZoneInformation
GetModuleHandleExW
TlsAlloc
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
InterlockedFlushSList
RtlUnwind
FileTimeToDosDateTime
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
OpenFileMappingW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
FlushFileBuffers
SetFileTime
SearchPathW
FindFirstChangeNotificationW
FindCloseChangeNotification
CompareFileTime
GetFileInformationByHandle
SetEndOfFile
GetStdHandle
InterlockedCompareExchange
FreeResource
GetSystemWindowsDirectoryW
lstrcmpA
lstrcmpiA
FileTimeToLocalFileTime
WriteFile
DeleteFileA
CreateFileA
SystemTimeToFileTime
GetSystemTime
GetFileTime
ReleaseMutex
FindNextFileA
FindFirstFileA
GetLocalTime

user32

UnhookWinEvent
SetWinEventHook
wsprintfW
SetTimer
KillTimer
DrawTextW
GetWindowTextLengthW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetDC
ReleaseDC
SendMessageW
ShowWindow
IsWindowVisible
IsIconic
SetForegroundWindow
FindWindowExW
GetWindowThreadProcessId
PostMessageW
IsWindow
SetCursor
SetRect
OffsetRect
LoadCursorW
ScreenToClient
PtInRect
CopyRect
DrawFocusRect
BeginPaint
EndPaint
IsRectEmpty
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
InvalidateRect
GetClientRect
GetWindowRect
GetWindowLongW
SetWindowLongW
GetParent
UpdateLayeredWindow
SetWindowPos
SetWindowRgn
SystemParametersInfoW
WaitForInputIdle
GetSystemMetrics
GetShellWindow
MonitorFromWindow
UnregisterClassA
SendNotifyMessageW
SendMessageTimeoutW
RegisterWindowMessageW
MessageBoxW
IsDialogMessageW
EndDialog
DialogBoxParamW
DestroyWindow
EnableWindow
FindWindowW
RedrawWindow
GetMonitorInfoW
LoadImageW
GetWindow
MapWindowPoints
SetWindowTextW
BringWindowToTop
MoveWindow
PostQuitMessage
ExitWindowsEx
SetProcessDPIAware
CharNextW
GetWindowTextW

gdi32

SaveDC
RestoreDC
SetTextColor
SetBkMode
CreateRectRgn
CombineRgn
SetViewportOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
ExtTextOutW
SetBkColor
DeleteDC
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
CreateFontIndirectW
EnumFontFamiliesW
DeleteObject
CreateFontW

advapi32

BuildExplicitAccessWithNameW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegEnumValueW
DuplicateTokenEx
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
UnlockServiceDatabase
StartServiceW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
GetUserNameW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
DeleteAce
EqualSid
LookupAccountSidW
LookupAccountNameW
SetEntriesInAclW
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetTokenInformation
GetTrusteeNameW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptContextAddRef
RegGetValueW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHFileOperationW
ord165
SHCreateDirectoryExW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHLoadInProc
ShellExecuteW
ShellExecuteExW
SHChangeNotify
SHGetDesktopFolder

ole32

CoCreateGuid
CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoInitializeEx
OleRun

oleaut32

VariantCopy
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
VariantInit
SysStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString
VarUI4FromStr

shlwapi

PathAppendA
PathFindFileNameA
PathRenameExtensionA
PathAppendW
PathCombineW
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW
wnsprintfW
StrCmpW
PathFindFileNameW
SHGetValueW
PathUnquoteSpacesW
SHSetValueW
PathIsPrefixW
PathIsRelativeW
PathIsRootW
SHSetValueA
AssocQueryStringW
StrStrIW
SHDeleteValueW
StrStrIA
StrCmpNIW
StrTrimA
StrCmpIW
StrToIntExW
SHGetValueA
PathIsDirectoryW
SHDeleteKeyW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipCreateSolidFill
GdipGraphicsClear
GdipDrawImagePointRectI
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCloneBrush
GdipDeleteBrush
GdipDrawString
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipFillRectangleI

cabinet

ord23
ord20
ord22

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
EnumProcesses

setupapi

SetupIterateCabinetW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

secur32

GetUserNameExW

crypt32

CryptBinaryToStringW
CryptBinaryToStringA
CertGetNameStringW
CryptStringToBinaryW
CryptStringToBinaryA

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

Exports

Exports

StartEast
_Start@12

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a52b0d6e68a672369339ad8663ac1b80

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:07:8e:70:ea:ee:48:ff:eb:95:76:bd:d4:00:be:98Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

7d:66:57:3a:67:b6:ca:46:40:d7:a6:71:8c:f5:dd:39:68:fe:73:63:38:c3:22:db:5e:87:66:6d:44:ab:25:f9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

cabinet

version

psapi

setupapi

iphlpapi

wininet

urlmon

secur32

crypt32

wintrust

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 284KB - Virtual size: 284KB

.data Size: 29KB - Virtual size: 43KB

.rsrc Size: 3.0MB - Virtual size: 3.0MB

.reloc Size: 70KB - Virtual size: 69KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:07:8e:70:ea:ee:48:ff:eb:95:76:bd:d4:00:be:98
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

7d:66:57:3a:67:b6:ca:46:40:d7:a6:71:8c:f5:dd:39:68:fe:73:63:38:c3:22:db:5e:87:66:6d:44:ab:25:f9
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 284KB - Virtual size: 284KB

.data
Size: 29KB - Virtual size: 43KB

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

.reloc
Size: 70KB - Virtual size: 69KB