Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Static task
static1
Behavioral task
behavioral1
Sample
2024-09-19_b2fcf4f7c2bab03a5b834b4724f82ef7_hijackloader_mafia.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-09-19_b2fcf4f7c2bab03a5b834b4724f82ef7_hijackloader_mafia.exe
Resource
win10v2004-20240802-en
Target
2024-09-19_b2fcf4f7c2bab03a5b834b4724f82ef7_hijackloader_mafia
Size
1.0MB
MD5
b2fcf4f7c2bab03a5b834b4724f82ef7
SHA1
063a5cc9234858bdd6faed56a0b9233e744137be
SHA256
38cff2b460b6ee980c47d8e7cc1494067d79f9962659558df8c12ea2272ac5b1
SHA512
87d483df4d60ffb977365362f3f7f4a64fb0e5d21788f98b3b1594cfb8bfdf3718d7f4cc05a9744f28f62a2939824aee8c5d6e6bf3ad923386daaf45fb35ecc1
SSDEEP
24576:3u3J+O8GEvL5MVXBAMjrVNhe/guTvjR9kV+RGtTPHJNo:e3J+EU5jMXVNhe/g0v19kVJT/JNo
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
d:\Webhost\13-08-2024\WindowsBuilds\DC_NATIVE\8894969\desktopcentral\ONPREMISE\SA_SRC\native\agent\Release\dcconfigexec.pdb
ord21
ord19
ord17
ord75
ord141
ord169
ord88
CertVerifyTimeValidity
CertDeleteCertificateFromStore
PFXVerifyPassword
PFXImportCertStore
CertOpenStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateContext
CryptStringToBinaryA
CertNameToStrW
CertFreeCertificateContext
CertFindCertificateInStore
CertGetNameStringA
WSACleanup
WSAStartup
gethostbyname
inet_addr
WSAGetLastError
ioctlsocket
WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSFreeMemory
NetGetJoinInformation
NetApiBufferFree
DsGetDcNameA
GetAdaptersInfo
DestroyEnvironmentBlock
UnloadUserProfile
LoadUserProfileA
CreateEnvironmentBlock
WinHttpWriteData
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetOption
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetCredentials
WinHttpQueryOption
WinHttpAddRequestHeaders
WinHttpSetStatusCallback
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
AgentSendRequestEx
xmlDocGetRootElement
xmlNewTextReaderFilename
xmlStrcmp
xmlFreeTextReader
xmlTextReaderRead
xmlTextReaderName
xmlTextReaderDepth
xmlTextReaderValue
xmlTextReaderAttributeCount
xmlTextReaderGetAttribute
xmlParseMemory
xmlNodeListGetString
xmlCleanupParser
xmlFreeDoc
xmlParseFile
xmlFree
ord72
ord48
ord49
ord3
ord19
ord12
ord16
ord20
ord2
ord1
ord31
ord41
ord26
ord13
ord4
ord8
ord36
ord18
ord29
ord39
ord43
ord11
ord9
getnameinfo
IsDebuggerPresent
IsProcessorFeaturePresent
SetHandleCount
SetUnhandledExceptionFilter
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
VirtualQuery
GetDriveTypeW
GetProcessHeap
SetEndOfFile
WriteConsoleW
InterlockedExchange
HeapSize
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoW
GetUserDefaultLCID
GetStringTypeW
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
DeleteCriticalSection
GetStartupInfoW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
WideCharToMultiByte
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
GetTimeZoneInformation
FindClose
FindFirstFileA
CloseHandle
GetLastError
ReadFile
GetFileSize
CreateFileA
GetVersionExA
WriteFile
DeleteFileA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExW
GetProcAddress
GetModuleHandleW
LoadLibraryW
LocalFree
GetCommandLineW
GetCurrentThreadId
GetLocalTime
ExpandEnvironmentStringsA
LocalAlloc
lstrlenA
FormatMessageA
SetVolumeLabelW
GlobalAlloc
Sleep
GetTickCount
CreateFileW
DisconnectNamedPipe
FlushFileBuffers
ConnectNamedPipe
CreateThread
CreateNamedPipeA
GetModuleHandleA
LoadLibraryA
GetCurrentProcess
Process32Next
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
RemoveDirectoryA
FindNextFileA
InterlockedDecrement
GetComputerNameExW
ReleaseMutex
WaitForSingleObject
CreateMutexA
FreeLibrary
GetLocaleInfoA
SetCurrentDirectoryA
GetCurrentDirectoryA
FileTimeToSystemTime
CopyFileA
GetSystemInfo
FindFirstFileW
FormatMessageW
GlobalFree
lstrcmpW
GetFileSizeEx
GetCurrentProcessId
ProcessIdToSessionId
SetCurrentDirectoryW
SetFilePointer
DeleteFileW
lstrlenW
CreateDirectoryW
CopyFileW
GetFileInformationByHandle
SetLastError
GetCurrentDirectoryW
FileTimeToLocalFileTime
GetSystemDirectoryA
GetFileAttributesExA
GetFullPathNameA
UnhandledExceptionFilter
CreateDirectoryA
SuspendThread
ResumeThread
QueryPerformanceCounter
LocalUnlock
LocalLock
MoveFileExA
HeapAlloc
GetSystemTimeAsFileTime
RaiseException
HeapFree
HeapReAlloc
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapSetInformation
PeekNamedPipe
GetFileType
InterlockedIncrement
GetDriveTypeA
FindFirstFileExA
EncodePointer
DecodePointer
GetCPInfo
ExitThread
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
LCMapStringW
InitializeCriticalSectionAndSpinCount
SystemParametersInfoW
MessageBoxA
wsprintfW
EnumDisplayDevicesW
ChangeDisplaySettingsExW
EnumDisplaySettingsW
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
CloseServiceHandle
CryptGetHashParam
QueryServiceStatus
OpenServiceW
OpenSCManagerW
LogonUserA
CreateProcessAsUserA
LookupPrivilegeValueA
LookupPrivilegeNameA
OpenProcessToken
CreateProcessAsUserW
GetTokenInformation
LookupAccountSidA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteValueA
RegSetValueExW
RegCloseKey
CryptCreateHash
CryptHashData
CryptDestroyHash
ImpersonateLoggedOnUser
RevertToSelf
RegQueryInfoKeyA
RegEnumKeyExA
ControlService
CryptDestroyKey
CryptReleaseContext
CryptGenKey
CryptGetUserKey
CryptAcquireContextA
RegEnumValueA
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoInitialize
CoCreateInstance
CoUninitialize
SHGetSpecialFolderLocation
SHCreateDirectoryExW
SHCreateDirectoryExA
CommandLineToArgvW
SHGetDesktopFolder
SafeArrayGetUBound
SafeArrayGetLBound
VariantInit
VariantClear
SysFreeString
SysStringLen
SysAllocString
SafeArrayAccessData
SysAllocStringByteLen
PathFindExtensionA
StrStrIA
StrTrimA
WNetOpenEnumW
WNetAddConnection2W
WNetCancelConnection2W
WNetEnumResourceW
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ