2024-10-14_31cb7666f32efb8ca8698d982a0de253_hijackloader_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-14_31cb7666f32efb8ca8698d982a0de253_hijackloader_mafia
Size

42.8MB
MD5

31cb7666f32efb8ca8698d982a0de253
SHA1

1fda36b42f915d4591b265626e45c33f892d41b1
SHA256

f2b3e9013cf864a177532cd52ddd28707ea2890e828da346ebabbede636cb1a5
SHA512

521c149b53cd7b2d925c2d08396dd9bff8447bd837a74a277a3d2c7a954540bb825ff59e457a3b90ca16cb5455df3557e13ffc736eedabba153ed01257f95100
SSDEEP

786432:Y5X6ixdswYlDgOh2jcWyYr4MhDml8v3Tls/HbwwlsfFFiBoxQZN:Y5XTdnYlUB4S4UPTlszwwKmuQr

Score

1^/10

Malware Config

Signatures

Files

2024-10-14_31cb7666f32efb8ca8698d982a0de253_hijackloader_mafia
.exe windows:5 windows x86 arch:x86

a231c781975ce74d20fbf57b6924c8a3

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:6f:33:d1:77:a4:6d:81:f9:31:af:fd:54:8d:f1:f4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/12/2021, 00:00

Not After

24/12/2022, 23:59

Subject

SERIALNUMBER=91440101741866864Y,CN=Guangzhou Jinhong Network Media Co.\,Ltd.,O=Guangzhou Jinhong Network Media Co.\,Ltd.,L=广州市,ST=广东省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e795aae7a6bae58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:2c:b8:21:7e:e1:1b:2c:4c:92:ac:cc:11:c8:94:cc:ff:8a:d9:59:9e:55:29:ad:b4:2d:c6:9c:db:ab:e0:9c
Signer

Actual PE Digest

34:2c:b8:21:7e:e1:1b:2c:4c:92:ac:cc:11:c8:94:cc:ff:8a:d9:59:9e:55:29:ad:b4:2d:c6:9c:db:ab:e0:9c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetTickCount
GetWindowsDirectoryA
GetNumberFormatA
GetFileAttributesExA
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
GetTempFileNameA
GetTempPathA
GetProfileIntA
Sleep
SearchPathA
FindResourceExW
EncodePointer
DecodePointer
ExitProcess
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
HeapAlloc
RtlUnwind
RaiseException
HeapReAlloc
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
HeapQueryInformation
HeapSize
GetSystemTimeAsFileTime
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetStdHandle
HeapCreate
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
LCMapStringW
CompareStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
GetFileAttributesA
InitializeCriticalSectionAndSpinCount
lstrcpyA
DeleteFileA
FileTimeToSystemTime
GetACP
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
WaitForSingleObject
ResumeThread
SetThreadPriority
GetCurrentProcessId
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetModuleHandleW
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
MulDiv
lstrlenA
FindResourceA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
FreeLibrary
CompareStringA
LoadLibraryW
ActivateActCtx
GetLastError
DeactivateActCtx
SetLastError
lstrcmpW
GetThreadLocale
InterlockedIncrement
SetFilePointer
WriteFile
MultiByteToWideChar
LocalFree
FormatMessageA
GetCurrentDirectoryA
GetModuleFileNameA
CloseHandle
ReadFile
GetFileSize
CreateFileA
VirtualProtect
lstrcmpiA
GetProcAddress
LoadLibraryA
GetModuleHandleA
VirtualAlloc
FindResourceW
LoadResource
LockResource
SizeofResource
LockFile
WideCharToMultiByte

user32

MonitorFromPoint
IsMenu
UnionRect
OpenClipboard
CopyImage
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageA
LoadImageW
DestroyIcon
SetMenuDefaultItem
GetMenuDefaultItem
SetCursorPos
GetIconInfo
EnableScrollBar
CopyIcon
GetDoubleClickTime
SetClassLongA
DestroyAcceleratorTable
GetUpdateRect
UpdateLayeredWindow
RegisterClipboardFormatA
MapVirtualKeyA
InvertRect
HideCaret
TranslateAcceleratorA
InsertMenuItemA
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
FrameRect
CharUpperBuffA
SubtractRect
IsClipboardFormatAvailable
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
GetKeyNameTextA
PostThreadMessageA
IsCharLowerA
MapVirtualKeyExA
CreateMenu
DestroyCursor
GetWindowRgn
RealChildWindowFromPoint
ReleaseCapture
SetCapture
InvalidateRgn
IntersectRect
SetRect
CopyAcceleratorTableA
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
InvalidateRect
ShowOwnedPopups
SetCursor
TranslateMessage
ValidateRect
GetCursorPos
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
DrawIconEx
GetSysColorBrush
RedrawWindow
SetWindowRgn
DrawFocusRect
DrawFrameControl
DrawEdge
FillRect
InflateRect
IsRectEmpty
DrawStateA
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMenuStringA
SetParent
RemoveMenu
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
IsWindow
GetDlgItem
GetWindowLongA
GetParent
OffsetRect
EnableWindow
LoadIconW
GetSystemMenu
AppendMenuA
SendMessageA
PtInRect
CopyRect
GetDlgCtrlID
GetWindow
CharNextA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
LockWindowUpdate
BringWindowToTop
CreatePopupMenu
CharUpperA
IsZoomed
NotifyWinEvent
GetAsyncKeyState
LoadMenuW
MessageBeep
GetNextDlgGroupItem
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
KillTimer
SetTimer
DeleteMenu
WaitMessage
LoadCursorW
WindowFromPoint
InsertMenuA
LoadCursorA
GetMessageA

oleaut32

SysStringLen
SafeArrayDestroy
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
OleCreateFontIndirect
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
VariantClear
VariantInit
VarBstrFromDate

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize
InitCommonControlsEx

shlwapi

PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW

oledlg

ord8

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

gdi32

CopyMetaFileA
CreateDCA
CreateSolidBrush
CreateHatchBrush
CreateRectRgn
CreateRectRgnIndirect
CreateEllipticRgn
CreatePolygonRgn
CombineRgn
Polyline
Ellipse
Polygon
PatBlt
ExtTextOutA
CreateBitmap
SetBkColor
SetTextColor
GetTextColor
GetBkColor
GetDeviceCaps
GetObjectA
ScaleWindowExtEx
SetWindowExtEx
GetTextExtentPoint32A
GetTextMetricsA
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetPixel
OffsetWindowOrgEx
SelectClipRgn
ExtSelectClipRgn
BitBlt
GetWindowExtEx
DeleteDC
CreatePatternBrush
CreateCompatibleDC
SelectPalette
GetObjectType
CreatePen
CreateFontIndirectA
GetRgnBox
CreateDIBitmap
CreateCompatibleBitmap
EnumFontFamiliesA
GetTextCharsetInfo
OffsetRgn
CreateRoundRectRgn
SetRectRgn
GetMapMode
DPtoLP
CreateDIBSection
Rectangle
SetPixel
SetDIBColorTable
RealizePalette
StretchBlt
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
LPtoDP
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetWindowOrgEx
SetPixelV
GetTextFaceA
DeleteObject
SetWindowOrgEx
GetViewportExtEx
GetStockObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA

advapi32

RegEnumKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegQueryValueA
RegEnumValueA
RegEnumKeyExA

shell32

DragFinish
ShellExecuteA
SHGetFileInfoA
SHAppBarMessage
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileA

ole32

DoDragDrop
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
OleLockRunning
CoInitializeEx
CoRevokeClassObject
CoRegisterMessageFilter
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40.0MB - Virtual size: 40.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a231c781975ce74d20fbf57b6924c8a3

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:6f:33:d1:77:a4:6d:81:f9:31:af:fd:54:8d:f1:f4Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

34:2c:b8:21:7e:e1:1b:2c:4c:92:ac:cc:11:c8:94:cc:ff:8a:d9:59:9e:55:29:ad:b4:2d:c6:9c:db:ab:e0:9cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

msimg32

comctl32

shlwapi

oledlg

gdiplus

oleacc

imm32

winmm

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 40.0MB - Virtual size: 40.0MB

.data Size: 25KB - Virtual size: 54KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 268KB - Virtual size: 267KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:6f:33:d1:77:a4:6d:81:f9:31:af:fd:54:8d:f1:f4
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

34:2c:b8:21:7e:e1:1b:2c:4c:92:ac:cc:11:c8:94:cc:ff:8a:d9:59:9e:55:29:ad:b4:2d:c6:9c:db:ab:e0:9c
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 40.0MB - Virtual size: 40.0MB

.data
Size: 25KB - Virtual size: 54KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 268KB - Virtual size: 267KB