hijackloader | 1temp251[.]exe_pw_infected[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

1temp251.exe_pw_infected.zip
Size

5.3MB
MD5

634b7dbe48190127ed5ddd615eb66487
SHA1

8a75f2c8f32a021d6c2fdd877e643dd59e33f826
SHA256

294e7740b29b6752803a6cffb86677472b72fcb96e3011f02e25ae80af5a2695
SHA512

87ba1c09c2b725cb150d3936b09c522df342fd501cbde56e484f5f03d021651b45688692821fad94427998fc27141d556456299b7332682ba184c4478b7fc526
SSDEEP

98304:P8Z23grjiYiAzUv8WZgfm8eZH6Yq9bZReCL/TxffTjX/UbrgGcveOzp:P6qgrOgzegO8eZaYq9bZR5/TdTLpGcv7

Score

10^/10

hijackloader

Malware Config

Signatures

Detects HijackLoader (aka IDAT Loader) 1 IoCs

resource	yara_rule
static1/unpack001/0x000b00000001e4ef-846	family_hijackloader

Hijackloader family
hijackloader

Files

1temp251.exe_pw_infected.zip
.zip

Password: infected
0x000b00000001e4ef-846
.exe windows:5 windows x86 arch:x86

c3e91fbd563a72c79722e447bd1614b5

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:21:cb:0b:b7:52:7f:9b:05:d2:ee:53:99:51:59:80
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

22-09-2021 00:00

Not After

27-09-2024 23:59

Subject

CN=FastCopy Lab\, LLC.,O=FastCopy Lab\, LLC.,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:1e:46:2f:a5:50:12:2b:95:20:f2:57:0f:fc:3b:99:24:6d:03:ac:6a:dd:6c:ca:53:26:2e:3a:3b:6a:a7:89
Signer

Actual PE Digest

e2:1e:46:2f:a5:50:12:2b:95:20:f2:57:0f:fc:3b:99:24:6d:03:ac:6a:dd:6c:ca:53:26:2e:3a:3b:6a:a7:89

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\FastCopy\src\install\Obj\ReleaseInst\setup.pdb

Imports

kernel32

ReadFile
FindFirstFileW
FindNextFileW
WriteFile
FindClose
WaitForSingleObject
CreateFileW
DeleteFileW
CloseHandle
GetLocalTime
GetFileSize
GetSystemTimeAsFileTime
CreateDirectoryW
GetCommandLineW
GetFullPathNameW
RemoveDirectoryW
GetModuleFileNameW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetProcAddress
CreateProcessW
FreeLibrary
CopyFileW
SetDllDirectoryW
MoveFileW
GetEnvironmentVariableW
VirtualProtect
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetTempPathW
Sleep
GetLastError
SetEvent
GetVersionExA
DeleteCriticalSection
GetModuleHandleW
GetEnvironmentStringsW
GetStdHandle
WriteConsoleA
OutputDebugStringA
GetCurrentThreadId
AttachConsole
OutputDebugStringW
WriteConsoleW
GetFileType
InterlockedIncrement
GetTickCount
SetThreadLocale
SetLastError
GetCurrentProcess
GetSystemDirectoryW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
GetUserDefaultLCID
Process32FirstW
LoadLibraryW
GetCurrentProcessId
MultiByteToWideChar
MoveFileExW
WideCharToMultiByte
ExitProcess
SetFileTime
UnmapViewOfFile
GetFileAttributesExW
CreateFileMappingA
MapViewOfFile
GetFileTime
GetModuleFileNameA
SetEndOfFile
RaiseException
CreateThread
SetUnhandledExceptionFilter
GetSystemInfo
VirtualQuery
LoadLibraryExA
GetStringTypeW
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
HeapReAlloc
IsValidLocale
EnumSystemLocalesW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
SetFilePointerEx
ReadConsoleW

Sections

.text
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 792KB - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

c3e91fbd563a72c79722e447bd1614b5

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

56:21:cb:0b:b7:52:7f:9b:05:d2:ee:53:99:51:59:80Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

e2:1e:46:2f:a5:50:12:2b:95:20:f2:57:0f:fc:3b:99:24:6d:03:ac:6a:dd:6c:ca:53:26:2e:3a:3b:6a:a7:89Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 366KB - Virtual size: 365KB

.rdata Size: 140KB - Virtual size: 140KB

.data Size: 16KB - Virtual size: 99KB

.rsrc Size: 792KB - Virtual size: 792KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

56:21:cb:0b:b7:52:7f:9b:05:d2:ee:53:99:51:59:80
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e2:1e:46:2f:a5:50:12:2b:95:20:f2:57:0f:fc:3b:99:24:6d:03:ac:6a:dd:6c:ca:53:26:2e:3a:3b:6a:a7:89
Signer

.text
Size: 366KB - Virtual size: 365KB

.rdata
Size: 140KB - Virtual size: 140KB

.data
Size: 16KB - Virtual size: 99KB

.rsrc
Size: 792KB - Virtual size: 792KB