2024-12-12_a1f6c228c389aba507e385f3a5023c64_hijackloader_luca-stealer_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-12_a1f6c228c389aba507e385f3a5023c64_hijackloader_luca-stealer_magniber
Size

2.7MB
MD5

a1f6c228c389aba507e385f3a5023c64
SHA1

9a691ae8abab8805e941a738e13079be2d65f303
SHA256

0cb7de0a2c34b6becd6b2188f0601bba85f87f544839b4c6c58fcc4629c5da47
SHA512

0a9ca8dd7f7ecd278cfa4370c3f7b27b7520b90ab26cfe21ad5412ad80f2d0ae30e11e4c7e3b00eadfedb1e375505742689cddcbfec8d27d941c270fc43329ee
SSDEEP

49152:lwwwwsHB0A3SKVRrfiVEITpfCTzUwpJMVxeex7g5M51HZeU72NWv1aJ03:rcSKVR7WEITpfcUCMVxRxRHZeU751aJK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-12_a1f6c228c389aba507e385f3a5023c64_hijackloader_luca-stealer_magniber

Files

2024-12-12_a1f6c228c389aba507e385f3a5023c64_hijackloader_luca-stealer_magniber
.exe windows:5 windows x86 arch:x86

82cbeee6e3aa8cfed36875730a4b92d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\pub_9cqe\rc_bug_mas_v12_2406\Build\Release\WPSOffice\office6\KUninstall.pdb

Imports

kernel32

VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
GetLastError
InitializeCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
ResumeThread
SetThreadAffinityMask
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
lstrlenW
GetFileSize
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
CreateDirectoryW
DeleteFileW
SetEndOfFile
SetFilePointer
SetFilePointerEx
WriteFile
GetTickCount
GetSystemDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
MoveFileExW
GetStdHandle
ReadFile
MultiByteToWideChar
WideCharToMultiByte
SetCurrentDirectoryW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
SetLastError
GetCurrentProcessId
GetCurrentThreadId
GetWindowsDirectoryW
GetModuleHandleW
GetProcAddress
MoveFileW
GetModuleHandleA
CompareFileTime
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatus
GetProcessAffinityMask
VerSetConditionMask
VerifyVersionInfoW
GetSystemWow64DirectoryW
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetPrivateProfileStringW
QueryPerformanceCounter
QueryPerformanceFrequency
CreateMutexW
OpenMutexW
GetExitCodeProcess
CreateProcessW
LocalFree
ExpandEnvironmentStringsW
GetFileAttributesExW
Sleep
TerminateProcess
OpenProcess
lstrcmpW
FreeResource
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
WritePrivateProfileStringW
ReleaseMutex
OpenEventW
OpenFileMappingW
GetCurrentThread
GetDateFormatW
GetTimeFormatW
ReadProcessMemory
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateThread
GetLocalTime
GetEnvironmentVariableW
SetEnvironmentVariableW
FileTimeToLocalFileTime
GetLongPathNameW
QueryDosDeviceW
ProcessIdToSessionId
GetModuleFileNameW
FileTimeToSystemTime
WaitForMultipleObjects
OutputDebugStringW
GetNativeSystemInfo
IsWow64Process
GetPrivateProfileIntW
GetCommandLineW
MapViewOfFileEx
lstrcmpiW
GetSystemDefaultLCID
TerminateThread
GetLocaleInfoW
GetUserDefaultUILanguage
GetModuleHandleExW
SetErrorMode
FreeEnvironmentStringsW
VirtualProtect
VirtualQuery
LoadLibraryExA
GetFileSizeEx
GetSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
CreateFileA
DeviceIoControl
OutputDebugStringA
OpenThread
SetThreadPriority
GetThreadPriority
SuspendThread
GetThreadContext
FlushInstructionCache
VirtualProtectEx
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
GetStartupInfoW
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
InterlockedPopEntrySList
InterlockedPushEntrySList
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetFileType
WriteConsoleW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
SetStdHandle

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 186KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 162KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

82cbeee6e3aa8cfed36875730a4b92d5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 364KB - Virtual size: 363KB

.data Size: 186KB - Virtual size: 207KB

.rsrc Size: 267KB - Virtual size: 266KB

.reloc Size: 162KB - Virtual size: 164KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 364KB - Virtual size: 363KB

.data
Size: 186KB - Virtual size: 207KB

.rsrc
Size: 267KB - Virtual size: 266KB

.reloc
Size: 162KB - Virtual size: 164KB