2025-02-14_fb5d4d3edc3baa87d3e4eb2c0ccfd04b_hijackloader_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2025-02-14_fb5d4d3edc3baa87d3e4eb2c0ccfd04b_hijackloader_mafia
Size

2.2MB
MD5

fb5d4d3edc3baa87d3e4eb2c0ccfd04b
SHA1

94964121cca9ebd7aa771777593840ff03425093
SHA256

1e683d40eb0c44d7f1dea34516f18bfe598a3c9a14a03575be46241ecdb12326
SHA512

a42a15d41d98e53123b5a15b674bb0fe5a751aba5debce5c8d38938816fc58cd253d92884d0ebc7f4edc44a38d1b7285be95cfffaef71d99ca32464653e0cf67
SSDEEP

49152:DJNrUMtsnAsYspEyVgRsRUX5sABzj7p5wC7VMV:DJFnsx9gRs05wC7VM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-02-14_fb5d4d3edc3baa87d3e4eb2c0ccfd04b_hijackloader_mafia

Files

2025-02-14_fb5d4d3edc3baa87d3e4eb2c0ccfd04b_hijackloader_mafia
.exe windows:5 windows x86 arch:x86

75488cae2d4e2f4d5744c430bbb3dc0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\SVN_Client\11platform\src\newClient\trunk\code\11Launcher\bin\Release_NEWPF\11Loader.pdb

Imports

kernel32

GlobalAlloc
GetACP
FormatMessageW
ReadFile
lstrcpyW
LoadLibraryA
GetSystemDirectoryA
OpenProcess
Module32FirstW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
GetFileSize
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
GetDiskFreeSpaceExW
GetTempPathW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetLongPathNameW
FreeResource
GlobalUnlock
GlobalLock
MulDiv
MoveFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GlobalReAlloc
IsBadReadPtr
SetEnvironmentVariableA
CreateFileA
SetStdHandle
WriteConsoleW
QueryPerformanceCounter
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GlobalFree
SetConsoleCtrlHandler
FlushFileBuffers
GetConsoleMode
GetConsoleCP
FatalAppExitA
GetFileType
SetHandleCount
HeapCreate
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetLocaleInfoW
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineW
VirtualQuery
GetSystemInfo
VirtualProtect
ExitThread
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
CreateThread
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
TerminateThread
SuspendThread
CreateFileW
ResumeThread
SetFilePointer
WriteFile
SetFileTime
SetEndOfFile
OutputDebugStringW
GetLocalTime
SystemTimeToFileTime
GetCurrentDirectoryW
SetCurrentDirectoryW
LoadLibraryW
CopyFileW
InterlockedExchange
CreateProcessW
GetProcessId
GetPrivateProfileIntW
WritePrivateProfileStringW
InitializeCriticalSection
lstrlenA
lstrcatW
GetEnvironmentVariableW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
Sleep
GetTickCount
DeleteFileW
GetPrivateProfileStringW
lstrcpynW
CompareStringW
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
GetVersionExW
SetLastError
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetProcAddress
lstrlenW
GetCurrentThreadId
WideCharToMultiByte
GetCurrentProcess
RaiseException
FlushInstructionCache
MultiByteToWideChar
CloseHandle
CreateMutexW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetTimeZoneInformation

user32

UnregisterClassA
SetWindowLongW
ShowWindow
DispatchMessageW
TranslateMessage
FrameRect
SetRect
EndPaint
PostQuitMessage
LoadBitmapW
PostMessageW
PostThreadMessageW
CopyImage
LoadImageW
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
EndDialog
MessageBoxW
GetWindowRgn
InvalidateRgn
GetUpdateRgn
CopyRect
GetWindowTextW
GetWindowTextLengthW
ScreenToClient
SetFocus
DrawTextW
FillRect
SetCursor
GetCursorPos
GetFocus
GetSysColor
GetDC
ReleaseDC
OffsetRect
LoadCursorW
GetClassNameW
SetWindowTextW
IntersectRect
EnableWindow
GetDlgItem
IsDialogMessageW
GetAncestor
GetSystemMetrics
InflateRect
PtInRect
ReleaseCapture
DrawEdge
DrawFocusRect
GetMessageW
PeekMessageW
CharNextW
DefWindowProcW
DestroyWindow
SetRectEmpty
CreateDialogParamW
GetWindowLongW
CreateWindowExW
GetMenu
SetWindowPos
GetWindowRect
GetClientRect
ClientToScreen
UpdateWindow
InvalidateRect
SetTimer
KillTimer
IsWindowEnabled
SetCapture
GetParent
GetDlgCtrlID
AdjustWindowRectEx
IsWindow
CallWindowProcW
SystemParametersInfoW
GetCapture
SendMessageW
BeginPaint

gdi32

SetBkColor
ExtTextOutW
ExcludeClipRect
SetDIBColorTable
CreateDIBSection
SetTextColor
SetBkMode
GetObjectW
CreateFontIndirectW
BitBlt
CreateCompatibleBitmap
SetViewportOrgEx
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
GetDeviceCaps
GetCurrentObject
GetObjectType
CombineRgn
ExtCreateRegion
CreateDIBitmap
OffsetRgn
CreateRectRgn
FrameRgn
CreateRoundRectRgn
SelectClipRgn
GetViewportOrgEx
ExtSelectClipRgn
GetClipRgn
StretchBlt
GetClipBox
GetStockObject
CreateSolidBrush

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
FreeSid
CheckTokenMembership
RegEnumKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid

shell32

ShellExecuteW
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

PathRemoveFileSpecW
PathUnquoteSpacesW
PathFindFileNameW
PathFileExistsW

comctl32

_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
ImageList_LoadImageW
InitCommonControlsEx
ImageList_Destroy

msimg32

GradientFill
AlphaBlend
TransparentBlt

ws2_32

WSASetLastError
ioctlsocket
socket
getservbyport
gethostbyaddr
getservbyname
connect
send
__WSAFDIsSet
select
recv
htonl
gethostbyname
WSAGetLastError
WSASocketW
recvfrom
ntohs
sendto
shutdown
closesocket
setsockopt
htons
inet_addr
bind
WSACleanup
WSAStartup
inet_ntoa
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents

gdiplus

GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipCloneImage
GdipDrawImageRectI
GdipDrawImageI
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipFree
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromStream

winmm

timeGetTime

iphlpapi

GetAdaptersInfo
GetNetworkParams
GetIfTable

netapi32

Netbios

wininet

DeleteUrlCacheEntryW
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 702KB - Virtual size: 702KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75488cae2d4e2f4d5744c430bbb3dc0c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

ws2_32

gdiplus

winmm

iphlpapi

netapi32

wininet

version

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 187KB - Virtual size: 187KB

.data Size: 16KB - Virtual size: 31KB

.rsrc Size: 702KB - Virtual size: 702KB

.reloc Size: 52KB - Virtual size: 52KB

.zero Size: 4KB - Virtual size: 3KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 187KB - Virtual size: 187KB

.data
Size: 16KB - Virtual size: 31KB

.rsrc
Size: 702KB - Virtual size: 702KB

.reloc
Size: 52KB - Virtual size: 52KB

.zero
Size: 4KB - Virtual size: 3KB