a2d32288f1d9e0377129f565bab429d9_magniber_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a2d32288f1d9e0377129f565bab429d9_magniber_JC.exe
Size

14.2MB
MD5

a2d32288f1d9e0377129f565bab429d9
SHA1

00b64ebdbfb5efc2183c825490954802198ef99d
SHA256

fa5a9edbc8f360339278aa5a7c20d43e6ccf5abf76e04bf13cf18185b5d34a79
SHA512

4ba75f0d2c567484f5d4b1b98ecd94c52a10c65f8c830124b8a82a698f7c24add7cfd936ade4cd53c1fc6ed5199c881400b8f3e4cc444dba8d8c1508f9823bfe
SSDEEP

196608:mAV6pK4aCOlzsiwaOX7GpTr/vbCh8Iweq0u8x3bP:54zX7cr/uyIwKu8x3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2d32288f1d9e0377129f565bab429d9_magniber_JC.exe

Files

a2d32288f1d9e0377129f565bab429d9_magniber_JC.exe
.exe windows x86

220586fabbcef0054a4fc9a26fb26a1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
QueryPerformanceFrequency
FormatMessageW
lstrcmpiW
GetLastError
LCMapStringEx
MultiByteToWideChar
QueryPerformanceCounter
ReadDirectoryChangesW
CancelIoEx
FindClose
FindNextFileW
SetConsoleMode
CopyFileW
FindFirstFileW
ReadConsoleInputW
SetConsoleTitleW
GetConsoleTitleW
ScrollConsoleScreenBufferW
SetConsoleCursorPosition
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
SetConsoleCursorInfo
GetConsoleCursorInfo
WriteConsoleInputW
WriteConsoleW
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetLogicalDrives
GetEnvironmentVariableW
GetDateFormatEx
GetTimeFormatEx
GetModuleHandleW
GetProcAddress
GetStdHandle
GetConsoleMode
HeapFree
GetProcessHeap
lstrcmpW
HeapAlloc
GetCurrentProcess
GetLocaleInfoEx
GetFileAttributesExW
CloseHandle
GetFileTime
CreateFileW
GetModuleFileNameW
FileTimeToSystemTime
HeapSize
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
WideCharToMultiByte
SetConsoleOutputCP
SetConsoleCP
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCommandLineW
GetCommandLineA
SetConsoleCtrlHandler
ReadConsoleW
GetConsoleOutputCP
FreeLibraryAndExitThread
ExitThread
TlsFree
SetLastError
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
UnhandledExceptionFilter
InitializeSListHead
GetCPInfo
GetStringTypeW
InitializeCriticalSectionEx
DecodePointer
EncodePointer
AcquireSRWLockShared
ReleaseSRWLockShared
GetNativeSystemInfo
GetExitCodeThread
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileInformationByHandle
FindFirstFileExW
lstrlenW
ReadFile
WriteFile
PeekNamedPipe
WaitNamedPipeW
GetCurrentProcessId
GetFileType
FreeLibrary
LoadLibraryW
CreateFileA
GetFileSizeEx
HeapReAlloc
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LoadLibraryA
OutputDebugStringW
SetFilePointer
SetFilePointerEx
SetErrorMode
GetTickCount
MulDiv
SetThreadExecutionState
ExitProcess
TerminateProcess
GlobalMemoryStatusEx
GetSystemInfo
CreateDirectoryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreW
GetEnvironmentVariableA
SetEnvironmentVariableA
IsDebuggerPresent
RaiseException
CreateThread
GetCurrentThread
SetThreadPriority
Sleep
VerSetConditionMask
DeviceIoControl
GetOverlappedResult
CancelIo
ResetEvent
WaitForSingleObject
CreateEventW
LocalFree
VerifyVersionInfoW
TlsAlloc
TlsGetValue
TlsSetValue
LoadLibraryExW
GlobalAlloc
GlobalUnlock
GlobalLock
CompareStringA
GetModuleHandleExW
GetSystemPowerStatus
GetLocaleInfoA
MoveFileExW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
RtlCaptureContext
SetUnhandledExceptionFilter
InitializeCriticalSection
GetProcessId
VirtualQueryEx
SetNamedPipeHandleState
TransactNamedPipe
SetEvent
WaitForMultipleObjects
FormatMessageA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitOnceComplete
InitOnceBeginInitialize
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
IsProcessorFeaturePresent
VirtualQuery

user32

GetRawInputDeviceInfoA
GetDesktopWindow
SetWindowRgn
MonitorFromWindow
PostThreadMessageW
CreateIconFromResource
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetParent
DialogBoxIndirectParamW
PtInRect
IntersectRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RemovePropW
SetPropW
SetForegroundWindow
SetActiveWindow
GetFocus
SetFocus
FlashWindowEx
SetLayeredWindowAttributes
ShowWindow
CreateWindowExW
EndDialog
SendMessageW
LoadIconW
MessageBoxW
GetDlgItem
DrawTextW
SystemParametersInfoA
GetRawInputDeviceList
SetWindowLongW
MonitorFromRect
RegisterClassW
AttachThreadInput
RegisterRawInputDevices
SystemParametersInfoW
CreateIconIndirect
CopyImage
LoadCursorW
SetCursorPos
ReleaseCapture
SetCapture
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
EnumDisplayDevicesW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
MessageBoxA
TrackMouseEvent
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetMessageExtraInfo
PostMessageW
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
SetWindowPos
IsIconic
GetKeyState
GetAsyncKeyState
SetTimer
KillTimer
GetSystemMetrics
GetMenu
GetForegroundWindow
GetDC
GetUpdateRect
InvalidateRect
ValidateRect
GetPropW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
GetCursorPos
GetClipCursor
ClientToScreen
ScreenToClient
ClipCursor
FillRect
IsRectEmpty
GetWindowLongW
CallNextHookEx
DestroyIcon
GetRawInputData
RegisterWindowMessageA
GetDoubleClickTime
RegisterDeviceNotificationW
UnregisterDeviceNotification
UnregisterClassA
RegisterClassExA
CreateWindowExA
DestroyWindow
OpenClipboard
CloseClipboard
GetClipboardSequenceNumber
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
GetKeyboardLayout
GetKeyboardState
ToUnicode
MapVirtualKeyW
ReleaseDC

advapi32

GetTokenInformation
CryptReleaseContext
CryptAcquireContextA
RegCreateKeyExW
RegOpenKeyExW
GetSecurityInfo
RegQueryValueExW
RegSetValueExW
OpenProcessToken
GetUserNameW
RegDeleteTreeW
RegCreateKeyW
RegSetValueW
RegCloseKey
RegOpenKeyW
CryptGenRandom

shell32

ord155
SHGetKnownFolderPath
SHChangeNotify
ShellExecuteW
SHCreateItemFromParsingName
SHGetFolderPathW
ExtractIconExW
DragFinish
DragQueryFileW
SHOpenFolderAndSelectItems
DragAcceptFiles
ord190

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemFree
CLSIDFromString
PropVariantClear
CoGetApartmentType
CoGetObjectContext
CoUninitialize
CoInitialize

wininet

InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetQueryDataAvailable
InternetSetOptionW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetCrackUrlW

imm32

ImmSetCompositionWindow
ImmNotifyIME
ImmGetCandidateListW
ImmSetCompositionStringW
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetIMEFileNameA
ImmSetCandidateWindow

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

waveInReset
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInClose
waveInOpen
waveInGetDevCapsW
waveInGetNumDevs
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
timeBeginPeriod
timeEndPeriod
waveOutGetNumDevs
waveOutGetDevCapsW
waveOutGetErrorTextW

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
CM_Get_Device_IDA
CM_Get_Parent
CM_Locate_DevNodeA
SetupDiEnumDeviceInfo

bcrypt

BCryptSignHash
BCryptGetProperty
BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptGenerateKeyPair
BCryptFinalizeKeyPair
BCryptImportKeyPair
BCryptExportKey
BCryptVerifySignature
BCryptCreateHash

winhttp

WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpCrackUrl
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpSendRequest

ws2_32

WSACleanup
WSAStartup
setsockopt
getsockopt
WSAIoctl
ntohs
htons
recvfrom
sendto
inet_ntop
recv
send
shutdown
select
connect
closesocket
getnameinfo
accept
listen
bind
WSAGetLastError
socket
freeaddrinfo
getaddrinfo
ioctlsocket

gdi32

SwapBuffers
DeleteObject
CreateCompatibleDC
DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleBitmap
CreateDCW
GetDeviceCaps
GetDIBits
CreateBitmap
GetICMProfileW
GetDeviceGammaRamp
SetDeviceGammaRamp
CombineRgn
CreateRectRgn
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
BitBlt
CreateFontIndirectW
GetTextExtentPoint32A
GetTextMetricsW
CreateSolidBrush

oleaut32

SysFreeString

Sections

.text
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 369KB - Virtual size: 62.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 466KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

220586fabbcef0054a4fc9a26fb26a1a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

wininet

imm32

version

winmm

crypt32

setupapi

bcrypt

winhttp

ws2_32

gdi32

oleaut32

Sections

.text Size: 9.9MB - Virtual size: 9.9MB

.rdata Size: 3.4MB - Virtual size: 3.4MB

.data Size: 369KB - Virtual size: 62.5MB

.rsrc Size: 76KB - Virtual size: 76KB

.reloc Size: 466KB - Virtual size: 466KB

.text
Size: 9.9MB - Virtual size: 9.9MB

.rdata
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 369KB - Virtual size: 62.5MB

.rsrc
Size: 76KB - Virtual size: 76KB

.reloc
Size: 466KB - Virtual size: 466KB