2023-08-23_2428a2403f5053d4b23a9f10d4929d86_magniber_revil_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2023-08-23_2428a2403f5053d4b23a9f10d4929d86_magniber_revil_JC.exe
Size

5.2MB
MD5

2428a2403f5053d4b23a9f10d4929d86
SHA1

14775c283c10ace9b898d57beb403224a0266dbf
SHA256

4c0083a5f1379c7128a7e1e65f4091f401a7e44da0e584d418cb62b476da71dd
SHA512

87f2e6008240e52649a80b4cd732b87959f59e3c0c4262c5e1a79fe747570af81948c18c187064ae8de668c0c343ddd7ae0f1dd25b37186ddfa2bc28a45747fa
SSDEEP

98304:tq9RjTjO8N0m8txzJ7YGuitvtmTd6zlf17YpiyTilv7e2uWorUaQY9zm:tq9RrOnPYGuiVttlf17YcZBhY9zm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-23_2428a2403f5053d4b23a9f10d4929d86_magniber_revil_JC.exe

Files

2023-08-23_2428a2403f5053d4b23a9f10d4929d86_magniber_revil_JC.exe
.exe windows x86

ef2a15acf0b7f28df331abab4e077bd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ord143
ord50
ord26
ord30
ord200
ord32
ord217
ord79
ord33
ord301
ord27
ord41
ord46
ord211
ord22
ord35
ord60

kernel32

CompareStringA
GetLocaleInfoW
FileTimeToLocalFileTime
SetFileTime
GetCurrentDirectoryW
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
SetConsoleCtrlHandler
ExitThread
GetTimeFormatA
GetDateFormatA
GetStartupInfoW
HeapReAlloc
HeapSize
ExitProcess
GetTimeZoneInformation
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
VirtualAlloc
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetSystemDirectoryA
QueryPerformanceFrequency
VerifyVersionInfoA
CompareFileTime
GetEnvironmentVariableA
PeekNamedPipe
MoveFileExA
SetFilePointer
ReadFile
GetConsoleScreenBufferInfo
GlobalFlags
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetVersionExA
SystemTimeToFileTime
FileTimeToSystemTime
lstrlenA
lstrcmpA
CompareStringW
ResumeThread
SetThreadPriority
FormatMessageW
MulDiv
GetCurrentDirectoryA
GetFullPathNameA
DeleteFileA
SetConsoleMode
ReadConsoleInputA
GetFileInformationByHandle
GetFileAttributesA
FindFirstFileA
GetDriveTypeA
DosDateTimeToFileTime
GetLocalTime
TryEnterCriticalSection
CreateMutexW
GetDiskFreeSpaceExW
RemoveDirectoryW
CreateHardLinkW
MoveFileExW
GetFileAttributesExW
GetComputerNameA
GetLogicalDriveStringsW
ExpandEnvironmentStringsW
GetLongPathNameW
FormatMessageA
OpenEventA
CreateWaitableTimerA
ResetEvent
GetSystemTime
GlobalMemoryStatus
GetVersion
FlushConsoleInputBuffer
SetConsoleTextAttribute
CreatePipe
GetExitCodeThread
GetConsoleWindow
GetExitCodeProcess
lstrlenW
LockResource
GlobalFree
LocalReAlloc
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
LocalFree
SetUnhandledExceptionFilter
DuplicateHandle
FlushFileBuffers
SetEndOfFile
GetFileSize
CreateSemaphoreA
CreateEventA
ReleaseSemaphore
CloseHandle
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
SleepEx
SetEvent
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
CreateIoCompletionPort
VerifyVersionInfoW
VerSetConditionMask
InterlockedCompareExchange
HeapFree
GetProcessHeap
TlsGetValue
TlsSetValue
TlsFree
SetWaitableTimer
PostQueuedCompletionStatus
WaitForSingleObject
InterlockedExchangeAdd
Sleep
TerminateProcess
OpenProcess
HeapAlloc
GetPrivateProfileStringA
TlsAlloc
CreateEventW
QueueUserAPC
TerminateThread
GetCurrentThreadId
CreateThread
GetProcessTimes
WriteFile
lstrcpyW
FindFirstFileW
FindNextFileW
CopyFileW
FindClose
GetFileAttributesW
SetFileAttributesW
FindResourceW
LoadResource
SizeofResource
FreeResource
GetSystemDirectoryW
MoveFileW
GetModuleHandleA
GetCurrentProcess
GetModuleHandleW
GetSystemInfo
CreateFileW
CreateMutexA
ReleaseMutex
WritePrivateProfileStringA
OutputDebugStringA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetNativeSystemInfo
LocalAlloc
LoadLibraryW
GetProcAddress
FreeLibrary
CreateProcessW
CreateFileA
DeviceIoControl
GetEnvironmentVariableW
GetTickCount
DeleteFileW
InitializeCriticalSection
GetTempPathW
CreateDirectoryW
GetPrivateProfileIntW
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
GetModuleFileNameW
OpenMutexA
GetCurrentProcessId
WaitForMultipleObjectsEx
WaitForSingleObjectEx
CreateWaitableTimerW
WaitForMultipleObjects
SetLastError
GetQueuedCompletionStatus

user32

GetProcessWindowStation
GetUserObjectInformationW
GetSubMenu
GetMenuItemCount
SetCursor
InvalidateRect
EndPaint
BeginPaint
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
ClientToScreen
ShowWindow
ReleaseCapture
SetRect
GetMenuItemID
GetMenuState
ValidateRect
PeekMessageW
GetKeyState
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
GetSysColorBrush
GetSysColor
wsprintfW
MoveWindow
SystemParametersInfoW
SetWindowLongW
GetWindowLongW
SetWindowTextW
RegisterWindowMessageW
WinHelpW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
CopyRect
PtInRect
GetDlgCtrlID
IsRectEmpty
UnionRect
SetWindowsHookExW
AppendMenuW
CreatePopupMenu
LoadIconW
DestroyMenu
MessageBoxW
TrackPopupMenu
SetForegroundWindow
GetCursorPos
PostMessageW
SendMessageW
KillTimer
SetTimer
UpdateWindow
PostQuitMessage
UnhookWindowsHookEx
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetParent
GetWindowThreadProcessId
FindWindowW
CreateAcceleratorTableW
InvalidateRgn
GetCaretPos
HideCaret
ShowCaret
CharPrevW
GetWindowRgn
CharNextW
UpdateLayeredWindow
GetUpdateRect
ReleaseDC
GetCaretBlinkTime
SetCaretPos
CreateCaret
SetWindowRgn
MonitorFromPoint
IsZoomed
DefWindowProcW
CallWindowProcW
GetMenu
RegisterClassExW
SetCapture
GetCapture
MonitorFromWindow
GetMonitorInfoW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
MessageBoxA

gdi32

GetTextExtentPoint32W
ExtTextOutW
BitBlt
CreateFontIndirectW
DeleteObject
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
GetStockObject
CreateSolidBrush
CreateCompatibleBitmap
SaveDC
CombineRgn
GetTextMetricsW
RestoreDC
SetBkMode
SelectClipRgn
CreateRectRgn
PtVisible
RectVisible
TextOutW
Escape
SelectObject
SetViewportOrgEx
SetStretchBltMode
SetMapMode
CreateRectRgnIndirect
GetObjectA
CreateRoundRectRgn
CreateDIBSection
PtInRegion
StretchBlt
GetCharABCWidthsW
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateCompatibleDC
DeleteDC
CreatePen

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

CryptCreateHash
CloseServiceHandle
CryptDecrypt
ReportEventW
RegisterEventSourceW
CryptGenRandom
CryptSetHashParam
CryptSignHashA
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptAcquireContextA
CryptGetProvParam
CryptDestroyKey
CryptReleaseContext
CryptEnumProvidersA
RegisterEventSourceA
EnumServicesStatusA
ReportEventA
DeregisterEventSource
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegQueryValueExW
StartServiceW
DeleteService
CreateServiceW
OpenServiceW
RegOpenKeyExW
RegCloseKey
OpenSCManagerW
RegOpenKeyW

shell32

SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHGetPathFromIDListW

ole32

OleLockRunning
CLSIDFromString
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid
CoTaskMemFree
CLSIDFromProgID

oleaut32

VariantClear
VariantChangeType
SysFreeString
SysAllocString
VariantInit

iphlpapi

GetExtendedTcpTable
GetAdaptersInfo

crypt32

CertOpenStore
CertGetCertificateContextProperty
CertOpenSystemStoreA
CertFindCertificateInStore
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext

shlwapi

wnsprintfW

ws2_32

recvfrom
getnameinfo
inet_addr
gethostbyname
gethostname
WSACreateEvent
WSAEventSelect
WSACloseEvent
WSAEnumNetworkEvents
sendto
socket
recv
send
__WSAFDIsSet
WSAIoctl
connect
accept
getaddrinfo
listen
freeaddrinfo
WSARecv
select
shutdown
getsockname
getpeername
getsockopt
ntohs
closesocket
ioctlsocket
WSAStringToAddressA
WSASocketW
WSASend
setsockopt
bind
WSAGetLastError
htons
htonl
ntohl
WSASetLastError
WSACleanup
WSAStartup
getservbyname

mswsock

AcceptEx
GetAcceptExSockaddrs

gdiplus

GdipDrawRectangleI
GdipLoadImageFromStream
GdipImageSelectActiveFrame
GdipDrawImageRectI
GdipCloneImage
GdiplusStartup
GdipDisposeImage
GdipGetImageHeight
GdipGetImageWidth
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipMeasureString
GdipDrawString
GdipFillRectangleI
GdipCreatePen1
GdipDeletePen
GdipSetPenDashStyle
GdipDrawLineI
GdipSetPenMode
GdipCreateFontFromDC
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipDrawPath
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem

dbghelp

MiniDumpWriteDump

oleacc

CreateStdAccessibleObject
LresultFromObject

comctl32

ord17
_TrackMouseEvent

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 779KB - Virtual size: 778KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 97KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 614KB - Virtual size: 614KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef2a15acf0b7f28df331abab4e077bd2

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

iphlpapi

crypt32

shlwapi

ws2_32

mswsock

gdiplus

dbghelp

oleacc

comctl32

imm32

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 779KB - Virtual size: 778KB

.data Size: 97KB - Virtual size: 136KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 614KB - Virtual size: 614KB

.reloc Size: 216KB - Virtual size: 215KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 779KB - Virtual size: 778KB

.data
Size: 97KB - Virtual size: 136KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 614KB - Virtual size: 614KB

.reloc
Size: 216KB - Virtual size: 215KB