2023-08-26_4791fc1f227c542bc98a7919b3d63051_magniber_revil_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-26_4791fc1f227c542bc98a7919b3d63051_magniber_revil_JC.exe
Size

4.7MB
MD5

4791fc1f227c542bc98a7919b3d63051
SHA1

220ba2c519563b1bd894af3bdd27cfbdd33916ed
SHA256

b6c611a3fa9487d229dba0f6b5f001b92d0af0138408a5766332eb3bc18837fc
SHA512

3aa4cb1a660fafeb2253c0821b2fa0ee23e1bf58d70c90d3446737063c2af66aec1a016d3878a155cd63f756f75c1ef04f51435567d331b8584d2ff87991fb05
SSDEEP

98304:U+Gmc5Oc+B5Rx+C1F8yFnaXdUfC/LAmmfIrYcK1Zs7Li0Ne2u4OO51Y9lXk:1tc1+HRp/FnZC0QbSGB1Y9lXk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-26_4791fc1f227c542bc98a7919b3d63051_magniber_revil_JC.exe

Files

2023-08-26_4791fc1f227c542bc98a7919b3d63051_magniber_revil_JC.exe
.exe windows:5 windows x86

468e85a7d222dd56cf1b95cd9d9af7b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
GetModuleFileNameA
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
VirtualAlloc
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FindResourceW
LoadResource
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
SetEvent
SizeofResource
CreateEventA
LeaveCriticalSection
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
FindFirstFileA
GetModuleFileNameW
InterlockedExchange
GetLastError
EnterCriticalSection
RaiseException
PostQueuedCompletionStatus
CreateMutexA
TlsAlloc
CloseHandle
TlsFree
FindFirstFileW
OpenProcess
CopyFileW
GetFileAttributesW
FindClose
Process32FirstW
Process32NextW
SetConsoleMode
ReadConsoleInputA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreatePipe
GetExitCodeThread
GetConsoleWindow
GetExitCodeProcess
GetSystemTime
GlobalMemoryStatus
FlushConsoleInputBuffer
GetVersion
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
FindNextFileW
CreateToolhelp32Snapshot
DeleteFileW
SetFileAttributesW
GetModuleHandleW
Sleep
lstrcpyW
GetTickCount
GetSystemDirectoryW
SetUnhandledExceptionFilter
TryEnterCriticalSection
CreateMutexW
GetDiskFreeSpaceExW
RemoveDirectoryW
CreateHardLinkW
MoveFileExW
GetFileAttributesExW
GetComputerNameA
GetEnvironmentVariableA
GetLogicalDriveStringsW
ExpandEnvironmentStringsW
GetTempPathW
GetLongPathNameW
CreateDirectoryW
DosDateTimeToFileTime
GetLocalTime
FormatMessageA
OpenEventA
CreateWaitableTimerA
ResetEvent
QueryPerformanceFrequency
ExitThread
InterlockedExchangeAdd
SetConsoleCtrlHandler
GetCurrentProcess
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
DeviceIoControl
FreeLibrary
LoadLibraryW
TerminateThread
GetProcAddress
MoveFileW
GetSystemInfo
GetModuleHandleA
TlsGetValue
HeapAlloc
SetWaitableTimer
GetQueuedCompletionStatus
VerSetConditionMask
HeapFree
InterlockedCompareExchange
SleepEx
WaitForSingleObjectEx
GetProcessHeap
GetSystemTimeAsFileTime
WaitForMultipleObjectsEx
TlsSetValue
InitializeCriticalSectionAndSpinCount
CreateSemaphoreA
TerminateProcess
ReleaseSemaphore
VerifyVersionInfoW
SetLastError
QueueUserAPC
OpenMutexA
CreateEventW
WaitForMultipleObjects
CreateIoCompletionPort
CreateWaitableTimerW
DeleteCriticalSection
GetProcessTimes
CreateThread
CreateFileA
CreateProcessW
WideCharToMultiByte
MultiByteToWideChar
ReleaseMutex
LocalAlloc
LocalFree
GlobalLock
GlobalReAlloc
GlobalUnlock
GlobalHandle
GlobalAlloc
InitializeCriticalSection
LocalReAlloc
GlobalFree
LockResource
lstrlenW
MulDiv
FormatMessageW
SetThreadPriority
ResumeThread
CompareStringW
lstrcmpA
lstrlenA
FileTimeToSystemTime
SystemTimeToFileTime
GetVersionExA
lstrcmpW
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GlobalFlags
GetCurrentDirectoryW
SetFileTime
FileTimeToLocalFileTime
GetLocaleInfoW
CompareStringA
DuplicateHandle
GetFileSize
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FreeResource

user32

GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetForegroundWindow
SetFocus
IsWindow
RemovePropW
GetPropW
SetPropW
GetClassNameW
wsprintfW
MoveWindow
SetWindowLongW
SystemParametersInfoW
GetWindowLongW
DestroyMenu
UpdateWindow
SendMessageW
MessageBoxW
CreatePopupMenu
GetCursorPos
AppendMenuW
LoadIconW
SetForegroundWindow
KillTimer
PostMessageW
TrackPopupMenu
PostQuitMessage
SetTimer
UnhookWindowsHookEx
EnableWindow
IsWindowEnabled
GetLastActivePopup
SetCapture
GetClassLongW
GetCapture
WinHelpW
RegisterWindowMessageW
SetWindowTextW
ShowWindow
ClientToScreen
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
BeginPaint
EndPaint
InvalidateRect
SetCursor
GetClientRect
GetParent
GetWindowThreadProcessId
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
ValidateRect
PeekMessageW
GetKeyState
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
ReleaseCapture
SetRect
GetSysColorBrush
GetSysColor
IsRectEmpty
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMonitorInfoW
MonitorFromWindow
RegisterClassExW
IsZoomed
MonitorFromPoint
SetWindowRgn
CharNextW
CreateCaret
SetCaretPos
GetCaretBlinkTime
GetUpdateRect
UpdateLayeredWindow
CharPrevW
GetWindowRgn
ShowCaret
HideCaret
GetCaretPos
InvalidateRgn
CreateAcceleratorTableW
FindWindowW
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
ReleaseDC
GetDC
GetSystemMetrics
UnionRect
LoadCursorW
GetWindowTextW
GetWindowTextLengthW
CheckMenuItem
EnableMenuItem

gdi32

PtInRegion
GetCharABCWidthsW
GetObjectA
StretchBlt
CreateDIBSection
CreateRoundRectRgn
GetTextMetricsW
CombineRgn
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateSolidBrush
CreatePen
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
CreateRectRgn
SelectClipRgn
SetMapMode
SetStretchBltMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32W
ExtTextOutW
BitBlt
CreateCompatibleDC
CreateFontIndirectW
DeleteObject
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashA
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptDestroyKey
CryptEnumProvidersA
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
OpenServiceW
StartServiceW
RegQueryValueExW
ReportEventW
RegisterEventSourceW
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegQueryValueW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
Shell_NotifyIconW

ole32

CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantChangeType
VariantClear

iphlpapi

GetExtendedTcpTable
GetAdaptersInfo

ws2_32

recvfrom
getpeername
sendto
ntohl
gethostname
getnameinfo
recv
send
shutdown
socket
WSACleanup
WSAStartup
ntohs
closesocket
WSASetLastError
setsockopt
WSAGetLastError
select
WSASend
WSARecv
ioctlsocket
listen
freeaddrinfo
bind
WSASocketW
getaddrinfo
accept
getsockopt
__WSAFDIsSet
getsockname
htonl
connect
WSAIoctl
htons
getservbyname
inet_addr

mswsock

GetAcceptExSockaddrs
AcceptEx

shlwapi

wnsprintfW

dbghelp

MiniDumpWriteDump

oleacc

LresultFromObject
CreateStdAccessibleObject

comctl32

_TrackMouseEvent
ord17

gdiplus

GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipCloneImage
GdipDrawPath
GdipImageSelectActiveFrame
GdipLoadImageFromStream
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdiplusStartup
GdipCreateFromHDC
GdipDrawImageRectI
GdipAddPathArcI
GdipDrawRectangleI
GdipSetPenMode
GdipDrawLineI
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipFillRectangleI
GdipDrawString
GdipMeasureString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteGraphics

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

crypt32

CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 717KB - Virtual size: 717KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 597KB - Virtual size: 597KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

468e85a7d222dd56cf1b95cd9d9af7b6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

iphlpapi

ws2_32

mswsock

shlwapi

dbghelp

oleacc

comctl32

gdiplus

imm32

crypt32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 717KB - Virtual size: 717KB

.data Size: 96KB - Virtual size: 134KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 597KB - Virtual size: 597KB

.reloc Size: 201KB - Virtual size: 201KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 717KB - Virtual size: 717KB

.data
Size: 96KB - Virtual size: 134KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 597KB - Virtual size: 597KB

.reloc
Size: 201KB - Virtual size: 201KB