2024-01-06_5e2829990a9ded498e47d3eb529b8a44_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-06_5e2829990a9ded498e47d3eb529b8a44_magniber_revil
Size

7.4MB
MD5

5e2829990a9ded498e47d3eb529b8a44
SHA1

feb84fa539501406e27c3b261c5d10b3f6d851d8
SHA256

0ebab13c701c0bfcb9bc8e30fe47279f63a770ac47479eae9f36187fe98a5661
SHA512

ff43b93ec1b6f80efcf8f7f053b208822b15718e2e0c66fb02042a8dfbc38722b97c8999812e3a75fcd3bbd479b288c01ac7b4e66ff5d1847af0c45bc617f021
SSDEEP

98304:AruMv+uP00//6XNBc9y7w6y9GsYEEqwQt1H9G6P8BFswuzEk1c2bAbCZPbhHiyAF:A3GuP0m69W6DQt1HZPAuzdjV9HiyGv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-06_5e2829990a9ded498e47d3eb529b8a44_magniber_revil

Files

2024-01-06_5e2829990a9ded498e47d3eb529b8a44_magniber_revil
.exe windows:6 windows x86 arch:x86

690b426f5a4d51aa1285e57e7eac2035

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipDeleteGraphics
GdipDeleteRegion
GdipGetClip
GdipGetImageHeight
GdipSetInfinite
GdipSetClipRegion
GdipCreateRegion
GdipCreatePath
GdipCreateFromHDC
GdipSetSmoothingMode
GdipGraphicsClear
GdiplusShutdown
GdiplusStartup
GdipImageRotateFlip
GdipGetImagePixelFormat
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromResource
GdipCreateBitmapFromStream
GdipAddPathLine2I
GdipClosePathFigure
GdipAddPathArcI
GdipResetPath
GdipFillPath
GdipCreateSolidFill
GdipDeletePen
GdipDrawPath
GdipSetPenDashStyle
GdipCreatePen1
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateTextureIAI
GdipSetImageAttributesColorKeys
GdipSetImageAttributesWrapMode
GdipDrawImagePointRectI
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDrawImageRectRectI
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromHBITMAP
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeletePath
GdipCombineRegionPath
GdipGetImageWidth

usp10

ScriptStringAnalyse
ScriptString_pLogAttr
ScriptStringFree
ScriptString_pcOutChars
ScriptString_pSize
ScriptStringXtoCP
ScriptStringGetOrder
ScriptStringGetLogicalWidths
ScriptStringCPtoX
ScriptStringOut

crypt32

CertDuplicateCertificateContext
CertGetCertificateContextProperty
CryptDecodeObject
CryptMsgClose
CryptQueryObject
CertFindCertificateInStore
CertGetNameStringW
CryptHashCertificate
CertOpenStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertCloseStore
CertEnumCertificatesInStore
CryptMsgGetParam
CertOpenSystemStoreW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
__WSAFDIsSet
select
bind
WSAIoctl
closesocket
WSASetLastError
getpeername
getsockname
socket
ntohs
htonl
gethostname
shutdown
connect
getsockopt
htons
setsockopt
send
recv
WSAGetLastError
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACleanup
WSAStartup
getaddrinfo
getnameinfo

kernel32

MoveFileExW
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
DeleteFileW
Sleep
GetCurrentProcess
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetTickCount
CreateFileW
HeapFree
QueryPerformanceFrequency
GetProcessHeap
lstrcmpiW
QueryPerformanceCounter
FindResourceW
LCMapStringA
GetStringTypeExA
GetUserDefaultLCID
GetDiskFreeSpaceExW
LoadLibraryA
LoadLibraryW
HeapAlloc
GetProcAddress
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetCurrentProcessId
GetLocalTime
ReadFile
GetFileSizeEx
WriteFile
RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
GetExitCodeProcess
EnumResourceNamesW
SizeofResource
GetModuleFileNameW
MultiByteToWideChar
LoadResource
GetModuleHandleW
SetDllDirectoryW
LoadLibraryExW
VerSetConditionMask
VerifyVersionInfoW
FileTimeToSystemTime
SystemTimeToFileTime
TerminateProcess
OpenProcess
OpenMutexW
GetSystemDirectoryW
SleepEx
GetEnvironmentVariableA
GetStdHandle
WaitForMultipleObjects
PeekNamedPipe
GetFileType
CompareFileTime
GetSystemTimeAsFileTime
WaitForSingleObjectEx
GetEnvironmentVariableW
CreateEventA
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
FindClose
FindFirstFileW
FindNextFileW
GetSystemTime
InitializeCriticalSection
OutputDebugStringW
GetStringTypeExW
LCMapStringW
MulDiv
ExpandEnvironmentStringsW
GetLongPathNameW
CreateDirectoryW
CopyFileW
DeviceIoControl
GetSystemInfo
GetNativeSystemInfo
LocalAlloc
ProcessIdToSessionId
GetVolumeInformationW
GetVersionExW
lstrcpyW
lstrcatW
CreateProcessW
CreatePipe
SetHandleInformation
HeapReAlloc
GetComputerNameW
GetCurrentThread
GetLogicalDriveStringsW
GetDriveTypeW
GetModuleHandleA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GlobalSize
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
K32GetProcessImageFileNameW
FindFirstVolumeW
GetVolumePathNamesForVolumeNameW
QueryDosDeviceW
FindNextVolumeW
FindVolumeClose
K32EnumProcessModules
K32GetModuleFileNameExW
lstrlenW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetFilePointer
MoveFileW
SetFilePointerEx
GetTimeFormatW
GetDateFormatW
LockResource
GetLogicalDrives
DeleteVolumeMountPointW
DefineDosDeviceW
GetVolumeNameForVolumeMountPointW
FormatMessageA
GlobalMemoryStatusEx
GetLocaleInfoW
CreateEventW
CreateNamedPipeW
GetLocaleInfoA
CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer
lstrcmpA
FileTimeToLocalFileTime
lstrcpynW
RemoveVectoredExceptionHandler
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
K32GetProcessMemoryInfo
IsBadReadPtr
VirtualQuery
FreeResource
GetFileSize
CreateSemaphoreA
DuplicateHandle
ReleaseSemaphore
WideCharToMultiByte
FreeLibrary
LocalFree
CloseHandle
SetEvent
FormatMessageW
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitOnceComplete
InitOnceBeginInitialize
EncodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
ResetEvent
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
ResumeThread
CreateWaitableTimerA
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
RtlUnwind
WriteConsoleW
GetFileAttributesExW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
CreateThread
ExitThread
FreeLibraryAndExitThread
GetLastError
SetConsoleCtrlHandler
ExitProcess
GetCommandLineA
GetCommandLineW
GetConsoleOutputCP
HeapSize
GetTempPathW
CompareStringW
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
SetEnvironmentVariableW
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEndOfFile
GetModuleFileNameA
GetConsoleMode
SetVolumeMountPointW

user32

HideCaret
InsertMenuW
TrackPopupMenu
UpdateLayeredWindow
ScreenToClient
IsCharAlphaNumericA
SetWindowRgn
IntersectRect
ClientToScreen
KillTimer
SetTimer
EnableWindow
GetClipboardData
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ExitWindowsEx
GetMessageExtraInfo
wsprintfW
GetUserObjectInformationW
GetProcessWindowStation
FindWindowExW
GetWindowTextLengthW
GetMenuItemInfoW
AllowSetForegroundWindow
MonitorFromPoint
GetMenuItemCount
LockSetForegroundWindow
MessageBeep
CreatePopupMenu
GetActiveWindow
IsDialogMessageW
DestroyMenu
BringWindowToTop
TranslateAcceleratorW
LoadIconW
TrackPopupMenuEx
RemoveMenu
AppendMenuW
PostQuitMessage
DialogBoxParamW
GetMessageW
LoadMenuW
MessageBoxW
GetSystemMetrics
LoadAcceleratorsW
LoadStringW
GetClassInfoW
DispatchMessageW
CopyRect
ShowCaret
CharNextW
TranslateMessage
UpdateWindow
SetForegroundWindow
LoadImageW
GetWindow
MonitorFromWindow
EndDialog
GetWindowInfo
GetMonitorInfoW
MapWindowPoints
EnumWindows
GetWindowDC
SetWindowTextW
MoveWindow
InvalidateRect
LoadStringA
GetDC
ReleaseDC
GetFocus
RegisterClassExW
IsWindowEnabled
SetRect
GetClassInfoExW
InflateRect
IsZoomed
DrawTextW
IsIconic
GetCapture
TrackMouseEvent
SetFocus
SetCapture
ReleaseCapture
GetCursorPos
PostMessageW
ShowWindow
RedrawWindow
GetDlgItem
GetWindowLongW
DefWindowProcW
AdjustWindowRectEx
CallWindowProcW
GetWindowRect
DestroyWindow
IsWindowVisible
SetWindowPos
EnumChildWindows
CreateWindowExW
SendMessageW
IsWindow
OffsetRect
LoadCursorW
SetCursor
SetWindowLongW
GetClientRect
GetParent
PtInRect
BeginPaint
EndPaint
UnregisterClassW
CreateCaret
DestroyCaret
GetKeyState
SetActiveWindow
RegisterClassW
SetCaretPos
PeekMessageW

gdi32

StartPage
EndPage
GetBkColor
SetTextAlign
GetTextColor
GetDeviceCaps
CombineRgn
CreateRectRgn
GetDIBits
ExtCreatePen
LineTo
MoveToEx
ExcludeClipRect
SetViewportOrgEx
CreatePolygonRgn
GetTextMetricsW
TextOutW
CreateDIBSection
CreateRoundRectRgn
ExtTextOutW
CreateFontW
GetObjectW
SetBrushOrgEx
SetStretchBltMode
DeleteDC
CreateCompatibleDC
SelectObject
SaveDC
CreateCompatibleBitmap
BitBlt
SetBkMode
SetTextColor
CreateSolidBrush
GetTextExtentPoint32W
CreatePen
Rectangle
RestoreDC
DeleteObject
ExtSelectClipRgn
IntersectClipRect
SetBkColor
SelectClipRgn

advapi32

ConvertSidToStringSidW
RegEnumValueW
RevertToSelf
RegSaveKeyExW
LookupAccountNameW
ControlService
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorGroup
AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
InitializeAcl
SetEntriesInAclW
SetNamedSecurityInfoW
OpenProcessToken
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
RegSetKeySecurity
AddAccessAllowedAce
SetSecurityDescriptorDacl
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
DuplicateToken
OpenThreadToken
FreeSid

shell32

ShellExecuteW
SHOpenFolderAndSelectItems
SHParseDisplayName

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SysAllocString
VariantInit
VarUI4FromStr
VariantClear
SysFreeString

shlwapi

ord1
StrCmpNIW
StrCmpIW

comctl32

ord410
ord413
ord412

msimg32

AlphaBlend

bcrypt

BCryptGenRandom

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 910KB - Virtual size: 910KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 772KB - Virtual size: 776KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

690b426f5a4d51aa1285e57e7eac2035

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

usp10

crypt32

version

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

bcrypt

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 910KB - Virtual size: 910KB

.data Size: 121KB - Virtual size: 170KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 772KB - Virtual size: 776KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 910KB - Virtual size: 910KB

.data
Size: 121KB - Virtual size: 170KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 772KB - Virtual size: 776KB