2024-01-10_267187154f0f958affea4fe54108cb67_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-10_267187154f0f958affea4fe54108cb67_magniber_revil
Size

3.4MB
MD5

267187154f0f958affea4fe54108cb67
SHA1

796e722838f5a8af7aad8eec4af7dba81b2a907c
SHA256

b0d150a5372a95ff3dcf895a2c11ab708adf208a59b4c41734278d37acbfb52f
SHA512

131718a03d5204a321baed65a837a09fb59c9c472df077330cc336b64b456e50ff6cf2ca540f698996d29bd976711d4ef8b6e078cb638252710b436b7f667e7f
SSDEEP

49152:S4NhOdsyU13dN7SOCrODSJFYbSsOQegjqJrxwgEstRhaI1YzYxcNl:XqsySSOWOG7YjOQFUEXI1YExc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-10_267187154f0f958affea4fe54108cb67_magniber_revil

Files

2024-01-10_267187154f0f958affea4fe54108cb67_magniber_revil
.exe windows:6 windows x86 arch:x86

b00868a16a796ec93672a3f2cddb178a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

crypt32

CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertDeleteCertificateFromStore
CryptAcquireCertificatePrivateKey
CertStrToNameW
CertOpenStore
CryptMsgCalculateEncodedLength
CertFindCertificateInStore
CertSetCertificateContextProperty
CryptEncodeObject
CryptMsgGetParam
CertStrToNameA
CertCloseStore
CryptSignAndEncodeCertificate
PFXExportCertStore
CryptMsgControl
CryptMsgOpenToDecode
CertAddEncodedCertificateToStore
CryptMsgOpenToEncode
CertFreeCertificateContext
CertCreateSelfSignCertificate
CryptExportPublicKeyInfo
CryptMsgUpdate
CryptMsgClose
CertAddCertificateContextToStore

ncrypt

NCryptFinalizeKey
BCryptCreateHash
NCryptSetProperty
BCryptHashData
NCryptFreeObject
NCryptCreatePersistedKey
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptGenRandom
NCryptOpenStorageProvider
BCryptOpenAlgorithmProvider
BCryptGetProperty

dbghelp

SymGetModuleBase64
MiniDumpWriteDump
SymFunctionTableAccess64
SymGetLineFromAddr64
SymInitialize
StackWalk64
SymFromAddr

iphlpapi

GetAdaptersInfo
SendARP
ConvertLengthToIpv4Mask
GetAdaptersAddresses

ws2_32

setsockopt
WSACleanup
bind
closesocket
ntohl
sendto
inet_addr
WSAGetLastError
WSAStartup
ioctlsocket
socket
ntohs
gethostname
recvfrom
htonl
htons
recv
FreeAddrInfoW
select
gethostbyname
getaddrinfo
freeaddrinfo
getnameinfo
WSASetLastError
GetAddrInfoW
WSAIoctl
shutdown
connect
getsockopt
__WSAFDIsSet
accept
listen
WSASocketW
getsockname
send

wintrust

WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA
WTSQuerySessionInformationA

gdiplus

GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipLoadImageFromStreamICM
GdipFree
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders

winhttp

WinHttpGetIEProxyConfigForCurrentUser

wininet

InternetSetOptionA
InternetCloseHandle
InternetQueryOptionA
HttpQueryInfoA
HttpAddRequestHeadersA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA

kernel32

InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
LoadLibraryExW
RaiseException
ExitProcess
HeapValidate
GetSystemInfo
FindFirstFileExW
CreateDirectoryW
DeleteFileW
MoveFileExW
GetTimeZoneInformation
SetStdHandle
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
GetCommandLineA
GetCommandLineW
GetStartupInfoW
GetDateFormatW
GetTimeFormatW
RtlUnwind
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
LoadLibraryExA
GetFullPathNameA
GetSystemPowerStatus
ResumeThread
SetCurrentDirectoryA
Sleep
GetLastError
CloseHandle
CreateThread
GetProcAddress
FreeLibrary
WideCharToMultiByte
CreateProcessA
Process32First
TerminateProcess
SetFilePointerEx
CreateToolhelp32Snapshot
ProcessIdToSessionId
LoadLibraryA
Process32Next
WTSGetActiveConsoleSessionId
ReadProcessMemory
ReadFile
GetModuleFileNameW
GetCurrentThreadId
GetVersionExA
SleepEx
SetSystemPowerState
GetCurrentProcess
SetThreadExecutionState
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLocalTime
DeleteCriticalSection
CopyFileA
DeleteFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
HeapFree
HeapAlloc
GetProcessHeap
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
SetEvent
WaitForSingleObjectEx
CreateEventA
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
CancelIo
FindFirstFileW
FindNextFileW
RemoveDirectoryW
GetDriveTypeA
FindFirstVolumeA
FindClose
GetVolumePathNamesForVolumeNameA
GetFileAttributesExW
CreateFileA
ReadDirectoryChangesW
FindNextVolumeA
FindVolumeClose
GetDiskFreeSpaceExA
MultiByteToWideChar
GetModuleHandleExA
QueueUserAPC
OpenThread
DeviceIoControl
ResetEvent
GetOverlappedResult
CreateNamedPipeA
LocalFree
ConnectNamedPipe
SetConsoleOutputCP
IsDebuggerPresent
GetCurrentDirectoryA
CancelSynchronousIo
GetThreadId
SetEnvironmentVariableA
GetCurrentProcessId
GetEnvironmentStrings
FreeEnvironmentStringsA
MoveFileA
RtlCaptureContext
CreateFileW
SuspendThread
DuplicateHandle
ExitThread
DecodePointer
GetCurrentThread
GetThreadContext
GetTickCount
WriteFileEx
WaitForMultipleObjectsEx
ReadFileEx
CancelIoEx
GetExitCodeProcess
SetConsoleCtrlHandler
GetTempPathA
GlobalFree
FreeConsole
RemoveDirectoryA
CreateDirectoryA
SetLastError
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetFileType
GetModuleHandleW
FormatMessageW
SwitchToFiber
DeleteFiber
CreateFiber
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryW
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetFileSizeEx
HeapReAlloc
HeapSize
HeapQueryInformation
GetCPInfo
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
OutputDebugStringW
IsValidCodePage
UnhandledExceptionFilter
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
WriteConsoleW
SetEndOfFile
OpenProcess
GetModuleHandleA

user32

ExitWindowsEx
GetUserObjectInformationA
CloseWindowStation
EnumDisplayMonitors
GetSystemMetrics
SetThreadDesktop
GetThreadDesktop
CloseDesktop
OpenWindowStationA
OpenDesktopA
GetMonitorInfoA
SetProcessWindowStation
OpenInputDesktop
SendMessageA
FindWindowA
LoadCursorA
GetDC
GetIconInfo
GetCursorInfo
MapVirtualKeyA
GetForegroundWindow
DrawIconEx
SetForegroundWindow
ReleaseDC
SendInput
SetProcessDPIAware
EnableWindow
SetWindowTextA
SetWindowPlacement
ShowWindow
GetWindowPlacement
DialogBoxParamA
EndDialog
GetProcessWindowStation
GetUserObjectInformationW
GetDlgItem
MessageBeep
MessageBoxW

gdi32

DeleteObject
DeleteDC
StretchBlt
BitBlt
SetStretchBltMode
GetDIBits
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetObjectA

advapi32

InitiateSystemShutdownA
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CreateServiceA
StartServiceCtrlDispatcherA
QueryServiceStatus
CloseServiceHandle
AllocateAndInitializeSid
SetServiceStatus
OpenSCManagerA
RegisterServiceCtrlHandlerExA
DeleteService
ControlService
StartServiceA
FreeSid
CheckTokenMembership
ChangeServiceConfig2A
OpenServiceA
SetTokenInformation
SetSecurityDescriptorDacl
SetEntriesInAclA
InitializeSecurityDescriptor
CryptDestroyKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyA
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
ImpersonateLoggedOnUser
CreateProcessAsUserA
RevertToSelf
CryptCreateHash
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptReleaseContext
RegQueryValueExW
RegSetValueExW
RegCreateKeyW
RegOpenKeyExW

shell32

SHGetFolderPathA
ShellExecuteExA

ole32

CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

SysStringLen
SysAllocString
SysFreeString

userenv

CreateEnvironmentBlock

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 501KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 625KB - Virtual size: 773KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b00868a16a796ec93672a3f2cddb178a

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

crypt32

ncrypt

dbghelp

iphlpapi

ws2_32

wintrust

version

wtsapi32

gdiplus

winhttp

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

userenv

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 501KB - Virtual size: 500KB

.data Size: 625KB - Virtual size: 773KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 89KB - Virtual size: 88KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 501KB - Virtual size: 500KB

.data
Size: 625KB - Virtual size: 773KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 89KB - Virtual size: 88KB