2024-01-11_955612e64a1b8f551864f51727b7c32b_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-11_955612e64a1b8f551864f51727b7c32b_magniber
Size

5.1MB
MD5

955612e64a1b8f551864f51727b7c32b
SHA1

d77a66e9ce45767061e3741bf704eeaeae16ad2c
SHA256

2a9507507edfd12cc9320b0f93bd4b127c3611147ee26bc15ae97331a23286ce
SHA512

c92d860b728e5cd47d183e6dd1f2bdcf804051549367a4c94fc3a48953a2ab3e4143347fe0d164607f50553507bb43239334c2cd1c2e2e1f816c176bb0acee6c
SSDEEP

98304:93aWtg4sWVZ3/1+QTmhjOygn+hUIofsL3vTLc8gCyJvSo+4RG+4Np60:ZaWtg4saZ41wygn+mIoEL/TLSvJ7RG++

Score

1^/10

Malware Config

Signatures

Files

2024-01-11_955612e64a1b8f551864f51727b7c32b_magniber
.exe windows:5 windows x86 arch:x86

dd4accb175f59acb7dbe8f76556793c0

Code Sign

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

10/06/2015, 13:42

Not After

10/11/2030, 14:12

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:14:56:ad:01:8c:6f:e3:00:00:00:00:55:64:f8:f2
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

18/12/2015, 08:33

Not After

18/12/2018, 09:02

Subject

SERIALNUMBER=310113001373438,CN=ShangHai Xiong Mao HuYu WenHua YouXianGongSi,O=ShangHai Xiong Mao HuYu WenHua YouXianGongSi,L=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

10/06/2015, 13:42

Not After

10/11/2030, 14:12

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:14:56:ad:01:8c:6f:e3:00:00:00:00:55:64:f8:f2
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

18/12/2015, 08:33

Not After

18/12/2018, 09:02

Subject

SERIALNUMBER=310113001373438,CN=ShangHai Xiong Mao HuYu WenHua YouXianGongSi,O=ShangHai Xiong Mao HuYu WenHua YouXianGongSi,L=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b7:a3:cd:0b:eb:e5:92:a6:41:fd:31:c2:9b:57:98:17:ee:4d:12:9d:59:51:d2:70:81:8d:69:d8:76:60:d2:e5
Signer

Actual PE Digest

b7:a3:cd:0b:eb:e5:92:a6:41:fd:31:c2:9b:57:98:17:ee:4d:12:9d:59:51:d2:70:81:8d:69:d8:76:60:d2:e5

Digest Algorithm

sha256

PE Digest Matches

true

48:3e:e3:f3:c6:4c:86:d5:75:08:24:9f:d7:6f:59:f5:78:7f:29:99
Signer

Actual PE Digest

48:3e:e3:f3:c6:4c:86:d5:75:08:24:9f:d7:6f:59:f5:78:7f:29:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryW
DosDateTimeToFileTime
SetFileTime
GetLongPathNameW
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
GetSystemTime
CreateThread
TerminateThread
GetCurrentProcessId
OutputDebugStringW
FreeLibrary
FindFirstFileW
CopyFileW
GetTempFileNameW
GetTempPathW
GetPrivateProfileStringW
GetModuleFileNameW
TerminateProcess
DeleteFileW
SetFileAttributesW
ReadFile
GetFileSize
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
SetEnvironmentVariableA
WriteConsoleW
FlushFileBuffers
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
SetStdHandle
HeapDestroy
GetCurrentThread
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SystemTimeToFileTime
LoadLibraryW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
CreateMutexW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
FatalAppExitA
RtlUnwind
GetCommandLineW
AreFileApisANSI
GetModuleHandleExW
ExitThread
GetFileAttributesExW
IsBadWritePtr
IsBadReadPtr
CreateWaitableTimerW
TlsFree
TlsSetValue
TlsAlloc
CancelWaitableTimer
SetWaitableTimer
ResetEvent
lstrcmpA
ExpandEnvironmentStringsW
WaitForMultipleObjects
GetExitCodeProcess
SearchPathW
SetProcessWorkingSetSize
LocalAlloc
VirtualQuery
GetWindowsDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
OpenProcess
ExitProcess
GetProcessTimes
SetErrorMode
GetShortPathNameW
GetFileTime
FileTimeToLocalFileTime
GetStringTypeW
EncodePointer
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
SetFilePointer
GetFileType
DuplicateHandle
SetEndOfFile
GetFileAttributesW
DecodePointer
GetLocaleInfoW
LoadLibraryExW
LocalFree
lstrlenW
GetVolumeInformationW
DeviceIoControl
GetModuleHandleW
GetProcAddress
GetLastError
CreateDirectoryW
RemoveDirectoryW
FindResourceExW
FreeResource
MoveFileW
GetPrivateProfileIntW
MoveFileExW
WritePrivateProfileStringW
CreateProcessW
SetLastError
MulDiv
GetTickCount
Sleep
ResumeThread
SuspendThread
GetVersion
SetEvent
CreateEventW
lstrcatW
lstrcpynW
GlobalFree
GlobalAlloc
lstrcmpW
GetCurrentThreadId
RaiseException
InitializeCriticalSectionAndSpinCount
FlushInstructionCache
GetVersionExW
Process32NextW
lstrcmpiW
lstrcpyW
Process32FirstW
CreateToolhelp32Snapshot
ReleaseSemaphore
CreateSemaphoreW
TryEnterCriticalSection
GlobalUnlock
GlobalSize
TlsGetValue
GlobalLock
FindClose
LCMapStringW
FindNextFileW
SizeofResource
WriteFile
CreateFileW
LockResource
LoadResource
FindResourceW
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
GetStdHandle
LoadLibraryExA

user32

FindWindowW
WaitForInputIdle
LoadStringW
GetDesktopWindow
SetActiveWindow
MessageBoxW
GetMonitorInfoW
CopyRect
GetSystemMetrics
MonitorFromPoint
wsprintfW
PostMessageW
SetTimer
SetFocus
ShowWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
SetWindowPos
DefWindowProcW
InvalidateRect
GetShellWindow
MapVirtualKeyW
GetKeyNameTextW
SetCapture
ReleaseCapture
EmptyClipboard
SetClipboardData
FindWindowExW
ClientToScreen
RegisterClassExW
TrackMouseEvent
IsClipboardFormatAvailable
CloseClipboard
GetClipboardData
OpenClipboard
IsRectEmpty
IntersectRect
KillTimer
SetWindowLongW
GetWindowLongW
CallWindowProcW
GetDlgItemTextW
GetClassInfoExW
UnionRect
GetAsyncKeyState
CharNextW
GetCaretBlinkTime
GetCursorPos
GetSysColor
SetCursor
SetCaretPos
HideCaret
CreateCaret
RegisterClipboardFormatW
GetCaretPos
SubtractRect
IsIconic
IsWindowVisible
SetRect
EnumDisplaySettingsW
UpdateLayeredWindow
PtInRect
MsgWaitForMultipleObjects
PeekMessageW
EndPaint
BeginPaint
GetKeyState
GetFocus
MoveWindow
PrivateExtractIconsW
GetIconInfo
LoadImageW
FillRect
DrawIconEx
DrawIcon
DrawTextW
ReleaseDC
GetDC
SetClassLongW
LoadCursorW
OffsetRect
SetWindowRgn
AnimateWindow
RedrawWindow
GetMessagePos
SystemParametersInfoW
IsZoomed
ScreenToClient
CreateWindowExW
MonitorFromWindow
GetWindowRect
GetParent
MapWindowPoints
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
IsWindow
EnableWindow
GetWindow
SwitchToThisWindow
BringWindowToTop
GetWindowThreadProcessId
AttachThreadInput
GetForegroundWindow
DestroyWindow
UpdateWindow
SetForegroundWindow
SendMessageW
GetClientRect
UnregisterClassW

gdi32

SetBitmapBits
GetBitmapBits
CreateFontIndirectW
SetDIBits
GdiFlush
GetDeviceCaps
SetBrushOrgEx
StretchBlt
SetStretchBltMode
GetDIBits
GetStockObject
CreateFontW
CreateDIBSection
RoundRect
Rectangle
CreateSolidBrush
GetObjectA
SetTextColor
LineTo
MoveToEx
CreatePen
GetTextExtentPoint32W
SetBkMode
DeleteObject
CombineRgn
CreateRoundRectRgn
CreateRectRgn
GetObjectW
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
SetViewportOrgEx

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

SetEntriesInAclW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyW
RegDeleteKeyW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
AddAce
AllocateAndInitializeSid
CopySid
FreeSid
GetLengthSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyW
RegGetKeySecurity
RegSetKeySecurity
DuplicateTokenEx

shell32

SHFileOperationW
SHBrowseForFolderW
ShellExecuteExW
CommandLineToArgvW
ord165
SHGetSpecialFolderPathW
SHChangeNotify
SHGetFileInfoW
SHAppBarMessage
SHFreeNameMappings
Shell_NotifyIconW
SHGetMalloc
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoCreateGuid
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoLoadLibrary
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoInitializeEx
CoInitialize
CoCreateInstance
CoUnmarshalInterface
GetHGlobalFromStream
CoMarshalInterface
CreateStreamOnHGlobal

oleaut32

SetErrorInfo
SysAllocStringLen
VarUI4FromStr
SysFreeString
SysAllocString
VariantInit
VariantClear
VariantChangeType
CreateErrorInfo
GetErrorInfo

shlwapi

UrlCompareW
PathAppendW
PathIsDirectoryW
PathIsRootW
StrCmpNIW
StrCmpIW
PathFindFileNameW
StrDupW
StrCatW
StrStrIW
StrCpyNW
SHDeleteKeyW
SHSetValueW
PathBuildRootW
PathGetDriveNumberW
PathCanonicalizeW
UrlCanonicalizeW
PathFindExtensionW
PathMatchSpecW
PathCombineW
PathFileExistsW
PathAddBackslashW
PathRemoveFileSpecW
StrStrW
StrToIntW
SHGetValueW
PathIsURLW
StrToIntExW
StrRStrIW
PathRemoveExtensionW

comctl32

ImageList_Create
ImageList_GetImageCount
ImageList_Draw
ImageList_Remove
ImageList_Destroy
ImageList_Duplicate
ImageList_ReplaceIcon
ImageList_GetIcon
InitCommonControlsEx

msimg32

TransparentBlt
AlphaBlend

wininet

HttpSendRequestExW
HttpOpenRequestW
FtpGetFileSize
HttpEndRequestW
FtpOpenFileW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetConnectW
GetUrlCacheEntryInfoW
CommitUrlCacheEntryW
FtpCommandW
InternetOpenW
FindCloseUrlCache
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetCrackUrlW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenA
InternetSetOptionW
InternetSetOptionA
InternetQueryOptionW
InternetWriteFile
InternetReadFileExA
CreateUrlCacheEntryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext

setupapi

SetupIterateCabinetW

riched20

ord4

imm32

ImmCreateContext
ImmDestroyContext
ImmGetContext
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmAssociateContext

winmm

timeKillEvent
timeSetEvent
timeBeginPeriod

netapi32

Netbios

psapi

EnumProcesses
GetProcessMemoryInfo
GetModuleFileNameExW
GetModuleBaseNameW
EnumProcessModules

urlmon

ObtainUserAgentString

Sections

.text
Size: 916KB - Virtual size: 916KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd4accb175f59acb7dbe8f76556793c0

Code Sign

87:82:52:60:00:00:00:00:51:d3:73:d9Certificate

Extended Key Usages

Key Usages

22:14:56:ad:01:8c:6f:e3:00:00:00:00:55:64:f8:f2Certificate

Extended Key Usages

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

87:82:52:60:00:00:00:00:51:d3:73:d9Certificate

Extended Key Usages

Key Usages

22:14:56:ad:01:8c:6f:e3:00:00:00:00:55:64:f8:f2Certificate

Extended Key Usages

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

b7:a3:cd:0b:eb:e5:92:a6:41:fd:31:c2:9b:57:98:17:ee:4d:12:9d:59:51:d2:70:81:8d:69:d8:76:60:d2:e5Signer

48:3e:e3:f3:c6:4c:86:d5:75:08:24:9f:d7:6f:59:f5:78:7f:29:99Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

wininet

version

wintrust

setupapi

riched20

imm32

winmm

netapi32

psapi

urlmon

Sections

.text Size: 916KB - Virtual size: 916KB

.rdata Size: 226KB - Virtual size: 226KB

.data Size: 21KB - Virtual size: 53KB

.rsrc Size: 3.9MB - Virtual size: 3.9MB

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

22:14:56:ad:01:8c:6f:e3:00:00:00:00:55:64:f8:f2
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

22:14:56:ad:01:8c:6f:e3:00:00:00:00:55:64:f8:f2
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

b7:a3:cd:0b:eb:e5:92:a6:41:fd:31:c2:9b:57:98:17:ee:4d:12:9d:59:51:d2:70:81:8d:69:d8:76:60:d2:e5
Signer

48:3e:e3:f3:c6:4c:86:d5:75:08:24:9f:d7:6f:59:f5:78:7f:29:99
Signer

.text
Size: 916KB - Virtual size: 916KB

.rdata
Size: 226KB - Virtual size: 226KB

.data
Size: 21KB - Virtual size: 53KB

.rsrc
Size: 3.9MB - Virtual size: 3.9MB