2024-01-19_195fcfb675ac4fff7a24e4f795c94208_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-19_195fcfb675ac4fff7a24e4f795c94208_magniber
Size

23.7MB
MD5

195fcfb675ac4fff7a24e4f795c94208
SHA1

e882d36020520aaacf63217e9b90d7b3708bcddc
SHA256

97a0a1a98355d090364b6219e96f0539359bedf4f0e0b25a7087000633b2292a
SHA512

d9eb8512a9136ae8abec7696011df9ddb58b0dee34549fa940a90999e83a9374de94d10a37914e8177949b48103bc7f2a993cbd3429f2959ee422faa744be70f
SSDEEP

393216:Ntq+M4k6NG0y1iFirs9r3W2/z5LKIiYF4m65fQmB3gvwHnPQ5lMlovUYU49:NtH/k6NH34rybL1OGY5fQm64HnPQklNY

Score

1^/10

Malware Config

Signatures

Files

2024-01-19_195fcfb675ac4fff7a24e4f795c94208_magniber
.exe windows:6 windows x86 arch:x86

da7d1fa021b3aa101544e963b6eebc09

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:04:21:bc:18:ac:97:ff:c3:a8:bd:23:91:ad:42:36
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

24/11/2022, 00:00

Not After

23/11/2025, 23:59

Subject

CN=VSee Lab\, Inc,O=VSee Lab\, Inc,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

95:61:ed:93:9e:25:df:d9:ce:6e:e0:df:5f:10:7c:3e:4a:d8:b7:98:a5:9a:b7:08:84:34:8c:fe:b3:a0:08:18
Signer

Actual PE Digest

95:61:ed:93:9e:25:df:d9:ce:6e:e0:df:5f:10:7c:3e:4a:d8:b7:98:a5:9a:b7:08:84:34:8c:fe:b3:a0:08:18

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

inet_addr
htons
send
socket
WSAStartup
connect

kernel32

WaitForSingleObjectEx
CreateMutexA
CreateEventA
GetCurrentProcess
GetTickCount
GetProcAddress
LoadLibraryA
LocalFree
SetThreadExecutionState
FormatMessageA
FormatMessageW
CreateSemaphoreA
VerifyVersionInfoW
WideCharToMultiByte
ReleaseSemaphore
SetEnvironmentVariableW
CreateDirectoryW
CreateFileW
DeleteFileW
GetFileAttributesW
GetFileSize
ReadFile
SetFileAttributesW
SetFileTime
WriteFile
OutputDebugStringA
OutputDebugStringW
ReleaseMutex
WaitForSingleObject
Sleep
GetModuleFileNameW
GetModuleHandleA
LoadResource
LockResource
SizeofResource
FindResourceW
SetEvent
GetLastError
DuplicateHandle
CloseHandle
SetEndOfFile
VerSetConditionMask
GetThreadTimes
HeapQueryInformation
GetUserDefaultUILanguage
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
FindClose
GetTimeZoneInformation
HeapReAlloc
FlushFileBuffers
ReadConsoleW
SetStdHandle
SetFilePointer
CreateFileA
VirtualFree
VirtualAlloc
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
ResetEvent
CreateSemaphoreW
MultiByteToWideChar
DebugBreak
FatalAppExitA
GetCurrentThreadId
lstrlenA
TerminateProcess
K32GetModuleFileNameExW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetCurrentProcessId
FileTimeToSystemTime
QueryPerformanceFrequency
GetLocalTime
SystemTimeToFileTime
GetSystemTime
QueryPerformanceCounter
IsDebuggerPresent
RaiseException
CreateThread
SetThreadPriority
GetExitCodeThread
TerminateThread
ExitThread
GetCurrentThread
TryEnterCriticalSection
SetLastError
RemoveDirectoryW
CopyFileW
ExitProcess
SleepEx
SetUnhandledExceptionFilter
FindFirstFileW
FindNextFileW
GetComputerNameA
GetSystemInfo
CreateProcessA
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
InitOnceComplete
InitOnceBeginInitialize
EncodePointer
DecodePointer
LCMapStringEx
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetModuleHandleW
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
HeapAlloc
HeapFree
GetProcessHeap
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateWaitableTimerA
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
FreeLibrary
GetStringTypeExW
LCMapStringW
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
GetFileAttributesExW
FreeLibraryAndExitThread
SetCurrentDirectoryW
GetCurrentDirectoryW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
CompareStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
GetFullPathNameW

user32

SystemParametersInfoA
MessageBoxA
LoadStringA
RegisterWindowMessageA
PostThreadMessageW
GetMessageA
TranslateMessage
DispatchMessageA
EndDialog
GetClientRect
GetDesktopWindow
SetWindowPos
LoadStringW
MessageBoxW
DialogBoxParamA

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExW
RegOpenKeyExW
GetUserNameA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegQueryValueExA
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExA
RegDeleteValueA

shell32

CommandLineToArgvW
ShellExecuteW
SHGetSpecialFolderPathW
SHChangeNotify
SHGetFolderPathW
ShellExecuteA

ole32

PropVariantClear
CoTaskMemAlloc
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance

winmm

timeGetTime

oleaut32

VariantClear
SysStringLen
SysAllocString
SysFreeString

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20.4MB - Virtual size: 20.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da7d1fa021b3aa101544e963b6eebc09

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

d4:04:21:bc:18:ac:97:ff:c3:a8:bd:23:91:ad:42:36Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

95:61:ed:93:9e:25:df:d9:ce:6e:e0:df:5f:10:7c:3e:4a:d8:b7:98:a5:9a:b7:08:84:34:8c:fe:b3:a0:08:18Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

ws2_32

kernel32

user32

advapi32

shell32

ole32

winmm

oleaut32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 73KB - Virtual size: 1.2MB

.rsrc Size: 20.4MB - Virtual size: 20.4MB

.reloc Size: 125KB - Virtual size: 125KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

d4:04:21:bc:18:ac:97:ff:c3:a8:bd:23:91:ad:42:36
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

95:61:ed:93:9e:25:df:d9:ce:6e:e0:df:5f:10:7c:3e:4a:d8:b7:98:a5:9a:b7:08:84:34:8c:fe:b3:a0:08:18
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 73KB - Virtual size: 1.2MB

.rsrc
Size: 20.4MB - Virtual size: 20.4MB

.reloc
Size: 125KB - Virtual size: 125KB