2024-01-23_c8790d692a011e3fb239dd4b199c8939_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-23_c8790d692a011e3fb239dd4b199c8939_magniber
Size

1.7MB
MD5

c8790d692a011e3fb239dd4b199c8939
SHA1

afb4d05d39382050817eb48ac011f08867365f9d
SHA256

442d4855a326e4128d393138babc872ec9e8352fd93eb82704e2a9d02bd531ff
SHA512

ca40c4dafe7327fb40c5796bd61875a344418334de2c90eee1ccafe7c3d23f749b2f3b57de28934f933b3946d4d76a21c86630e48871658556095db0a9b1f60a
SSDEEP

49152:gOdtmlcm5IIpiaOlyVa/c8Xdc3u3IOz2zm3KRPGNuY:jdtwqYiIOadRP2

Score

1^/10

Malware Config

Signatures

Files

2024-01-23_c8790d692a011e3fb239dd4b199c8939_magniber
.exe windows:6 windows x86 arch:x86

782b75a77cd7e73269f7995c8bfc7ae2

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:df:4d:93:8e:75:e6:3d:64:8a:be:02:29:5c:d3:3c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/08/2022, 00:00

Not After

30/07/2025, 23:59

Subject

SERIALNUMBER=201923456H,CN=Bytedance Pte. Ltd.,O=Bytedance Pte. Ltd.,L=Singapore,C=SG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:8a:72:3a:99:5c:34:c9:fc:ab:5d:7b:97:a2:0e:48:ab:e9:da:0a:a5:de:0d:b0:b8:8f:26:40:da:b9:7a:7e
Signer

Actual PE Digest

cf:8a:72:3a:99:5c:34:c9:fc:ab:5d:7b:97:a2:0e:48:ab:e9:da:0a:a5:de:0d:b0:b8:8f:26:40:da:b9:7a:7e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

PowerDeterminePlatformRole

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
CM_Get_Device_IDW

kernel32

MoveFileExW
WTSGetActiveConsoleSessionId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
CreateEventW
CreateThread
MoveFileW
Sleep
TerminateThread
GetPrivateProfileIntW
GetPrivateProfileStringW
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableW
GetShortPathNameW
SetErrorMode
GetCurrentThreadId
ResumeThread
SetPriorityClass
LoadLibraryExW
lstrcmpiW
FlushInstructionCache
lstrlenW
GetProcessId
GetModuleHandleA
GetTempFileNameW
MapViewOfFile
UnmapViewOfFile
GetLogicalDriveStringsW
GetVolumePathNameW
ReplaceFileW
GetCurrentDirectoryW
CreateFileMappingW
SetCurrentDirectoryW
GetFileAttributesExW
GetNativeSystemInfo
CreateMutexW
FormatMessageA
OutputDebugStringA
ReleaseMutex
RegisterWaitForSingleObject
UnregisterWaitEx
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
QueryPerformanceCounter
GetSystemTimeAsFileTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
QueryPerformanceFrequency
SetEndOfFile
SetFilePointerEx
UnlockFile
LockFile
SetFileTime
FlushFileBuffers
GetFileSizeEx
DuplicateHandle
GetFileInformationByHandle
SetThreadPriority
GetThreadPriority
IsDebuggerPresent
GetUserDefaultLangID
CopyFileW
GetModuleHandleExW
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
SetInformationJobObject
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
WaitForMultipleObjects
GlobalMemoryStatusEx
RtlCaptureStackBackTrace
QueueUserWorkItem
GetModuleHandleExA
GetProcessHeaps
HeapSetInformation
HeapUnlock
HeapLock
HeapWalk
GetProcessIoCounters
VirtualQueryEx
GetProcessTimes
GetSystemInfo
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
FatalAppExitA
ReadConsoleW
CreateSemaphoreW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
GetStringTypeW
GetOEMCP
GetACP
IsValidCodePage
GetConsoleMode
GetConsoleCP
GetFileType
SetStdHandle
SetConsoleCtrlHandler
AreFileApisANSI
ExitProcess
GetCPInfo
VirtualQuery
VirtualProtect
RtlUnwind
EncodePointer
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
lstrcmpW
LocalAlloc
GetSystemDirectoryW
GetTickCount
GetLocalTime
GetVersion
CreateProcessW
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
GetTempPathW
QueryDosDeviceW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetCommandLineW
ProcessIdToSessionId
SetFilePointer
GetCurrentThread
GetCurrentProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryW
FreeLibrary
GetWindowsDirectoryW
OpenProcess
WaitForSingleObject
LocalFree
GetProcAddress
GetModuleHandleW
GetVersionExW
DeviceIoControl
LoadLibraryExA
SetLastError
SetFileAttributesW
GetLongPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
WriteFile
ReadFile
GetFileSize
CreateFileW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
RemoveDirectoryW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
GetUserDefaultLCID
EnumSystemLocalesW
GetDriveTypeW
GetFullPathNameA
SetEnvironmentVariableA
TryEnterCriticalSection

user32

PostQuitMessage
GetCursorPos
UpdateLayeredWindow
OffsetRect
SetTimer
IsIconic
ReleaseDC
GetWindowDC
GetDesktopWindow
GetDC
UnregisterClassW
LoadImageW
MsgWaitForMultipleObjectsEx
CallMsgFilterW
GetQueueStatus
WaitMessage
KillTimer
PostMessageW
GetWindowTextW
GetWindowTextLengthW
GetWindowLongW
EnumWindows
GetClassNameW
ScreenToClient
CreateDialogParamW
SetWindowPos
MapWindowPoints
GetParent
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowPlacement
GetWindow
wsprintfW
SetCursor
ExitWindowsEx
GetWindowThreadProcessId
MessageBoxW
SendMessageW
DefWindowProcW
CharUpperW
GetKeyState
IsWindowEnabled
CallWindowProcW
DestroyWindow
GetDlgItem
SetWindowTextW
SetWindowLongW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
CharNextW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
ShowWindow
MoveWindow
IsWindowVisible
SetFocus
DrawTextW
GetClientRect
FillRect
InflateRect
LoadCursorW
GetSystemMetrics
IsWindow
SystemParametersInfoW
FindWindowW

gdi32

DeleteObject
GetDeviceCaps
CreateSolidBrush
SetTextColor
BitBlt
CreateCompatibleDC
DeleteDC
SelectObject
SetViewportOrgEx
CreateDIBSection
GetStockObject
GetObjectA
SetBkMode
CreateCompatibleBitmap

advapi32

AllocateAndInitializeSid
AddAccessAllowedAce
AccessCheck
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyExW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
RevertToSelf
ImpersonateSelf
AdjustTokenPrivileges
OpenThreadToken
SetThreadToken
ConvertStringSidToSidW
LookupAccountSidW
SetTokenInformation
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
IsValidSid
InitializeSid
InitializeAcl
GetSidSubAuthority
GetSidLengthRequired
GetLengthSid
GetAclInformation
GetAce
CopySid
AddAce
RegQueryInfoKeyW
RegQueryValueExW
RegisterTraceGuidsW
GetTraceEnableLevel
RegOpenKeyW
UnregisterTraceGuids
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
SystemFunction036
RegNotifyChangeKeyValue
RegEnumValueW
ConvertSidToStringSidW
DuplicateToken
EqualSid
FreeSid
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
RegOpenCurrentUser
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW

shell32

SHGetKnownFolderPath
SHGetSpecialFolderPathW
SHGetFolderPathA
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHChangeNotify
ShellExecuteExW
SHFileOperationW

ole32

CoCreateInstance
PropVariantClear
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleInitialize
CoInitialize
CoInitializeEx
CoUninitialize

oleaut32

VarUI4FromStr
VariantClear
SysStringLen
SysFreeString
SysAllocString

shlwapi

StrToIntW
ord176
StrStrIW
SHStrDupW
ord12
StrChrW
PathIsDirectoryEmptyW
SHSetValueW
SHGetValueW
PathRemoveFileSpecW
PathIsDirectoryW
PathGetDriveNumberW
PathFindExtensionW
PathFileExistsW
PathAddBackslashW
PathAppendW
StrCpyNW
StrCmpIW
StrCmpNW
StrCmpNIW
StrRChrW

userenv

DestroyEnvironmentBlock
UnloadUserProfile
LoadUserProfileW
CreateEnvironmentBlock

mpr

WNetGetResourceInformationW

psapi

QueryWorkingSet
GetMappedFileNameW
GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules
EnumProcesses
GetProcessMemoryInfo

netapi32

NetApiBufferFree
NetGetJoinInformation

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipSetStringFormatTrimming
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDrawImagePointRectI
GdipMeasureString
GdipDeleteStringFormat
GdipDrawString
GdipCreateStringFormat
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipSetImageAttributesColorMatrix
GdipDisposeImage
GdipDeleteGraphics
GdipCreateFromHDC
GdipReleaseDC
GdipGetDC
GdipGraphicsClear
GdipSetClipRectI
GdipRestoreGraphics
GdipSaveGraphics
GdipDrawImageRectRectI
GdipFillRectangleI
GdipSetSmoothingMode
GdipGetImageHeight
GdipGetImageWidth
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipTranslateWorldTransform
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateFontFromLogfontA
GdipCloneImage
GdipCreateFontFromDC

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

782b75a77cd7e73269f7995c8bfc7ae2

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:df:4d:93:8e:75:e6:3d:64:8a:be:02:29:5c:d3:3cCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

cf:8a:72:3a:99:5c:34:c9:fc:ab:5d:7b:97:a2:0e:48:ab:e9:da:0a:a5:de:0d:b0:b8:8f:26:40:da:b9:7a:7eSigner

Headers

DLL Characteristics

File Characteristics

Imports

powrprof

setupapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

mpr

psapi

netapi32

urlmon

wininet

comctl32

gdiplus

winmm

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 14KB - Virtual size: 29KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 189KB - Virtual size: 189KB

.reloc Size: 41KB - Virtual size: 40KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:df:4d:93:8e:75:e6:3d:64:8a:be:02:29:5c:d3:3c
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

cf:8a:72:3a:99:5c:34:c9:fc:ab:5d:7b:97:a2:0e:48:ab:e9:da:0a:a5:de:0d:b0:b8:8f:26:40:da:b9:7a:7e
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 14KB - Virtual size: 29KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 189KB - Virtual size: 189KB

.reloc
Size: 41KB - Virtual size: 40KB