2024-01-24_23c71aaf774ab25113bf74d8359d07ce_magniber_sliver

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-24_23c71aaf774ab25113bf74d8359d07ce_magniber_sliver
Size

9.2MB
MD5

23c71aaf774ab25113bf74d8359d07ce
SHA1

7513b1fb79114f062d8639dce223a78aa163e5e5
SHA256

d6641368c0099339e7bbf3d98d8d196a1c0f4c1ee273e95a1709146a27c59735
SHA512

7d607a475e3b5a1dc5ad2aeed92d042990247b18ff8cfbc24b2673ed00ecd959962dfe44fe43a5dbbd6d5f3fb701b5d7a302a44984217fb25566f110a37f632a
SSDEEP

196608:Tl9OjkEwivI4g5xdfAwp6M0a9076AXL9qF9:Tl9OjkEwivI4gdR6pa2LO9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-24_23c71aaf774ab25113bf74d8359d07ce_magniber_sliver

Files

2024-01-24_23c71aaf774ab25113bf74d8359d07ce_magniber_sliver
.exe windows:6 windows x64 arch:x64

1bd019851ec41e3d0658a3c7d5bd2099

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetEnvironmentVariableW
DeleteFileW
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFilePointer
GetTempPathW
PeekNamedPipe
CreateNamedPipeW
CallNamedPipeW
HeapAlloc
HeapFree
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
Sleep
GetProcessTimes
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
SwitchToThread
ResumeThread
CreateProcessW
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
OpenProcess
GetTickCount64
GetSystemDirectoryW
GetWindowsDirectoryW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
LocalAlloc
FormatMessageW
GetNamedPipeServerProcessId
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
DeviceIoControl
SetEvent
CreateEventW
CreateThread
MoveFileExW
MultiByteToWideChar
VerSetConditionMask
WriteFile
DebugBreak
OpenEventW
WaitForMultipleObjects
CreateRemoteThread
VerifyVersionInfoW
DecodePointer
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
GetLongPathNameW
CopyFileW
WideCharToMultiByte
CreateToolhelp32Snapshot
Module32FirstW
VirtualQueryEx
GetTickCount
QueryDosDeviceW
GetFileInformationByHandle
FlushFileBuffers
GlobalAlloc
GlobalFree
IsWow64Process
GetNativeSystemInfo
LocalFree
Process32FirstW
Process32NextW
GetLogicalDriveStringsW
GetCurrentThread
GetVersionExW
FindResourceW
SizeofResource
LoadResource
LockResource
GetFileSizeEx
GetFileSize
SetThreadPriority
GetCurrentThreadId
SetFileInformationByHandle
DuplicateHandle
SetSearchPathMode
ExpandEnvironmentStringsW
GetFileAttributesExW
SetFileAttributesW
FileTimeToSystemTime
lstrcmpA
SetFileTime
SetLastError
GetFileAttributesW
GetModuleHandleA
GetStdHandle
GetDriveTypeW
GetSystemWindowsDirectoryW
GetLocalTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
OutputDebugStringW
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentDirectoryW
FindResourceExW
GetVersionExA
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
ResetEvent
ReleaseMutex
CreateMutexW
GetStartupInfoW
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetEnvironmentVariableW
SystemTimeToFileTime
SwitchToFiber
DeleteFiber
CreateFiber
GetFileType
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
CreateFileW
CreateDirectoryW
GetCurrentProcess
GetLastError
GetSystemInfo
CloseHandle
VirtualProtect
VirtualQuery
LoadLibraryExA
GetStringTypeW
GetFullPathNameW
AreFileApisANSI
WaitForSingleObjectEx
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
VirtualAlloc
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlPcToFileHeader
RtlUnwindEx
ExitProcess
GetModuleHandleExW
ExitThread
SetConsoleCtrlHandler
GetCommandLineA
GetCommandLineW
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
SetFilePointerEx
HeapReAlloc
SetStdHandle
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
RtlUnwind

authz

AuthzFreeResourceManager
AuthzAccessCheck
AuthzInitializeContextFromSid
AuthzInitializeResourceManager
AuthzFreeContext

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 608KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1bd019851ec41e3d0658a3c7d5bd2099

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

authz

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 103KB - Virtual size: 131KB

.pdata Size: 169KB - Virtual size: 168KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 608KB - Virtual size: 612KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 103KB - Virtual size: 131KB

.pdata
Size: 169KB - Virtual size: 168KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 608KB - Virtual size: 612KB