2024-01-24_7eb883a4e84f5aeeeb48726cef55f43d_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-24_7eb883a4e84f5aeeeb48726cef55f43d_magniber
Size

4.7MB
MD5

7eb883a4e84f5aeeeb48726cef55f43d
SHA1

6adf23db68e1ffbdf3070d1e8a6b7cca00660778
SHA256

856a7f167f4990c18d30d3833fffe2fca5edd583b991314cca3acf1e733a14d7
SHA512

6feccfdbc0d2197034c38af165ec54d19a2a81c0fe43cdfb6d445d46a7825fe1d34ebab223ac53c02c304b1dd735c82770015d8d9c3b240cef4001f725a3ae36
SSDEEP

98304:SqabogieBFSKdOXh5HbxTj0qK0FPwY2h7iD93YC:onizx5HbxTj0kFPW7IG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-24_7eb883a4e84f5aeeeb48726cef55f43d_magniber

Files

2024-01-24_7eb883a4e84f5aeeeb48726cef55f43d_magniber
.exe windows:5 windows x86 arch:x86

f23411edd4daa4245fa57b58897892ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

advapi32

OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
EventWriteTransfer
EventRegister
EventUnregister
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteTreeW
RegDeleteKeyW
RegGetValueW
RegSetValueExW
RegDeleteValueW
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
FreeSid
EqualSid
CreateWellKnownSid
RevertToSelf
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenSCManagerW
CloseServiceHandle
OpenServiceW
QueryServiceStatusEx
QueryServiceConfigW
GetLengthSid
CopySid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertSidToStringSidA
CheckTokenMembership
EventWrite
RegNotifyChangeKeyValue
RegEnumValueA
RegDeleteValueA

kernel32

FlsAlloc
LocaleNameToLCID
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetProcessTimes
GetCurrentThread
GetThreadTimes
CreateDirectoryW
FindFirstFileW
GetFullPathNameW
FindNextFileW
DeviceIoControl
RemoveDirectoryW
SetEndOfFile
FindClose
CreateFileW
GetFileAttributesW
SetFileAttributesW
GetFileAttributesExW
GetDiskFreeSpaceExW
DeleteFileW
SetFilePointerEx
MoveFileExW
CopyFileW
AreFileApisANSI
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
Sleep
GetStringTypeExW
GetUserDefaultLCID
LoadLibraryA
LCMapStringW
FreeLibrary
FormatMessageA
GetCurrentThreadId
TlsAlloc
TlsFree
FlsGetValue
TlsGetValue
FlsSetValue
TlsSetValue
GetTickCount64
GetModuleHandleExW
K32GetProcessMemoryInfo
LeaveCriticalSection
EnterCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
FileTimeToSystemTime
GetUserDefaultLocaleName
IsValidCodePage
SystemTimeToFileTime
GetCPInfoExW
CreateEventExW
GetStringTypeW
LoadLibraryExW
VerSetConditionMask
VerifyVersionInfoW
GetVersionExW
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
CreateProcessW
FindResourceW
SizeofResource
LoadResource
OpenProcess
GetComputerNameW
MulDiv
FormatMessageW
GetLogicalProcessorInformation
GetSystemDirectoryW
ReleaseMutex
WaitForSingleObjectEx
GlobalFree
GetNativeSystemInfo
ProcessIdToSessionId
GetExitCodeThread
WaitForMultipleObjects
WaitForMultipleObjectsEx
SignalObjectAndWait
GetProcessAffinityMask
CreateWaitableTimerW
SetWaitableTimerEx
CancelWaitableTimer
QueryDepthSList
TryEnterCriticalSection
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
RtlCaptureStackBackTrace
ReadFile
GetFileSizeEx
GetTempPathW
GetTempFileNameW
GetTickCount
GetThreadLocale
SetEvent
FindFirstFileExW
lstrcmpW
GetFileType
WriteFile
GetOverlappedResult
SetFileInformationByHandle
GetFileInformationByHandleEx
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetLongPathNameW
ReleaseSemaphore
FlsFree
CreateEventA
OpenMutexA
CreateMutexA
OpenSemaphoreA
CreateSemaphoreA
OpenFileMappingA
GlobalAlloc
LocalAlloc
HeapAlloc
GetPriorityClass
GetExitCodeProcess
GetTimeZoneInformation
IsValidLocale
QueryUnbiasedInterruptTime
LCMapStringEx
CreateEventW
WaitForSingleObject
CreateThread
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
ResetEvent
VirtualProtectEx
GetSystemInfo
LockResource
FlushFileBuffers
CancelIoEx
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
QueryFullProcessImageNameW
IsProcessorFeaturePresent
CreateIoCompletionPort
PostQueuedCompletionStatus
GetThreadIOPendingFlag
GetQueuedCompletionStatus
IsDebuggerPresent
GetStartupInfoW
CreateMemoryResourceNotification
GetSystemPowerStatus
IsSystemResumeAutomatic
OutputDebugStringW
VirtualFree
VirtualAlloc
LCIDToLocaleName
GetProductInfo
SwitchToThread
GetLocaleInfoEx
GetLocaleInfoW
ResolveLocaleName
GetUserPreferredUILanguages
GetACP
GetSystemDefaultLCID
EnumSystemLocalesEx
GetSystemDefaultLocaleName
GetUserGeoID
GlobalMemoryStatusEx
GetCommandLineW
WideCharToMultiByte
CreateMutexW
ExpandEnvironmentStringsW
IsWow64Process
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionEx
GetCurrentProcessId
GetCurrentProcess
GetProcessHeap
LoadLibraryExA
VirtualQuery
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
WriteConsoleW
SetStdHandle
EnumSystemLocalesW
ExitProcess
GetStdHandle
HeapReAlloc
HeapSize
GetConsoleCP
GetConsoleMode
UnregisterWaitEx
VirtualProtect
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetNumaHighestNodeNumber
HeapFree
LocalFree
CompareStringEx
OutputDebugStringA
GetModuleFileNameW
ChangeTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateTimerQueue
InterlockedFlushSList
RtlUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CompareStringW
GetCPInfo
InitializeCriticalSectionAndSpinCount
EncodePointer
DuplicateHandle
GetDateFormatW
GetTimeFormatW
DecodePointer
OpenEventA
RaiseException
SetLastError
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetLastError
CloseHandle
DeleteTimerQueueTimer
CreateTimerQueueTimer
OpenThread
GetLocalTime

ole32

CoRevokeInitializeSpy
CoRegisterInitializeSpy
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
IIDFromString
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CLSIDFromString
StringFromGUID2
CoCreateGuid
CoInitializeEx
CoUninitialize

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

cabinet

ord13
ord14

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

setupapi

SetupIterateCabinetW

gdi32

GetDeviceCaps
DeleteObject
CreateSolidBrush
SetTextColor
SetBkColor
GetStockObject
SelectObject
GetTextExtentPoint32W
CreatePen
Rectangle
SetDCBrushColor
CreateFontW
GetTextMetricsW
SetDCPenColor

gdiplus

GdipCreateFromHDC
GdipDrawImageRectRectI
GdiplusStartup
GdipFillRectangleI
GdipDeleteGraphics
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipLoadImageFromStream
GdipCloneImage
GdipDrawImageRectI
GdipFree
GdipDisposeImage
GdipAlloc

rpcrt4

RpcStringFreeW
UuidToStringW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 944KB - Virtual size: 944KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 579KB - Virtual size: 579KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 740KB - Virtual size: 744KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f23411edd4daa4245fa57b58897892ff

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

cabinet

wintrust

setupapi

gdi32

gdiplus

rpcrt4

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 944KB - Virtual size: 944KB

.data Size: 117KB - Virtual size: 118KB

.rsrc Size: 579KB - Virtual size: 579KB

.reloc Size: 740KB - Virtual size: 744KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 944KB - Virtual size: 944KB

.data
Size: 117KB - Virtual size: 118KB

.rsrc
Size: 579KB - Virtual size: 579KB

.reloc
Size: 740KB - Virtual size: 744KB