2024-01-25_304e76bbafffcc93ec9b439de40034fc_mafia_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-25_304e76bbafffcc93ec9b439de40034fc_mafia_magniber
Size

4.5MB
MD5

304e76bbafffcc93ec9b439de40034fc
SHA1

450a167e62bfa18003172ae8a533047a553806a5
SHA256

7b50d6d670e7b77bb6c7fe03511ca4867b1edcd06ffdaee658e807508bf4012c
SHA512

bf3b1a3359438064572e8bfdf69cabf6b014edad9d26ba38448a2c4f47097afc93674f10f4d343de4ebcf1c7a7bd07dae219d2e92bc52ce057e52081addf156a
SSDEEP

49152:pVcd+vPwYkXNrteNsnqbagaKqrvTDkOUFOGJVupZY0q5VWy7EeNXyw1qrktIW3YE:pLf8qbSEdFOGJVupOPtQAX56MYYhul

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-25_304e76bbafffcc93ec9b439de40034fc_mafia_magniber

Files

2024-01-25_304e76bbafffcc93ec9b439de40034fc_mafia_magniber
.exe windows:5 windows x86 arch:x86

13df81d812e44e92e8ea36b46b7eaba0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

api-ms-win-downlevel-shlwapi-l1-1-0

PathFileExistsA
PathFileExistsW
PathRemoveFileSpecA

comdlg32

GetOpenFileNameW
GetSaveFileNameW

hge

hgeCreate

kernel32

CreateDirectoryW
DecodePointer
EncodePointer
GetCurrentDirectoryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameA
GetSystemTimeAsFileTime
GetTickCount
IsDebuggerPresent
IsProcessorFeaturePresent
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
SetCurrentDirectoryA
Sleep
WideCharToMultiByte

libtheoraplayer

??0TheoraVideoManager@@QAE@H@Z
??1TheoraVideoManager@@UAE@XZ
?createVideoClip@TheoraVideoManager@@QAEPAVTheoraVideoClip@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4TheoraOutputMode@@H_N@Z
?destroyVideoClip@TheoraVideoManager@@QAEXPAVTheoraVideoClip@@@Z
?getAudioInterface@TheoraVideoClip@@QAEPAVTheoraAudioInterface@@XZ
?getHeight@TheoraVideoClip@@QAEHXZ
?getHeight@TheoraVideoFrame@@QAEHXZ
?getNextFrame@TheoraVideoClip@@QAEPAVTheoraVideoFrame@@XZ
?getWidth@TheoraVideoClip@@QAEHXZ
?getWidth@TheoraVideoFrame@@QAEHXZ
?isDone@TheoraVideoClip@@QAE_NXZ
?play@TheoraVideoClip@@QAEXXZ
?popFrame@TheoraVideoClip@@QAEXXZ
?seek@TheoraVideoClip@@QAEXM@Z
?update@TheoraVideoManager@@QAEXM@Z

msvcp120

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0_Locinfo@std@@QAE@HPBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1_Container_base12@std@@QAE@XZ
??1_Locinfo@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
?_Init@?$codecvt@DDH@std@@IAEXABV_Locinfo@2@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Internal_throw_exception@_Concurrent_queue_base_v4@details@Concurrency@@IBEXXZ
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xruntime_error@std@@YAXPBD@Z
?do_encoding@?$codecvt@GDH@std@@MBEHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?global@locale@std@@SA?AV12@ABV12@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uncaught_exception@std@@YA_NXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
_Xtime_get_ticks

msvcr120

??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??_V@YAXPAX@Z
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?terminate@@YAXXZ
?what@exception@std@@UBEPBDXZ
_CIatan2
_CIfmod
_CxxThrowException
_XcptFilter
__CxxFrameHandler
__crtGetShowWindowMode
__crtSetUnhandledExceptionFilter
__crtTerminateProcess
__crtUnhandledException
__dllonexit
__getmainargs
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_log10f
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__pctype_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_calloc_crt
_cexit
_commode
_configthreadlocale
_controlfp_s
_crt_debugger_hook
_ecvt_s
_except1
_except_handler4_common
_exit
_finite
_fmode
_fseeki64
_ftelli64
_initterm
_initterm_e
_invoke_watson
_ismbblead
_ismbcprint_l
_isnan
_itoa
_itow
_libm_sse2_acos_precise
_libm_sse2_cos_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_lock
_msize
_onexit
_purecall
_unlock
_vsnwprintf
_vswprintf
_wfopen
_wgetenv
_wtof
_wtoi
atof
atoi
ceil
exit
fclose
ferror
fopen
fread
free
fwrite
isspace
malloc
memchr
memcpy
memmove
memset
realloc
roundf
sprintf
sprintf_s
srand
strchr
strstr
strtod
strtol
swprintf_s
tolower
vsprintf_s
wcsrchr

oleaut32

VariantClear

shell32

SHCreateDirectoryExW

squall

SQUALL_ChannelGroup_SetVolume
SQUALL_ChannelGroup_Stop
SQUALL_Channel_GetLengthMs
SQUALL_Channel_GetPlayPositionMs
SQUALL_Channel_SetVolume
SQUALL_Channel_Start
SQUALL_Channel_Stop
SQUALL_Free
SQUALL_Init
SQUALL_Sample_LoadFromMemory
SQUALL_Sample_Play
SQUALL_Sample_UnloadAll
SQUALL_SetSpeakerMode

user32

AdjustWindowRectEx
GetSystemMetrics
LoadCursorA
LoadCursorFromFileW
MessageBoxA
MessageBoxW
SetCursor
SystemParametersInfoA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text1
Size: 768KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc1
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.......+
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

13df81d812e44e92e8ea36b46b7eaba0

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-downlevel-shlwapi-l1-1-0

comdlg32

hge

kernel32

libtheoraplayer

msvcp120

msvcr120

oleaut32

shell32

squall

user32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 136KB - Virtual size: 136KB

.data Size: 240KB - Virtual size: 240KB

.reloc Size: 76KB - Virtual size: 76KB

.text1 Size: 768KB - Virtual size: 768KB

.adata Size: 64KB - Virtual size: 64KB

.data1 Size: 192KB - Virtual size: 192KB

.reloc1 Size: 64KB - Virtual size: 64KB

.pdata Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 216KB - Virtual size: 213KB

.......+ Size: 8KB - Virtual size: 8KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 136KB - Virtual size: 136KB

.data
Size: 240KB - Virtual size: 240KB

.reloc
Size: 76KB - Virtual size: 76KB

.text1
Size: 768KB - Virtual size: 768KB

.adata
Size: 64KB - Virtual size: 64KB

.data1
Size: 192KB - Virtual size: 192KB

.reloc1
Size: 64KB - Virtual size: 64KB

.pdata
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 216KB - Virtual size: 213KB

.......+
Size: 8KB - Virtual size: 8KB