2024-02-01_38ee3650a84f352dbe98f91d4a588cbb_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-01_38ee3650a84f352dbe98f91d4a588cbb_magniber
Size

1.6MB
MD5

38ee3650a84f352dbe98f91d4a588cbb
SHA1

5e9eddc4388c72abacd9b70ad4051b1446444095
SHA256

0c2be8ae1b673dbf321406679ae2c88efb524eed439b6d42898e3d057ab396db
SHA512

2531f4aad64cf9238c1512093960096177b4bea4b8919fbe4fedeacf3c09a4618e85e58d09f29bdb6cf2e2e6cbbeb79ccc37816d12a7f123d25edf682ddb494d
SSDEEP

24576:/9rzGAMUSL13Ugt3bFY0Kioocfn1nc3ZbfRUswUXUuQUqi3ivZbxNgZkR8S/S/EL:/lYL+ypSocf2ZlUsbqi30ZbxNx+e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-01_38ee3650a84f352dbe98f91d4a588cbb_magniber

Files

2024-02-01_38ee3650a84f352dbe98f91d4a588cbb_magniber
.exe windows:6 windows x86 arch:x86

a4be40bbc65d87d43ac2a6d5bf29dc83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\LDS\Search\install_uninstall_src_search\Release\Uninst\uninst.pdb

Imports

kernel32

ResetEvent
RtlCaptureStackBackTrace
GetFileInformationByHandle
CompareFileTime
FindFirstChangeNotificationW
FindCloseChangeNotification
SetFileTime
GetTempFileNameW
GetShortPathNameW
CreateDirectoryW
SearchPathW
lstrcmpiW
LoadLibraryExW
GetSystemDirectoryW
Sleep
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
VerifyVersionInfoW
SetLastError
VerSetConditionMask
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
LocalFree
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
WriteConsoleW
SetEndOfFile
SetFilePointerEx
ReadConsoleW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
FreeLibrary
FindResourceExW
DeleteCriticalSection
DeleteFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
OpenProcess
GetCurrentProcessId
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLongPathNameW
GetLastError
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwind
HeapDestroy
CloseHandle
SetFilePointer
WaitForMultipleObjectsEx
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
DuplicateHandle
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetFileAttributesExW
CreateFileW
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
InitializeCriticalSectionEx
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLogicalDriveStringsW
QueryDosDeviceW
ReadFile
RemoveDirectoryW
SetFileAttributesW
GetTickCount
MoveFileExW
GetFileSizeEx
GetLocalTime
OutputDebugStringA
OutputDebugStringW
GetCurrentProcess
lstrcpynW
SetEvent
WaitForSingleObject
GetWindowsDirectoryW
MoveFileW
CreateFileA
DeleteFileA
WriteFile
GetTempPathA
GetTempFileNameA
CreateEventW
WaitForMultipleObjects
LocalAlloc
TerminateProcess
GetExitCodeProcess
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FormatMessageW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
lstrcpyW
GetSystemWindowsDirectoryW
GetVersionExW
FreeResource
DeviceIoControl
lstrcmpA
WaitForSingleObjectEx
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer

user32

PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
GetClassInfoExW
SendMessageTimeoutW
CopyRect
FindWindowW
OffsetRect
UnionRect
EqualRect
DrawFocusRect
DestroyCursor
MoveWindow
RegisterClassExW
SetCursor
SetFocus
EndDialog
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
MapWindowPoints
ScreenToClient
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
ReleaseCapture
CharNextW
GetAsyncKeyState
GetActiveWindow
DialogBoxParamW
PtInRect
SendMessageW
DestroyWindow
GetWindowThreadProcessId
FindWindowExW
DefWindowProcW
PostQuitMessage
SetCapture
CallWindowProcW
UnregisterClassW
CreateWindowExW
IsWindow
ShowWindow
UpdateLayeredWindow
SetWindowPos
IsWindowVisible
IsIconic
PostMessageW
KillTimer
SetTimer
wsprintfW
IsDialogMessageW

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgnIndirect
DeleteDC
DeleteObject
OffsetViewportOrgEx
SaveDC
CreateFontW
SelectObject
CreateDIBSection
GetObjectW
SetViewportOrgEx
RectVisible
EnumFontFamiliesW
RestoreDC
SelectClipRgn

advapi32

ControlService
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptEncrypt
CryptDecrypt
CryptContextAddRef
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
UnlockServiceDatabase
StartServiceW
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
CryptAcquireContextW
DeleteService
RegCreateKeyW
RegEnumValueW
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
CreateServiceW

shell32

ord165
CommandLineToArgvW
ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteExW
SHCreateDirectoryExW

ole32

CreateStreamOnHGlobal
CLSIDFromProgID
OleRun
CoInitialize
CoCreateGuid
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarUI4FromStr
VariantCopy
SysAllocStringLen
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantInit
SysStringLen
VariantClear

shlwapi

SHGetValueW
PathRemoveFileSpecW
PathAppendW
wnsprintfW
PathFindFileNameW
PathFileExistsW
PathRenameExtensionA
PathIsPrefixW
StrCmpNIW
StrStrIA
StrStrIW
StrCmpIW
PathIsRelativeW
PathIsRootW
SHSetValueA
PathCombineW
SHDeleteKeyW
SHSetValueW
PathFindFileNameA
PathFindExtensionW
StrTrimA

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDeleteBrush
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdiplusShutdown
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCloneBrush
GdipAlloc
GdipFree
GdiplusStartup
GdipCreateFontFamilyFromName
GdipSetStringFormatFlags

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

EnumProcesses
GetProcessImageFileNameW
GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

setupapi

SetupIterateCabinetW

Exports

Exports

_BasicEntry@4

Sections

.text
Size: 1006KB - Virtual size: 1006KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4be40bbc65d87d43ac2a6d5bf29dc83

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

psapi

iphlpapi

wininet

urlmon

setupapi

Exports

Exports

Sections

.text Size: 1006KB - Virtual size: 1006KB

.rdata Size: 206KB - Virtual size: 206KB

.data Size: 25KB - Virtual size: 57KB

.rsrc Size: 346KB - Virtual size: 346KB

.reloc Size: 53KB - Virtual size: 52KB

.text
Size: 1006KB - Virtual size: 1006KB

.rdata
Size: 206KB - Virtual size: 206KB

.data
Size: 25KB - Virtual size: 57KB

.rsrc
Size: 346KB - Virtual size: 346KB

.reloc
Size: 53KB - Virtual size: 52KB