2024-02-03_6cd1d2e97532ba4b38930fdb67cc0e36_mafia_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-03_6cd1d2e97532ba4b38930fdb67cc0e36_mafia_magniber
Size

7.3MB
MD5

6cd1d2e97532ba4b38930fdb67cc0e36
SHA1

9c79f624643117c71cdcd8203b2bd530339dd3c4
SHA256

86812eaf4cfc634f78fc757e5bd92a1562679f892a4c3afe87c673bc2d3dfa2e
SHA512

271cbe2c8a88f0b8935b831541e97996596eee31b976759e85dc9bbf7bfc0aef89836e7538ce73c245d451eed86322732d44ab8b77e592f7ddd906e65a2199d3
SSDEEP

196608:FEthOxzH3FY4gA/yN8eA+QDt3BcE24PJP1ruUl:FEKzH1YPAJ/5B+4XZl

Score

1^/10

Malware Config

Signatures

Files

2024-02-03_6cd1d2e97532ba4b38930fdb67cc0e36_mafia_magniber
.exe windows:5 windows x86 arch:x86

ce786158e3cd6969cf56ad6225240d67

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23-07-2012 00:00

Not After

02-08-2014 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ac:25:19:ac:6d:da:bd:f7:4c:7a:09:d7:4e:a2:f2:14:47:ae:b9:2a
Signer

Actual PE Digest

ac:25:19:ac:6d:da:bd:f7:4c:7a:09:d7:4e:a2:f2:14:47:ae:b9:2a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\build2.8.6\Funshion\Rel\src\toolkits_publish\bin_inst\Release\Install.pdb

Imports

gdiplus

GdipGetFontStyle
GdipGetFontSize
GdipAddPathString
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePath
GdipCreatePath
GdipGetFamilyName
GdipGetFamily
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawString
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipGetPathWorldBounds
GdipCreateImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromFileICM
GdipDrawLine
GdipDeletePen
GdipCreatePen1
GdipSetTextRenderingHint
GdipResetClip
GdipEndContainer
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipSetClipRect
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipDeleteGraphics
GdipDisposeImageAttributes
GdipReleaseDC
GdiplusShutdown
GdipBeginContainer2
GdiplusStartup

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

LoadResource
FindResourceW
FindResourceExW
GetCurrentThreadId
GetCurrentProcessId
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedExchange
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetModuleHandleExA
WaitForSingleObject
SetEvent
ResetEvent
CreateEventW
CloseHandle
Sleep
CreateEventA
CreateMutexW
GetLastError
GetModuleFileNameW
LoadLibraryW
GetProcAddress
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
TerminateProcess
FreeLibrary
lstrcmpW
GetSystemInfo
GetVersionExW
WideCharToMultiByte
CreateFileW
WriteFile
GetModuleHandleW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalMemoryStatusEx
Module32FirstW
Module32NextW
GetCurrentProcess
LockResource
SizeofResource
CreateProcessW
GetTempPathW
GetFileAttributesW
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
FindNextFileW
FindClose
CopyFileW
GetDriveTypeW
GetDiskFreeSpaceExW
GetSystemDirectoryW
GetLogicalDrives
MoveFileExW
DeleteFileW
CopyFileExW
GetCommandLineW
MoveFileW
GetSystemDefaultLangID
GetTickCount
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
GetProcessId
lstrlenA
LocalFree
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
GetStdHandle
ExitProcess
IsDebuggerPresent
UnhandledExceptionFilter
CompareStringW
LCMapStringW
RtlUnwind
GetCPInfo
GetDateFormatW
GetTimeFormatW
CreateThread
ExitThread
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
InterlockedCompareExchange
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetLastError
WritePrivateProfileStringW
GetACP
HeapCreate
QueryPerformanceCounter
IsProcessorFeaturePresent
GetLocaleInfoW
GetPrivateProfileStringW
HeapSize
HeapReAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
RaiseException
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
ReadFile
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
SetStdHandle
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
OutputDebugStringW
OpenEventA
ResumeThread
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
FormatMessageA
GetPrivateProfileIntW
lstrlenW
CreateDirectoryW

user32

MsgWaitForMultipleObjectsEx
DefWindowProcW
DispatchMessageW
PeekMessageW
PostQuitMessage
SetCapture
ReleaseDC
UpdateLayeredWindow
GetWindowDC
GetWindowRect
SetWindowPos
GetWindowLongW
SetWindowLongW
GetDC
ShowWindow
IsWindow
RegisterClassW
LoadCursorW
LoadIconW
SendMessageW
SystemParametersInfoW
CreateWindowExW
MessageBoxExW
MessageBoxW
wsprintfW
FindWindowW
DestroyWindow
SetTimer
UnregisterClassW
PostMessageW
KillTimer
WaitMessage
GetQueueStatus
TranslateMessage
RegisterClassExW
CallMsgFilterW

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
EnumFontFamiliesW
DeleteDC
CreateDIBSection

advapi32

RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExA
RegSetValueExW
RegEnumValueW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
ord165
SHChangeNotify
SHBrowseForFolderW
SHGetPathFromIDListW
SHCreateDirectoryExW

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize

wininet

HttpQueryInfoW
InternetGetConnectedState
InternetOpenA
InternetSetOptionA
InternetGetCookieExW
InternetReadFile
InternetSetCookieW
InternetCloseHandle
InternetOpenUrlW
HttpQueryInfoA

shlwapi

SHSetValueW
SHGetValueW
SHDeleteKeyW
PathFindFileNameW
PathRemoveFileSpecW
PathAppendW
PathIsURLW
PathIsFileSpecW
PathFileExistsW
PathRemoveBackslashW
PathCanonicalizeW
PathIsRootW
SHDeleteValueW
PathRemoveExtensionW

urlmon

UrlMkGetSessionOption

Exports

Exports

??_B?1??get_instance@?$singleton@VCFpFunshionIni@@@serialization@boost@@CAAAVCFpFunshionIni@@XZ@51
??_B?1??get_instance@?$singleton@VCFpInstallAppMgr@@@serialization@boost@@CAAAVCFpInstallAppMgr@@XZ@51
??_B?1??get_instance@?$singleton@VCFpInstallPath@@@serialization@boost@@CAAAVCFpInstallPath@@XZ@51
??_B?1??get_instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@CAAAVCFpSysLanguage@@XZ@51
?get_instance@?$singleton@VCFpFunshionIni@@@serialization@boost@@CAAAVCFpFunshionIni@@XZ
?get_instance@?$singleton@VCFpInstallAppMgr@@@serialization@boost@@CAAAVCFpInstallAppMgr@@XZ
?get_instance@?$singleton@VCFpInstallPath@@@serialization@boost@@CAAAVCFpInstallPath@@XZ
?get_instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@CAAAVCFpSysLanguage@@XZ
?get_mutable_instance@?$singleton@VCFpFunshionIni@@@serialization@boost@@SAAAVCFpFunshionIni@@XZ
?get_mutable_instance@?$singleton@VCFpInstallAppMgr@@@serialization@boost@@SAAAVCFpInstallAppMgr@@XZ
?get_mutable_instance@?$singleton@VCFpInstallPath@@@serialization@boost@@SAAAVCFpInstallPath@@XZ
?get_mutable_instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@SAAAVCFpSysLanguage@@XZ
?instance@?$singleton@VCFpFunshionIni@@@serialization@boost@@0AAVCFpFunshionIni@@A
?instance@?$singleton@VCFpInstallAppMgr@@@serialization@boost@@0AAVCFpInstallAppMgr@@A
?instance@?$singleton@VCFpInstallPath@@@serialization@boost@@0AAVCFpInstallPath@@A
?instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@0AAVCFpSysLanguage@@A
?t@?1??get_instance@?$singleton@VCFpFunshionIni@@@serialization@boost@@CAAAVCFpFunshionIni@@XZ@4V?$singleton_wrapper@VCFpFunshionIni@@@detail@34@A
?t@?1??get_instance@?$singleton@VCFpInstallAppMgr@@@serialization@boost@@CAAAVCFpInstallAppMgr@@XZ@4V?$singleton_wrapper@VCFpInstallAppMgr@@@detail@34@A
?t@?1??get_instance@?$singleton@VCFpInstallPath@@@serialization@boost@@CAAAVCFpInstallPath@@XZ@4V?$singleton_wrapper@VCFpInstallPath@@@detail@34@A
?t@?1??get_instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@CAAAVCFpSysLanguage@@XZ@4V?$singleton_wrapper@VCFpSysLanguage@@@detail@34@A

Sections

.text
Size: 752KB - Virtual size: 751KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce786158e3cd6969cf56ad6225240d67

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8dCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

ac:25:19:ac:6d:da:bd:f7:4c:7a:09:d7:4e:a2:f2:14:47:ae:b9:2aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

dbghelp

version

kernel32

user32

gdi32

advapi32

shell32

ole32

wininet

shlwapi

urlmon

Exports

Exports

Sections

.text Size: 752KB - Virtual size: 751KB

.rdata Size: 185KB - Virtual size: 185KB

.data Size: 56KB - Virtual size: 76KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 6.2MB - Virtual size: 6.2MB

.reloc Size: 85KB - Virtual size: 85KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

ac:25:19:ac:6d:da:bd:f7:4c:7a:09:d7:4e:a2:f2:14:47:ae:b9:2a
Signer

.text
Size: 752KB - Virtual size: 751KB

.rdata
Size: 185KB - Virtual size: 185KB

.data
Size: 56KB - Virtual size: 76KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 6.2MB - Virtual size: 6.2MB

.reloc
Size: 85KB - Virtual size: 85KB