2024-02-03_e9cc3cb290b97caac949bf42298a11d0_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-03_e9cc3cb290b97caac949bf42298a11d0_magniber
Size

9.4MB
MD5

e9cc3cb290b97caac949bf42298a11d0
SHA1

7c499fcbc8033ea7930872eedb0f811efd836075
SHA256

a98a72bb23f500f637a4cbfaf9a3a8caa2a736ed249b9fc03048b4e1698b5fae
SHA512

59ef23055add84ec620927ebb0e632d241c48a00c8a05286024c37685b2167077be7004033e53819423f0ef432934d6b7b7bff079c2bd7debb88d9be6f497cce
SSDEEP

196608:hn0HTqlUgN7AktVweDO8emQmG5eWWi/zio/i:m2O84wWrX/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-03_e9cc3cb290b97caac949bf42298a11d0_magniber

Files

2024-02-03_e9cc3cb290b97caac949bf42298a11d0_magniber
.exe windows:5 windows x86 arch:x86

6cd8341b4ee6ac324f19ff60b10c197e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Devops\agent\workspace\p-8a453db8192f4c9bad1a0cd31d8dbbda\src\svn\Client\Output\Binfinal\GameDownload\GameDownload.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

ws2_32

setsockopt
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
sendto
WSAJoinLeaf
inet_addr
bind
htons
ioctlsocket
recvfrom
WSAGetLastError
WSAStartup
WSACleanup
htonl
ntohs
ntohl
WSASocketW
closesocket
recv
connect
gethostname
freeaddrinfo
getaddrinfo
WSASetLastError
getsockopt
getsockname
__WSAFDIsSet
accept
gethostbyname
select
listen
getpeername
send
socket

imm32

ImmDisableIME

kernel32

GetModuleFileNameW
GetCommandLineW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetModuleHandleW
GetFileSize
ReadFile
SetFilePointer
WriteFile
GetVersion
GetExitCodeProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcess
OpenProcess
TerminateProcess
GetFileAttributesW
FindFirstFileW
RemoveDirectoryW
MoveFileExW
DeleteFileW
FindNextFileW
FindClose
CopyFileW
VirtualAlloc
VirtualFree
GetLocaleInfoW
ExpandEnvironmentStringsW
GetLongPathNameW
GetLocalTime
GetCurrentThreadId
CreateDirectoryW
GetUserDefaultUILanguage
WriteProcessMemory
GetCurrentProcessId
SetErrorMode
InitializeCriticalSection
SearchPathW
WaitForMultipleObjects
SetUnhandledExceptionFilter
VirtualAllocEx
lstrcpynW
GetACP
FormatMessageW
FreeResource
UnhandledExceptionFilter
GetVersionExW
DeviceIoControl
GetDriveTypeW
GetDiskFreeSpaceExW
GetLogicalDrives
OutputDebugStringW
GetWindowsDirectoryW
CreatePipe
SetHandleInformation
PeekNamedPipe
LoadLibraryExW
RaiseException
DecodePointer
SetLastError
lstrcmpiW
ResetEvent
SystemTimeToFileTime
GetTempFileNameW
lstrlenW
GetComputerNameW
WaitForSingleObjectEx
SetCurrentDirectoryW
GetFileAttributesExW
IsDBCSLeadByte
TlsSetValue
GetQueuedCompletionStatus
PostQueuedCompletionStatus
TlsAlloc
TlsGetValue
TlsFree
CreateIoCompletionPort
IsDebuggerPresent
GetSystemDefaultLangID
GetSystemInfo
SwitchToThread
LoadLibraryA
IsBadReadPtr
IsBadWritePtr
GetVersionExA
SetEndOfFile
CreateFileA
MapViewOfFile
GetPrivateProfileIntA
GetPrivateProfileStringA
GetStdHandle
GetCPInfo
GetTickCount
UnmapViewOfFile
GetStringTypeW
EncodePointer
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
LoadLibraryExA
GetStartupInfoW
QueryPerformanceCounter
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SystemTimeToTzSpecificLocalTime
WriteConsoleW
FileTimeToSystemTime
SetFilePointerEx
ExitProcess
GetConsoleMode
ReadConsoleW
GetConsoleCP
ExpandEnvironmentStringsA
GetFileType
FormatMessageA
SleepEx
GlobalLock
GlobalAlloc
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetFullPathNameW
SetEvent
CreateEventW
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
InterlockedExchange
InterlockedCompareExchange
CreateProcessW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
GetLastError
CreateFileW
LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
WideCharToMultiByte
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
MultiByteToWideChar
CreateDirectoryA
SetStdHandle
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCurrentDirectoryW

user32

GetDlgCtrlID
SetCapture
SetTimer
IsWindowVisible
FlashWindow
MessageBoxW
ReleaseCapture
LoadIconW
SetCursor
PtInRect
EqualRect
DrawFrameControl
DrawTextW
EndPaint
BeginPaint
GetSystemMenu
SendMessageTimeoutW
PostThreadMessageW
DrawIconEx
CallWindowProcW
GetActiveWindow
MsgWaitForMultipleObjects
OffsetRect
InflateRect
SetRect
CopyRect
DispatchMessageW
WaitMessage
GetMessageW
PeekMessageW
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
DefWindowProcW
GetDesktopWindow
CharNextW
UnregisterClassW
LoadStringW
GetMonitorInfoW
MonitorFromWindow
SetWindowRgn
GetDlgItem
GetParent
GetWindow
SetActiveWindow
EnableWindow
IsWindowEnabled
ShowWindow
TrackPopupMenu
SetWindowTextW
PostMessageW
GetWindowTextW
GetWindowTextLengthW
GetSysColor
GetFocus
PostQuitMessage
KillTimer
GetQueueStatus
GetKeyState
MsgWaitForMultipleObjectsEx
InvalidateRect
ReleaseDC
GetWindowDC
GetDC
MapWindowPoints
ClientToScreen
GetClientRect
GetWindowRect
SetWindowPos
MoveWindow
SendMessageW
DestroyWindow
CreateWindowExW
GetWindowLongW
SetWindowLongW
LoadImageW
CopyImage
TranslateMessage
IsWindow

gdi32

BitBlt
CreateCompatibleDC
DeleteDC
CreateSolidBrush
DeleteObject
GetTextMetricsW
SelectObject
CreateFontIndirectW
SaveDC
RectInRegion
GetCurrentObject
GetStockObject
GetObjectW
CreateDIBSection
SetBkColor
ExtTextOutW
StretchBlt
CreateRectRgn
CombineRgn
CreateBitmap
SetTextColor
CreatePen
CreateRectRgnIndirect
Rectangle
OffsetRgn
SetRectRgn
MoveToEx
LineTo
GetTextExtentPoint32W
SetBkMode
TextOutW
RoundRect
SelectClipRgn
GetClipRgn
CreateCompatibleBitmap
RestoreDC

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
RegQueryValueExW
RegOpenKeyExA
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegEnumKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
QueryServiceStatusEx
CloseServiceHandle
ControlService
OpenServiceW
OpenSCManagerW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupPrivilegeNameW
GetTokenInformation
OpenProcessToken
RegCloseKey
RegOpenKeyExW

shell32

CommandLineToArgvW
SHFileOperationW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderPathA
ShellExecuteExW

ole32

CoTaskMemRealloc
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateGuid
CoCreateInstance

oleaut32

VarUI4FromStr
SysStringLen
SysAllocString
OleLoadPicture
SysFreeString

shlwapi

PathRemoveFileSpecW
SHDeleteKeyW
PathFileExistsW
PathIsDirectoryW
PathFindFileNameW
StrToIntA
PathAddBackslashW
PathAppendW
StrStrIA
StrStrIW
wnsprintfW

imagehlp

UnMapAndLoad
MapAndLoad

winmm

timeKillEvent
timeSetEvent

wininet

InternetCreateUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetQueryOptionW
InternetSetOptionW
InternetReadFile
InternetCloseHandle
HttpQueryInfoW
InternetCrackUrlW
InternetCanonicalizeUrlW
DeleteUrlCacheEntryW

comctl32

_TrackMouseEvent

gdiplus

GdiplusShutdown
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipAlloc
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipFree
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipGetImageWidth
GdipGetImageHeight
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdipDrawImageI
GdipLoadImageFromStream

urlmon

URLDownloadToFileW

iphlpapi

GetIpForwardTable

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

wldap32

ord27
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord26
ord143
ord46
ord211
ord60
ord50
ord41
ord22

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6cd8341b4ee6ac324f19ff60b10c197e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

psapi

ws2_32

imm32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

imagehlp

winmm

wininet

comctl32

gdiplus

urlmon

iphlpapi

netapi32

wldap32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 368KB - Virtual size: 367KB

.data Size: 17KB - Virtual size: 24KB

.gfids Size: 1024B - Virtual size: 1004B

.tls Size: 512B - Virtual size: 9B

.QMGuid Size: 512B - Virtual size: 20B

.rsrc Size: 7.7MB - Virtual size: 7.7MB

.reloc Size: 74KB - Virtual size: 74KB

.zero Size: 4KB - Virtual size: 3KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 368KB - Virtual size: 367KB

.data
Size: 17KB - Virtual size: 24KB

.gfids
Size: 1024B - Virtual size: 1004B

.tls
Size: 512B - Virtual size: 9B

.QMGuid
Size: 512B - Virtual size: 20B

.rsrc
Size: 7.7MB - Virtual size: 7.7MB

.reloc
Size: 74KB - Virtual size: 74KB

.zero
Size: 4KB - Virtual size: 3KB