2024-02-04_7d0ade14020331b0abe0d61adacb0d61_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-04_7d0ade14020331b0abe0d61adacb0d61_magniber
Size

23.5MB
MD5

7d0ade14020331b0abe0d61adacb0d61
SHA1

af8666e4565a6faa5258efc12fae4c3a4943d117
SHA256

bc3f4909a40a0170e4403b936df66abd4cde38d9ac713241a2fdfcec80df733b
SHA512

d38ffd00ff24325c30297a3300385af3e29d374a95154b05deef19e8e38b9436fc1941860d146aada24b5e9c924cd6259622d6d84edbbe9844aaff4f2eb8ed21
SSDEEP

393216:AF/CVAlO+aeJWZG81JUnV0XjAFPg0iH62TfIHjTFi1W+60Dfbx659FXwBF:AF/eAlT81JMSkFPGa2TfIHjTFyWQGDwn

Score

1^/10

Malware Config

Signatures

Files

2024-02-04_7d0ade14020331b0abe0d61adacb0d61_magniber
.exe windows:5 windows x86 arch:x86

64f9eff108d6116d0212d088459bc7a5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:e2:35:e1:90:2a:bd:c0:69:7a:30:4b:5a:c8:22:b5
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/07/2015, 00:00

Not After

21/08/2018, 12:00

Subject

CN=Perlego Holdings Ltd.,O=Perlego Holdings Ltd.,L=Paphos,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

21:2c:fd:28:f5:31:c5:f3:2e:1c:d1:c0:e1:5f:37:d4:6c:ef:24:f5
Signer

Actual PE Digest

21:2c:fd:28:f5:31:c5:f3:2e:1c:d1:c0:e1:5f:37:d4:6c:ef:24:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Builds\Agent3\Binaries\Win32\Release\Reader.pdb

Imports

kernel32

GetCurrentProcess
FormatMessageA
TerminateProcess
FindFirstFileA
RemoveDirectoryA
FindClose
FindNextFileA
GetModuleHandleA
GetCurrentProcessId
GetTempPathA
LocalFree
ExpandEnvironmentStringsW
CreateFileA
GetFileSize
SetFilePointer
lstrlenA
MoveFileExA
SetEndOfFile
WriteFile
InitializeCriticalSection
LeaveCriticalSection
CopyFileA
EnterCriticalSection
GetLocalTime
LocalAlloc
DeleteCriticalSection
GetCPInfo
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
GetTickCount
Sleep
LoadLibraryA
ReadFile
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetLocaleInfoA
GetFileAttributesA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
HeapFree
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeW
HeapAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetStdHandle
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
DeleteFileA
CloseHandle
GetVersionExA
ReleaseMutex
CreateMutexA
GetModuleFileNameA
OpenMutexA
SetFileAttributesA
GetLastError
SetCurrentDirectoryA
CreateDirectoryA
GetExitCodeProcess
WaitForSingleObject

user32

MessageBoxA

advapi32

RegQueryValueExW
RegOpenKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExW
RegCloseKey

shell32

ShellExecuteExA

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64f9eff108d6116d0212d088459bc7a5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

03:e2:35:e1:90:2a:bd:c0:69:7a:30:4b:5a:c8:22:b5Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

21:2c:fd:28:f5:31:c5:f3:2e:1c:d1:c0:e1:5f:37:d4:6c:ef:24:f5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 167KB - Virtual size: 167KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 10KB - Virtual size: 17KB

.rsrc Size: 123KB - Virtual size: 122KB

.reloc Size: 21KB - Virtual size: 21KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

03:e2:35:e1:90:2a:bd:c0:69:7a:30:4b:5a:c8:22:b5
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

21:2c:fd:28:f5:31:c5:f3:2e:1c:d1:c0:e1:5f:37:d4:6c:ef:24:f5
Signer

.text
Size: 167KB - Virtual size: 167KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 10KB - Virtual size: 17KB

.rsrc
Size: 123KB - Virtual size: 122KB

.reloc
Size: 21KB - Virtual size: 21KB