2024-02-04_a60bf6391227d151aa35767a2e02abbc_mafia_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-04_a60bf6391227d151aa35767a2e02abbc_mafia_magniber
Size

2.5MB
MD5

a60bf6391227d151aa35767a2e02abbc
SHA1

feaa6b79648b7529c1751c22e3ffc0ef28428c38
SHA256

2d833775c335e3dcf435e69718994a210f0e418b7a3507ef943b45817d921890
SHA512

2bed09b0d482e629eeae04b0f6a8d94ed8ad07ea40b64816b90fdf946d5dbeab5929979d94aa396debd0f313e6dfadbe6c15cbea5029c0b11c6012cdfd0b4c1a
SSDEEP

49152:jzfH183JQG/SJcD8DS5e5OmsSPXbQjRuwX6nY3ps8XWXxTM7LQ8R6:PfH183JX/8cgDS5elsSPXbQjRrX6nY3i

Score

1^/10

Malware Config

Signatures

Files

2024-02-04_a60bf6391227d151aa35767a2e02abbc_mafia_magniber
.exe windows:5 windows x86 arch:x86

0209e34e2da3c9ea45daa2c878a13b1f

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:6f:52:2e:cc:1a:cd:07:15:dd:09:7d:3c:12:cd:e3
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/08/2023, 00:00

Not After

27/08/2026, 23:59

Subject

CN=SHENZHEN SHINETEK TECHNOLOGY CO.\,LTD,O=SHENZHEN SHINETEK TECHNOLOGY CO.\,LTD,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:4c:26:75:b5:5b:df:a3:db:80:87:b2:9a:c8:25:12:73:9e:1d:ee:6f:26:21:ef:6a:8f:d9:ab:21:56:1f:b9
Signer

Actual PE Digest

9e:4c:26:75:b5:5b:df:a3:db:80:87:b2:9a:c8:25:12:73:9e:1d:ee:6f:26:21:ef:6a:8f:d9:ab:21:56:1f:b9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
InitializeCriticalSection
HeapCreate
HeapAlloc
HeapFree
HeapDestroy
DeleteCriticalSection
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
LoadLibraryW
GetProcAddress
MulDiv
lstrlenA
GetFileSizeEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFileInformationByHandle
OutputDebugStringA
GetFileAttributesW
SetCurrentDirectoryW
GetModuleFileNameW
CreateProcessW
MultiByteToWideChar
Sleep
GetTickCount
SetEnvironmentVariableA
GetProcessHeap
SetEndOfFile
CreateFileA
FlushFileBuffers
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LoadResource
GetTimeZoneInformation
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
LoadLibraryA
FreeEnvironmentStringsW
GetLocaleInfoW
GetStdHandle
IsProcessorFeaturePresent
WriteConsoleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
LCMapStringW
GetCPInfo
CompareStringW
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
HeapReAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
SizeofResource
GetModuleHandleA
GetModuleHandleW
GetVersionExA
GetLocalTime
GetVersionExW
GetFullPathNameW
FreeResource
SetLastError
GetCurrentThreadId
CreateThread
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
SetEvent
CreateEventW
ReadFile
CancelIo
ResetEvent
WriteFile
CreateFileW
GetLastError
WaitForSingleObject
CloseHandle
CreateMutexW
ReleaseMutex
FindFirstFileW
FindClose
GetEnvironmentStringsW
FindResourceW

user32

GetSystemMetrics
SystemParametersInfoA
DrawTextW
CharLowerBuffW
MapVirtualKeyA
UpdateLayeredWindow
AppendMenuW
CreatePopupMenu
SetMenuContextHelpId
IsRectEmpty
PtInRect
CallNextHookEx
SetWindowsHookExW
ScreenToClient
PostMessageW
SendMessageW
RemovePropW
SetPropW
DestroyWindow
ClientToScreen
SystemParametersInfoW
ShowWindow
GetWindow
GetDesktopWindow
IsWindow
GetPropW
IsIconic
IsWindowVisible
SetForegroundWindow
GetActiveWindow
InflateRect
CopyRect
RegisterWindowMessageW
SetTimer
KillTimer
DestroyIcon
IsMenu
DestroyMenu
TrackPopupMenu
SetMenuInfo
GetMenuInfo
UnhookWindowsHookEx
GetMenuItemCount
GetMenuItemInfoW
GetFocus
CreateIconFromResource
LoadImageW
LoadBitmapW
GetForegroundWindow
MsgWaitForMultipleObjects
LoadIconW
MessageBoxW
SetLayeredWindowAttributes
BeginPaint
EndPaint
GetClassNameW
TrackMouseEvent
AnimateWindow
IsZoomed
SetCaretPos
GetCaretBlinkTime
CreateCaret
HideCaret
GetCapture
ReleaseCapture
SetWindowTextW
SetFocus
SetCapture
InvalidateRect
UpdateWindow
RegisterClassExW
CreateWindowExW
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
UnregisterClassW
SetWindowLongW
CallWindowProcW
DefWindowProcW
GetDlgItem
GetParent
IsWindowEnabled
EnableWindow
SetActiveWindow
PostQuitMessage
SetWindowPos
GetWindowLongW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
EnableMenuItem
GetKeyState
GetSysColor
DrawIconEx
ReleaseDC
GetDC
CharNextW
GetIconInfo
LoadCursorW
DestroyCursor
SetCursor
SetRect
IntersectRect
GetCursorPos
EqualRect
OffsetRect
RegisterDeviceNotificationW
wsprintfW
UnionRect

gdi32

EnumFontsW
SetViewportOrgEx
StretchBlt
CreateSolidBrush
Rectangle
SetBkMode
GetStockObject
GetObjectW
CreateFontIndirectW
CreateRoundRectRgn
CreateBitmap
CreateCompatibleDC
SelectObject
DeleteDC
BitBlt
GetDeviceCaps
SetGraphicsMode
DeleteObject
CreateDIBSection
GetRegionData
SelectClipRgn
ExtCreateRegion
IntersectClipRect
GetViewportOrgEx
GetCurrentObject
GetGlyphOutlineW
GetFontData
GetTextMetricsW
GetOutlineTextMetricsW
RemoveFontMemResourceEx
GetGlyphIndicesW
GdiFlush
ExtTextOutW
SetWorldTransform
SetTextColor
SetTextAlign
GetTextFaceW
GetFontUnicodeRanges
GetTextExtentPointI
GetCharABCWidthsW
EnumFontFamiliesExW
AddFontMemResourceEx

shell32

ShellExecuteW
Shell_NotifyIconW

ole32

CoCreateInstance
CreateBindCtx
OleLockRunning
CLSIDFromString
CoCreateGuid
IIDFromString
CreateStreamOnHGlobal
CLSIDFromProgID
OleUninitialize
OleInitialize

oleaut32

SysFreeString
SysAllocString

shlwapi

StrToIntExW

hid

HidD_GetFeature
HidD_GetAttributes
HidD_GetPreparsedData
HidP_GetCaps
HidD_FreePreparsedData
HidD_SetFeature

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW

imm32

ImmGetContext
ImmAssociateContext
ImmReleaseContext

gdiplus

GdipCloneImage
GdiplusShutdown
GdipDrawImageRectI
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdiplusStartup
GdipCreateBitmapFromFile
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCreateBitmapFromStream
GdipImageGetFrameCount

usp10

ScriptItemize
ScriptShape
ScriptFreeCache

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0209e34e2da3c9ea45daa2c878a13b1f

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:6f:52:2e:cc:1a:cd:07:15:dd:09:7d:3c:12:cd:e3Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

9e:4c:26:75:b5:5b:df:a3:db:80:87:b2:9a:c8:25:12:73:9e:1d:ee:6f:26:21:ef:6a:8f:d9:ab:21:56:1f:b9Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

hid

setupapi

imm32

gdiplus

usp10

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 452KB - Virtual size: 451KB

.data Size: 64KB - Virtual size: 159KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 134KB - Virtual size: 133KB

.reloc Size: 152KB - Virtual size: 152KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:6f:52:2e:cc:1a:cd:07:15:dd:09:7d:3c:12:cd:e3
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

9e:4c:26:75:b5:5b:df:a3:db:80:87:b2:9a:c8:25:12:73:9e:1d:ee:6f:26:21:ef:6a:8f:d9:ab:21:56:1f:b9
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 452KB - Virtual size: 451KB

.data
Size: 64KB - Virtual size: 159KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 134KB - Virtual size: 133KB

.reloc
Size: 152KB - Virtual size: 152KB