2024-02-11_37dc86bd840fea2b04e72a776dd90347_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-11_37dc86bd840fea2b04e72a776dd90347_magniber
Size

1.6MB
MD5

37dc86bd840fea2b04e72a776dd90347
SHA1

b06cc4546a370fda5c131703141d3e3e964f62a4
SHA256

c53a2b0b7ddfd860aa56fca9c3683e235a670a94fa37905f3513ff8c256799de
SHA512

8bc4cfdd66ec44dbd246070444d00ca231f3ae3f6666d1d5a1f5568e9f9d8e39ae0b50a5951de2428c70135c1c49d4cbe806d7c0e8337c67c26e904b61f96da0
SSDEEP

24576:f0hz54/FGK8QMuuturKzh2oAfNYQeSBADiSGMPq2kR9r1E9:8w/FGhturK1qWPDi4qjL

Score

1^/10

Malware Config

Signatures

Files

2024-02-11_37dc86bd840fea2b04e72a776dd90347_magniber
.exe windows:5 windows x86 arch:x86

fec72561910894cc8dd17c3771a88ac8

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-01,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9b:7b:78:75:38:2b:d5:da:3c:a1:e3:09:7a:7d:16:3c:a1:2c:d6:da:39:b0:e2:32:e9:78:00:ab:7d:89:cf:8c
Signer

Actual PE Digest

9b:7b:78:75:38:2b:d5:da:3c:a1:e3:09:7a:7d:16:3c:a1:2c:d6:da:39:b0:e2:32:e9:78:00:ab:7d:89:cf:8c

Digest Algorithm

sha256

PE Digest Matches

false

44:fb:8c:52:46:b4:3b:fa:5a:96:f4:f5:2b:93:66:b6:f2:03:8d:8c
Signer

Actual PE Digest

44:fb:8c:52:46:b4:3b:fa:5a:96:f4:f5:2b:93:66:b6:f2:03:8d:8c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\440818\out\Release\MedalWall.pdb

Imports

kernel32

GetVersion
GetCurrentThread
MulDiv
DisableThreadLibraryCalls
InterlockedCompareExchange
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualQuery
GetThreadContext
SetThreadContext
SuspendThread
ResumeThread
lstrcmpW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
MoveFileExW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
GetCommandLineW
WideCharToMultiByte
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
CreateMutexW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
InitializeCriticalSection
LoadLibraryW
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
CreateFileA
lstrcmpiA
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
FreeResource
Sleep
GetLocalTime
GetFileSize
FlushFileBuffers
WriteConsoleW
OpenProcess
SetStdHandle
WaitForSingleObjectEx
OutputDebugStringA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
CreateProcessW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFileType
GetACP
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
ReadFile
InterlockedFlushSList
RtlUnwind
WaitForMultipleObjects
SetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
FormatMessageW
GetStringTypeW
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetStartupInfoW
FreeEnvironmentStringsW
GetLongPathNameW
FreeLibrary
MultiByteToWideChar
FindNextFileW
FindFirstFileW
DeleteFileW
GetFullPathNameW
RemoveDirectoryW
GetDiskFreeSpaceExW
GetTempPathW
GetSystemDirectoryW
GetDriveTypeW
GetLogicalDriveStringsW
lstrlenW
FindClose
WriteFile
GetFileAttributesExW
CreateFileW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
SetFilePointer
GetVersionExW
GetModuleHandleW
GetProcAddress
FindResourceExW
FindResourceW
SizeofResource
LoadResource
LocalFree
LockResource
DeleteCriticalSection
DecodePointer
Process32NextW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
GetCurrentThreadId
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetEndOfFile
ResetEvent

user32

UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
DestroyWindow
GetWindowLongW
SetWindowLongW
DefWindowProcW
wsprintfW
SetTimer
UnregisterClassA
KillTimer
GetDC
ReleaseDC
ShowWindow
IsWindowVisible
IsIconic
SetForegroundWindow
FindWindowExW
GetWindowThreadProcessId
CopyRect
OffsetRect
DestroyCursor
SendMessageTimeoutW
IsWindow
GetSystemMetrics
GetMenuStringW
GetMenuItemInfoW
DrawTextW
SetRectEmpty
PostMessageW
SendMessageW
CallWindowProcW
LoadCursorW
SetWindowPos
CharNextW
PeekMessageW
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
DispatchMessageW
TranslateMessage
GetMessageW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
SetWindowTextW
GetAsyncKeyState
UpdateLayeredWindow
PostQuitMessage
RegisterWindowMessageW
SystemParametersInfoW
GetWindow
ClientToScreen
ScrollWindowEx
InvalidateRect
EnableScrollBar
BeginPaint
UpdateWindow
SetFocus
GetDlgCtrlID
IsRectEmpty
MoveWindow
DrawFocusRect
EqualRect
UnionRect
GetParent
PtInRect
InflateRect
SetRect
FrameRect
FillRect
GetSysColorBrush
GetSysColor
MapWindowPoints
ScreenToClient
GetCursorPos
SetCursor
GetWindowRect
GetWindowDC
WindowFromDC
ReleaseCapture
SetCapture
GetMessagePos
DrawFrameControl
DrawEdge
GetScrollInfo
SetScrollInfo
GetClientRect
RemovePropW
GetPropW
SetPropW
EndPaint

gdi32

GetStockObject
SetViewportOrgEx
GetObjectW
CreateDIBSection
SelectObject
SetBkMode
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
EnumFontFamiliesW
DeleteObject
CreateFontW
SetBkColor
DeleteDC
SetDCPenColor
CreateRectRgnIndirect
SetTextColor
MoveToEx
ExtTextOutW
CreateBitmap
IntersectClipRect
SelectClipRgn
PlayEnhMetaFile
SetWindowOrgEx
UnrealizeObject
RectVisible
RestoreDC
SaveDC
OffsetViewportOrgEx
StretchBlt
LineTo

advapi32

RegQueryValueExA
CryptReleaseContext
CryptDestroyKey
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
RegQueryValueExW
RegEnumValueW
CryptContextAddRef
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptAcquireContextW

shell32

SHGetSpecialFolderPathW
ord165
ShellExecuteW
ShellExecuteExW
CommandLineToArgvW
SHCreateDirectoryExW

ole32

OleRun
CoCreateGuid
CoCreateInstance
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

VarUI4FromStr
SysAllocString
CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantClear
VariantInit
GetErrorInfo
SysFreeString

shlwapi

PathAppendW
SHGetValueW
PathFileExistsW
PathRemoveFileSpecW
PathIsPrefixW
SHSetValueA
SHGetValueA
StrToIntExW
StrStrIA
StrTrimA
StrCmpNIW
StrCmpIW
StrStrIW
StrCmpW
PathFindFileNameW
PathCombineW
wnsprintfW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdiplusStartup
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImagePointRectI
GdipFillRectangleI
GdipSetTextRenderingHint
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
EnumProcesses

setupapi

SetupIterateCabinetW

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 21KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fec72561910894cc8dd17c3771a88ac8

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7eCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:deCertificate

Extended Key Usages

Key Usages

33:90:20:77:61:c4:26:dd:94:50:03:0dCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

9b:7b:78:75:38:2b:d5:da:3c:a1:e3:09:7a:7d:16:3c:a1:2c:d6:da:39:b0:e2:32:e9:78:00:ab:7d:89:cf:8cSigner

44:fb:8c:52:46:b4:3b:fa:5a:96:f4:f5:2b:93:66:b6:f2:03:8d:8cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

psapi

setupapi

crypt32

wintrust

wininet

iphlpapi

urlmon

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 222KB - Virtual size: 221KB

.data Size: 21KB - Virtual size: 30KB

.rsrc Size: 219KB - Virtual size: 219KB

.reloc Size: 59KB - Virtual size: 60KB

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

9b:7b:78:75:38:2b:d5:da:3c:a1:e3:09:7a:7d:16:3c:a1:2c:d6:da:39:b0:e2:32:e9:78:00:ab:7d:89:cf:8c
Signer

44:fb:8c:52:46:b4:3b:fa:5a:96:f4:f5:2b:93:66:b6:f2:03:8d:8c
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 222KB - Virtual size: 221KB

.data
Size: 21KB - Virtual size: 30KB

.rsrc
Size: 219KB - Virtual size: 219KB

.reloc
Size: 59KB - Virtual size: 60KB