2024-02-13_12ee58c3451eab35030231b3fb789216_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-13_12ee58c3451eab35030231b3fb789216_magniber
Size

1.8MB
MD5

12ee58c3451eab35030231b3fb789216
SHA1

79f4414d99429b7c89a33c98d6ec2ac95f9ca978
SHA256

622a4f3057ebc7a1fbe760015be9edf422cdaa44925dd2513761dab736232728
SHA512

4d93389f2d67a1cff8fe712503b62f715ac6e53827fa6746e248490a6657bdc27a8e6dcf9383f97816451ada8cf04c39f8194d59c08e9fe8bd77b2fe708b0d11
SSDEEP

49152:WbE2Fv6xcVt5NA1Hg35sJz4HnF09R6Y6F5x:WbEw6xyNA1A3IL8

Score

1^/10

Malware Config

Signatures

Files

2024-02-13_12ee58c3451eab35030231b3fb789216_magniber
.exe windows:5 windows x86 arch:x86

d1bd930a31708947b2f5c6208fa02a1e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ca:40:6b:c4:8d:6a:b0:b0:14:47:b7:8c:3d:e0:8f:55
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

22/06/2015, 00:00

Not After

21/06/2016, 23:59

Subject

CN=Security Software Ltd,O=Security Software Ltd,POSTALCODE=W1J 6BD,STREET=Berkeley Square+STREET=2nd Floor Berkeley Square House,L=Mayfair,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:f7:7e:9a:51:7e:87:14:df:64:fc:4d:9e:fe:14:24:da:04:d9:e2
Signer

Actual PE Digest

09:f7:7e:9a:51:7e:87:14:df:64:fc:4d:9e:fe:14:24:da:04:d9:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
LoadResource
InterlockedIncrement
SizeofResource
GetModuleFileNameW
FindResourceW
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcpyA
lstrcatA
lstrcmpA
GetFileSize
GlobalReAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
EnumResourceNamesA
GetSystemDirectoryA
GetVolumeInformationA
DeleteFileA
ReleaseMutex
GetVersionExA
SetFileAttributesA
CopyFileA
GetLastError
CreateDirectoryA
CreateFileA
GetCommandLineA
GlobalFree
LoadLibraryA
CreateMutexA
lstrlenA
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
ReadConsoleW
FindFirstFileExW
GetDriveTypeW
MultiByteToWideChar
PeekNamedPipe
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
InitializeCriticalSectionAndSpinCount
lstrlenW
SetLastError
RaiseException
InterlockedDecrement
GetSystemInfo
WaitForSingleObject
LoadLibraryW
OutputDebugStringW
SetFilePointer
GetConsoleMode
GetConsoleCP
FlushFileBuffers
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
HeapReAlloc
GetTimeZoneInformation
GetOEMCP
GetCurrentProcess
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
SetEvent
GetACP
IsValidCodePage
WriteFile
GetStdHandle
HeapSize
GetModuleHandleExW
ExitProcess
ExitThread
CreateThread
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetCPInfo
GetCommandLineW
IsDebuggerPresent
QueryPerformanceFrequency
QueryPerformanceCounter
SystemTimeToFileTime
CreateWaitableTimerA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
SetWaitableTimer
ResetEvent
GetCurrentProcessId
ReleaseSemaphore
WaitForMultipleObjects
OpenEventA
AreFileApisANSI
MoveFileExW
DeviceIoControl
CloseHandle
GetFileAttributesA
CreateEventA
SetFilePointerEx
SetEndOfFile
RemoveDirectoryW
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
EncodePointer
GetStringTypeW
DecodePointer
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
WideCharToMultiByte
GetComputerNameExW
GetVersionExW
GetProcessHeap
HeapAlloc
HeapFree
GetFileAttributesW
SetFileAttributesW
FormatMessageA
GetModuleHandleA
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingA
OpenFileMappingA
LocalFree
SwitchToThread
GetTickCount
DuplicateHandle
Sleep
GetSystemTimeAsFileTime
CreateProcessW
OpenProcess
TerminateProcess
GetStartupInfoW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetCurrentDirectoryW
MulDiv
lstrcpyW
GetComputerNameW
FormatMessageW
GetSystemTime
InterlockedCompareExchange
InitializeSListHead
InterlockedPopEntrySList

user32

DestroyWindow
IsWindow
GetWindowPlacement
ShowWindow
EndPaint
InvalidateRect
UpdateWindow
SetCapture
GetCapture
SystemParametersInfoW
SetTimer
GetDlgCtrlID
GetParent
ReleaseCapture
ClientToScreen
GetWindowRect
PtInRect
KillTimer
GetDlgItem
CreateWindowExW
GetMenu
AdjustWindowRectEx
SendMessageW
SetWindowPlacement
MessageBoxW
PostMessageW
RegisterWindowMessageW
SetWindowTextW
RedrawWindow
GetSystemMetrics
DestroyIcon
IsDialogMessageW
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
LoadImageW
GetTopWindow
PostQuitMessage
MoveWindow
IsWindowVisible
EnableWindow
CreateDialogParamW
GetWindowTextLengthA
GetWindowTextA
UnionRect
GetClientRect
BeginPaint
CallWindowProcW
DefWindowProcW
GetWindowLongW
GetMessageA
IsDialogMessageA
DispatchMessageA
DialogBoxParamA
RegisterClassExA
DefWindowProcA
GetNextDlgTabItem
SetWindowLongW
SetWindowPos
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
MonitorFromPoint
SetMenuItemBitmaps
AppendMenuW
TrackPopupMenu
DestroyMenu
CreatePopupMenu
GetSysColor
SetForegroundWindow
SetActiveWindow
SetParent
GetCursorPos
LoadCursorW
GetClassInfoExW
RegisterClassExW
SetFocus
MessageBeep
SetDlgItemTextW
GetWindowTextW
GetWindowTextLengthW
DrawFocusRect
InflateRect
DrawEdge
IsWindowEnabled
DrawTextW
SetCursor
GetDesktopWindow
ReleaseDC
GetDC
CopyRect
GetScrollPos
SetScrollInfo
GetScrollInfo
SetRect
OffsetRect
ScreenToClient
MessageBoxA
UnregisterClassW
SetPropA
SendMessageA
LoadImageA
GetWindowLongA
LoadBitmapA
RemovePropA
SetWindowLongA
EnumChildWindows
SetScrollPos
ScrollWindowEx
CreateWindowExA
FillRect
GetPropA
GetClassNameA
LoadCursorA
CallWindowProcA
TrackMouseEvent
WindowFromPoint
GetWindowThreadProcessId
EnumWindows
GetMonitorInfoA
MonitorFromRect
AnimateWindow
SetWindowTextA
PostMessageA
SetScrollRange
EnableScrollBar
ShowScrollBar
SystemParametersInfoA
EndDialog
GetSysColorBrush
GetScrollRange

gdi32

DeleteDC
DeleteObject
GetStockObject
GetObjectW
SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
GetTextExtentPoint32W
GetDeviceCaps
GetObjectA
GetClipBox
CreateCompatibleBitmap
DPtoLP
CreateCompatibleDC
LPtoDP
GetTextMetricsW
BitBlt
SetTextAlign
CreatePen
MoveToEx
LineTo
GetTextExtentExPointA
EnumFontFamiliesExA
GetTextMetricsA
SetBrushOrgEx
CreateDIBSection
SetBkColor
CreateSolidBrush
TextOutA
GetTextExtentPoint32A
CreateFontIndirectA
SetWindowOrgEx
CreatePatternBrush

advapi32

RegEnumKeyExW
RegQueryValueExA
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegOpenKeyExA
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

shell32

ShellExecuteA
SHGetFolderPathW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHAppBarMessage

ole32

CreateStreamOnHGlobal
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VariantClear
SysFreeString
VarUI4FromStr
VariantInit
SysAllocString
OleLoadPicturePath
OleLoadPicture

comctl32

ImageList_Destroy
_TrackMouseEvent
ImageList_GetIconSize
ImageList_Create
ImageList_Add
ImageList_Draw
InitCommonControlsEx

gdiplus

GdipCreateFontFromDC
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipDeleteFont
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipSetStringFormatLineAlign
GdipCreateFontFromLogfontA
GdipDeleteBrush
GdipCreateHICONFromBitmap
GdipCreateBitmapFromFile
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCloneBitmapAreaI
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectI
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipDisposeImage
GdipCloneImage

driverhiveengine

dhCancelDriversUpdate
dhCancelScan
dhSetOperationErrorCallback
dhStartScan
dhGetLastScanSummary
dhSetOperationProgressCallback
dhSetOperationStartCallback
dhSetOperationCompleteCallback
dhStartDriversUpdate
dhGetLastScanResults
dhDriversUpdateInProgress
dhScanInProgress
dhEngineInit

crypt32

CryptProtectData
CryptUnprotectData

ws2_32

inet_ntoa
WSAStartup
WSACleanup
gethostbyname

winhttp

WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpReadData
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpSetOption
WinHttpSendRequest
WinHttpConnect

uxtheme

DrawThemeBackground
CloseThemeData
OpenThemeData

wininet

InternetSetOptionA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetSetStatusCallback
HttpOpenRequestA
InternetConnectA
InternetOpenUrlA
InternetOpenA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1bd930a31708947b2f5c6208fa02a1e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

ca:40:6b:c4:8d:6a:b0:b0:14:47:b7:8c:3d:e0:8f:55Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

09:f7:7e:9a:51:7e:87:14:df:64:fc:4d:9e:fe:14:24:da:04:d9:e2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

driverhiveengine

crypt32

ws2_32

winhttp

uxtheme

wininet

iphlpapi

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 230KB - Virtual size: 229KB

.data Size: 99KB - Virtual size: 115KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 135KB - Virtual size: 135KB

.reloc Size: 172KB - Virtual size: 171KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

ca:40:6b:c4:8d:6a:b0:b0:14:47:b7:8c:3d:e0:8f:55
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

09:f7:7e:9a:51:7e:87:14:df:64:fc:4d:9e:fe:14:24:da:04:d9:e2
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 230KB - Virtual size: 229KB

.data
Size: 99KB - Virtual size: 115KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 135KB - Virtual size: 135KB

.reloc
Size: 172KB - Virtual size: 171KB