2024-02-13_71f291225a4dc576483e860274445934_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-13_71f291225a4dc576483e860274445934_magniber
Size

15.1MB
MD5

71f291225a4dc576483e860274445934
SHA1

756424d22a91eedaef27a55c207d82635807a18c
SHA256

794eb1ab036048e40366bd4ef74801a09395f4aa17423f43829475db20512b6e
SHA512

e8a623d4cf1c9b5918e5d2c566e1ff78599eecd365b5105bac5f4b0c64f144cc4d563c856c84e5c6982070c022babf93ba9a5c1777b526eb1c68c66a45c9fb5f
SSDEEP

393216:zL/WHXNBx+8btfnljbYaYHxTou7L+Jqku:P/YfQ+nlFyloW

Score

1^/10

Malware Config

Signatures

Files

2024-02-13_71f291225a4dc576483e860274445934_magniber
.exe windows:6 windows x86 arch:x86

3d4ac28d882e294f564a18c326f9bb4c

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:69:bd:ca:11:11:03:fd:89:21:19:46:8b:42:7c:b6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/05/2022, 00:00

Not After

13/05/2023, 23:59

Subject

SERIALNUMBER=91440101MA5ALY8N19,CN=广州市小弹壳网络科技有限公司,O=广州市小弹壳网络科技有限公司,L=广州市,ST=广东省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e5a4a9e6b2b3e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:79:0b:b1:da:b2:18:46:63:05:10:f9:97:fd:5f:65:05:58:4a:2e:70:a6:2f:9e:9f:81:0d:42:5d:9f:44:4b
Signer

Actual PE Digest

5d:79:0b:b1:da:b2:18:46:63:05:10:f9:97:fd:5f:65:05:58:4a:2e:70:a6:2f:9e:9f:81:0d:42:5d:9f:44:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\officialproject\fly2cnautosetup\GitGet\fly2cn_install\Release\Installer.pdb

Imports

kernel32

QueryPerformanceCounter
GetCurrentThreadId
CreateMutexW
ReleaseMutex
SetCurrentDirectoryW
InterlockedIncrement
InterlockedDecrement
FlushInstructionCache
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
GetFileAttributesW
FreeResource
SetLastError
GetFullPathNameW
GetModuleHandleW
MulDiv
GetTickCount
GetVersionExW
GetVersionExA
GetModuleHandleA
IsBadReadPtr
GetCurrentProcessId
Module32FirstW
Process32FirstW
LoadLibraryA
QueryFullProcessImageNameA
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
K32GetProcessImageFileNameW
K32GetProcessImageFileNameA
GetProcessId
TerminateProcess
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesExW
GetFullPathNameA
GetCurrentDirectoryW
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
lstrlenA
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetFileInformationByHandle
InterlockedCompareExchange
CreateThread
GetSystemTime
GetLocalTime
QueryPerformanceFrequency
GetTimeZoneInformation
SetFileTime
GetLastError
GetTickCount64
IsWow64Process
GetDiskFreeSpaceExA
VerifyVersionInfoW
FreeLibrary
VerSetConditionMask
SetEndOfFile
HeapSize
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
GetProcessHeap
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetACP
GetStdHandle
ExitProcess
HeapReAlloc
GetModuleHandleExW
ResumeThread
OutputDebugStringA
RaiseException
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFree
InitializeSListHead
GetStartupInfoW
GetProcAddress
LoadLibraryW
GetDiskFreeSpaceExW
DeviceIoControl
GetCurrentProcess
GetPrivateProfileStringA
CreateDirectoryA
RemoveDirectoryA
GetWindowsDirectoryW
GetLogicalDriveStringsA
FindResourceW
LoadResource
GetWindowsDirectoryA
DeleteFileW
DeleteFileA
LockResource
GetSystemDirectoryA
CreateFileA
GetTempPathA
GetPrivateProfileStringW
GetLogicalDriveStringsW
GetSystemDirectoryW
CreateFileW
FindClose
GetTempPathW
SetFilePointer
FindNextFileA
GetModuleFileNameW
RemoveDirectoryW
GetShortPathNameW
WriteFile
FindNextFileW
FindFirstFileA
GetFileSizeEx
FindFirstFileW
SizeofResource
GetModuleFileNameA
ReadFile
GetShortPathNameA
CreateDirectoryW
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
SetEvent
CreateEventW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
DecodePointer
EncodePointer
SetFileAttributesW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
GetFileSize
FormatMessageW
TryEnterCriticalSection
Sleep
CreateProcessA
QueryFullProcessImageNameW
ExitThread
CreateProcessW
WaitForSingleObjectEx
DuplicateHandle
WaitForSingleObject

user32

BeginPaint
EndPaint
InvalidateRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
HideCaret
SetCaretPos
CopyRect
InflateRect
IntersectRect
ReleaseDC
IsRectEmpty
GetClassNameW
DestroyIcon
SetCursor
SetRect
EqualRect
PtInRect
GetFocus
GetKeyState
DestroyCursor
CharNextW
OffsetRect
UpdateWindow
GetDC
ReleaseCapture
SetTimer
UnionRect
KillTimer
WaitForInputIdle
GetParent
GetIconInfo
LoadBitmapW
CreateIconFromResource
LoadImageW
GetClientRect
SetLayeredWindowAttributes
GetMessageW
TranslateMessage
SetCapture
PeekMessageW
ClientToScreen
EnableMenuItem
GetSysColor
MessageBoxW
MoveWindow
GetWindowLongA
SetWindowLongA
GetSystemMetrics
ScreenToClient
SetWindowRgn
GetWindowRect
GetWindowLongW
ShowWindow
SetWindowTextW
SendMessageW
PostMessageW
GetDesktopWindow
SwitchToThisWindow
GetWindowThreadProcessId
SystemParametersInfoW
AttachThreadInput
SetActiveWindow
SetForegroundWindow
LoadStringW
PostQuitMessage
IsWindow
DestroyWindow
SetWindowPos
GetActiveWindow
EnableWindow
IsWindowEnabled
LoadIconW
GetWindowPlacement
IsWindowVisible
DrawTextW
SystemParametersInfoA
MonitorFromWindow
CharLowerBuffW
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
CreateWindowExW
GetDlgItem
MapWindowPoints
SetWindowLongW
GetWindow
LoadCursorW
GetCapture
SetFocus
IsZoomed
IsIconic
DrawIconEx
AnimateWindow
TrackMouseEvent
GetMonitorInfoW
DispatchMessageW
SetMenuContextHelpId
GetForegroundWindow
MsgWaitForMultipleObjects
MapVirtualKeyA
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
DeleteMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
CheckMenuItem
DestroyMenu
CreatePopupMenu
IsMenu
UpdateLayeredWindow

gdi32

GetDCOrgEx
SetBkMode
Rectangle
GetStockObject
GetClipBox
CreateSolidBrush
CreateFontIndirectW
SetGraphicsMode
GetDeviceCaps
CreateCompatibleBitmap
EnumFontsW
GetObjectW
StretchBlt
SelectObject
DeleteDC
CreateCompatibleDC
BitBlt
CreateRoundRectRgn
DeleteObject
ExtCreateRegion
GetRegionData
IntersectClipRect
SelectClipRgn
CreateDIBSection
GetCurrentObject
GetViewportOrgEx
SetViewportOrgEx
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontUnicodeRanges
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
SetTextColor
SetTextAlign
GetTextMetricsW
SetWorldTransform
ExtTextOutW
GetTextFaceW
GdiFlush
CreateBitmap

advapi32

RegSetValueExW
GetUserNameW
GetUserNameA
RegDeleteTreeA
RegGetValueA
RegDeleteKeyA
RegDeleteKeyW
RegDeleteKeyValueW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteTreeW
RegQueryValueExW
RegSetValueExA
RegOpenKeyExA
RegOpenKeyExW
RegGetValueW
RegDeleteKeyValueA
OpenProcessToken
GetTokenInformation
RegCloseKey
RegEnumKeyExW
RegOpenKeyW

shell32

SHGetFileInfoA
ShellExecuteExA
ShellExecuteExW
SHGetKnownFolderPath
ShellExecuteW
SHCreateItemFromParsingName
SHGetFileInfoW
SHChangeNotify
ord727

ole32

CLSIDFromString
CreateBindCtx
OleUninitialize
OleInitialize
CoCreateGuid
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString
CreateErrorInfo
GetErrorInfo
VariantInit
VariantClear
VariantChangeType
SetErrorInfo

iphlpapi

IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle
GetAdaptersAddresses

ws2_32

ntohl
closesocket
InetPtonW
WSACleanup
freeaddrinfo
inet_ntop
GetAddrInfoW
gethostname
WSAStartup
socket
recvfrom
htonl
htons
setsockopt
WSAAddressToStringW
FreeAddrInfoW
inet_pton
getaddrinfo
InetNtopW
sendto

version

VerQueryValueA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW

rpcrt4

UuidCreateSequential
UuidCreate

wininet

HttpQueryInfoA
HttpOpenRequestA
InternetOpenUrlW
InternetOpenW
HttpQueryInfoW
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetCheckConnectionW
InternetReadFile
InternetSetOptionW
InternetConnectA
InternetGetConnectedState

winhttp

WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpSendRequest
WinHttpQueryOption
WinHttpConnect
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryHeaders
WinHttpSetStatusCallback

sensapi

IsNetworkAlive

shlwapi

PathFindFileNameW
PathFindFileNameA
StrToIntExW

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

ntdll

NtQueryInformationProcess
RtlCaptureStackBackTrace

dwmapi

DwmExtendFrameIntoClientArea
DwmEnableBlurBehindWindow

crypt32

CertFreeCertificateContext
CryptBinaryToStringA
CryptStringToBinaryA

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipGraphicsClear
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToFile

usp10

ScriptItemize
ScriptShape
ScriptFreeCache

opengl32

wglGetProcAddress
wglGetCurrentContext

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 708KB - Virtual size: 708KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.0MB - Virtual size: 11.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d4ac28d882e294f564a18c326f9bb4c

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:69:bd:ca:11:11:03:fd:89:21:19:46:8b:42:7c:b6Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

5d:79:0b:b1:da:b2:18:46:63:05:10:f9:97:fd:5f:65:05:58:4a:2e:70:a6:2f:9e:9f:81:0d:42:5d:9f:44:4bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

ws2_32

version

rpcrt4

wininet

winhttp

sensapi

shlwapi

wtsapi32

ntdll

dwmapi

crypt32

imm32

gdiplus

usp10

opengl32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 708KB - Virtual size: 708KB

.data Size: 74KB - Virtual size: 174KB

.gfids Size: 6KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 11.0MB - Virtual size: 11.0MB

.reloc Size: 174KB - Virtual size: 173KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:69:bd:ca:11:11:03:fd:89:21:19:46:8b:42:7c:b6
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

5d:79:0b:b1:da:b2:18:46:63:05:10:f9:97:fd:5f:65:05:58:4a:2e:70:a6:2f:9e:9f:81:0d:42:5d:9f:44:4b
Signer

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 708KB - Virtual size: 708KB

.data
Size: 74KB - Virtual size: 174KB

.gfids
Size: 6KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 11.0MB - Virtual size: 11.0MB

.reloc
Size: 174KB - Virtual size: 173KB