2024-02-13_ba223d9034d5a8eda8ca942a1e496d95_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-13_ba223d9034d5a8eda8ca942a1e496d95_magniber_revil
Size

10.6MB
MD5

ba223d9034d5a8eda8ca942a1e496d95
SHA1

fcd218b16e85df421ae41bc273bcec49744b3dcd
SHA256

2c4f91a0917a284797b666cd396213bb26fb00ecc7713e90ae272a2b589b0de3
SHA512

300177e94b91edfcd8a19be7974ecdfba2fbe5c5a8d8d8399805ad7f1bc62c8f283c874943bf386e07df7dbc484cb2c31448be5877c1d7796270ba540bee78f8
SSDEEP

196608:fY9En9LjKdcBPVUz0JJD6GkGRG2GLGtG7GbGaGBG6GRGfGDFVZqJSdVDks:fjnRjKdyMsJ3hUvqQ6aTkzUuZPjQs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-13_ba223d9034d5a8eda8ca942a1e496d95_magniber_revil

Files

2024-02-13_ba223d9034d5a8eda8ca942a1e496d95_magniber_revil
.exe windows:6 windows x86 arch:x86

4f1bd0b00475ef267868c6995758300e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\sourcecode\XubeiSteamBox\src\Win32\Release\Gogo.pdb

Imports

ws2_32

getpeername
connect
select
sendto
recvfrom
getaddrinfo
WSAGetLastError
WSAAddressToStringW
bind
WSASocketW
WSASend
WSARecv
ntohs
listen
ioctlsocket
closesocket
WSASetLastError
freeaddrinfo
getsockopt
WSACleanup
socket
htons
htonl
ntohl
accept
send
recv
getsockname
gethostname
setsockopt
__WSAFDIsSet
WSAStartup
WSAIoctl

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW

kernel32

ResetEvent
OpenEventW
LoadLibraryW
GetSystemDirectoryW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
RegisterWaitForSingleObject
OutputDebugStringW
OpenProcess
UnregisterWait
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesExW
CreateFileW
DeviceIoControl
GetFileAttributesW
RemoveDirectoryW
TlsFree
TlsSetValue
TlsGetValue
GetPrivateProfileStringW
DeleteFileW
CreateProcessW
GetModuleHandleA
GetProcAddress
CreateWaitableTimerW
VerifyVersionInfoW
VerSetConditionMask
SetLastError
GetQueuedCompletionStatus
SetWaitableTimer
CreateIoCompletionPort
PostQueuedCompletionStatus
GetSystemTimeAsFileTime
SleepEx
SetEvent
QueueUserAPC
TerminateThread
WaitForMultipleObjects
CreateEventW
CloseHandle
WaitForSingleObject
TlsAlloc
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
LocalFree
WideCharToMultiByte
FormatMessageW
FormatMessageA
WriteConsoleW
SetEndOfFile
SetUnhandledExceptionFilter
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
GetFullPathNameW
HeapSize
GetOEMCP
IsValidCodePage
SetStdHandle
SetFilePointerEx
GetFileSizeEx
GetConsoleCP
HeapReAlloc
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCommandLineW
CreateEventA
OutputDebugStringA
Sleep
HeapFree
HeapAlloc
ExitProcess
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
MoveFileExW
SetConsoleCtrlHandler
ExitThread
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
GetCurrentThreadId
GetConsoleMode
GetStdHandle
WriteFile
GetLastError
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleA
GetDynamicTimeZoneInformation
GetCurrentProcessId
GetSystemDirectoryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetFileAttributesA
GetExitCodeProcess
GetProcessHeap
CopyFileW
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStringTypeW
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
QueueUserWorkItem
EncodePointer
IsProcessorFeaturePresent
GetTempPathW
CreateMutexW
ReadConsoleW
ReadConsoleA
SetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
MultiByteToWideChar
ReadFile
SetHandleInformation
CreatePipe
TerminateProcess
GetModuleFileNameW
lstrcmpiW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateDirectoryW
SetFileAttributesW
GetSystemTime
GetLocalTime
FreeLibrary
lstrlenW
GetPrivateProfileIntW
GetCurrentProcess
GetVersionExW
GetFileTime
GetUserDefaultLangID
DecodePointer
RaiseException
InitializeCriticalSectionEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetSystemInfo
GetModuleHandleW
CreateFileA
FlushFileBuffers
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeA
WaitNamedPipeA
GlobalFree
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThread
GetThreadTimes
InitializeCriticalSection
TryEnterCriticalSection
GetACP
GetCurrentDirectoryW
GetFileSize
GetTickCount
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceW
MulDiv
lstrcpyW
GlobalAlloc
GlobalUnlock
GlobalLock
LocalFileTimeToFileTime
SetFilePointer
SetFileTime
SystemTimeToFileTime
lstrcpynW
DosDateTimeToFileTime
CreateDirectoryExW
GetModuleHandleExW
LoadLibraryA
GetEnvironmentVariableW
GetFileType
SwitchToFiber

user32

FindWindowW
MessageBoxW
SetForegroundWindow
IsWindow
GetWindowRect
IsWindowVisible
GetWindowLongW
SetWindowLongW
SendMessageW
SystemParametersInfoW
SetWindowPos
ReleaseDC
DrawTextW
GetDC
GetUserObjectInformationW
GetProcessWindowStation
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
wsprintfA
EqualRect
GetWindowTextLengthW
GetWindowTextW
ShowWindow
LoadIconW
GetCursorPos
SetWindowTextW
IsWindowEnabled
wsprintfW
GetSysColor
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
SetRect
FillRect
CharPrevW
GetWindowRgn
UpdateLayeredWindow
MoveWindow
PostQuitMessage
GetClientRect
IsIconic
CharNextW
GetMonitorInfoW
EnumDisplayMonitors
GetSystemMetrics
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetFocus
EnableWindow
SetPropW
GetPropW
GetParent
GetWindow
LoadCursorW
LoadImageW
MonitorFromWindow
InflateRect
UnionRect
OffsetRect
DestroyWindow
FindWindowExW
IsZoomed
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
ScreenToClient
MapWindowPoints
IntersectRect
IsRectEmpty
PtInRect
SetWindowRgn
TrackMouseEvent
GetMessageTime
GetDoubleClickTime
GetCapture
SetCursor
ClientToScreen
WindowFromPoint
SetClassLongW
MonitorFromPoint
RegisterWindowMessageW

gdi32

SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
TextOutW
LineTo
CreatePatternBrush
GetTextExtentPointA
FillRgn
GetBitmapBits
SetBitmapBits
BitBlt
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC
CreateFontIndirectW
GetStockObject
GetObjectW
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreatePen
CreateRectRgnIndirect
CreatePenIndirect
CreateCompatibleBitmap
CombineRgn
PtInRegion
CreateRectRgn
CreateDIBSection
CreateRoundRectRgn
SetWindowOrgEx
GetTextMetricsW
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
GdiFlush
AddFontMemResourceEx
CreateSolidBrush

shell32

SHGetFolderPathW
ShellExecuteExW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHChangeNotify
ShellExecuteW
ShellExecuteA

ole32

CLSIDFromString
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CLSIDFromProgID
OleLockRunning
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

libcef

cef_register_extension
cef_execute_process
cef_initialize
cef_shutdown
cef_enable_highdpi_support
cef_string_utf16_clear
cef_value_create
cef_v8value_create_null
cef_v8value_create_bool
cef_v8value_create_int
cef_v8value_create_double
cef_v8value_create_string
cef_v8value_create_object
cef_v8value_create_array
cef_log
cef_v8context_get_current_context
cef_string_list_size
cef_string_list_value
cef_string_list_append
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_map_append
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_multimap_append
cef_string_multimap_alloc
cef_string_multimap_free
cef_string_list_copy
cef_command_line_create
cef_string_map_free
cef_string_map_alloc
cef_api_hash
cef_browser_host_create_browser
create_context_shared
cef_request_context_get_global_context
cef_string_list_free
cef_string_list_alloc
cef_process_message_create
cef_string_userfree_utf16_free
cef_string_utf8_to_utf16
cef_string_utf16_to_utf8
cef_string_utf16_cmp
cef_get_min_log_level
cef_string_utf16_set
cef_string_utf8_clear

comctl32

_TrackMouseEvent
ord17

gdiplus

GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetImageWidth
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdiplusShutdown
GdiplusStartup
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipCloneImage
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillRectangleI
GdipDrawRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDisposeImage

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

mswsock

AcceptEx
GetAcceptExSockaddrs

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

crypt32

CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateChainEngine
CertFindCertificateInStore
CertDuplicateCertificateContext
CertCloseStore
CertOpenStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateContext
CryptUnprotectMemory
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertGetCertificateContextProperty

iphlpapi

GetAdaptersInfo

dbghelp

MiniDumpWriteDump

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptGenRandom
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptOpenAlgorithmProvider

winhttp

WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpQueryOption
WinHttpSendRequest
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpSetStatusCallback
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpGetIEProxyConfigForCurrentUser

advapi32

CryptHashData
CryptGenRandom
CryptGetHashParam
CryptAcquireContextA
DeregisterEventSource
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

wldap32

ord143
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord46

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f1bd0b00475ef267868c6995758300e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

shlwapi

kernel32

user32

gdi32

shell32

ole32

oleaut32

libcef

comctl32

gdiplus

imm32

mswsock

version

crypt32

iphlpapi

dbghelp

bcrypt

winhttp

advapi32

wldap32

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 3.6MB - Virtual size: 3.6MB

.data Size: 196KB - Virtual size: 221KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 238KB - Virtual size: 238KB

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 3.6MB - Virtual size: 3.6MB

.data
Size: 196KB - Virtual size: 221KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 238KB - Virtual size: 238KB