2024-02-22_b76b9d04eb9646e465ff5ac83e13b50d_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-22_b76b9d04eb9646e465ff5ac83e13b50d_magniber
Size

3.2MB
MD5

b76b9d04eb9646e465ff5ac83e13b50d
SHA1

6304c2e5990c58c95644e0539dc10e713ff51cde
SHA256

7748b487900bab213ec71c91b39308449fbd0e1535cd38bb552bfbef5079db82
SHA512

1053a8653921f294879c98192c7cef5303b98f76b9ad592fa64283739d8b71d40abb1cb09a2b880a57061ec2cabcd291ce840f5133cc03347504ba741e5e2493
SSDEEP

98304:UY+asXQDV++VAlAophivGz74PErTtQrSVXr:UY+asXgV+uA3hivGz1Kw7

Score

1^/10

Malware Config

Signatures

Files

2024-02-22_b76b9d04eb9646e465ff5ac83e13b50d_magniber
.exe windows:5 windows x86 arch:x86

a4d2ddded87d6653896cf103b2ea2309

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/12/2015, 00:00

Not After

06/02/2018, 23:59

Subject

CN=BeiJing Baidu Netcom Science Technology Co.\, Ltd,OU=\ Engineering Excellence,O=BeiJing Baidu Netcom Science Technology Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cd:57:e5:d0:20:b4:59:8a:0d:ca:dc:fa:04:07:a4:b4:60:bc:71:aa
Signer

Actual PE Digest

cd:57:e5:d0:20:b4:59:8a:0d:ca:dc:fa:04:07:a4:b4:60:bc:71:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\HDwnlder\bin\Hao123Downloader.pdb

Imports

kernel32

HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
lstrlenW
FindResourceW
FindResourceExW
MultiByteToWideChar
GetLocaleInfoW
GetNumberFormatW
WaitForSingleObject
EnterCriticalSection
CloseHandle
GetTickCount
lstrcpyW
CreateProcessW
FreeResource
GetModuleFileNameW
GetCommandLineW
WideCharToMultiByte
Sleep
InterlockedIncrement
InterlockedDecrement
TerminateThread
GetExitCodeThread
ResumeThread
InitializeCriticalSection
CreateSemaphoreW
CreateEventW
lstrcmpiW
WaitForMultipleObjects
HeapAlloc
SetEvent
LeaveCriticalSection
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
SetConsoleCtrlHandler
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetStdHandle
GetCurrentThread
GetOEMCP
IsValidCodePage
GetModuleHandleExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
TlsGetValue
SetLastError
UnhandledExceptionFilter
GetCPInfo
FatalAppExitA
VirtualQuery
VirtualProtect
VirtualAlloc
GetCommandLineA
LoadLibraryExW
ExitThread
ReleaseSemaphore
HeapReAlloc
RtlUnwind
IsProcessorFeaturePresent
GetStringTypeW
EncodePointer
HeapDestroy
LockResource
DecodePointer
lstrcpynW
CreateDirectoryW
CreateFileW
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
RemoveDirectoryW
CopyFileW
MoveFileW
MoveFileExW
OpenProcess
TerminateProcess
LocalFree
WriteFile
GetCurrentProcess
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetCurrentProcessId
CreateThread
GetModuleHandleA
FreeLibrary
GetWindowsDirectoryW
LocalAlloc
WTSGetActiveConsoleSessionId
WinExec
GetFileAttributesW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetComputerNameExW
QueryPerformanceCounter
SetPriorityClass
SetThreadPriority
GetVersionExW
GetSystemInfo
GetFileSize
ReadFile
GetFileSizeEx
LoadLibraryA
ReadProcessMemory
OpenThread
VirtualQueryEx
WritePrivateProfileSectionW
IsBadReadPtr
GetCurrentThreadId
OpenEventW
SetUnhandledExceptionFilter
CreateMutexW
GetSystemTimeAsFileTime
SetFilePointer
SetFileTime
IsBadWritePtr
TlsSetValue
CancelWaitableTimer
ResetEvent
GetTempPathW
GetTempFileNameW
CreateWaitableTimerW
SetWaitableTimer
SystemTimeToFileTime
GetDiskFreeSpaceExW
SetEndOfFile
TlsAlloc
TlsFree
GetLocalTime
GlobalAlloc
GlobalFree
GetVolumeInformationW
DeviceIoControl
SuspendThread
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTime
ReleaseMutex
GetFullPathNameW
GetFullPathNameA
CreateFileA
HeapCompact
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
InterlockedCompareExchange
UnlockFile
LockFile
OutputDebugStringW
UnlockFileEx
FormatMessageA
FormatMessageW
GetFileAttributesA
HeapCreate
HeapValidate
FlushFileBuffers
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
OutputDebugStringA
GetVersionExA
GetTempPathA
AreFileApisANSI
DeleteFileA
GetACP
GetCurrentDirectoryW
SetCurrentDirectoryW
ExitProcess
DosDateTimeToFileTime
GetFileType
DuplicateHandle
MulDiv
QueryDosDeviceW
IsDebuggerPresent

user32

MessageBoxW
SendMessageTimeoutW
FindWindowExW
GetSystemMetrics
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
KillTimer
OffsetRect
InflateRect
UnionRect
wvsprintfW
SetCursor
LoadCursorW
GetKeyState
ReleaseDC
GetDC
GetClientRect
SetWindowPos
GetWindowLongW
SetWindowLongW
SetTimer
SetFocus
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
InvalidateRect
GetWindowRect
MapWindowPoints
CreateWindowExW
ScreenToClient
GetCursorPos
GetFocus
SetCapture
ReleaseCapture
PtInRect
GetParent
DefWindowProcW
EnableWindow
GetMonitorInfoW
MonitorFromWindow
LoadImageW
RegisterClassW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetPropW
GetPropW
AdjustWindowRectEx
GetMenu
IntersectRect
IsIconic
IsZoomed
SetWindowRgn
CreateCaret
ShowCaret
HideCaret
SetCaretPos
ClientToScreen
GetSysColor
FillRect
DrawTextW
SetRect
CharPrevW
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
InvalidateRgn
CreateAcceleratorTableW
MoveWindow
CharNextW
IsWindowVisible
ShowWindow
DestroyWindow
PostQuitMessage
IsWindow
SendMessageW
wsprintfW
UnregisterClassW
PostMessageW
GetWindow

advapi32

GetTokenInformation
RegQueryValueExW
RegDeleteValueW
OpenProcessToken
RegSetValueExW
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptGetHashParam
CryptDestroyHash
OpenSCManagerW
OpenServiceW
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExW
RegCloseKey
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
CreateProcessAsUserW
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
GetUserNameW
RegOpenKeyW
RegEnumKeyExW

shell32

ord680
ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW
ShellExecuteW
SHPathPrepareForWriteW

ole32

CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateGuid
StringFromGUID2
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocStringByteLen
VariantClear
VariantInit
SysAllocString
SysFreeString

fltlib

FilterSendMessage
FilterConnectCommunicationPort

crypt32

CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptMsgClose

shlwapi

SHGetValueW
SHDeleteValueW
PathFindFileNameW
PathCombineW
SHGetValueA
PathRemoveExtensionW
UrlEscapeW
StrCmpIW
SHSetValueW
PathGetDriveNumberW
SHDeleteKeyW
StrStrIW
PathFileExistsW
PathMatchSpecW
SHRegGetPathW
PathAppendW
PathFindExtensionW
PathRemoveFileSpecW
PathIsDirectoryW

gdiplus

GdipAlloc
GdipFree
GdipDeleteBrush
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDrawString
GdipCreateStringFormat
GdipCreateLineBrushI
GdipSetTextRenderingHint
GdipCreateFontFromDC
GdipDeleteGraphics
GdipCreateFromHDC

wininet

InternetSetStatusCallbackW
CreateUrlCacheEntryW
GetUrlCacheEntryInfoW
CommitUrlCacheEntryW
FtpGetFileSize
HttpQueryInfoW
HttpSendRequestExW
HttpOpenRequestW
InternetSetOptionA
InternetConnectW
InternetOpenW
InternetGetCookieExW
InternetSetCookieExW
InternetSetCookieW
InternetGetCookieExA
InternetCrackUrlW
InternetQueryOptionW
InternetSetOptionW
InternetGetLastResponseInfoW
FtpCommandW
InternetWriteFile
HttpEndRequestW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
FtpOpenFileW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

_TrackMouseEvent
ord17

gdi32

BitBlt
RestoreDC
Rectangle
SetWindowOrgEx
GetTextMetricsW
CreateRoundRectRgn
GetObjectA
GetDeviceCaps
SelectClipRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
CombineRgn
SaveDC
SetStretchBltMode
SetBkColor
ExtTextOutW
CreateSolidBrush
CreatePenIndirect
MoveToEx
LineTo
RoundRect
SetBkMode
SetTextColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
StretchBlt
CreateDIBSection
GdiFlush

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4d2ddded87d6653896cf103b2ea2309

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

cd:57:e5:d0:20:b4:59:8a:0d:ca:dc:fa:04:07:a4:b4:60:bc:71:aaSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

fltlib

crypt32

shlwapi

gdiplus

wininet

userenv

wintrust

psapi

iphlpapi

version

comctl32

gdi32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 249KB - Virtual size: 249KB

.data Size: 18KB - Virtual size: 47KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 61KB - Virtual size: 61KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

cd:57:e5:d0:20:b4:59:8a:0d:ca:dc:fa:04:07:a4:b4:60:bc:71:aa
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 249KB - Virtual size: 249KB

.data
Size: 18KB - Virtual size: 47KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 61KB - Virtual size: 61KB