2024-02-23_d9d8019bdc810ac8d3a4c814719bece6_floxif_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-23_d9d8019bdc810ac8d3a4c814719bece6_floxif_magniber
Size

3.6MB
MD5

d9d8019bdc810ac8d3a4c814719bece6
SHA1

d3e6085d352887dc366aba85162ed935dd21d1f0
SHA256

b960eec3f9f9c34f5c15ca3f8f12dc36227ddc74adfea5d2d96f25f76dfec024
SHA512

912a029f7342f3473f91015c144c13335cd88e6c7f2fe1866d15d3727a5221e4e29656a00f52cbc4dca3840b12119279df68acffc602eede9680e10efdacaac2
SSDEEP

98304:iW+XOMB/E6pJjR7M2CyMSMyVO1yLgTcXwY2sBq:iW+ZH7M2VMWB7k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-23_d9d8019bdc810ac8d3a4c814719bece6_floxif_magniber

Files

2024-02-23_d9d8019bdc810ac8d3a4c814719bece6_floxif_magniber
.exe windows:5 windows x86 arch:x86

9b448ad05eee5f8e3f2bfcdae182200d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

F:\Office\Target\x86\ship\click2run\en-us.pre\Bootstrapper.pdb

Imports

advapi32

RegCreateKeyExW
RegCloseKey
EventUnregister
EventRegister
EventWriteTransfer
RegQueryValueExW
RegGetValueW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegDeleteTreeW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
EventWrite
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptAcquireContextW
RevertToSelf
OpenThreadToken
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AllocateAndInitializeSid
CopySid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
CheckTokenMembership
CreateWellKnownSid
IsValidSid
EqualSid
GetSidSubAuthority
RegNotifyChangeKeyValue
GetSidSubAuthorityCount
SystemFunction036
CreateServiceW
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
SetServiceObjectSecurity
ControlService
EnumDependentServicesW
StartServiceW
QueryServiceConfigW
ChangeServiceConfigW
OpenServiceW
QueryServiceStatusEx

kernel32

SetLastError
IsValidCodePage
GetUserDefaultLocaleName
FileTimeToSystemTime
SystemTimeToFileTime
GetStringTypeExW
SetErrorMode
GetComputerNameW
GetDiskFreeSpaceExW
MulDiv
FormatMessageW
GetLogicalProcessorInformation
GetNativeSystemInfo
GetSystemDirectoryW
VerSetConditionMask
VerifyVersionInfoW
SetEvent
QueryUnbiasedInterruptTime
GetFileAttributesExW
DeleteFileW
HeapAlloc
GetProcessHeap
HeapFree
LCMapStringEx
GetCurrentThreadId
TlsAlloc
TlsFree
FlsGetValue
TlsGetValue
FlsSetValue
TlsSetValue
ReleaseSemaphore
CreateEventW
WaitForSingleObject
CreateThread
GetModuleHandleA
LoadLibraryW
OutputDebugStringA
WaitForMultipleObjectsEx
GetProcessAffinityMask
SetThreadAffinityMask
GetCurrentThread
IsProcessorFeaturePresent
InterlockedPopEntrySList
UnmapViewOfFile
MapViewOfFile
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
QueryFullProcessImageNameW
GetTickCount
CreateIoCompletionPort
PostQueuedCompletionStatus
GetThreadIOPendingFlag
GetQueuedCompletionStatus
Sleep
IsDebuggerPresent
WaitForMultipleObjects
ResetEvent
RtlCaptureStackBackTrace
CreateMemoryResourceNotification
GetSystemPowerStatus
IsSystemResumeAutomatic
CreateMutexW
CreateDirectoryW
VirtualFree
ExpandEnvironmentStringsW
VirtualAlloc
OpenEventA
CreateEventA
OpenMutexA
CreateMutexA
OpenSemaphoreA
CreateSemaphoreA
OpenFileMappingA
CreateFileMappingA
GlobalFree
GlobalAlloc
SignalObjectAndWait
CreateWaitableTimerW
SetWaitableTimerEx
CancelWaitableTimer
QueryDepthSList
TryEnterCriticalSection
InitializeSListHead
InterlockedPushEntrySList
GetTempPathW
GetLongPathNameW
SystemTimeToTzSpecificLocalTime
K32GetProcessMemoryInfo
ReadFile
SetEndOfFile
WriteFile
SetFilePointerEx
DeviceIoControl
GetOverlappedResult
FlushFileBuffers
CancelIoEx
FindFirstFileExW
FindNextFileW
FindClose
GetFileType
CopyFileW
CreateFileW
GetFileSizeEx
SetFileAttributesW
SetFileInformationByHandle
GetFileInformationByHandleEx
MoveFileExW
GetTempFileNameW
GetCPInfoExW
RemoveDirectoryW
GetDriveTypeW
GetLocaleInfoEx
LockResource
IsValidLocale
GetUserDefaultLCID
GetSystemDefaultLCID
LocaleNameToLCID
GetProductInfo
GetCurrentProcess
InitializeCriticalSectionEx
GetLastError
CompareStringEx
DeleteCriticalSection
FlsFree
FlsAlloc
GetLocalTime
GetCurrentDirectoryW
GetExitCodeProcess
GetPriorityClass
GetThreadLocale
GetFullPathNameW
lstrcmpW
FindFirstFileW
IsWow64Process
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
LocalAlloc
LocalFree
CreateEventExW
WaitForSingleObjectEx
ReleaseMutex
CloseHandle
GetModuleHandleExW
GetProcAddress
FindResourceW
SizeofResource
LoadResource
LoadLibraryExW
K32GetModuleFileNameExW
GetShortPathNameA
GetModuleFileNameA
GetTickCount64
GetSystemTimeAsFileTime
CreateProcessW
TerminateProcess
GetProcessTimes
OpenProcess
GetCurrentProcessId
QueryPerformanceFrequency
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FreeLibrary
GlobalMemoryStatusEx
RaiseException
LoadLibraryExA
VirtualQuery
GetSystemInfo
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
SetStdHandle
EnumSystemLocalesW
GetACP
ExitProcess
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeSRWLock
GetStringTypeW
GetVersionExW
GetModuleHandleW
ProcessIdToSessionId
GetExitCodeThread
GetTimeZoneInformation
GetUserGeoID
AttachConsole
AllocConsole
GetStdHandle
WriteConsoleW
FreeConsole
lstrcmpA
OpenThread
LoadLibraryA
DuplicateHandle
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
InterlockedFlushSList
CreateTimerQueue
SwitchToThread
SetThreadPriority
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
VirtualProtect
UnregisterWaitEx
HeapSize
GetConsoleMode
ReadConsoleW
GetConsoleCP
HeapReAlloc

ole32

CoTaskMemAlloc
CoRevokeInitializeSpy
CoRegisterInitializeSpy
CreateStreamOnHGlobal
CLSIDFromString
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
StringFromGUID2
CoCreateGuid
IIDFromString
CoUninitialize
CoInitializeEx

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

ws2_32

GetAddrInfoW
WSAStartup
FreeAddrInfoW

gdi32

SetDCBrushColor
GetTextExtentPoint32W
Rectangle
SetDCPenColor
CreatePen
GetTextMetricsW
SelectObject
CreateFontW
GetStockObject
SetBkColor
SetTextColor
CreateSolidBrush
DeleteObject
GetDeviceCaps

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRectI
GdiplusStartup
GdipDrawImageRectI
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI
GdipFree
GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipLoadImageFromStream

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

cabinet

ord14
ord13

setupapi

SetupIterateCabinetW

iphlpapi

FreeMibTable
CreateSortedAddressPairs

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 911KB - Virtual size: 910KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 556KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b448ad05eee5f8e3f2bfcdae182200d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ole32

oleaut32

ws2_32

gdi32

gdiplus

wintrust

cabinet

setupapi

iphlpapi

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 911KB - Virtual size: 910KB

.data Size: 49KB - Virtual size: 158KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 556KB - Virtual size: 560KB

.reloc Size: 181KB - Virtual size: 181KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 911KB - Virtual size: 910KB

.data
Size: 49KB - Virtual size: 158KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 556KB - Virtual size: 560KB

.reloc
Size: 181KB - Virtual size: 181KB