2024-02-24_5f4e7c00ac556b8b9ab669fba2cc8e6e_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-24_5f4e7c00ac556b8b9ab669fba2cc8e6e_magniber_revil
Size

17.8MB
MD5

5f4e7c00ac556b8b9ab669fba2cc8e6e
SHA1

367a542f9dbf4d7c47a61efa04d96c628b44c954
SHA256

fc4810843fc3eac53a96b6a7386e5a42815bbf7593fdfa3e8ff5c4bf86469182
SHA512

257e3ffb51f9320da5322f6018be423917e2d03156ed9e17a8065d669dc310c338ed561dbab71472d7615cf3cfe62e89a6a313084a4d2d546cf62c4f259b441d
SSDEEP

196608:kOtTajfBu6s88YgxuDfX0v+xCxMTXuo7VFVIVaUDF9:kKwpu6sFYgxkX0vGDXukKQUh9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-24_5f4e7c00ac556b8b9ab669fba2cc8e6e_magniber_revil

Files

2024-02-24_5f4e7c00ac556b8b9ab669fba2cc8e6e_magniber_revil
.exe windows:6 windows x86 arch:x86

cfad8d205299ee003467c060ba2e8551

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WS\tv_prel_dcr\build_cmake_win\FULL\Release\TeamViewer_Service.pdb

Imports

kernel32

GetCurrentThreadId
GetModuleFileNameW
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
GetSystemDirectoryA
GetLastError
lstrcmpiW
DeleteCriticalSection
RaiseException
DecodePointer
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
InitializeCriticalSectionEx
WaitForMultipleObjects
WaitForSingleObject
PostQueuedCompletionStatus
FormatMessageW
SetEvent
TerminateThread
CloseHandle
QueueUserAPC
LocalFree
WideCharToMultiByte
FormatMessageA
CreateEventA
CreateDirectoryW
CreateThread
GetCurrentThread
SetLastError
GetCurrentProcess
MoveFileExW
GetTempPathW
ExpandEnvironmentStringsW
CreateEventW
GetUserGeoID
GetGeoInfoW
GetLocaleInfoW
GlobalMemoryStatusEx
GetComputerNameW
DeleteFileW
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
LoadLibraryA
SetUnhandledExceptionFilter
GetCurrentProcessId
FindFirstFileW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
LoadLibraryW
CreateFileW
CreateProcessW
GetSystemDirectoryW
WriteFile
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
GetTempFileNameW
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
SetWaitableTimer
SleepEx
CreateIoCompletionPort
CreateWaitableTimerW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
LCIDToLocaleName
GetProcessId
ProcessIdToSessionId
OpenEventW
GetNativeSystemInfo
GetSystemPowerStatus
ReleaseSemaphore
WaitForSingleObjectEx
DuplicateHandle
CreateSemaphoreA
ResetEvent
IsWow64Process
OpenProcess
K32GetModuleBaseNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
UnregisterWaitEx
WaitNamedPipeW
ReadFile
ResumeThread
TerminateProcess
QueryFullProcessImageNameW
K32GetModuleFileNameExW
K32EnumProcesses
RegisterWaitForSingleObject
GetExitCodeProcess
GetSystemInfo
SetThreadPriority
VerSetConditionMask
VerifyVersionInfoW
GlobalFree
GlobalAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
SetSearchPathMode
SetDllDirectoryW
HeapSetInformation
SetProcessDEPPolicy
GetFileAttributesW
GetPrivateProfileStringW
Sleep
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualProtect
VirtualFree
GetStdHandle
GetFileType
GetModuleHandleExW
GetEnvironmentVariableW
GetACP
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
CreateFileA
DeviceIoControl
OpenThread
GetTickCount
GetComputerNameExA
GetComputerNameExW
GetVersionExW
OpenMutexW
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
ReleaseMutex
SwitchToThread
MapViewOfFileEx
CreateMutexW
CancelIoEx
GetOverlappedResult
SetFileAttributesW
K32EnumProcessModules
GetSystemFirmwareTable
GetEnvironmentVariableA
GetFileSizeEx
GetVolumeInformationW
WTSGetActiveConsoleSessionId
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
GetPrivateProfileIntW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetCurrentDirectoryW
GetDynamicTimeZoneInformation
GetTimeZoneInformation
GetTimeFormatW
GetDateFormatW
SystemTimeToFileTime
GetLocalTime
GetTickCount64
GetThreadTimes
Wow64DisableWow64FsRedirection
VirtualQuery
IsDebuggerPresent
OutputDebugStringW
GetExitCodeThread
GetStringTypeW
TryAcquireSRWLockExclusive
GetLocaleInfoEx
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileTime
AreFileApisANSI
GetFileInformationByHandleEx
InitOnceBeginInitialize
InitOnceComplete
TryAcquireSRWLockShared
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
FlushFileBuffers
GetFileTime
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
GetWindowsDirectoryW
CopyFileExW
WaitForMultipleObjectsEx
OpenEventA
CreateWaitableTimerA
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
ExitProcess
PeekNamedPipe
SetEnvironmentVariableW
GetConsoleOutputCP
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
SetStdHandle
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetFileSize
SetFilePointer
LocalFileTimeToFileTime
LocalAlloc
InitializeCriticalSection
Wow64RevertWow64FsRedirection

Sections

.text
Size: 11.5MB - Virtual size: 11.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 604KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cfad8d205299ee003467c060ba2e8551

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 11.5MB - Virtual size: 11.5MB

IPPCODE Size: 249KB - Virtual size: 248KB

.rdata Size: 4.2MB - Virtual size: 4.2MB

.data Size: 604KB - Virtual size: 848KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 11.5MB - Virtual size: 11.5MB

IPPCODE
Size: 249KB - Virtual size: 248KB

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 604KB - Virtual size: 848KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 1.2MB - Virtual size: 1.2MB