2024-02-24_2eb537cdbb7dccd9ffaf0d87c12aeab4_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-24_2eb537cdbb7dccd9ffaf0d87c12aeab4_magniber
Size

1.3MB
MD5

2eb537cdbb7dccd9ffaf0d87c12aeab4
SHA1

b2497ac31a76963e47731ede3781e039773524cc
SHA256

cd23280f2032a072d1b3d917cf58009a79e27c4f004c32d1bc39be538685e21c
SHA512

f2686819af0c6d39b1042851262346b52dd779eecbc2e8f36438e7b942406ee3b4974c59a5af5dc800e089335c496196cb182b6056d871b7ef2d6e4f41b14341
SSDEEP

24576:WNttXT6G5QYlPYoRwGcCja6xdyr7WQsmi:O6SXPzDe4dYDLi

Score

1^/10

Malware Config

Signatures

Files

2024-02-24_2eb537cdbb7dccd9ffaf0d87c12aeab4_magniber
.exe windows:5 windows x86 arch:x86

dcf1f56e56b6cbe596509092235bd4ea

Code Sign

3e:3c:20:eb:0b:af:c7:2c:f5:60:02:44:b5:04:37:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2011, 00:00

Not After

17/05/2014, 23:59

Subject

CN=LE SHI INTERNET INFORMATION & TECHNOLOGY CORP.\,BEI JING,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LE SHI INTERNET INFORMATION & TECHNOLOGY CORP.\,BEI JING,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

da:6d:c4:6c:b0:d5:11:47:4f:59:b5:29:4e:18:4f:b6:a3:72:5e:e3
Signer

Actual PE Digest

da:6d:c4:6c:b0:d5:11:47:4f:59:b5:29:4e:18:4f:b6:a3:72:5e:e3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\update\新建文件夹\src_letvcopyfile\bin\LetvoSetup.pdb

Imports

kernel32

GetModuleFileNameW
DeleteCriticalSection
InterlockedIncrement
lstrcmpiW
lstrcmpW
MulDiv
LoadLibraryExW
GetCommandLineW
LocalFree
GetPrivateProfileIntW
GetPrivateProfileStringW
GetSystemDirectoryW
TryEnterCriticalSection
ReleaseMutex
CreateMutexW
GetComputerNameW
GetVersionExA
SetEnvironmentVariableW
GetEnvironmentVariableW
GetLogicalDriveStringsW
ExpandEnvironmentStringsW
GetTempPathW
GetCurrentDirectoryW
MoveFileW
SetFileTime
GetFileAttributesExW
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
SystemTimeToFileTime
ResumeThread
OpenEventA
GetSystemInfo
SetEnvironmentVariableA
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
GetStringTypeA
FlushFileBuffers
GetFileAttributesW
GetConsoleMode
GetConsoleCP
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
FatalAppExitA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
CompareStringW
CompareStringA
SetFileAttributesW
GetTimeFormatA
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
CreateThread
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
DeleteFileW
CreateProcessW
CreateDirectoryW
FindFirstFileW
CopyFileW
FindNextFileW
FindClose
LoadLibraryA
OpenProcess
TerminateProcess
InterlockedDecrement
TerminateThread
OutputDebugStringW
ResetEvent
OutputDebugStringA
CreateEventW
Sleep
SetEvent
WaitForSingleObject
HeapAlloc
CreateEventA
GetProcessHeap
HeapFree
lstrlenW
lstrcpyW
lstrcpynW
lstrcatW
GetVersionExW
SetPriorityClass
DeviceIoControl
InitializeCriticalSection
GlobalAlloc
GlobalLock
RaiseException
GlobalUnlock
CreateFileW
GetFileSize
ReadFile
CloseHandle
FreeResource
SetLastError
GetCurrentThreadId
lstrlenA
MultiByteToWideChar
GetVersion
WideCharToMultiByte
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcess
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
UnhandledExceptionFilter
GetStartupInfoW
GetLocaleInfoA
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetDateFormatA
RemoveDirectoryW
EnterCriticalSection
GetLastError
SetFilePointer

user32

GetWindowLongW
SendMessageW
MoveWindow
SetWindowPos
GetWindowRect
GetClientRect
InvalidateRect
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
GetClassInfoExW
CreateWindowExW
CopyRect
SetRect
InflateRect
GetDlgItem
RegisterWindowMessageW
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsWindow
PeekMessageW
ShowWindow
ReleaseDC
GetDC
RegisterClassExW
LoadBitmapW
LoadImageW
SetActiveWindow
EnableWindow
IsWindowEnabled
GetDesktopWindow
GetActiveWindow
MessageBoxW
PostThreadMessageW
DefWindowProcW
PostMessageW
PtInRect
SetCursor
DrawTextW
DestroyIcon
EqualRect
SetWindowLongW
LoadCursorW
SetFocus
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
UnregisterClassA
GetFocus
DestroyAcceleratorTable
FillRect
GetClassNameW
IsChild
RedrawWindow
InvalidateRgn
ScreenToClient
GetSysColor
CharNextW
ReleaseCapture
EndPaint
BeginPaint
SetCapture
GetKeyState
CallWindowProcW
SetWindowRgn
ClientToScreen
OffsetRect
DrawIconEx
LoadIconW
DrawFrameControl
GetDlgCtrlID
IsWindowVisible

gdi32

CreateSolidBrush
OffsetRgn
SetRectRgn
GetTextExtentPoint32W
TextOutW
LineTo
MoveToEx
GetClipRgn
RoundRect
RectInRegion
SetBkMode
CombineRgn
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateBitmap
StretchBlt
SetTextColor
CreateCompatibleDC
CreateDIBSection
BitBlt
DeleteDC
GetStockObject
GetObjectW
CreateFontIndirectW
CreateRectRgn
CreatePen
SetBkColor
ExtTextOutW
Rectangle
SelectClipRgn
SelectObject
RestoreDC
SaveDC
DeleteObject
GetDeviceCaps

advapi32

GetLengthSid
RegDeleteValueW
RegCloseKey
GetNamedSecurityInfoW
GetAclInformation
GetAce
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CopySid
IsValidSid
RegDeleteKeyW
SetNamedSecurityInfoW
InitializeAcl
AddAce
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW

shell32

ShellExecuteW
CommandLineToArgvW

ole32

CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2
OleLockRunning
CoGetClassObject
CoCreateGuid
OleInitialize
OleUninitialize
CoUninitialize
CoInitialize

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysStringLen
SysAllocStringLen
SysAllocString
VariantInit
VariantClear
OleCreateFontIndirect

shlwapi

PathFileExistsW
StrToIntW
PathAppendW
PathRemoveFileSpecW
StrToIntA

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipAlloc
GdipDeleteGraphics
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipCloneImage
GdipFree
GdiplusShutdown
GdiplusStartup

iphlpapi

GetAdaptersInfo

winhttp

WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpConnect
WinHttpCloseHandle

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

urlmon

URLDownloadToCacheFileA

wininet

InternetCrackUrlW

Sections

.text
Size: 941KB - Virtual size: 941KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dcf1f56e56b6cbe596509092235bd4ea

Code Sign

3e:3c:20:eb:0b:af:c7:2c:f5:60:02:44:b5:04:37:e1Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

da:6d:c4:6c:b0:d5:11:47:4f:59:b5:29:4e:18:4f:b6:a3:72:5e:e3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

iphlpapi

winhttp

version

urlmon

wininet

Sections

.text Size: 941KB - Virtual size: 941KB

.rdata Size: 159KB - Virtual size: 158KB

.data Size: 23KB - Virtual size: 35KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 154KB - Virtual size: 153KB

.reloc Size: 48KB - Virtual size: 47KB

3e:3c:20:eb:0b:af:c7:2c:f5:60:02:44:b5:04:37:e1
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

da:6d:c4:6c:b0:d5:11:47:4f:59:b5:29:4e:18:4f:b6:a3:72:5e:e3
Signer

.text
Size: 941KB - Virtual size: 941KB

.rdata
Size: 159KB - Virtual size: 158KB

.data
Size: 23KB - Virtual size: 35KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 154KB - Virtual size: 153KB

.reloc
Size: 48KB - Virtual size: 47KB