2024-02-28_32025620204390385a0a6a5f4c3d6c66_magniber_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-28_32025620204390385a0a6a5f4c3d6c66_magniber_revil
Size

8.8MB
MD5

32025620204390385a0a6a5f4c3d6c66
SHA1

e9680da923bdb9641113f49103a81c5f87fabac6
SHA256

0ab02442b6a66a90fc536faae30dbae62867237c1895c0133f3a8831d90528e4
SHA512

349a9944704e03e89b265b8857dd10199afbf226794473dedf6ff47412e7f502ff041a953a0a67063fbf09884b1cc2af6af6ce85ab5e2b979c0cfceef751230e
SSDEEP

196608:lIpsBaZ8TWHnfUb2rtDl5li8ID0l2+fI0c:lIpgaZ8Zqr75li8fI0c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-28_32025620204390385a0a6a5f4c3d6c66_magniber_revil

Files

2024-02-28_32025620204390385a0a6a5f4c3d6c66_magniber_revil
.exe windows:5 windows x86 arch:x86

1914730ba7c32298dac0a11fe2c5ad95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\gocart-client-build\win-intel\build\gocartclient\public\gcclient\binaries\windows\release\AdobeGCClient.pdb

Imports

psapi

GetProcessImageFileNameW

libcef

cef_parse_url
cef_create_url
cef_api_hash
cef_get_min_log_level
cef_string_map_alloc
cef_string_map_free
cef_command_line_create
cef_command_line_get_global
cef_process_message_create
cef_set_osmodal_loop
cef_browser_host_create_browser
cef_log
cef_string_list_size
cef_string_list_value
cef_string_list_append
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_map_append
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_append
cef_shared_process_message_builder_create
cef_string_multimap_alloc
cef_string_multimap_free
cef_post_task
cef_currently_on
cef_string_list_free
cef_string_list_alloc
cef_string_userfree_utf16_free
cef_stream_reader_create_for_handler
cef_stream_reader_create_for_data
cef_string_utf16_clear
cef_string_utf8_to_utf16
cef_string_utf16_set
cef_string_utf8_clear
cef_string_utf16_cmp
cef_string_utf16_to_utf8
cef_string_ascii_to_utf16
cef_quit_message_loop
cef_run_message_loop
cef_shutdown
cef_initialize
cef_execute_process
cef_string_multimap_value

msi

ord70
ord205

winhttp

WinHttpQueryAuthSchemes
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetCredentials
WinHttpCrackUrl
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen

shell32

SHGetFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
SHGetKnownFolderPath
ShellExecuteW
SHGetSpecialFolderPathW

shlwapi

PathAddExtensionW
PathIsFileSpecW
PathAppendW
PathRenameExtensionW
UrlEscapeW
PathIsDirectoryW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathFileExistsA
PathIsDirectoryEmptyW
PathRemoveExtensionW

netapi32

NetApiBufferFree
NetWkstaGetInfo

vulcanmessage5

?GetAppVersionSize@VulcanMessage@api5@vulcan@adobe@@QBEIXZ
?GetAppId@VulcanMessage@api5@vulcan@adobe@@QBEXPAD@Z
?GetAppIdSize@VulcanMessage@api5@vulcan@adobe@@QBEIXZ
??1EndPoint@api5@vulcan@adobe@@UAE@XZ
?GetType@VulcanMessage@api5@vulcan@adobe@@QBEXPAD@Z
?ReleaseInstance@IVulcanMessageDispatcher@api5@vulcan@adobe@@SAXXZ
?GetInstance@IVulcanMessageDispatcher@api5@vulcan@adobe@@SA?AW4VulcanMessageErrorCode@@PAPAV1234@@Z
?SetConfig@IVulcanMessageDispatcher@api5@vulcan@adobe@@SA?AW4VulcanMessageErrorCode@@PBD0@Z
?SetPayload@SuiteMessage@api5@vulcan@adobe@@QAEXPBD@Z
?SetDestinations@SuiteMessage@api5@vulcan@adobe@@QAEXPBVEndPoint@234@I@Z
?SetSource@SuiteMessage@api5@vulcan@adobe@@QAEXABVEndPoint@234@@Z
??0EndPoint@api5@vulcan@adobe@@QAE@ABV0123@@Z
??0IVulcanMessageListener@api5@vulcan@adobe@@QAE@XZ
?GetTypeSize@VulcanMessage@api5@vulcan@adobe@@QBEIXZ
?GetAppVersion@EndPoint@api5@vulcan@adobe@@QBEXPAD@Z
?GetAppVersionSize@EndPoint@api5@vulcan@adobe@@QBEIXZ
??1SuiteMessage@api5@vulcan@adobe@@UAE@XZ
?GetAppId@EndPoint@api5@vulcan@adobe@@QBEXPAD@Z
?GetAppIdSize@EndPoint@api5@vulcan@adobe@@QBEIXZ
?TYPE_PREFIX@SuiteMessage@api5@vulcan@adobe@@2QBDB
??0SuiteMessage@api5@vulcan@adobe@@QAE@PBD@Z
?GetFault@ErrorMessage@api5@vulcan@adobe@@QBEXPAD@Z
?GetFaultSize@ErrorMessage@api5@vulcan@adobe@@QBEIXZ
?GetError@ErrorMessage@api5@vulcan@adobe@@QBEXPAD@Z
?GetErrorSize@ErrorMessage@api5@vulcan@adobe@@QBEIXZ
?GetPayload@SuiteMessage@api5@vulcan@adobe@@QBEXPAD@Z
?GetPayloadSize@SuiteMessage@api5@vulcan@adobe@@QBEIXZ
?GetAppVersion@VulcanMessage@api5@vulcan@adobe@@QBEXPAD@Z

vulcancontrol

?ReleaseInstance@IVulcanController@api5@vulcan@adobe@@SAXXZ
?GetInstance@IVulcanController@api5@vulcan@adobe@@SA?AW4VulcanControlErrorCode@@PAPAV1234@@Z
?SetConfig@IVulcanController@api5@vulcan@adobe@@SA?AW4VulcanControlErrorCode@@PBD0@Z

dbghelp

SymGetSearchPathW
SymSetSearchPathW
SymFromAddr
SymGetLineFromAddr64
SymInitialize
SymCleanup
SymSetOptions

winmm

timeGetTime

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ntdll

RtlUnwind
VerSetConditionMask
RtlCaptureStackBackTrace

adobe_caps

pcdSessionCommit
pcdOpenCacheSession
pdbCloseSession
pcdOpenSessionNoCreate
pcdGetDomainDataSubdomains
pcdGetDomainDataKeys
pcdRemoveDomainData
pcdCloseSession
pcdSetDomainData
pcdGetDomainData
pdbGetAppLaunchPath
pdbOpenSession
pcdOpenSession

iphlpapi

GetAdaptersAddresses

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringA
UuidToStringW
RpcStringFreeA

kernel32

InterlockedPopEntrySList
GetThreadTimes
QueryDepthSList
GetProcessAffinityMask
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
SignalObjectAndWait
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
CreateFileW
ReadFile
WriteFile
CloseHandle
GetLastError
ConnectNamedPipe
PeekNamedPipe
CreateNamedPipeW
Sleep
LocalAlloc
LocalFree
SetEvent
GetModuleHandleW
LoadResource
LockResource
SizeofResource
FindResourceW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
CreateSemaphoreW
GetSystemTime
FreeLibrary
LoadLibraryW
FileTimeToSystemTime
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
OpenProcess
GetCommandLineW
SetErrorMode
CompareFileTime
ExpandEnvironmentStringsW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ExpandEnvironmentStringsA
DeleteFileA
CreateEventW
TerminateProcess
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueueEx
MulDiv
lstrlenW
VerifyVersionInfoW
GetModuleHandleA
GetProcAddress
lstrcmpA
lstrcmpW
SetFilePointer
CreateMutexW
SetHandleInformation
CreatePipe
CreateProcessW
WideCharToMultiByte
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateDirectoryW
DuplicateHandle
GetCurrentProcess
GetTickCount
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
GetModuleFileNameW
GetTempPathW
GetModuleHandleExW
GetEnvironmentVariableA
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileAttributesW
GetLogicalDriveStringsW
QueryDosDeviceW
SetLastError
GetCurrentProcessId
GetCurrentThreadId
GetComputerNameExW
GetVersionExW
SystemTimeToFileTime
GetLocaleInfoA
GetStdHandle
GetFileType
LoadLibraryA
GlobalMemoryStatus
FlushConsoleInputBuffer
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTimeAsFileTime
GetFileSize
LockFileEx
CreateFileMappingA
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileW
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
UnmapViewOfFile
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
WaitForMultipleObjects
GlobalFree
SetFilePointerEx
GetFileSizeEx
TerminateThread
SetFileAttributesW
GetLocalTime
GetTimeFormatW
GetDateFormatW
DeviceIoControl
GetSystemDirectoryW
GetNativeSystemInfo
GetWindowsDirectoryW
ReleaseMutex
OpenMutexW
CreateIoCompletionPort
ResetEvent
GetQueuedCompletionStatus
UnregisterWait
RegisterWaitForSingleObject
TerminateJobObject
PostQueuedCompletionStatus
GetUserDefaultLangID
GetUserDefaultLCID
GetUserDefaultLocaleName
EnumSystemLocalesEx
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
UnregisterWaitEx
GetCurrentThread
IsDebuggerPresent
IsWow64Process
GetThreadId
SetThreadPriority
GetThreadPriority
HeapSetInformation
SetProcessDEPPolicy
VirtualQueryEx
VirtualAllocEx
GetProductInfo
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessorNumber
SetThreadAffinityMask
VirtualFree
GetProcessHeaps
AcquireSRWLockExclusive
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentDirectoryW
QueryInformationJobObject
VirtualProtectEx
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
GetLongPathNameW
VirtualFreeEx
GetProcessHandleCount
TlsGetValue
VirtualAlloc
LoadLibraryExW
DebugBreak
TlsAlloc
TlsFree
TlsSetValue
SetFileTime
GetFileInformationByHandle
SetUnhandledExceptionFilter
CreateRemoteThread
MoveFileExW
SetCurrentDirectoryW
VirtualQuery
FindFirstFileExW
GetLogicalProcessorInformation
InitializeConditionVariable
SleepConditionVariableSRW
WakeConditionVariable
InitializeSRWLock
VirtualProtect
GetTimeZoneInformation
GetUserDefaultUILanguage
SwitchToThread
ReadConsoleInputW
SetConsoleMode
GetExitCodeThread
EnumSystemLocalesW
GetStringTypeW
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
InterlockedPushEntrySList
InterlockedFlushSList
GetDriveTypeW
ExitThread
FreeLibraryAndExitThread
ExitProcess
SetConsoleCtrlHandler
GetConsoleCP
GetConsoleMode
SetStdHandle
ReadConsoleW
IsValidLocale
ResumeThread

user32

EnableMenuItem
GetSystemMenu
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
ShowWindow
CreateWindowStationW
RegisterClassExW
PostQuitMessage
DefWindowProcW
SendMessageW
SetWindowTextW
ReleaseDC
GetDC
SetProcessWindowStation
GetWindowRect
UpdateWindow
CopyRect
OffsetRect
SetWindowLongW
GetDesktopWindow
GetParent
LoadCursorW
SetWindowRgn
LoadIconW
LoadStringW
GetClientRect
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
CloseDesktop
CloseWindowStation
GetThreadDesktop
CreateDesktopW
CreateWindowExW

gdi32

CreateRoundRectRgn
GetDeviceCaps

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
CredReadW
CredWriteW
CredFree
GetNamedSecurityInfoW
RegEnumValueW
AllocateAndInitializeSid
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
CreateProcessAsUserW
SetThreadToken
OpenProcessToken
AddMandatoryAce
CreateRestrictedToken
DuplicateTokenEx
EqualSid
FreeSid
GetAce
GetLengthSid
GetSecurityDescriptorDacl
GetTokenInformation
InitializeAcl
SetTokenInformation
LookupPrivilegeValueW
CloseServiceHandle
RegDeleteKeyExW
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
RevertToSelf
RegDisablePredefinedCache
ConvertSidToStringSidW
SetKernelObjectSecurity
GetKernelObjectSecurity
MapGenericMask
AccessCheck
ImpersonateLoggedOnUser
GetSecurityInfo
CredEnumerateW
BuildTrusteeWithSidW
CredDeleteW
ReportEventA
SystemFunction036
RegisterEventSourceA
DeregisterEventSource
DuplicateToken
OpenThreadToken
ConvertSidToStringSidA
ConvertStringSidToSidW
GetExplicitEntriesFromAclW
SetNamedSecurityInfoW
CopySid
CreateWellKnownSid
GetSidSubAuthority
InitializeSid
IsValidSid
GetUserNameW
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyA
RegQueryValueExA
AdjustTokenPrivileges

ole32

CoSetProxyBlanket
CoTaskMemFree
CoInitializeEx
CoCreateGuid
CoInitializeSecurity
CoCreateInstance
CoUninitialize

oleaut32

SysStringLen
VariantInit
SysAllocStringByteLen
SysFreeString
SysAllocString
VariantClear

ws2_32

inet_ntoa

crypt32

CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptUnprotectData
CryptProtectData
CertAddCertificateContextToStore
CertOpenStore
CryptStringToBinaryW
CryptHashCertificate2
CryptImportPublicKeyInfoEx2
CertVerifySubjectCertificateContext
CertCreateCertificateContext

wintrust

WinVerifyTrust

secur32

GetUserNameExW

bcrypt

BCryptVerifySignature
BCryptDestroyHash
BCryptCreateHash
BCryptHashData
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptDecrypt
BCryptGetProperty
BCryptDestroyKey
BCryptEncrypt
BCryptFinishHash
BCryptOpenAlgorithmProvider

Exports

Exports

AGDServiceAllKeysInSubDomain
AGDServiceConvertAGDStatusTypeEnumToString
AGDServiceCountKeysInSubDomain
AGDServiceRemoveAllKeysInSubDomain
AGDServiceRemoveKeyInSubDomain
AGDServiceSetMultipleValueForKeyInSubDomain
AGDServiceSetValueForKeyInSubDomain
AGDServiceValueForKeyInSubDomain
AGDTruncateAdobeGenuineDataTable
CCDGetNGLAppID
CCDServiceSetAllRecords
CCDTruncateCCDataTable
GCDDropGCDataTable
GCDServiceAllKeysInSubdomain
GCDServiceAllSubdomains
GCDServiceClose
GCDServiceCreate
GCDServiceDeleteAllKeysInSubdomain
GCDServiceDeleteKeyInSubdomain
GCDServiceIncrementValueForKeyInSubdomain
GCDServiceSetValueForKeyInSubdomain
GCDServiceValueForKeyInSubdomain
GetAsnVersion
GetHandleVerifier
IAL_CloseSession
IAL_CreateSession
IAL_DownloadAdobeGCClientFromPath
IAL_FetchRulesForLEIDs
IAL_GetAdobeGCClientAppDownloadPath
IAL_GetClientConfiguration
IAL_GetServerURLFromDispatch
IAL_GetVersion
IAL_PostRulesForLEIDs
IAL_SendCheckPatch
IAL_SendEventToETSHostfileMod
IAL_SendInAppEvents
IAL_SendMachineEvents
IAL_SendNotifAuditEvents
IAL_SendPHEvents
IAL_SendPatchAudit
IAL_SendUninstallationStatus
IAL_SetLoggingMethod
IAL_SetProxyDetails
IsSandboxedProcess
LEDGetCachedGMEpoch
LEDServiceGetAllRecords
LEDServiceRecordEvent
LEDTruncateGCDataTable
NADServiceGetAllRecords
NADServiceRecordEvent
NADTruncateTable
RSDConvertPCDStatusTypeEnumToString
RSDServiceGetAllRecords
RSDServiceRecordStatus
RSDTruncateGCDataTable
asnInst_InstallerProductInfo_constructor
asnInst_getAsnProductInfo
asnInst_getAsnProductInfoInMem
asn_exit
asn_info
asn_init
asn_makePrivate
asn_makePrivateEx

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

malloc_h
Size: 512B - Virtual size: 257B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 547KB - Virtual size: 582KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 425KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1914730ba7c32298dac0a11fe2c5ad95

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

libcef

msi

winhttp

shell32

shlwapi

netapi32

vulcanmessage5

vulcancontrol

dbghelp

winmm

version

ntdll

adobe_caps

iphlpapi

setupapi

rpcrt4

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

crypt32

wintrust

secur32

bcrypt

Exports

Exports

Sections

.text Size: 5.5MB - Virtual size: 5.5MB

malloc_h Size: 512B - Virtual size: 257B

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 547KB - Virtual size: 582KB

.rsrc Size: 425KB - Virtual size: 425KB

.reloc Size: 1.0MB - Virtual size: 1.0MB

.text
Size: 5.5MB - Virtual size: 5.5MB

malloc_h
Size: 512B - Virtual size: 257B

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 547KB - Virtual size: 582KB

.rsrc
Size: 425KB - Virtual size: 425KB

.reloc
Size: 1.0MB - Virtual size: 1.0MB