2024-03-06_d1158b8cb873d11c414b6d0ed51aa61c_floxif_magniber_vidar

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-06_d1158b8cb873d11c414b6d0ed51aa61c_floxif_magniber_vidar
Size

16.6MB
MD5

d1158b8cb873d11c414b6d0ed51aa61c
SHA1

60fbaca226e8b7bf334ccf453a3c8a3cf47d64db
SHA256

0e0bf3ec7c9af90aec19e5caad70af750f97ed39ad207c6604cbc6801b3a177b
SHA512

179b6be95ed1af37a90ec32b594f5d3c7c5eebbb48c770b982eb05f3b79fb406f5d8a7c56b4b155cc6498159dd3ceb8569806ac58043793514befcb835c64c04
SSDEEP

393216:2X2oxXKIQjUDC65xfBkKBhQ8onjR34ywHTuJP5id:2X2oxXnWurNWKTQLR3/wHUxy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-06_d1158b8cb873d11c414b6d0ed51aa61c_floxif_magniber_vidar

Files

2024-03-06_d1158b8cb873d11c414b6d0ed51aa61c_floxif_magniber_vidar
.exe windows:5 windows x86 arch:x86

ccc7380e4cfc8852ce8d1bd4a843ec7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\grossi\Documents\Sviluppo\Overloud\TH3\app\build\win\Win32\Release-Full-Standalone\TH3.pdb

Imports

kernel32

CreateEventW
GetFileInformationByHandle
FormatMessageW
GetLastError
GetFileAttributesExW
OutputDebugStringW
SetEvent
GetDiskFreeSpaceExW
TerminateThread
QueryPerformanceFrequency
DeleteFileW
CloseHandle
GetNativeSystemInfo
LoadLibraryW
ResetEvent
GetCurrentDirectoryW
GetOverlappedResult
SetCurrentDirectoryW
ReplaceFileW
DeleteCriticalSection
ExitProcess
VerSetConditionMask
GetComputerNameW
GlobalMemoryStatusEx
CreateProcessW
FreeLibrary
CopyFileW
CreateSymbolicLinkW
VerifyVersionInfoW
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
MoveFileW
GetDriveTypeW
IsDebuggerPresent
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetExitCodeProcess
GetCommandLineW
AttachConsole
LocalFree
GlobalSize
GlobalAlloc
GlobalLock
GetCurrentProcessId
GlobalUnlock
DeviceIoControl
SetErrorMode
GetVolumeInformationA
CreateFileA
GetUserDefaultLCID
GetSystemTime
AreFileApisANSI
GetFullPathNameW
InterlockedCompareExchange
GetDiskFreeSpaceW
LockFile
GetFullPathNameA
UnlockFileEx
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetVersionExA
DeleteFileA
UnlockFile
CreateFileMappingA
LockFileEx
GetFileSize
GetLogicalDriveStringsW
GetSystemTimeAsFileTime
FormatMessageA
GetTickCount
HeapSize
WriteConsoleW
SetFilePointerEx
SetStdHandle
OutputDebugStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetFileType
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetStdHandle
GetModuleFileNameA
HeapReAlloc
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
GetTimeZoneInformation
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
RtlUnwind
RaiseException
VirtualUnlock
VirtualLock
GetProcessHeap
HeapFree
HeapAlloc
VirtualFree
VirtualAlloc
GlobalMemoryStatus
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
SetFileAttributesW
RtlCaptureStackBackTrace
DisconnectNamedPipe
GetModuleHandleA
GetSystemDirectoryW
UnmapViewOfFile
ReleaseMutex
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
GetLocaleInfoW
FindClose
CreateMutexW
GetTempPathW
PeekNamedPipe
SetEndOfFile
GetEnvironmentVariableW
SetFilePointer
InitializeCriticalSection
CreatePipe
LeaveCriticalSection
WaitForMultipleObjects
CreateNamedPipeW
GetModuleFileNameW
SetFileTime
SetPriorityClass
RemoveDirectoryW
TerminateProcess
WriteFile
FindNextFileW
EnterCriticalSection
SetLocalTime
SetHandleInformation
FindFirstFileW
CancelIo
GetVolumeInformationW
TryEnterCriticalSection
ReadFile
SetThreadAffinityMask
CreateDirectoryW
GetProcAddress
GetPriorityClass
GetThreadPriority
LoadLibraryA
GetCurrentThread
Sleep
MultiByteToWideChar
SetThreadPriority
GetCurrentProcess
WideCharToMultiByte
VirtualQuery

user32

EnumDisplayMonitors
EnumChildWindows
MessageBoxW
SetWindowPos
IsWindowVisible
GetDC
GetDesktopWindow
SetWindowLongW
RegisterClassExW
UnregisterClassW
CreateWindowExW
DestroyWindow
DefWindowProcW
GetWindowLongW
AttachThreadInput
GetWindowThreadProcessId
GetWindowTextW
TranslateMessage
SetFocus
EnumWindows
PeekMessageW
DispatchMessageW
GetFocus
SendMessageTimeoutW
PostMessageW
GetMessageW
GetWindowRect
EndPaint
BeginPaint
GetCursorPos
GetMessagePos
SetCursorPos
GetAncestor
InvalidateRect
SetForegroundWindow
ReleaseCapture
GetParent
SystemParametersInfoW
EnableMenuItem
ShowCaret
GetClientRect
SetCursor
ToUnicode
SetClipboardData
SetCapture
DestroyCaret
LoadCursorW
GetClipboardData
SetLayeredWindowAttributes
GetMessageTime
GetForegroundWindow
TrackMouseEvent
CreateCaret
IsChild
EmptyClipboard
CloseClipboard
CreateIconIndirect
GetMonitorInfoW
GetWindowInfo
DestroyIcon
RedrawWindow
GetCapture
OpenClipboard
SendInput
MapVirtualKeyW
GetAsyncKeyState
ShowWindow
GetActiveWindow
SetCaretPos
GetKeyboardState
DestroyCursor
GetWindowPlacement
WindowFromPoint
GetUpdateRgn
GetMessageExtraInfo
GetSystemMenu
RegisterWindowMessageW
MoveWindow
CallWindowProcW
ReleaseDC
MessageBeep
SetWindowTextW
GetSystemMetrics
SendMessageW
ScreenToClient
GetIconInfo

gdi32

SelectObject
GetKerningPairsW
CreateCompatibleDC
EnumFontFamiliesExW
GetDeviceCaps
GetTextMetricsW
DeleteDC
AddFontMemResourceEx
GetGlyphIndicesW
GetGlyphOutlineW
RemoveFontMemResourceEx
SetMapMode
CreateFontIndirectW
GetOutlineTextMetricsW
GdiFlush
CombineRgn
RestoreDC
CreateBitmap
ExcludeClipRect
GetObjectW
GetRegionData
CreateRectRgn
GetPixel
CreateRectRgnIndirect
StretchDIBits
CreateDIBSection
SaveDC
SetMapperFlags
DeleteObject
BitBlt

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
GetUserNameW
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegDeleteKeyW

shell32

ExtractAssociatedIconW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW
SHGetMalloc
ShellExecuteW
SHFileOperationW

ole32

OleCreate
OleSetContainedObject
RevokeDragDrop
DoDragDrop
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoInitialize
CLSIDFromString
CoCreateInstance
RegisterDragDrop

wininet

InternetWriteFile
FtpOpenFileW
InternetConnectW
InternetCloseHandle
InternetQueryOptionW
HttpEndRequestW
InternetCrackUrlW
InternetSetFilePointer
HttpQueryInfoW
InternetOpenW
HttpOpenRequestW
InternetSetOptionW
HttpSendRequestExW
InternetReadFile

ws2_32

socket
ntohs
connect
inet_ntoa
recvfrom
recv
getsockopt
htonl
htons
freeaddrinfo
sendto
ioctlsocket
setsockopt
WSAGetLastError
getsockname
inet_addr
WSAStartup
getaddrinfo
listen
select
closesocket
bind
accept
__WSAFDIsSet
send

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathStripToRootW

winmm

midiOutUnprepareHeader
midiInGetDevCapsW
midiInReset
midiOutOpen
midiOutPrepareHeader
midiOutGetDevCapsW
midiInOpen
midiInUnprepareHeader
midiInStart
midiInClose
midiInGetNumDevs
midiOutShortMsg
midiOutGetNumDevs
midiOutLongMsg
midiOutClose
midiInStop
timeGetDevCaps
timeKillEvent
timeGetTime
timeSetEvent
midiInPrepareHeader
timeBeginPeriod
midiInAddBuffer

dbghelp

SymFromAddr
SymInitialize
SymGetModuleInfo64

imm32

ImmNotifyIME
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

setupapi

CM_Get_Device_IDA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
CM_Get_Parent
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8.8MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccc7380e4cfc8852ce8d1bd4a843ec7c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

wininet

ws2_32

version

shlwapi

winmm

dbghelp

imm32

setupapi

Sections

.text Size: 5.7MB - Virtual size: 5.7MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 8.8MB - Virtual size: 8.8MB

.gfids Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 95KB - Virtual size: 94KB

.text
Size: 5.7MB - Virtual size: 5.7MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 8.8MB - Virtual size: 8.8MB

.gfids
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 95KB - Virtual size: 94KB