2024-03-07_4b4d9368c5722fba67e2a0d136a0bf1a_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-07_4b4d9368c5722fba67e2a0d136a0bf1a_magniber
Size

2.4MB
MD5

4b4d9368c5722fba67e2a0d136a0bf1a
SHA1

2a4e5573deb5df5d32148c6b808ee8858d4aab9e
SHA256

05b50fed650c65d406a327a63f85ce4d1eb079833d5181dd466580b2197e2833
SHA512

fda7616ecae2a82c1b06ff9fa9a8b20d8834313676b3dc9dedb6f7375978141e3bcdbbdea0723c6a4b855b68bc0751378678562dba7924c2056ecc08ab0abfac
SSDEEP

49152:TiaU+xfxW77r2tjBelqjPR+cfRp/Yw13zjkluQSck+1Bhw:Gf+txW77r2tjBuqjjVzBvKpw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-07_4b4d9368c5722fba67e2a0d136a0bf1a_magniber

Files

2024-03-07_4b4d9368c5722fba67e2a0d136a0bf1a_magniber
.exe windows:6 windows x86 arch:x86

0009ffe043d78eb4206bf5019fa12578

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\IPM_git\bin\x86\Release\WZUpdateNotifier.pdb

Imports

kernel32

GetEnvironmentVariableA
GetEnvironmentVariableW
GetCurrentDirectoryA
GetFileAttributesW
OutputDebugStringA
SetLastError
SuspendThread
ResumeThread
GetThreadContext
ReadProcessMemory
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
TerminateThread
CreateEventW
WaitForMultipleObjects
OpenThread
GetLocaleInfoW
GetUserDefaultUILanguage
RemoveDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
lstrcmpW
GetBinaryTypeW
MoveFileExW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetTempFileNameW
ResetEvent
ReleaseSemaphore
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
GetModuleHandleA
CreateWaitableTimerA
InitializeCriticalSection
CreateSemaphoreA
GlobalFree
GetModuleHandleExW
RaiseException
GetLastError
HeapDestroy
GetVersionExA
GetLocalTime
GetCurrentThread
SetUnhandledExceptionFilter
CreateFileW
WaitForSingleObjectEx
ExpandEnvironmentStringsW
SetEnvironmentVariableW
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
HeapAlloc
HeapReAlloc
lstrlenA
lstrlenW
DosDateTimeToFileTime
SetFilePointer
SetFileInformationByHandle
LocalFileTimeToFileTime
GetFileSize
LocalAlloc
WriteConsoleW
OpenProcess
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
WriteFile
GetStdHandle
ExitProcess
ExitThread
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
DuplicateHandle
VirtualProtect
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
AreFileApisANSI
ProcessIdToSessionId
CreateProcessW
GetExitCodeProcess
QueryDosDeviceW
GetLogicalDriveStringsW
GetCurrentThreadId
Sleep
WTSGetActiveConsoleSessionId
LoadLibraryW
GetTickCount
VerifyVersionInfoW
GetCurrentProcess
DeviceIoControl
SetFilePointerEx
SetEndOfFile
GetFileAttributesExW
FindNextFileW
SetCurrentDirectoryW
GetUserDefaultLCID
GetStringTypeExW
LoadLibraryA
GetStartupInfoW
UnhandledExceptionFilter
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
SwitchToThread
EncodePointer
GetCPInfo
TryEnterCriticalSection
GetStringTypeW
RtlCaptureContext
VerSetConditionMask
SetStdHandle
DecodePointer
CreateMutexW
HeapFree
HeapSize
GetProcessHeap
WaitForSingleObject
ReleaseMutex
GetUserDefaultLangID
FormatMessageW
LocalFree
GetCurrentProcessId
CreateEventA
SetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
GetTempPathW
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
lstrcmpiW
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
FindResourceExW
LeaveCriticalSection
EnterCriticalSection
GetCommandLineW
DeleteCriticalSection
InitializeCriticalSectionEx

user32

DialogBoxParamW
MonitorFromPoint
FindWindowW
IsRectEmpty
IntersectRect
CopyRect
SetRectEmpty
LoadStringW
SendMessageW
SystemParametersInfoW
GetDC
BeginPaint
EndPaint
SetPropW
GetPropW
GetClientRect
ScreenToClient
GetWindowLongW
SetWindowLongW
GetParent
EnumChildWindows
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
PostThreadMessageW
DestroyWindow
CreateDialogParamW
SetWindowTextW
MapWindowPoints
ShowWindow
DestroyIcon
GetMonitorInfoW
GetClassInfoExW
CreateWindowExW
LoadCursorW
DefWindowProcW
CallWindowProcW
InvalidateRect
RegisterWindowMessageW
IsChild
MoveWindow
GetDlgItem
SetFocus
GetFocus
GetWindow
GetTopWindow
GetClassNameW
GetShellWindow
GetDesktopWindow
GetWindowRect
GetForegroundWindow
GetLastInputInfo
GetActiveWindow
IsWindowVisible
LoadImageW
GetIconInfo
DrawIconEx
DestroyCursor
IsWindow
CharNextW
UnregisterClassW
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
CreateAcceleratorTableW
DestroyAcceleratorTable
ReleaseDC
InvalidateRgn
RedrawWindow
GetWindowTextW
GetWindowTextLengthW
ClientToScreen
GetSysColor
FillRect
MonitorFromWindow
EndDialog
TrackMouseEvent
IsWindowEnabled
RegisterClassExW
GetAncestor
SetWindowPos
SetCursor

gdi32

SelectObject
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
GetStockObject
GetObjectW
RestoreDC
SaveDC
StretchBlt
SetStretchBltMode
GetBitmapBits
CreateCompatibleDC

shell32

SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteW
ExtractIconExW
DuplicateIcon
ShellExecuteExW

ole32

CoUnmarshalInterface
CoMarshalInterface
OleLockRunning
OleUninitialize
OleInitialize
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CreateStreamOnHGlobal
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

LoadTypeLi
LoadRegTypeLi
SysFreeString
VariantClear
OleCreateFontIndirect
SysAllocString
VariantInit
SysStringLen
SysStringByteLen
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
VarUI4FromStr
SafeArrayUnaccessData
SysAllocStringLen
DispCallFunc
SysAllocStringByteLen
VariantChangeType
VariantCopy

advapi32

CryptHashData
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
RegOpenKeyW
UnlockServiceDatabase
LockServiceDatabase
CryptDestroyHash
CryptDecrypt
CryptCreateHash
CryptGetHashParam
CryptAcquireContextW
GetUserNameA
LookupPrivilegeValueW
GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
ChangeServiceConfigW
ConvertStringSidToSidW
LookupAccountSidW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shlwapi

PathFileExistsW
UrlEscapeW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

msimg32

AlphaBlend

powrprof

CallNtPowerInformation

psapi

GetProcessImageFileNameW

winhttp

WinHttpSendRequest
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetOption
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen

wininet

InternetReadFile
InternetConnectW
HttpQueryInfoW
InternetCloseHandle
InternetOpenW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetGetConnectedState
HttpAddRequestHeadersW
InternetQueryDataAvailable

gdiplus

GdipGetStringFormatLineAlign
GdipSetStringFormatLineAlign
GdipGetStringFormatAlign
GdipCreateStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipGetFontHeight
GdipGetFontSize
GdipGetFamily
GdipGetFamilyName
GdipDeleteFontFamily
GdipGetDpiY
GdipSetTextRenderingHint
GdipCloneImage
GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipGetStringFormatFlags
GdiplusStartup
GdipGetStringFormatTrimming
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipFree
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateBitmapFromResource
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromFile
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipFillRectangleI
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDeleteFont
GdipGetFontStyle
GdipCreateFromHWND
GdipCloneFont
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipDeleteGraphics

urlmon

CoInternetSetFeatureEnabled

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

wintrust

CryptCATEnumerateMember
WinVerifyTrust
CryptCATGetAttrInfo
CryptCATClose

crypt32

CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CryptHashCertificate2
CryptQueryObject
CertFreeCertificateContext
CryptMsgClose

cabinet

ord22
ord20

Exports

Exports

??0?$oserializer@Vtext_oarchive@archive@boost@@VCNextCheckDelayManager@Utils@IPMUtility@@@detail@archive@boost@@QAE@XZ
??0?$singleton@V?$extended_type_info_typeid@VCNextCheckDelayManager@Utils@IPMUtility@@@serialization@boost@@@serialization@boost@@IAE@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@VCNextCheckDelayManager@Utils@IPMUtility@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@VCNextCheckDelayManager@Utils@IPMUtility@@@23@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_iarchive@archive@boost@@VCNextCheckDelayManager@Utils@IPMUtility@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_iarchive@archive@boost@@VCNextCheckDelayManager@Utils@IPMUtility@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$oserializer@Vtext_oarchive@archive@boost@@VCNextCheckDelayManager@Utils@IPMUtility@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vtext_oarchive@archive@boost@@VCNextCheckDelayManager@Utils@IPMUtility@@@detail@archive@3@XZ
?get_lock@singleton_module@serialization@boost@@AAEAA_NXZ
?get_mutable_instance@?$singleton@V?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?is_destroyed@?$singleton@V?$map@Vtext_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$map@Vtext_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_locked@singleton_module@serialization@boost@@QAE_NXZ
?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@VCNextCheckDelayManager@Utils@IPMUtility@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?lock@?1??get_lock@singleton_module@serialization@boost@@AAEAA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@QAEXXZ
?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@VCNextCheckDelayManager@Utils@IPMUtility@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?unlock@singleton_module@serialization@boost@@QAEXXZ

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 111KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

interpro
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 165KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0009ffe043d78eb4206bf5019fa12578

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

shlwapi

wtsapi32

version

msimg32

powrprof

psapi

winhttp

wininet

gdiplus

urlmon

rpcrt4

wintrust

crypt32

cabinet

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 303KB - Virtual size: 302KB

.data Size: 111KB - Virtual size: 119KB

interpro Size: 512B - Virtual size: 8B

.rsrc Size: 388KB - Virtual size: 387KB

.reloc Size: 165KB - Virtual size: 168KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 303KB - Virtual size: 302KB

.data
Size: 111KB - Virtual size: 119KB

interpro
Size: 512B - Virtual size: 8B

.rsrc
Size: 388KB - Virtual size: 387KB

.reloc
Size: 165KB - Virtual size: 168KB