2024-03-08_680018f8f281707e3beb8fc95cbf3be9_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-08_680018f8f281707e3beb8fc95cbf3be9_magniber
Size

6.7MB
MD5

680018f8f281707e3beb8fc95cbf3be9
SHA1

ab014bca4693f095da70114d5400925d93860528
SHA256

405faa32cac856c701a805ad57b3f49222cd28030c1276838f3c3eca28a34fcb
SHA512

7b65e74575ff958724ea6ca5f6bbe9cf176f32a2243f9f444ecfecd0fa7166bc3ee58e8cc864f646e241e984c01a3facc1bf2af1e5c39755fd6f564ab899718d
SSDEEP

98304:bZhMoUcppXM5eSJQeZIHUcu1bVKUnv2mImZLT6RgRzuRCEg7R8ySZA4:lhMoUMe5HraHUpKUnumIFgiC54

Score

1^/10

Malware Config

Signatures

Files

2024-03-08_680018f8f281707e3beb8fc95cbf3be9_magniber
.exe windows:6 windows x86 arch:x86

178b8ec6a52fe87f262ce0849eb1192f

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:f8:bb:4f:3c:38:d0:b6:b6:ca:32:0f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2023, 03:34

Not After

18/04/2024, 03:34

Subject

SERIALNUMBER=91510108MA61WTB101,CN=四川微科商务咨询有限公司,OU=IT,O=四川微科商务咨询有限公司,L=成都市,ST=四川省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13074368656e676475,1.3.6.1.4.1.311.60.2.1.2=#13075369636875616e,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:df:b0:dd:12:3b:ed:9d:dd:f3:ce:79:25:6b:b2:7f:5c:db:0b:34:62:58:55:75:a6:81:5e:29:07:45:01:bf
Signer

Actual PE Digest

f4:df:b0:dd:12:3b:ed:9d:dd:f3:ce:79:25:6b:b2:7f:5c:db:0b:34:62:58:55:75:a6:81:5e:29:07:45:01:bf

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\code\yebaoplatform\outputtm\TM.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteA
SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW
Shell_NotifyIconW

gdi32

CreateDCW
CreateRectRgnIndirect
DeleteDC
GetStockObject
Rectangle
RestoreDC
SaveDC
SelectObject
SetMapMode
SetROP2
LPtoDP
SetViewportOrgEx
GetTextFaceW
ExtTextOutW
AddFontMemResourceEx
DeleteObject
SetGraphicsMode
BitBlt
CreateBitmap
CreateCompatibleDC
CreateRoundRectRgn
RemoveFontMemResourceEx
EnumFontsW
CreateFontIndirectW
SetTextColor
GetDeviceCaps
SetWindowOrgEx
GdiFlush
SetLayout
SetTextAlign
GetTextMetricsW
CreateCompatibleBitmap
StretchBlt
GetDCOrgEx
ExtCreateRegion
GetRegionData
IntersectClipRect
SelectClipRgn
CreateDIBSection
GetCurrentObject
GetViewportOrgEx
GetGlyphIndicesW
GetObjectW
SetBkMode
SetWorldTransform
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontUnicodeRanges
CreateSolidBrush
GetTextExtentPointI
GetClipBox

rpcrt4

RpcStringFreeA
UuidToStringA

kernel32

Process32NextW
K32EmptyWorkingSet
OutputDebugStringA
MulDiv
RaiseException
SetLastError
GlobalUnlock
GlobalLock
GetCurrentDirectoryW
OutputDebugStringW
CreateMutexW
CreateEventW
SetPriorityClass
GetTickCount
LoadLibraryExW
GetFullPathNameW
GetFileAttributesW
HeapCreate
HeapDestroy
FlushInstructionCache
GetLocalTime
GetVersionExA
IsBadReadPtr
GetModuleHandleA
LoadLibraryA
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
lstrlenW
InterlockedIncrement
SetUnhandledExceptionFilter
CreateThread
DebugBreak
SetEvent
lstrlenA
SystemTimeToTzSpecificLocalTime
FormatMessageW
GetPrivateProfileStringW
WritePrivateProfileStringW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GlobalFree
GlobalAlloc
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeResource
FreeLibrary
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
SetProcessWorkingSetSize
FindFirstFileExW
SetStdHandle
HeapReAlloc
HeapSize
GetTimeZoneInformation
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
CreateToolhelp32Snapshot
ReadConsoleW
GetConsoleMode
GetCurrentThread
GetStdHandle
SetConsoleCtrlHandler
GetCommandLineW
GetCommandLineA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
LoadLibraryExA
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
GetCPInfo
CompareStringEx
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetTickCount64
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
InitOnceExecuteOnce
SetFileInformationByHandle
LCMapStringEx
EncodePointer
GetLocaleInfoEx
GetNativeSystemInfo
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
WakeConditionVariable
TryAcquireSRWLockExclusive
QueryPerformanceFrequency
GetStringTypeW
FormatMessageA
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
InitializeSListHead
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetVersionExW
GetSystemDirectoryW
GetSystemTime
GetSystemInfo
OpenProcess
GetStartupInfoW
CreateProcessW
SystemTimeToFileTime
FileTimeToSystemTime
MoveFileExW
MoveFileW
GetCurrentThreadId
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
GetProcessTimes
Sleep
WaitForSingleObject
InitializeCriticalSectionEx
Process32FirstW
CopyFileW
lstrcmpA
LocalFree
SetFilePointerEx
DeviceIoControl
GetProcessHeap
HeapFree
HeapAlloc
CreatePipe
DecodePointer
GetTempPathW
WriteFile
RemoveDirectoryW
ReadFile
GetTempFileNameW
GetFileAttributesExW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
DeleteFileW
CreateFileW
CreateDirectoryW
SetCurrentDirectoryW
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
CloseHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetFileInformationByHandle
GetDriveTypeW
PeekNamedPipe
GetLastError
LocalAlloc
IsValidCodePage

user32

IsIconic
EnableWindow
MsgWaitForMultipleObjects
SystemParametersInfoW
MoveWindow
LoadCursorW
GetWindowLongW
UnionRect
UpdateWindow
UnregisterClassW
ShowWindow
SetWindowPos
GetForegroundWindow
SetForegroundWindow
GetPropW
EnumWindows
GetWindowThreadProcessId
PostMessageW
IsRectEmpty
PtInRect
DrawIconEx
GetDC
ReleaseDC
GetSystemMetrics
GetCursorPos
ClientToScreen
ScreenToClient
CopyRect
MonitorFromWindow
GetMonitorInfoW
PeekMessageW
SendMessageW
WaitMessage
PostQuitMessage
IsWindow
DestroyWindow
UpdateLayeredWindow
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
DeleteMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
CheckMenuItem
IsWindowVisible
CallMsgFilterW
DestroyMenu
CreatePopupMenu
IsMenu
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
GetClientRect
GetActiveWindow
SetTimer
KillTimer
IsWindowEnabled
IntersectRect
OffsetRect
EqualRect
SetWindowLongW
GetParent
MonitorFromRect
GetKeyState
SetCursor
InflateRect
SetRect
DefWindowProcW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsChild
SetFocus
GetFocus
BeginPaint
EndPaint
SetWindowRgn
InvalidateRect
DrawTextW
GetWindowPlacement
LoadIconW
GetWindow
MapWindowPoints
GetDlgItem
DispatchMessageW
TranslateMessage
GetMessageW
GetClassNameW
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
SetWindowTextW
GetWindowRect
ReleaseCapture
SetCapture
GetCapture
IsZoomed
SetLayeredWindowAttributes
AnimateWindow
TrackMouseEvent
GetSysColor
EnableMenuItem
DestroyCursor
GetIconInfo
CharNextW
LoadImageW
CreateIconFromResource
LoadBitmapW
LoadStringW
LoadStringA
DestroyIcon
RegisterWindowMessageW
MessageBoxW
MessageBoxA
SetPropW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetDesktopWindow
SetActiveWindow
InvertRect

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExA
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptGetKeyParam
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextW

ole32

CoUninitialize
CoCreateInstance
CoCreateGuid
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
ReadClassStm
WriteClassStm
OleSaveToStream
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
OleInitialize
OleUninitialize
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CreateBindCtx

oleaut32

SetErrorInfo
CreateErrorInfo
VariantClear
GetErrorInfo
SysStringLen
SysFreeString
SysAllocString
OleCreatePropertyFrame
VariantChangeType
VariantInit
SysAllocStringByteLen
SysStringByteLen

crypt32

CertFreeCertificateContext
CertAddCertificateContextToStore
CertDeleteCertificateFromStore
CertGetNameStringW
CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CertOpenStore
CertFindCertificateInStore
CryptQueryObject
CertEnumCertificatesInStore
CertCreateCertificateContext
CertCloseStore

shlwapi

PathIsDirectoryW
PathFileExistsW
StrCmpW
StrToIntExW
StrRChrW

ws2_32

getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAGetLastError
getaddrinfo
getpeername
freeaddrinfo
getnameinfo
ioctlsocket
inet_ntop
WSAStartup
connect
ntohl
recv
select
send
gethostbyname
gethostname
WSAAddressToStringW
WSAStringToAddressW
inet_ntoa
inet_pton
closesocket

iphlpapi

GetAdaptersInfo
GetUniDirectionalAdapterInfo
GetIpForwardTable
GetIfTable

dnsapi

DnsQueryConfig

netapi32

Netbios
NetApiBufferFree
NetWkstaGetInfo

wininet

InternetSetOptionW

msimg32

AlphaBlend

imm32

ImmAssociateContext
ImmReleaseContext
ImmGetContext

gdiplus

GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageEncoders
GdipGetImageHeight
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipGraphicsClear
GdipDrawImageRectI
GdipGetImageEncodersSize
GdipAlloc

usp10

ScriptFreeCache
ScriptItemize
ScriptShape

opengl32

wglGetCurrentContext
wglGetProcAddress

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 943KB - Virtual size: 943KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

178b8ec6a52fe87f262ce0849eb1192f

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

65:f8:bb:4f:3c:38:d0:b6:b6:ca:32:0fCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

f4:df:b0:dd:12:3b:ed:9d:dd:f3:ce:79:25:6b:b2:7f:5c:db:0b:34:62:58:55:75:a6:81:5e:29:07:45:01:bfSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

shell32

gdi32

rpcrt4

kernel32

user32

comdlg32

advapi32

ole32

oleaut32

crypt32

shlwapi

ws2_32

iphlpapi

dnsapi

netapi32

wininet

msimg32

imm32

gdiplus

usp10

opengl32

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 943KB - Virtual size: 943KB

.data Size: 103KB - Virtual size: 197KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 223KB - Virtual size: 223KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

65:f8:bb:4f:3c:38:d0:b6:b6:ca:32:0f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f4:df:b0:dd:12:3b:ed:9d:dd:f3:ce:79:25:6b:b2:7f:5c:db:0b:34:62:58:55:75:a6:81:5e:29:07:45:01:bf
Signer

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 943KB - Virtual size: 943KB

.data
Size: 103KB - Virtual size: 197KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 223KB - Virtual size: 223KB