2024-03-11_1e5a554962f14f28052e942e5b8b514a_magniber_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-11_1e5a554962f14f28052e942e5b8b514a_magniber_revil
Size

7.1MB
MD5

1e5a554962f14f28052e942e5b8b514a
SHA1

452b65e05c239fd2d1a61275e03651c75753f982
SHA256

dce1d79890e04837a58274f8ca42d7ecca909f0320ccb912e89b3d063884ba0f
SHA512

e5843ba52406e4a215e6362361b230c3d70d3ae3c4c5444f96019433bde83d26c0d2c6598f3f8bc7a7d1ba8a2bb3f71e12dc52ba1d8d67b123ea3ce299944503
SSDEEP

196608:uHMOjEO++CoFpJ+9PbxXV0YJnD9H4xvdVQBWG:uskCzXVVpovoB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-11_1e5a554962f14f28052e942e5b8b514a_magniber_revil

Files

2024-03-11_1e5a554962f14f28052e942e5b8b514a_magniber_revil
.exe windows:5 windows x86 arch:x86

bd5bb7a06d790254864d2eb76b319898

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\GIT\esginstaller\_Builds\Release\Win32\Installer.pdb

Imports

gdiplus

GdipCreateRegion
GdipSetClipRegion
GdipSetInfinite
GdipCreateFromHDC
GdipGetClip
GdipDeleteRegion
GdipDeleteGraphics
GdipGetImageHeight
GdipCreatePath
GdiplusShutdown
GdiplusStartup
GdipImageRotateFlip
GdipGetImagePixelFormat
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromResource
GdipCreateBitmapFromStream
GdipClosePathFigure
GdipAddPathArcI
GdipResetPath
GdipFillPath
GdipCreateSolidFill
GdipDeletePen
GdipDrawPath
GdipSetPenDashStyle
GdipCreatePen1
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateTextureIAI
GdipSetImageAttributesColorKeys
GdipSetImageAttributesWrapMode
GdipDrawImagePointRectI
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDrawImageRectRectI
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromHBITMAP
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeletePath
GdipCombineRegionPath
GdipSetSmoothingMode
GdipGetImageWidth

usp10

ScriptStringAnalyse
ScriptStringOut
ScriptStringCPtoX
ScriptStringGetLogicalWidths
ScriptStringGetOrder
ScriptStringXtoCP
ScriptString_pSize
ScriptString_pcOutChars
ScriptStringFree
ScriptString_pLogAttr

crypt32

CryptDecodeObject
CryptMsgClose
CryptQueryObject
CryptMsgGetParam
CertGetNameStringW
CryptHashCertificate
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertOpenSystemStoreW
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertCloseStore
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

recvfrom
listen
accept
freeaddrinfo
getaddrinfo
htonl
gethostname
bind
WSAIoctl
closesocket
getnameinfo
getpeername
getsockname
socket
ntohs
sendto
getsockopt
htons
setsockopt
send
recv
WSAGetLastError
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
shutdown
WSAEnumNetworkEvents
WSACleanup
WSAStartup
select
__WSAFDIsSet
connect
ioctlsocket
WSASetLastError

psapi

GetProcessMemoryInfo
GetModuleFileNameExW
EnumProcessModules
GetProcessImageFileNameW

kernel32

LocalFree
FreeLibrary
WideCharToMultiByte
FormatMessageA
CreateEventA
GetLastError
MoveFileExW
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
DeleteCriticalSection
DeleteFileW
Sleep
GetCurrentProcess
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetTickCount
CreateFileW
HeapFree
QueryPerformanceFrequency
GetProcessHeap
lstrcmpiW
QueryPerformanceCounter
FindResourceW
LCMapStringA
GetStringTypeExA
GetUserDefaultLCID
GetDiskFreeSpaceExW
LoadLibraryA
LoadLibraryW
HeapAlloc
GetProcAddress
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetCurrentProcessId
GetLocalTime
ReadFile
GetFileSizeEx
WriteFile
RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
GetExitCodeProcess
EnumResourceNamesW
SizeofResource
InterlockedDecrement
GetModuleFileNameW
MultiByteToWideChar
LoadResource
GetModuleHandleW
InterlockedIncrement
SetDllDirectoryW
LoadLibraryExW
GetVersionExW
FileTimeToSystemTime
CloseHandle
TerminateProcess
OpenProcess
OpenMutexW
GetSystemDirectoryW
SleepEx
InitializeCriticalSection
VerSetConditionMask
VerifyVersionInfoW
GetEnvironmentVariableA
GetStdHandle
WaitForMultipleObjects
PeekNamedPipe
GetFileType
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
FindClose
FindFirstFileW
FindNextFileW
GetSystemTime
WaitForSingleObjectEx
GetStringTypeExW
LCMapStringW
MulDiv
ExpandEnvironmentStringsW
GetLongPathNameW
CreateDirectoryW
CopyFileW
DeviceIoControl
GetSystemInfo
GetNativeSystemInfo
LocalAlloc
ProcessIdToSessionId
GetVolumeInformationW
lstrcpyW
lstrcatW
CreateProcessW
CreatePipe
SetHandleInformation
HeapReAlloc
GetComputerNameW
GetCurrentThread
GetLogicalDriveStringsW
GetDriveTypeW
GetModuleHandleA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GlobalSize
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindFirstVolumeW
GetVolumePathNamesForVolumeNameW
QueryDosDeviceW
FindNextVolumeW
FindVolumeClose
lstrlenW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetFilePointer
MoveFileW
SetFilePointerEx
GetTimeFormatW
GetDateFormatW
LockResource
GetLogicalDrives
DeleteVolumeMountPointW
DefineDosDeviceW
GetVolumeNameForVolumeMountPointW
SetVolumeMountPointW
GlobalMemoryStatusEx
GetLocaleInfoW
CreateEventW
CreateNamedPipeW
GetLocaleInfoA
CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
lstrcmpA
FileTimeToLocalFileTime
lstrcpynW
RemoveVectoredExceptionHandler
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
IsBadReadPtr
VirtualQuery
FreeResource
GetFileSize
CreateSemaphoreA
DuplicateHandle
ReleaseSemaphore
SetEvent
FormatMessageW
GetStringTypeW
TryEnterCriticalSection
EncodePointer
CompareStringW
GetCPInfo
ResetEvent
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
ResumeThread
CreateWaitableTimerA
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
VirtualProtect
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
GetModuleFileNameA
WriteConsoleW
GetACP
GetFileAttributesExW
SystemTimeToTzSpecificLocalTime
ExitThread
SetConsoleCtrlHandler
ExitProcess
GetCommandLineA
GetCommandLineW
GetConsoleCP
HeapSize
IsValidCodePage
GetOEMCP
IsValidLocale
EnumSystemLocalesW
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
SetEnvironmentVariableA
SetEnvironmentVariableW
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEndOfFile
GetTempPathW
SystemTimeToFileTime
CreateProcessA

user32

ScreenToClient
UpdateLayeredWindow
SetCaretPos
SetActiveWindow
GetKeyState
DestroyCaret
ClientToScreen
CreateCaret
ShowCaret
HideCaret
InsertMenuW
TrackPopupMenu
IsDialogMessageW
DestroyMenu
BringWindowToTop
TranslateAcceleratorW
LoadIconW
TrackPopupMenuEx
RemoveMenu
AppendMenuW
PostQuitMessage
DialogBoxParamW
GetMessageW
LoadMenuW
MessageBoxW
GetSystemMetrics
LoadAcceleratorsW
LoadStringW
GetClassInfoW
DispatchMessageW
PeekMessageW
RegisterClassW
CharNextW
TranslateMessage
UpdateWindow
SetForegroundWindow
LoadImageW
GetWindow
MonitorFromWindow
EndDialog
GetWindowInfo
GetMonitorInfoW
ExitWindowsEx
EnumWindows
GetWindowDC
SetWindowTextW
MoveWindow
LoadStringA
GetDC
ReleaseDC
GetFocus
RegisterClassExW
IsWindowEnabled
SetRect
GetClassInfoExW
InflateRect
IsZoomed
DrawTextW
IsIconic
GetCapture
TrackMouseEvent
SetFocus
SetCapture
ReleaseCapture
GetCursorPos
PostMessageW
ShowWindow
RedrawWindow
GetDlgItem
GetWindowLongW
DefWindowProcW
AdjustWindowRectEx
CallWindowProcW
GetWindowRect
DestroyWindow
IsWindowVisible
SetWindowPos
EnumChildWindows
CreateWindowExW
SendMessageW
IsWindow
OffsetRect
LoadCursorW
SetCursor
SetWindowLongW
GetClientRect
GetParent
PtInRect
BeginPaint
EndPaint
UnregisterClassW
IsCharAlphaNumericA
SetWindowRgn
KillTimer
SetTimer
EnableWindow
GetClipboardData
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
GetMessageExtraInfo
wsprintfW
GetUserObjectInformationW
GetProcessWindowStation
FindWindowExW
GetWindowTextLengthW
GetMenuItemInfoW
AllowSetForegroundWindow
MonitorFromPoint
OpenClipboard
InvalidateRect
GetMenuItemCount
LockSetForegroundWindow
MessageBeep
CreatePopupMenu
MapWindowPoints
GetActiveWindow

gdi32

StartPage
GetTextMetricsW
TextOutW
EndPage
GetBkColor
SetTextAlign
GetTextColor
GetDeviceCaps
CreateRectRgn
GetDIBits
ExtCreatePen
LineTo
MoveToEx
ExtTextOutW
CreateFontW
GetObjectW
SetBrushOrgEx
SetStretchBltMode
GetTextExtentPoint32W
CreatePen
Rectangle
SelectClipRgn
IntersectClipRect
SetBkColor
CreateSolidBrush
SetTextColor
SetBkMode
BitBlt
CreateCompatibleBitmap
SaveDC
SelectObject
CreateCompatibleDC
DeleteDC
SetViewportOrgEx
ExcludeClipRect
RestoreDC
DeleteObject
CombineRgn
ExtSelectClipRgn

advapi32

SetSecurityDescriptorOwner
AddAccessAllowedAce
SetSecurityDescriptorDacl
ConvertSidToStringSidW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumValueW
GetUserNameW
DuplicateToken
FreeSid
OpenThreadToken
AllocateAndInitializeSid
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
AccessCheck
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatusEx
ControlService
LookupAccountNameW
RegSaveKeyExW
InitializeSecurityDescriptor
RegQueryValueExW
GetTokenInformation
GetLengthSid
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
InitializeAcl
SetEntriesInAclW
OpenProcessToken
SetNamedSecurityInfoW
RegSetKeySecurity

shell32

SHOpenFolderAndSelectItems
SHParseDisplayName
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoInitializeEx
CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VariantInit
SysAllocString
VariantClear
VarUI4FromStr
SysFreeString

shlwapi

ord1
StrCmpNIW
StrCmpIW

comctl32

ord412
ord410
ord413

msimg32

AlphaBlend

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 934KB - Virtual size: 934KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 772KB - Virtual size: 776KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bd5bb7a06d790254864d2eb76b319898

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

usp10

crypt32

version

ws2_32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rdata Size: 934KB - Virtual size: 934KB

.data Size: 123KB - Virtual size: 176KB

.gfids Size: 5KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 772KB - Virtual size: 776KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.rdata
Size: 934KB - Virtual size: 934KB

.data
Size: 123KB - Virtual size: 176KB

.gfids
Size: 5KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 772KB - Virtual size: 776KB