2024-03-11_1be2e7afb61269e17a74c2c6edd9b5a7_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-11_1be2e7afb61269e17a74c2c6edd9b5a7_magniber
Size

1.3MB
MD5

1be2e7afb61269e17a74c2c6edd9b5a7
SHA1

6e2a72d28e22f22edd6b5cc323dd17cf5d2d9998
SHA256

a5bf1a911a4b0d12238819aaf1fe7518e492c3f389255ab45841f322985ac9a8
SHA512

9141fa455008968ffa6133ad7ef87990cfd28ef94d362022876013c1403e86361e293568e4c2440828f23e5112336b43d225b71b750dfb42a64c0820baf8c8ae
SSDEEP

12288:GqHkW+IRKc15JaEXfVOBKPp93qerXPCAmVJbTsjbZmeyYtFLdVgrXgWPhBfrA31D:DHOqDVO+rjGJbTS+Y7grQWP/fEFQzj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-11_1be2e7afb61269e17a74c2c6edd9b5a7_magniber

Files

2024-03-11_1be2e7afb61269e17a74c2c6edd9b5a7_magniber
.exe windows:4 windows x86 arch:x86

d47139ed4032a75a45a176d699f20298

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_Trunk\workspace\Growth_uninstall\qqpcmgr_proj\Basic\Output\BinFinal\Uninst.pdb

Imports

kernel32

SystemTimeToFileTime
HeapFree
VirtualAllocEx
TerminateProcess
GetProcessHeap
HeapAlloc
lstrcpynW
SetErrorMode
SetUnhandledExceptionFilter
SearchPathW
WriteProcessMemory
FreeResource
WriteFile
SetEvent
CreateFileA
GetWindowsDirectoryW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
IsBadReadPtr
CreateDirectoryW
GetPrivateProfileStringW
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetDriveTypeA
GetCurrentDirectoryA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
GetEnvironmentVariableW
IsValidCodePage
GetOEMCP
HeapCreate
GetModuleFileNameA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
CreateThread
ExitThread
GetModuleHandleA
GetFullPathNameW
IsDebuggerPresent
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetLocaleInfoW
GetUserDefaultUILanguage
SetFilePointer
MoveFileW
DuplicateHandle
CreatePipe
GetStdHandle
GetCPInfo
LoadLibraryA
QueryDosDeviceW
GetLogicalDriveStringsW
GetSystemDefaultLangID
VirtualQuery
ReleaseMutex
GetLocalTime
LocalFree
SetFileAttributesW
LocalAlloc
WaitForSingleObject
Process32FirstW
GetSystemInfo
Process32NextW
GetFileSize
ReadFile
GetCurrentProcessId
GetTickCount
ExitProcess
DeleteFileW
DeviceIoControl
GetTempFileNameW
CreateEventW
CreateFileW
CopyFileW
GetExitCodeProcess
MoveFileExW
CreateToolhelp32Snapshot
Sleep
FindFirstFileW
GetTempPathW
GetProcessTimes
GetSystemTimeAsFileTime
WaitForMultipleObjects
OpenProcess
FindNextFileW
CreateProcessW
RemoveDirectoryW
GetFileAttributesW
FindClose
GetCommandLineW
OutputDebugStringW
GlobalUnlock
MulDiv
GlobalAlloc
GlobalLock
lstrcmpW
LeaveCriticalSection
lstrcmpiW
LoadLibraryExW
CreateMutexW
EnterCriticalSection
lstrlenW
UnmapViewOfFile
GetVersion
LoadLibraryW
MapViewOfFileEx
MultiByteToWideChar
lstrlenA
InterlockedDecrement
SetLastError
RaiseException
InterlockedIncrement
GetCurrentThreadId
InitializeCriticalSection
WideCharToMultiByte
FlushInstructionCache
CreateFileMappingW
DeleteCriticalSection
GetSystemDirectoryW
GetLastError
CloseHandle
GetVersionExW
LockResource
FindResourceExW
GetCurrentProcess
FindResourceW
SizeofResource
LoadResource
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
SetHandleCount

user32

mouse_event
GetThreadDesktop
CloseDesktop
GetUserObjectInformationW
CloseWindowStation
RegisterWindowMessageW
UnregisterClassA
ShowWindow
GetSystemMetrics
GetDC
LoadCursorW
GetProcessWindowStation
PostQuitMessage
SetWindowPos
GetWindow
PeekMessageW
DestroyWindow
GetForegroundWindow
EnableWindow
LoadStringW
LoadImageW
CreateWindowExW
GetClassInfoExW
SetForegroundWindow
InvalidateRect
MoveWindow
SetWindowLongW
AttachThreadInput
GetWindowThreadProcessId
MapWindowPoints
CopyRect
ReleaseDC
SetRect
GetDesktopWindow
GetWindowLongW
RegisterClassExW
SystemParametersInfoW
InflateRect
IsWindowEnabled
IsWindow
GetActiveWindow
GetParent
SetActiveWindow
CharNextW
DispatchMessageW
GetMessageW
GetDlgItem
GetClientRect
GetWindowRect
SendMessageW
ShowCursor
LoadIconW
GetMonitorInfoW
SetCursor
GetSystemMenu
DrawTextW
GetKeyState
CopyImage
MonitorFromWindow
TrackPopupMenu
DrawFrameControl
OffsetRect
DrawIconEx
GetDlgCtrlID
PostThreadMessageW
SetTimer
EqualRect
UpdateLayeredWindow
PtInRect
SendMessageTimeoutW
FindWindowW
MsgWaitForMultipleObjects
EndPaint
SetFocus
FindWindowExW
DestroyAcceleratorTable
IsWindowVisible
ClientToScreen
KillTimer
RedrawWindow
SetCapture
GetClassNameW
ScreenToClient
IsChild
CreateAcceleratorTableW
ReleaseCapture
FillRect
InvalidateRgn
BeginPaint
SetWindowTextW
GetSysColor
FrameRect
GetWindowTextLengthW
CallWindowProcW
DefWindowProcW
GetFocus
PostMessageW
GetWindowTextW
TranslateMessage

gdi32

DeleteObject
SetBkColor
Rectangle
StretchBlt
SetTextColor
DeleteDC
GetStockObject
ExtTextOutW
CreateCompatibleDC
SelectObject
CreatePen
CreateSolidBrush
GetObjectW
CreateFontIndirectW
CreateBitmap
CreateCompatibleBitmap
SetBkMode
GetTextExtentPoint32W
SaveDC
MoveToEx
RectInRegion
TextOutW
CreateRectRgn
GetDeviceCaps
LineTo
CreateDIBSection
GetCurrentObject
RestoreDC
CombineRgn
CreateRectRgnIndirect
BitBlt
SelectClipRgn
GetClipRgn
RoundRect

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
DeleteService
ChangeServiceConfig2W
OpenSCManagerW
CloseServiceHandle
RegEnumValueW
ControlService
QueryServiceStatus
OpenServiceW
RegLoadKeyW
QueryServiceConfig2W
RegUnLoadKeyW
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
SetNamedSecurityInfoW
FreeSid
AllocateAndInitializeSid
SetEntriesInAclW
RegRestoreKeyW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHChangeNotify

ole32

CoInitialize
CoUninitialize
CoGetClassObject
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
StringFromGUID2
CLSIDFromProgID
OleLockRunning
PropVariantClear
CoInitializeEx
CLSIDFromString
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

OleLoadPicture
DispCallFunc
VariantClear
LoadRegTypeLi
SysStringByteLen
VarBstrCmp
VariantInit
SysStringLen
OleCreateFontIndirect
LoadTypeLi
SysAllocStringLen
VarUI4FromStr
SysAllocString
SysFreeString

shlwapi

SHDeleteValueW
wnsprintfW
SHStrDupW
PathFindFileNameW
PathRemoveFileSpecW
SHDeleteKeyW
PathAppendW
PathAddBackslashW
StrToIntA
PathFileExistsW
PathUnquoteSpacesW

comctl32

_TrackMouseEvent

ws2_32

ntohl
htons
htonl
WSCDeinstallProvider
WSCEnumProtocols

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
GetProcessMemoryInfo

gdiplus

GdipCloneImage
GdipCreateImageAttributes
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipDrawImageI
GdipDrawImageRectRectI
GdiplusStartup
GdipGetImageHeight
GdipDrawImageRectI
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipGetImageWidth
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdipDisposeImage
GdiplusShutdown

wininet

InternetOpenW
InternetOpenUrlW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

fltlib

FilterUnload

crypt32

CertFindCertificateInStore
CertGetNameStringW
CryptQueryObject
CryptMsgGetParam

netapi32

Netbios

Sections

.text
Size: 536KB - Virtual size: 535KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 592KB - Virtual size: 589KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d47139ed4032a75a45a176d699f20298

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

psapi

gdiplus

wininet

version

fltlib

crypt32

netapi32

Sections

.text Size: 536KB - Virtual size: 535KB

.rdata Size: 124KB - Virtual size: 120KB

.data Size: 20KB - Virtual size: 29KB

.rsrc Size: 592KB - Virtual size: 589KB

.reloc Size: 40KB - Virtual size: 39KB

.zero Size: 4KB - Virtual size: 3KB

.text
Size: 536KB - Virtual size: 535KB

.rdata
Size: 124KB - Virtual size: 120KB

.data
Size: 20KB - Virtual size: 29KB

.rsrc
Size: 592KB - Virtual size: 589KB

.reloc
Size: 40KB - Virtual size: 39KB

.zero
Size: 4KB - Virtual size: 3KB