2024-03-14_903964bbd974760793567e2a7a0c613e_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-14_903964bbd974760793567e2a7a0c613e_magniber
Size

4.2MB
MD5

903964bbd974760793567e2a7a0c613e
SHA1

b2eceab1945f817021eb30b4a4709b78538cfa9c
SHA256

b8fa9535b50659619c70a609cf9dbb6ef251b26c3a53bd7fcd22c522bbfa4d2b
SHA512

b99c26c88916672fb0fcd54eac6de216cc42173332bb984a948fe7cdb0185ca6aaf340258fd4a2aa28c30e0c9132c2f0f797c63ae1510be6d5f92e9555f544d0
SSDEEP

98304:ySAMQFqP0ulQx0w2lyj3w4MB/Hs1A7O/E:ySAMQRuax0w2ly+/Hs1Aas

Score

1^/10

Malware Config

Signatures

Files

2024-03-14_903964bbd974760793567e2a7a0c613e_magniber
.exe windows:5 windows x86 arch:x86

f7f71d1179f5fff4d79d14630ab7bce5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:d9:00:6d:6b:07:5e:81:fc:79:87:59:6b:6b:5e:56
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/11/2015, 00:00

Not After

18/01/2018, 12:00

Subject

CN=Blizzard Entertainment\, Inc.,O=Blizzard Entertainment\, Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

88:1f:33:ca:a2:e7:4d:b1:1b:49:3f:b2:60:ed:c3:f3:f9:89:9b:04
Signer

Actual PE Digest

88:1f:33:ca:a2:e7:4d:b1:1b:49:3f:b2:60:ed:c3:f3:f9:89:9b:04

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildServer\bna-4\work-git\agent-repository\Agent\Release\Agent.pdb

Imports

kernel32

GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetACP
GetFileType
GetStdHandle
HeapSize
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
GetConsoleMode
GetTimeZoneInformation
ReadConsoleW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
VerSetConditionMask
SleepEx
VerifyVersionInfoA
ExpandEnvironmentStringsA
FlushConsoleInputBuffer
MoveFileExW
FlushViewOfFile
RtlUnwind
OpenMutexA
CreateMutexA
VirtualProtect
AreFileApisANSI
GetModuleHandleExW
ExitProcess
HeapReAlloc
HeapAlloc
GetFullPathNameW
LoadLibraryExW
IsWow64Process
GetNativeSystemInfo
ExitThread
IsProcessorFeaturePresent
GetCommandLineW
HeapFree
GetStringTypeW
ResetEvent
PeekNamedPipe
ReadConsoleInputA
SetConsoleMode
FindFirstFileExW
LocalFree
FormatMessageA
SetConsoleCtrlHandler
EncodePointer
SetLastError
ReleaseMutex
TryEnterCriticalSection
RtlCaptureContext
Process32Next
Process32First
IsBadStringPtrA
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTickCount
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryPerformanceCounter
TlsFree
TlsGetValue
TlsSetValue
GetLocaleInfoW
SetErrorMode
TlsAlloc
GetThreadPriority
SetThreadPriority
SetNamedPipeHandleState
GetCurrentThreadId
GetConsoleWindow
CloseHandle
OpenProcess
GetCurrentProcess
GetLastError
LocalAlloc
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryW
GetProcAddress
InterlockedDecrement
DecodePointer
FreeLibrary
TerminateProcess
GetVersionExW
GetWindowsDirectoryW
GetDriveTypeW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleHandleW
lstrlenW
GlobalFree
GetVolumePathNamesForVolumeNameW
GetVolumeInformationW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
MapViewOfFile
UnmapViewOfFile
GetDiskFreeSpaceW
Sleep
CreateFileW
GetCurrentProcessId
InterlockedIncrement
CreateThread
WaitForSingleObject
OutputDebugStringW
IsDebuggerPresent
SetUnhandledExceptionFilter
VirtualQuery
GetModuleFileNameA
Thread32First
Thread32Next
OpenThread
GetCurrentThread
SuspendThread
GetThreadContext
ResumeThread
GetLocalTime
WriteFile
GetVersion
GetExitCodeProcess
CreateDirectoryW
GetFileAttributesW
GetModuleFileNameW
FindFirstFileW
FindClose
GetComputerNameW
IsBadReadPtr
GetModuleHandleA
SwitchToFiber
ConvertThreadToFiber
CreateFiber
DeleteFiber
CreateFiberEx
SetEvent
CreateEventW
VirtualFree
VirtualAlloc
Module32FirstW
Module32NextW
ReadFile
GetFileSizeEx
GetFileSize
GetCompressedFileSizeW
GetFileAttributesExW
SetCurrentDirectoryW
GetCurrentDirectoryW
FindNextFileW
FlushFileBuffers
GetShortPathNameW
GetDiskFreeSpaceExW
SetFilePointer
MoveFileW
RemoveDirectoryW
SetEndOfFile
DeviceIoControl
GetFileInformationByHandle
SetFileTime
SetFileAttributesW
DeleteFileW
SetFilePointerEx
SetFileValidData
GetSystemInfo
GetVersionExA
GetProcessAffinityMask
SetThreadAffinityMask
InterlockedCompareExchange
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GlobalMemoryStatusEx
GlobalMemoryStatus
CreateFileMappingA
QueryInformationJobObject
OpenJobObjectW
CreateJobObjectW
SetInformationJobObject
AssignProcessToJobObject
GetProcessId
WaitNamedPipeW
SystemTimeToTzSpecificLocalTime

shlwapi

SHDeleteKeyW

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
PeekMessageW
ShowWindow
GetWindowThreadProcessId
DispatchMessageW
TranslateMessage
GetForegroundWindow
DefWindowProcW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
UpdateWindow
GetShellWindow

ws2_32

getsockopt
socket
WSAIoctl
getsockname
getpeername
recv
getaddrinfo
freeaddrinfo
shutdown
send
inet_ntoa
WSASetLastError
__WSAFDIsSet
ioctlsocket
accept
closesocket
listen
WSAResetEvent
WSACreateEvent
WSAEventSelect
WSAEnumNetworkEvents
bind
htonl
inet_addr
connect
htons
ntohl
ntohs
WSAGetLastError
select
gethostname
WSAStartup
setsockopt
WSACleanup

advapi32

SetEntriesInAclW
GetUserNameW
RegQueryValueExW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegOpenKeyExA
OpenThreadToken
MapGenericMask
AccessCheck
DuplicateToken
ConvertSidToStringSidA
CloseServiceHandle
QueryServiceConfigW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
LookupPrivilegeValueW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
ConvertSecurityDescriptorToStringSecurityDescriptorW
DuplicateTokenEx
SetSecurityInfo
AllocateAndInitializeSid
GetNamedSecurityInfoW
BuildTrusteeWithSidW
GetSecurityInfo
RegGetKeySecurity
SetNamedSecurityInfoW
GetFileSecurityW
OpenSCManagerW
OpenServiceW

wininet

HttpOpenRequestA
InternetGetLastResponseInfoA
InternetCrackUrlA
InternetQueryOptionW
InternetSetCookieW
HttpSendRequestA
InternetSetOptionA
InternetConnectA
InternetSetStatusCallbackA
InternetOpenA
InternetCloseHandle
InternetReadFileExA
HttpQueryInfoA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

iphlpapi

GetExtendedTcpTable

winhttp

WinHttpOpen
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser

shell32

ShellExecuteExW
SHChangeNotify
SHGetFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoSetProxyBlanket

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear
VariantChangeType

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 840KB - Virtual size: 839KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 249KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7f71d1179f5fff4d79d14630ab7bce5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

07:d9:00:6d:6b:07:5e:81:fc:79:87:59:6b:6b:5e:56Certificate

Extended Key Usages

Key Usages

88:1f:33:ca:a2:e7:4d:b1:1b:49:3f:b2:60:ed:c3:f3:f9:89:9b:04Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

user32

ws2_32

advapi32

wininet

version

rpcrt4

iphlpapi

winhttp

shell32

ole32

oleaut32

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 840KB - Virtual size: 839KB

.data Size: 249KB - Virtual size: 580KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 96KB - Virtual size: 96KB

.reloc Size: 152KB - Virtual size: 151KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

07:d9:00:6d:6b:07:5e:81:fc:79:87:59:6b:6b:5e:56
Certificate

88:1f:33:ca:a2:e7:4d:b1:1b:49:3f:b2:60:ed:c3:f3:f9:89:9b:04
Signer

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 840KB - Virtual size: 839KB

.data
Size: 249KB - Virtual size: 580KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 96KB - Virtual size: 96KB

.reloc
Size: 152KB - Virtual size: 151KB