2024-03-14_0a18885282acabfa59b60e9a2e29db04_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-14_0a18885282acabfa59b60e9a2e29db04_magniber
Size

5.3MB
MD5

0a18885282acabfa59b60e9a2e29db04
SHA1

bd076edaae34031451ae71c97fb9f7fef5beb003
SHA256

a49da370bb00d8621656ebdac56c591209730a47e33df92345239bd79896efb4
SHA512

f795660deeae71d1dd7e2b21126700b641d552fe60f63f209e49f809e576566164f6df02f2fe2d45a95b7e0023e74d1a77c983a5693590ba6e2966c8d82921fe
SSDEEP

98304:YT0srwxE0+mFtRfP0U8VXilEEddMC0+LwWP1TdYks20WffJhBbQzSZ:Yb4E0/Rfs5EddN0+cWpdY1VUfJHZ

Score

1^/10

Malware Config

Signatures

Files

2024-03-14_0a18885282acabfa59b60e9a2e29db04_magniber
.exe windows:5 windows x86 arch:x86

f2e13aa77a7d1b1766fb9aa99e173984

Code Sign

6f:02:3a:c9:37:a0:54:12:fb:47:0a:7d:d5:28:3f:fa
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

14/04/2016, 07:40

Not After

14/04/2017, 07:40

Subject

CN=北京丰余科技有限公司,O=北京丰余科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

09:44:dc:69:1f:6d:80:b7:ba:94:67:4b:7f:81:df:93:25:5b:bc:de
Signer

Actual PE Digest

09:44:dc:69:1f:6d:80:b7:ba:94:67:4b:7f:81:df:93:25:5b:bc:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\workspace\yiwanplayer\bin\Release\YiwanDownloader.pdb

Imports

kernel32

SetFileAttributesW
GetModuleFileNameW
CreateMutexA
SetThreadAffinityMask
QueryPerformanceFrequency
CancelIo
GetModuleHandleA
RtlCaptureStackBackTrace
DisconnectNamedPipe
GetOverlappedResult
FormatMessageW
GetSystemDirectoryW
CreateNamedPipeW
ConnectNamedPipe
GetComputerNameW
SetLocalTime
TryEnterCriticalSection
GetNativeSystemInfo
SetPriorityClass
OpenMutexA
lstrlenA
lstrcmpiA
lstrcmpA
DuplicateHandle
WaitForMultipleObjects
OpenFile
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetStartupInfoA
GetDiskFreeSpaceExW
GetFullPathNameA
SetEndOfFile
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
WriteConsoleW
SetConsoleCtrlHandler
FindFirstFileExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThread
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
lstrcmpiW
UnhandledExceptionFilter
GetCPInfo
FatalAppExitA
SystemTimeToTzSpecificLocalTime
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
PeekNamedPipe
GetCurrentProcessId
FreeResource
InterlockedDecrement
InterlockedIncrement
GetWindowsDirectoryW
lstrcatW
GetVersion
DecodePointer
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
CreateFileA
GetTempPathA
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileStringA
GetModuleHandleW
GetTickCount
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GlobalLock
GlobalReAlloc
GlobalAlloc
FindResourceExW
FindResourceW
lstrlenW
SizeofResource
LoadResource
GlobalFree
GlobalUnlock
LockResource
LoadLibraryExW
GetSystemInfo
SetErrorMode
FreeLibrary
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetFileAttributesA
GetFileType
GetFileInformationByHandle
FileTimeToLocalFileTime
ExitThread
GetFileAttributesExW
GetSystemTimeAsFileTime
VirtualQuery
VirtualProtect
AreFileApisANSI
RtlUnwind
EncodePointer
GetStringTypeW
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetFileSize
GlobalMemoryStatusEx
VerifyVersionInfoW
VerSetConditionMask
CreateProcessA
GetModuleFileNameA
GetStdHandle
SetHandleInformation
CreatePipe
SetThreadPriority
ResumeThread
GetCommandLineA
lstrcpyW
SetEnvironmentVariableW
GetEnvironmentVariableW
CreateFileW
CreateDirectoryW
GetTempPathW
GetCommandLineW
GetStartupInfoW
CreateProcessW
CreateEventW
GetTempFileNameA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetExitCodeProcess
OpenMutexW
OpenEventW
ReadFile
GetFileSizeEx
GetFileTime
SetFileTime
GetVolumeInformationW
GetDriveTypeW
GetLogicalDriveStringsW
DeviceIoControl
RemoveDirectoryW
FindClose
GetProcAddress
FindNextFileW
FindFirstFileW
LocalAlloc
CopyFileW
SetThreadLocale
GetThreadLocale
MoveFileExW
MoveFileW
GetTempFileNameW
lstrcmpW
MulDiv
OutputDebugStringW
LocalFree
ResetEvent
InitializeCriticalSectionAndSpinCount
CreateMutexW
GetLocalTime
CloseHandle
SetFilePointer
WriteFile
Sleep
WaitForSingleObject
ReleaseMutex
SetEvent
DeleteCriticalSection
InitializeCriticalSection
TerminateThread
CreateThread
RaiseException
TerminateProcess
OpenProcess
GetShortPathNameA
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetVersionExW
LoadLibraryW
SetUnhandledExceptionFilter

user32

SetCapture
DefWindowProcW
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
MoveWindow
SetWindowPos
GetWindowRgn
AttachThreadInput
RegisterClassW
LoadIconW
EnumDisplayDevicesW
GetWindowThreadProcessId
MsgWaitForMultipleObjects
SetLayeredWindowAttributes
HideCaret
GetDlgCtrlID
wsprintfW
DrawIconEx
IsWindowEnabled
EnumWindows
GetDesktopWindow
GetWindowTextW
RemovePropA
GetPropA
SetPropA
CharNextW
CreateDialogIndirectParamW
IsIconic
UpdateLayeredWindow
TranslateMessage
SetMenuDefaultItem
TrackPopupMenu
GetSubMenu
LoadMenuW
IsMenu
PostQuitMessage
RegisterWindowMessageW
GetDlgItem
GetClassInfoExW
CallWindowProcW
DrawTextW
DialogBoxIndirectParamW
UnregisterClassW
GetMonitorInfoW
MonitorFromWindow
IsDialogMessageW
LoadImageW
GetWindow
GetClassLongW
PtInRect
IsRectEmpty
OffsetRect
IntersectRect
CopyRect
SetRect
FillRect
WindowFromPoint
MapWindowPoints
ScreenToClient
GetCursorPos
GetClientRect
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
UpdateWindow
KillTimer
SetTimer
ReleaseCapture
IsWindowVisible
GetCapture
EndDialog
IsWindow
PostMessageW
MessageBoxW
GetSystemMetrics
EnumDisplaySettingsW
ChangeDisplaySettingsW
FindWindowW
ShowCursor
AdjustWindowRect
GetDC
SetForegroundWindow
CreateWindowExA
SendMessageW
PeekMessageW
DispatchMessageW
GetMessageW
TrackMouseEvent
LoadCursorW
GetParent
SetWindowLongW
GetWindowLongW
GetWindowRect
SetRectEmpty
AdjustWindowRectEx
RedrawWindow
SetWindowRgn
SystemParametersInfoW
GetCursor
SetCursor
InflateRect
DestroyAcceleratorTable
InvalidateRgn
ClientToScreen
CreateAcceleratorTableW
GetSysColor
GetClassNameW
SetFocus
GetFocus
IsChild
GetWindowTextLengthW
ChildWindowFromPoint
UnionRect
IsZoomed
EqualRect
GetDoubleClickTime
ClipCursor
GetClipCursor
GetWindowDC

gdi32

CreateSolidBrush
GetViewportOrgEx
CreateEllipticRgn
GetRgnBox
FillRgn
CreateBrushIndirect
GetObjectA
TextOutW
CreatePatternBrush
GetTextColor
SetGraphicsMode
SetWorldTransform
OffsetViewportOrgEx
ChoosePixelFormat
SetPixelFormat
SwapBuffers
GetDeviceCaps
GetObjectW
GetStockObject
CreateFontIndirectW
ExtTextOutW
MoveToEx
SetTextColor
SetBkMode
SetBkColor
Rectangle
PatBlt
LineTo
CreatePen
SetViewportOrgEx
IntersectClipRect
GetTextExtentPoint32W
GetClipBox
ExcludeClipRect
CreateCompatibleBitmap
BitBlt
SetDIBitsToDevice
CreateDIBSection
SelectObject
PtInRegion
DeleteObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
GetObjectType
CreateRoundRectRgn
CombineRgn
CreatePolygonRgn
CreateDCW
SetStretchBltMode
CreateFontW
EnumFontFamiliesW
StretchBlt

advapi32

GetTokenInformation
DeleteService
QueryServiceStatus
EnumDependentServicesW
RegOpenKeyExA
RegQueryValueExA
InitializeSecurityDescriptor
RegEnumKeyExA
GetUserNameW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
RegCloseKey

shell32

SHCreateDirectoryExW
SHGetSpecialFolderLocation
SHFileOperationW
Shell_NotifyIconW
CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetSpecialFolderPathA
SHGetPathFromIDListW
ShellExecuteW
ShellExecuteExW

ole32

CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
CoCreateGuid
CreateBindCtx
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysFreeString
VarBstrCmp
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysAllocString
SysStringLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantChangeType
SysStringByteLen
SysAllocStringLen
VariantInit
SysAllocStringByteLen
VarUI4FromStr
VariantClear

shlwapi

PathIsURLA
PathIsNetworkPathA
PathIsRootA
PathIsRelativeW
PathRelativePathToW
PathIsURLW
PathIsUNCA
PathCombineW
PathIsRelativeA
StrToIntExW
SHGetValueA
SHSetValueA
StrCpyNW
PathStripToRootW
PathFileExistsA
PathFileExistsW
PathIsNetworkPathW
PathIsRootW
PathIsUNCW
PathAppendW
PathIsDirectoryA
PathAppendA
PathRemoveFileSpecA
StrStrA
StrStrIA
SHGetValueW
PathRemoveExtensionW
PathIsDirectoryW
PathAddBackslashW
PathAddBackslashA
PathFindFileNameW
StrStrIW
PathRemoveFileSpecW
StrCmpW

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_Draw
ImageList_Destroy
_TrackMouseEvent
InitCommonControlsEx

msimg32

AlphaBlend

opengl32

wglCreateContext
wglMakeCurrent
wglDeleteContext

gdiplus

GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateStringFormat
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipDrawString
GdipCreateBitmapFromHBITMAP
GdipGetImageGraphicsContext
GdipDrawImageI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromStream
GdipSetStringFormatFlags
GdiplusShutdown
GdiplusStartup
GdipSaveImageToFile

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

dbghelp

SymFromAddr
SymInitialize
SymGetModuleInfo64
MakeSureDirectoryPathExists

ws2_32

shutdown
freeaddrinfo
getaddrinfo
WSASocketW
WSASetEvent
WSASend
WSAResetEvent
getsockname
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSAConnect
WSACloseEvent
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
closesocket
setsockopt
sendto
recv
ntohs
WSARecv
inet_ntoa
inet_addr
select
__WSAFDIsSet
getpeername
ioctlsocket
gethostname
connect
recvfrom
ntohl
htonl
bind
socket
htons
send
getsockopt
listen
getnameinfo
accept

winmm

timeGetDevCaps
timeGetTime
timeSetEvent
timeKillEvent
timeEndPeriod
timeBeginPeriod

wininet

HttpQueryInfoW
InternetSetFilePointer
HttpOpenRequestW
InternetCloseHandle
InternetWriteFile
InternetConnectW
FtpOpenFileW
InternetCrackUrlW
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetSetOptionW
InternetQueryOptionW
HttpSendRequestExW
HttpEndRequestW

uxtheme

IsThemeActive
IsAppThemed

urlmon

CreateURLMoniker
RegisterBindStatusCallback

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_IDW

netapi32

Netbios

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 669KB - Virtual size: 668KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2e13aa77a7d1b1766fb9aa99e173984

Code Sign

6f:02:3a:c9:37:a0:54:12:fb:47:0a:7d:d5:28:3f:faCertificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

09:44:dc:69:1f:6d:80:b7:ba:94:67:4b:7f:81:df:93:25:5b:bc:deSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

opengl32

gdiplus

version

dbghelp

ws2_32

winmm

wininet

uxtheme

urlmon

psapi

iphlpapi

setupapi

netapi32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 669KB - Virtual size: 668KB

.data Size: 34KB - Virtual size: 247KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 115KB - Virtual size: 114KB

6f:02:3a:c9:37:a0:54:12:fb:47:0a:7d:d5:28:3f:fa
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

09:44:dc:69:1f:6d:80:b7:ba:94:67:4b:7f:81:df:93:25:5b:bc:de
Signer

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 669KB - Virtual size: 668KB

.data
Size: 34KB - Virtual size: 247KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 115KB - Virtual size: 114KB