2024-03-14_ba7035e021a2b4bb8fa2caa43af9f9b9_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-14_ba7035e021a2b4bb8fa2caa43af9f9b9_magniber_revil
Size

4.3MB
MD5

ba7035e021a2b4bb8fa2caa43af9f9b9
SHA1

91c79c0a186c7f39c60696f07a084128a645fac2
SHA256

f972246a3dee295c08f0e874c0eaf1a83ee1d9959b7638b0e63a0558c64a0b47
SHA512

9de0f868c2c840b0cf8cd40eb5f9e4e90ec7785526e6646d891d45197841fb0036ea3d459d34471d0b82af1fe858cd950eb1fec3c67009b46dff941ab41d88b7
SSDEEP

49152:yEPLpO1epHEl0RFLu2CPy1zJiDIgZKUxT2hQgHF6c9OtZkPQKKYpWwl1+NY:hA0HEl0RI211zhgDx2hTKYpfg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-14_ba7035e021a2b4bb8fa2caa43af9f9b9_magniber_revil

Files

2024-03-14_ba7035e021a2b4bb8fa2caa43af9f9b9_magniber_revil
.exe windows:6 windows x86 arch:x86

6c8427301bca1520e59e66080236c26f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Jenkins\workspace\MBAM-Windows\N_MB5Uns\bin\Win32\Release\mb5uns.pdb

Imports

crypt32

CryptMsgClose
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CertDuplicateCertificateContext
CryptQueryObject

iphlpapi

GetAdaptersInfo

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LeaveCriticalSection
RaiseException
EnterCriticalSection
GetCurrentThreadId
SetLastError
DeleteCriticalSection
GetLastError
InitializeCriticalSectionEx
LocalFree
FormatMessageW
LocalAlloc
Sleep
CallNamedPipeW
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
GetModuleFileNameW
GetWindowsDirectoryW
SetCurrentDirectoryW
CreateMutexW
DecodePointer
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalFree
LoadLibraryW
VerifyVersionInfoW
VerSetConditionMask
SetThreadUILanguage
GetSystemDirectoryW
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
OpenProcess
K32GetModuleFileNameExA
WaitForSingleObject
GetExitCodeProcess
GetTickCount
OutputDebugStringW
SwitchToThread
GetTempPathW
CopyFileW
FlushFileBuffers
GetFileSizeEx
ReadFile
WriteFile
GetFileInformationByHandle
CreateFileW
GetCurrentThread
FileTimeToSystemTime
GetCurrentProcess
FindFirstFileW
GetFileAttributesW
CreateDirectoryW
HeapReAlloc
GetLocalTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
HeapAlloc
GetSystemInfo
SetEndOfFile
FindNextFileW
FindClose
GetModuleHandleA
GetStdHandle
GetCurrentDirectoryW
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetStartupInfoW
SetEvent
ResetEvent
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentVariableW
SetEnvironmentVariableW
SystemTimeToFileTime
DeleteFiber
GetFileType
QueryPerformanceCounter
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
SetFilePointerEx
SetConsoleCtrlHandler
ExitProcess
PeekNamedPipe
GetDriveTypeW
GetModuleHandleExW
GetCommandLineW
GetCommandLineA
RtlUnwind
GetThreadTimes
HeapDestroy
MulDiv
GetProcessHeap
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
AreFileApisANSI
GetFullPathNameW
FindFirstFileExW
GetStringTypeW
LoadLibraryExA
VirtualQuery
VirtualProtect

dwmapi

DwmGetWindowAttribute

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

bcrypt

BCryptGenRandom

ws2_32

send
WSAGetLastError
recv
WSASetLastError
WSACleanup
WSAStartup
closesocket

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 671KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 660KB - Virtual size: 664KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6c8427301bca1520e59e66080236c26f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

iphlpapi

kernel32

dwmapi

rpcrt4

bcrypt

ws2_32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 671KB - Virtual size: 671KB

.data Size: 36KB - Virtual size: 53KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 660KB - Virtual size: 664KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 671KB - Virtual size: 671KB

.data
Size: 36KB - Virtual size: 53KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 660KB - Virtual size: 664KB