2024-03-15_f0d21333b5e3ad75b259b332b2c1ebee_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-15_f0d21333b5e3ad75b259b332b2c1ebee_magniber
Size

6.2MB
MD5

f0d21333b5e3ad75b259b332b2c1ebee
SHA1

f0906a181625ac4c2e778ccba199569ab26daddc
SHA256

ef973a48da0e0db845aa05686c88dccde5b7f96fc6cbb6e5e6e5b69fafca8c39
SHA512

ab7a60fb53b1815863136c92288517340a54aa0ed03554fb944f3bc11942bc938f027437ca79290bb049cb739b5fe2b0542bdbd8d8b168d56e20e8b4ea956c48
SSDEEP

98304:3agWvNIQMcn3jLtqCv+cCFphdrR81lMNDTKj9+b/j95I8jWwY2hp:3a3tMo3vtEFpXrR81lMNDTKjKItWp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-15_f0d21333b5e3ad75b259b332b2c1ebee_magniber

Files

2024-03-15_f0d21333b5e3ad75b259b332b2c1ebee_magniber
.exe windows:5 windows x86 arch:x86

e3266d1d68627510bf4f5cffd4008da6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

d:\dbs\el\feb\target\x86\ship\click2run\en-us\SetupBootstrapper.pdb

Imports

advapi32

ConvertSidToStringSidW
OpenProcessToken
GetTokenInformation
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
EventWriteTransfer
EventRegister
EventUnregister
CreateWellKnownSid
CheckTokenMembership
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteTreeW
RegDeleteKeyW
RegGetValueW
RegDeleteValueW
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetFileSecurityW
SetFileSecurityW
RegNotifyChangeKeyValue
RevertToSelf
OpenThreadToken
GetLengthSid
CopySid
InitializeAcl
AddAccessAllowedAce
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
EqualSid
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
CloseServiceHandle
OpenServiceW
QueryServiceStatusEx
QueryServiceConfigW
StartServiceW
ControlService
EnumDependentServicesW
ChangeServiceConfigW
RegEnumValueA
RegDeleteValueA
RegGetValueA
EventWrite

ole32

CoCancelCall
CoEnableCallCancellation
CoUninitialize
CoInitialize
CLSIDFromString
CoRevokeInitializeSpy
CoRegisterInitializeSpy
CreateStreamOnHGlobal
CoTaskMemAlloc
IIDFromString
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoCreateGuid
CoInitializeSecurity
CoInitializeEx
CoDisableCallCancellation

gdi32

CreateFontW
SelectObject
GetTextMetricsW
CreatePen
SetTextColor
SetBkColor
SetDCPenColor
Rectangle
DeleteObject
GetTextExtentPoint32W
SetDCBrushColor
GetStockObject
CreateSolidBrush
GetDeviceCaps

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

rstrtmgr

RmGetList
RmRegisterResources
RmStartSession

ws2_32

GetAddrInfoW
WSAStartup
FreeAddrInfoW

kernel32

VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateTimerQueue
InterlockedFlushSList
RtlUnwind
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
DuplicateHandle
UnhandledExceptionFilter
CompareStringW
GetCPInfo
EncodePointer
InitializeCriticalSectionAndSpinCount
InitOnceComplete
InitOnceBeginInitialize
GetFileInformationByHandle
GetStringTypeW
OpenThread
GetSystemPreferredUILanguages
K32GetProcessImageFileNameW
UnregisterWaitEx
ExitThread
GetDateFormatW
GetTimeFormatW
GetDriveTypeW
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
ExitProcess
CloseHandle
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
CompareStringEx
LocalFree
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentProcessId
CreateThread
GetCurrentThreadId
GetExitCodeThread
CreateEventExW
DeleteFileW
WriteFile
ReadFile
SetFilePointerEx
FreeLibrary
WideCharToMultiByte
IsWow64Process
GetModuleHandleExW
ExpandEnvironmentStringsW
GlobalFree
MultiByteToWideChar
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
CreateMutexW
GetCommandLineW
GlobalMemoryStatusEx
GetNativeSystemInfo
VerSetConditionMask
VerifyVersionInfoW
GetUserDefaultLocaleName
FlsFree
FlsAlloc
AttachConsole
AllocConsole
GetStdHandle
WriteConsoleW
FreeConsole
LocaleNameToLCID
FindClose
UnmapViewOfFile
CreateFileA
CreateFileMappingA
GetFileSize
MapViewOfFile
Sleep
GetStringTypeExW
GetUserDefaultLCID
LoadLibraryA
LCMapStringW
FormatMessageA
GetSystemTimeAsFileTime
TlsAlloc
TlsFree
FlsGetValue
TlsGetValue
FlsSetValue
TlsSetValue
GetTickCount64
K32GetProcessMemoryInfo
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetProcessTimes
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
CreateProcessW
LoadLibraryExW
FindResourceW
SizeofResource
LoadResource
OpenProcess
GetVersionExW
GetDiskFreeSpaceExW
CreateFileW
DeviceIoControl
SetErrorMode
GetComputerNameW
MulDiv
FormatMessageW
GetLogicalProcessorInformation
GetSystemDirectoryW
HeapAlloc
IsValidCodePage
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetCPInfoExW
CreateEventW
SetEvent
WaitForSingleObject
WaitForMultipleObjectsEx
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolWait
SetThreadpoolWait
EnumSystemLocalesW
CreateThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
ReleaseSemaphore
WaitForSingleObjectEx
QueryDepthSList
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
RtlCaptureStackBackTrace
ReleaseMutex
TzSpecificLocalTimeToSystemTime
GetTempPathW
GetLongPathNameW
ResetEvent
OutputDebugStringW
IsDebuggerPresent
GetFileAttributesExW
FindFirstFileExW
MoveFileExW
FindNextFileW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
SetEndOfFile
GetFileSizeEx
FlushFileBuffers
LockFileEx
UnlockFileEx
CopyFileExW
GetVolumePathNamesForVolumeNameW
SetFileInformationByHandle
CreateFileMappingW
WaitForMultipleObjects
GetFileType
SetFilePointer
LockFile
UnlockFile
GetOverlappedResult
GetFileAttributesW
GetFileTime
ReplaceFileW
CopyFileW
GetTempFileNameW
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualProtectEx
GetSystemInfo
GlobalAlloc
LockResource
SetFileTime
CancelIoEx
SignalObjectAndWait
GetProcessAffinityMask
CreateWaitableTimerW
SetWaitableTimerEx
CancelWaitableTimer
GetTickCount
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
QueryFullProcessImageNameW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetThreadIOPendingFlag
GetCurrentThread
GetQueuedCompletionStatus
GetStartupInfoW
CreateMemoryResourceNotification
GetSystemPowerStatus
IsSystemResumeAutomatic
QueryUnbiasedInterruptTime
VirtualFree
VirtualAlloc
OpenEventA
CreateEventA
OpenMutexA
CreateMutexA
OpenSemaphoreA
CreateSemaphoreA
OpenFileMappingA
LocalAlloc
GetThreadLocale
FindFirstFileW
lstrcmpW
FlushViewOfFile
GetFullPathNameW
ProcessIdToSessionId
DeleteFileA
GetTempPathA
GetCurrentDirectoryW
SetEnvironmentVariableW
GetPriorityClass
GetExitCodeProcess
K32EnumProcesses
GetTimeZoneInformation
IsValidLocale
GetLocaleInfoEx
LCIDToLocaleName
GetLocaleInfoW
ResolveLocaleName
GetUserPreferredUILanguages
GetACP
LCMapStringEx
GetSystemDefaultLCID
EnumSystemLocalesEx
GetSystemDefaultLocaleName
GetUserGeoID
AreFileApisANSI
HeapCreate
GetDiskFreeSpaceW
InitializeCriticalSection
GetFullPathNameA
HeapValidate
HeapSize
GetDiskFreeSpaceA
GetFileAttributesA
HeapReAlloc
HeapCompact
HeapDestroy
GetPhysicallyInstalledSystemMemory
GetProductInfo
SwitchToThread
SetStdHandle
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
VirtualQuery
WaitForThreadpoolWaitCallbacks
LoadLibraryExA
ReleaseSRWLockShared
GetLocalTime

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

setupapi

SetupIterateCabinetW

gdiplus

GdipDrawImageRectI
GdipDrawImageRectRectI
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdiplusStartup
GdipLoadImageFromStream

rpcrt4

RpcStringFreeW
UuidToStringW

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 597KB - Virtual size: 597KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3266d1d68627510bf4f5cffd4008da6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

ole32

gdi32

oleaut32

rstrtmgr

ws2_32

kernel32

wintrust

setupapi

gdiplus

rpcrt4

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 131KB - Virtual size: 146KB

.rsrc Size: 597KB - Virtual size: 597KB

.reloc Size: 299KB - Virtual size: 298KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 131KB - Virtual size: 146KB

.rsrc
Size: 597KB - Virtual size: 597KB

.reloc
Size: 299KB - Virtual size: 298KB