2024-03-15_351736fbc114c7e05d4cc60587c7de9f_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-15_351736fbc114c7e05d4cc60587c7de9f_magniber
Size

3.2MB
MD5

351736fbc114c7e05d4cc60587c7de9f
SHA1

2d1ec4581a3ec1ac9e704f2d91fd7ccff96f5ebf
SHA256

346004f05bbfb03e6bbf5b7a965908147c0f2aa5eb32a236db2503884653d51f
SHA512

745002bac1f577e93dcad182c8180f2c98f77491775dda42ebd3b3bdac4709b39dd2118cff6defd3d705ae56396f4e45d03998510408a2f5910962223a21082f
SSDEEP

49152:2kGOyk9BQmhoYJsGwos5Bhsg70g+e3YNG/byGbrBhbTfMq6jfsLO:2kBykUmW5Bhsg7z+34Mq6sC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-15_351736fbc114c7e05d4cc60587c7de9f_magniber

Files

2024-03-15_351736fbc114c7e05d4cc60587c7de9f_magniber
.exe windows:6 windows x86 arch:x86

700365bc5b1e9237827e98c1136195ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\JenkinsWorkspace\workspace\client_build_installer@2\client\build\working_directory\RelWithDebInfo\UbisoftGameLauncher.pdb

Imports

discord-rpc.x86

Discord_Shutdown
Discord_UpdatePresence
Discord_Initialize

steam_api

SteamAPI_GetHSteamUser
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamInternal_FindOrCreateUserInterface
SteamAPI_RegisterCallback
SteamInternal_CreateInterface
SteamInternal_ContextInit
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamAPI_InitSafe
SteamAPI_UnregisterCallback

iphlpapi

GetAdaptersAddresses

shell32

SHCreateItemFromParsingName
CommandLineToArgvW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFolderPathW
SHBrowseForFolderW

propsys

PSGetPropertyKeyFromName

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

d3d9

Direct3DCreate9

advapi32

RegEnumKeyExW
OpenProcessToken
AdjustTokenPrivileges
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
SetEntriesInAclW
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
CreateProcessAsUserW
RegDeleteValueW
RegDeleteKeyExW
RegCreateKeyExW
RegCreateKeyW
RegCloseKey
GetTokenInformation
EqualSid
AllocateAndInitializeSid
LookupPrivilegeValueW

user32

PostQuitMessage
WaitMessage
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
AllowSetForegroundWindow
SetProcessDPIAware
EnumDisplayMonitors
MsgWaitForMultipleObjectsEx
GetWindowThreadProcessId
GetForegroundWindow
GetSystemMetrics
GetLastInputInfo
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
SendMessageW
RegisterRawInputDevices
GetRawInputData
GetAsyncKeyState
DestroyWindow
SetTimer
RegisterClassExW
DefWindowProcW
GetQueueStatus
SetWindowPos
GetWindowRect
GetParent
MonitorFromPoint
GetWindowInfo
GetMonitorInfoW
CreateWindowExW

kernel32

SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
SetCurrentDirectoryW
SetEnvironmentVariableW
GetDriveTypeW
GetModuleHandleExW
ExitThread
GetFileAttributesExW
UnregisterWaitEx
QueryDepthSList
ReadConsoleW
GetConsoleOutputCP
GetStdHandle
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
RtlUnwind
GetConsoleMode
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
SetStdHandle
FlushFileBuffers
SetConsoleCtrlHandler
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetProcessHeap
WriteConsoleW
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
SetProcessAffinityMask
VirtualFree
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
OutputDebugStringW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
InitializeSListHead
LCMapStringW
CompareStringW
GetCPInfo
TlsFree
TlsSetValue
CloseHandle
GetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
OpenProcess
IsProcessInJob
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
HeapSize
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentProcess
TerminateProcess
GetBinaryTypeW
SearchPathW
CreateFileW
GetFullPathNameW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
WaitForSingleObject
Sleep
GetModuleHandleExA
GetExitCodeProcess
OpenThread
ResumeThread
CreateProcessA
CreateProcessW
GetProcessId
GetVersionExW
GetNativeSystemInfo
VirtualProtect
IsWow64Process
SetLastError
GetExitCodeThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
VirtualFreeEx
ReadFile
WriteFile
GetOverlappedResult
ResetEvent
RtlCaptureStackBackTrace
CreateThread
GetCurrentThreadId
GetCommandLineW
GetEnvironmentVariableW
GetDiskFreeSpaceExW
GetFileAttributesW
SetFileAttributesW
GetVolumeNameForVolumeMountPointW
GetCurrentProcessId
ExitProcess
GetSystemInfo
GetTickCount
GetPhysicallyInstalledSystemMemory
GetModuleHandleA
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
LocalFree
GetComputerNameA
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
GetLocaleInfoW
GetUserDefaultUILanguage
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileSizeEx
GetFileTime
GetTempFileNameW
GetVolumePathNameW
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
SetFileTime
SetErrorMode
CopyFileW
MoveFileExW
OutputDebugStringA
SetEvent
WaitForMultipleObjectsEx
RaiseException
GetTempPathW
GetCurrentDirectoryW
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
LoadLibraryA
TlsGetValue
TlsAlloc
GetStringTypeW
DecodePointer
EncodePointer
FormatMessageW
QueryInformationJobObject
CreateEventW
QueryPerformanceCounter
QueryPerformanceFrequency
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread

ole32

CoInitialize
CoCreateInstance
CoInitializeEx
CoUninitialize

comdlg32

GetSaveFileNameW

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 656KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

700365bc5b1e9237827e98c1136195ee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

discord-rpc.x86

steam_api

iphlpapi

shell32

propsys

winhttp

rpcrt4

d3d9

advapi32

user32

kernel32

ole32

comdlg32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 346KB - Virtual size: 345KB

.data Size: 36KB - Virtual size: 62KB

.rsrc Size: 193KB - Virtual size: 193KB

.reloc Size: 656KB - Virtual size: 660KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 346KB - Virtual size: 345KB

.data
Size: 36KB - Virtual size: 62KB

.rsrc
Size: 193KB - Virtual size: 193KB

.reloc
Size: 656KB - Virtual size: 660KB