2024-03-15_11eca15b4ddd2b071f0b085d878d1f20_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-15_11eca15b4ddd2b071f0b085d878d1f20_magniber
Size

3.2MB
MD5

11eca15b4ddd2b071f0b085d878d1f20
SHA1

b7872297beb00bd5053250ab83d3fedbe7a5da7f
SHA256

d758a5395a8c4c20cf7b3171a1b545da31aa88256e0f26679684d8750aa13db0
SHA512

e56c65a624010ecf495243d3e1006a2ae2bb9a5480fd1cfafd46f9d30be2ae9ca3951d55d6e2e08816eb0d7bd28ff83a46dd3432c8fee423e809cd9976c66ab2
SSDEEP

49152:zPOOPUu0JO1LHX24+Gx6ED7c/N2s77baTZHgF6FuF7chqZqPXdPsXn+M81CHJqlN:zPj88DuGfc/eHDhMqtsXn1W

Score

1^/10

Malware Config

Signatures

Files

2024-03-15_11eca15b4ddd2b071f0b085d878d1f20_magniber
.exe windows:5 windows x86 arch:x86

8f81a3a3b99bd04e61d32ba2eabc2921

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:68:49:df:7b:ac:b6:3e:4e:a7:21:08:69:b5:71:77
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/10/2012, 00:00

Not After

08/10/2014, 23:59

Subject

CN=Techinline Limited,O=Techinline Limited,POSTALCODE=RG7 8NN,STREET=Calleva Park+STREET=5 Jupiter House,L=Aldermaston Reading,ST=Berkshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f3:80:b1:b9:e0:83:bc:13:0f:ca:90:eb:e1:26:f2:26:29:3f:6b:41
Signer

Actual PE Digest

f3:80:b1:b9:e0:83:bc:13:0f:ca:90:eb:e1:26:f2:26:29:3f:6b:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\CCNET\3.1.2\TIRD_Client\Core\Client\Win32\Release\TiClientCore.pdb

Imports

msi

ord204

iphlpapi

GetAdaptersInfo

msimg32

AlphaBlend
TransparentBlt

wininet

HttpOpenRequestA
InternetReadFile
HttpQueryInfoA
InternetConnectA
InternetQueryOptionA
HttpSendRequestA
DetectAutoProxyUrl
InternetOpenUrlA
InternetSetCookieA
InternetGetCookieA
InternetCloseHandle
InternetSetOptionA
InternetOpenA

ws2_32

ntohs
getservbyport
gethostbyaddr
htons
WSASetLastError
connect
gethostname
WSASocketA
inet_addr
WSAGetLastError
gethostbyname
inet_ntoa
htonl
getservbyname

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleFileNameExW
GetModuleBaseNameA
EnumProcessModules

msacm32

acmStreamSize
acmStreamUnprepareHeader
acmStreamConvert
acmStreamPrepareHeader

netapi32

NetGetDCName
NetApiBufferFree
NetUserEnum

kernel32

Sleep
FlushInstructionCache
GetCurrentProcess
lstrcmpA
MulDiv
GlobalLock
GlobalUnlock
ProcessIdToSessionId
IsBadReadPtr
IsBadWritePtr
SetEvent
ResetEvent
CreateEventA
MoveFileExW
GlobalFree
FindResourceA
GlobalHandle
SizeofResource
InitializeCriticalSection
GetTempPathW
GetLocalTime
GetModuleHandleA
WaitForSingleObject
TerminateThread
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
OpenEventA
GetComputerNameW
GetVersionExA
ReadFile
FindNextFileW
FindClose
FindFirstFileW
ExpandEnvironmentStringsW
GetWindowsDirectoryW
CreateProcessW
LocalFree
GetCommandLineW
SystemTimeToFileTime
GetSystemTime
CreateFileMappingA
FormatMessageA
GetModuleHandleW
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
DeleteFileA
GetExitCodeThread
lstrlenA
Process32FirstW
OutputDebugStringA
FormatMessageW
LocalAlloc
GlobalFindAtomA
GlobalSize
CreateProcessA
GetVolumeInformationA
GetDriveTypeA
lstrcpyW
GetFileAttributesExW
SetEndOfFile
GetFileInformationByHandle
IsBadStringPtrW
IsBadStringPtrA
ResumeThread
TlsGetValue
TlsAlloc
TlsSetValue
MoveFileW
CopyFileW
GetFileTime
FileTimeToSystemTime
GetFileSizeEx
SetFilePointerEx
CreateDirectoryW
RemoveDirectoryW
CreateMutexA
InterlockedCompareExchange
InterlockedExchange
ReleaseMutex
LoadLibraryW
OpenFileMappingW
CreateFileA
CreateNamedPipeA
SetNamedPipeHandleState
OpenMutexA
GetCurrentThread
Thread32First
InterlockedDecrement
Thread32Next
GetSystemInfo
SetThreadPriority
CreateSemaphoreA
ReleaseSemaphore
CreateEventW
VirtualFree
VirtualAlloc
CreateThread
FindResourceW
LockResource
LoadResource
DeleteCriticalSection
VirtualProtect
VirtualQuery
ExitThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RtlUnwind
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
GlobalAlloc
SetCurrentDirectoryA
GetModuleFileNameW
GetModuleFileNameA
FreeLibrary
LoadLibraryA
GetProcAddress
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
WriteFile
MultiByteToWideChar
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
SetFilePointer
SetLastError
CloseHandle
GetFileSize
CreateFileW
GetLastError
GetFileAttributesW
ExitProcess
GetStdHandle
HeapCreate
TlsFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetConsoleCP
GetConsoleMode
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedIncrement
Process32NextW

user32

WindowFromPoint
GetCapture
MapVirtualKeyA
SetClipboardViewer
ChangeClipboardChain
GetClipboardOwner
BringWindowToTop
SetRectEmpty
LoadStringW
GetClassNameW
RegisterClipboardFormatW
ExitWindowsEx
MessageBoxW
DestroyCursor
SetCursor
TrackMouseEvent
ScrollWindowEx
SetRect
UnionRect
GetSystemMenu
DeleteMenu
EnableMenuItem
TrackPopupMenu
UpdateWindow
SetWindowRgn
GetCursorPos
SetCursorPos
GetClassInfoA
GetWindowDC
EnableWindow
AttachThreadInput
GetDlgItemTextW
SetDlgItemTextW
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
LoadImageA
RegisterClassA
UnregisterClassA
SetForegroundWindow
PeekMessageA
LoadAcceleratorsA
TranslateAcceleratorA
PostQuitMessage
EnumDesktopWindows
GetActiveWindow
GetLastInputInfo
GetDlgItemTextA
MessageBoxA
IsWindowVisible
GetWindowThreadProcessId
SystemParametersInfoA
GetPropA
SendInput
mouse_event
GetWindowRect
GetSystemMetrics
OpenDesktopA
SetThreadDesktop
CloseDesktop
DialogBoxIndirectParamA
TranslateMessage
DispatchMessageA
GetMessageA
PostThreadMessageA
MapDialogRect
EndDialog
CallWindowProcA
RegisterWindowMessageA
CreateAcceleratorTableA
GetDesktopWindow
FillRect
GetFocus
GetSysColor
RegisterClassExA
LoadCursorA
GetClassInfoExA
GetClassNameA
SetWindowContextHelpId
GetDlgItem
GetParent
IsChild
GetWindow
SetDlgItemTextA
SendDlgItemMessageA
SetFocus
KillTimer
SetTimer
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
EndPaint
BeginPaint
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetWindowTextLengthA
EnumThreadWindows
FindWindowExA
EnumWindowStationsA
OpenInputDesktop
OpenWindowStationA
GetProcessWindowStation
GetUserObjectInformationA
SetProcessWindowStation
CloseWindowStation
FindWindowA
SendMessageW
EnumDisplayDevicesA
EnumDisplayMonitors
GetWindowTextA
SetWindowTextA
DestroyWindow
CreateWindowExA
GetWindowLongA
SetWindowLongA
ReleaseCapture
SetCapture
DefWindowProcA
SendMessageA
PostMessageA
IsWindow
CharNextA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
LoadBitmapA
ShowCursor
LoadStringA
GetUpdateRgn
DrawTextW
GetSysColorBrush
GetIconInfo
GetClipboardFormatNameA
GetCursorInfo
RegisterClipboardFormatA
MonitorFromPoint
GetForegroundWindow
GetThreadDesktop
GetUserObjectInformationW
GetAsyncKeyState
CreateDialogIndirectParamA
GetKeyState
DrawTextExW
ShowWindow
SetLayeredWindowAttributes
DestroyAcceleratorTable

gdi32

CreateFontIndirectA
CombineRgn
CreateRectRgn
GetTextExtentPoint32W
GetRgnBox
GetStockObject
SetTextColor
SetBkMode
GetTextExtentPoint32A
GetClipBox
LPtoDP
DPtoLP
Rectangle
CreateRoundRectRgn
BitBlt
CreateDCA
SetDIBColorTable
SetPixel
CreateEllipticRgn
GetEnhMetaFileBits
SetEnhMetaFileBits
RectVisible
GetDIBits
Ellipse
SetTextAlign
TextOutW
CreatePen
CreateDIBSection
OffsetRgn
PtInRegion
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
SelectObject
GetRegionData
GetDeviceCaps
DeleteDC
GetObjectA
StretchBlt
LineTo
MoveToEx

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

LookupAccountSidW
LookupAccountNameW
EqualSid
GetTokenInformation
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
LsaFreeMemory
LsaRetrievePrivateData
LsaNtStatusToWinError
LsaStorePrivateData
LsaClose
LsaOpenPolicy
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclA
AllocateAndInitializeSid
RegDeleteValueA
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
SetKernelObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
LogonUserW
CreateProcessWithLogonW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
DragQueryFileW
SHGetFolderPathW
ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
StringFromGUID2
CLSIDFromString
CreateStreamOnHGlobal
CLSIDFromProgID
CoGetClassObject
OleLockRunning
OleInitialize
OleUninitialize
CoInitializeEx
CoTaskMemFree
CreateBindCtx
DoDragDrop
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
CoFreeUnusedLibraries
CoTaskMemAlloc

oleaut32

SysFreeString
VariantInit
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VarBstrCat
SysAllocString
SysStringLen
VariantClear

shlwapi

SHSetValueW
SHDeleteValueW
PathIsDirectoryW
UrlUnescapeW
ord219
PathFileExistsW
PathRemoveFileSpecW
SHGetValueA

gdiplus

GdipFree
GdipCloneImage
GdiplusStartup
GdipBitmapGetPixel
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipAlloc

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 543KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 14.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 673KB - Virtual size: 672KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f81a3a3b99bd04e61d32ba2eabc2921

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

6f:68:49:df:7b:ac:b6:3e:4e:a7:21:08:69:b5:71:77Certificate

Extended Key Usages

Key Usages

f3:80:b1:b9:e0:83:bc:13:0f:ca:90:eb:e1:26:f2:26:29:3f:6b:41Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

iphlpapi

msimg32

wininet

ws2_32

version

psapi

msacm32

netapi32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 543KB - Virtual size: 542KB

.data Size: 62KB - Virtual size: 14.4MB

.rsrc Size: 673KB - Virtual size: 672KB

.reloc Size: 230KB - Virtual size: 229KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

6f:68:49:df:7b:ac:b6:3e:4e:a7:21:08:69:b5:71:77
Certificate

f3:80:b1:b9:e0:83:bc:13:0f:ca:90:eb:e1:26:f2:26:29:3f:6b:41
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 543KB - Virtual size: 542KB

.data
Size: 62KB - Virtual size: 14.4MB

.rsrc
Size: 673KB - Virtual size: 672KB

.reloc
Size: 230KB - Virtual size: 229KB