2024-03-19_7c51eec42ad591602f63772379112c1a_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-19_7c51eec42ad591602f63772379112c1a_magniber
Size

1.1MB
MD5

7c51eec42ad591602f63772379112c1a
SHA1

f7742f6a04c0d38b1878cd212705341c9032ea72
SHA256

b0d3bbfdbb3d619f99854cdb54f56c5392e9c8685122847648eb5abcdfdaf136
SHA512

3d0913bec7b4378579046248ddcd5175ae88136d9dd987be7204734efd53cc6363f04de7ed6a3025da8a1036459fe7cd2804e58233a4b84b89f705d2b5bd20cd
SSDEEP

24576:psPO/+XV+gggg80bzqOOsfW7BaS1yQlEQP4e4AlOIBjm:2X0gggg8RofWFaB7Qge4EBjm

Score

1^/10

Malware Config

Signatures

Files

2024-03-19_7c51eec42ad591602f63772379112c1a_magniber
.exe windows:6 windows x86 arch:x86

189598c97f6ac87c77f23b0f9f7dc3ad

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06/03/2020, 00:00

Not After

15/03/2023, 12:00

Subject

CN=AVG Technologies USA\, LLC,OU=RE stapler cistodc,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:bc:07:d6:7d:df:ac:27:6f:6f:b8:63:1a:e3:55:c5:cd:75:b9:f3:c4:6a:5e:89:18:ca:87:b3:e9:4c:a9:44
Signer

Actual PE Digest

b5:bc:07:d6:7d:df:ac:27:6f:6f:b8:63:1a:e3:55:c5:cd:75:b9:f3:c4:6a:5e:89:18:ca:87:b3:e9:4c:a9:44

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

D:\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb

Imports

ntdll

RtlUnwind
RtlNtStatusToDosError

kernel32

GetDiskFreeSpaceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeviceIoControl
FindClose
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
FindFirstVolumeW
QueryDosDeviceW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
GlobalMemoryStatusEx
GetSystemTimes
QueryPerformanceCounter
SetFilePointerEx
GetEnvironmentVariableW
GetTickCount64
RaiseException
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
SetEndOfFile
SetFilePointer
GetFileAttributesExW
GetFileSizeEx
MoveFileExW
SetFileInformationByHandle
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
CreateDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
K32GetProcessImageFileNameW
K32GetMappedFileNameW
WaitForSingleObject
SetEvent
CreateEventW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetConsoleMode
GetConsoleOutputCP
GetStdHandle
FreeLibrary
GetModuleHandleExW
GetFileType
SetStdHandle
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
InterlockedPushEntrySList
OutputDebugStringW
LoadLibraryExA
GetProcessHeap
HeapAlloc
HeapFree
LocalFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSetInformation
IsProcessorFeaturePresent
ExitProcess
lstrcpyW
SetDllDirectoryW
GlobalFree
GetTimeZoneInformation
GetSystemInfo
GetProcAddress
WaitForMultipleObjects
GetExitCodeProcess
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FormatMessageA
WaitForSingleObjectEx
GetExitCodeThread
EncodePointer
DecodePointer
LCMapStringEx
ReadConsoleW
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
TerminateThread
CreateThread
GlobalAlloc
GlobalLock
GlobalUnlock
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
CreateProcessW
GetPriorityClass
GetProcessTimes
K32GetProcessMemoryInfo
CreateSemaphoreW
ReleaseSemaphore
GetVersionExW
GetModuleFileNameW
LoadLibraryExW
VirtualAlloc
VirtualFree
VirtualProtect
HeapDestroy
HeapReAlloc
TlsFree
LockFileEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetVersion
HeapSize
FindResourceExW
UnlockFileEx
WriteConsoleW
VirtualQuery
GetModuleHandleW
FileTimeToSystemTime
OutputDebugStringA
GetFullPathNameW
ReadFile
GetFileInformationByHandle
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
FlushFileBuffers
GetLastError
WriteFile
CreateFileW
SetLastError
Sleep
DeleteCriticalSection
InitializeCriticalSection
CompareStringW
GetUserDefaultUILanguage
FindFirstFileExW
GetCommandLineW
GetCurrentProcess
InitializeCriticalSectionEx
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
FreeEnvironmentStringsW
SetEnvironmentVariableW
LoadLibraryW

user32

SetTimer
MoveWindow
LoadCursorW
DrawTextW
KillTimer
RegisterWindowMessageW
UpdateWindow
InvalidateRect
BeginPaint
EndPaint
LoadIconW
DispatchMessageW
TranslateMessage
GetMessageW
ReleaseDC
GetDC
DestroyIcon
PostQuitMessage
DestroyWindow
SetFocus
SetWindowPos
SendMessageW
CreateWindowExW
LoadImageW
SystemParametersInfoW
DefWindowProcW
GetWindowLongW
SetWindowLongW
CharLowerW
MessageBoxW
GetSystemMetrics
GetClassInfoExW
RegisterClassExW
PostMessageW
UnregisterClassW
SetWindowTextW
ShowWindow
IsDialogMessageW
IsWindow

advapi32

GetTokenInformation
IsValidSid
GetSidSubAuthority
GetSidSubAuthorityCount
RegQueryValueExW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DuplicateTokenEx
CreateProcessAsUserW
LookupAccountSidW
OpenProcessToken
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegCloseKey

shell32

SHGetFolderPathW

comctl32

ord17

gdiplus

GdiplusShutdown
GdipImageGetFrameDimensionsCount
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipCreateFromHDC
GdipImageGetFrameCount
GdipDeleteGraphics
GdipGetPropertyItemSize
GdipLoadImageFromStream
GdipGetImageHeight
GdipGetImageWidth
GdiplusStartup
GdipFree
GdipCloneImage
GdipDisposeImage
GdipDrawImageRectI
GdipAlloc
GdipGetPropertyItem

gdi32

DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
SetTextColor
SetBkMode
GetTextExtentPoint32W
SelectObject
CreateFontIndirectW

ole32

CreateStreamOnHGlobal
CoCreateInstance

Exports

Exports

asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
on_avast_dll_unload
onexit_register_connector_avast_2

Sections

.text
Size: 790KB - Virtual size: 790KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

189598c97f6ac87c77f23b0f9f7dc3ad

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

b5:bc:07:d6:7d:df:ac:27:6f:6f:b8:63:1a:e3:55:c5:cd:75:b9:f3:c4:6a:5e:89:18:ca:87:b3:e9:4c:a9:44Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

user32

advapi32

shell32

comctl32

gdiplus

gdi32

ole32

Exports

Exports

Sections

.text Size: 790KB - Virtual size: 790KB

.rdata Size: 182KB - Virtual size: 181KB

.data Size: 37KB - Virtual size: 46KB

.didat Size: 512B - Virtual size: 92B

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 42KB - Virtual size: 41KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

b5:bc:07:d6:7d:df:ac:27:6f:6f:b8:63:1a:e3:55:c5:cd:75:b9:f3:c4:6a:5e:89:18:ca:87:b3:e9:4c:a9:44
Signer

.text
Size: 790KB - Virtual size: 790KB

.rdata
Size: 182KB - Virtual size: 181KB

.data
Size: 37KB - Virtual size: 46KB

.didat
Size: 512B - Virtual size: 92B

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 42KB - Virtual size: 41KB