2024-03-27_6b8bf5e627b5f01b843382d88c1d82d8_mafia_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-27_6b8bf5e627b5f01b843382d88c1d82d8_mafia_magniber
Size

2.9MB
MD5

6b8bf5e627b5f01b843382d88c1d82d8
SHA1

6bdb6e754320c78cdc5dc733789817a41c068b79
SHA256

25e77021f6db2bde94c391874ba2ad8a8871cc492958fb2f6358b5b26677ea04
SHA512

fdcbac56071ed38183bd74f3af2fe82b612beb23e3ea2f3841010f05d6f27462ba2ba5c044bb2c17777da09c76bb4318e78659ab65297ce429b376eb2dded9d0
SSDEEP

49152:HM/bUQOmO/QXsEdCeFc5ewNw1EY4aBiT5zdmrVsJkwAI8Jp++PO/oPorm:HM7OoXdx2tNw1VWOwp8mkO/o/

Score

1^/10

Malware Config

Signatures

Files

2024-03-27_6b8bf5e627b5f01b843382d88c1d82d8_mafia_magniber
.exe windows:5 windows x86 arch:x86

24fad820a069c679184b32aa39ad9cc8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:d9:00:6d:6b:07:5e:81:fc:79:87:59:6b:6b:5e:56
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/11/2015, 00:00

Not After

18/01/2018, 12:00

Subject

CN=Blizzard Entertainment\, Inc.,O=Blizzard Entertainment\, Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b2:fe:6b:ec:1a:6d:b4:97:16:6f:f6:d8:71:e3:b6:72:66:f3:10:f4
Signer

Actual PE Digest

b2:fe:6b:ec:1a:6d:b4:97:16:6f:f6:d8:71:e3:b6:72:66:f3:10:f4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildServer\bna-2\work-git\bootstrapper-repository\src\Release\Bootstrapper.pdb

Imports

msimg32

AlphaBlend

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
IsProcessorFeaturePresent
HeapSize
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
ReadFile
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
SetStdHandle
CreateFileA
CreateFileW
SetEndOfFile
ReleaseSemaphore
GetSystemInfo
OpenEventA
ResetEvent
ResumeThread
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
FormatMessageA
SetFilePointerEx
FindClose
RemoveDirectoryW
DeleteFileW
DeviceIoControl
GetFullPathNameW
FindFirstFileW
FindNextFileW
TlsSetValue
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
GetFileTime
SetFileTime
SetFileAttributesW
GetDiskFreeSpaceExW
CreateDirectoryW
GetModuleHandleA
AreFileApisANSI
GetCommandLineW
WriteConsoleW
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
Sleep
DecodePointer
EncodePointer
WideCharToMultiByte
GetDriveTypeW
SetEnvironmentVariableA
GetTimeZoneInformation
GetFullPathNameA
CompareStringW
GetDateFormatA
GetTimeFormatA
FindFirstFileExA
GetDriveTypeA
ExitThread
GlobalFree
lstrlenW
CreateThread
GetVolumeInformationW
DeleteFileA
SuspendThread
GetTempPathA
SetFileValidData
GetVersion
FileTimeToLocalFileTime
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
SetUnhandledExceptionFilter
LCMapStringW
GetCPInfo
RtlUnwind
RaiseException
ExitProcess
GetModuleFileNameW
GetStdHandle
GetFileAttributesW
GetFileType
InterlockedDecrement
InterlockedIncrement
LockResource
SizeofResource
LoadResource
FindResourceW
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentThread
GetCurrentProcess
SetEvent
WaitForSingleObject
CreateEventA
CloseHandle
OpenProcess
LocalFree
LocalAlloc
GetLastError
GetVersionExW
GetSystemTimeAsFileTime
GetUserDefaultLangID
GetProcAddress
LoadLibraryW
GetTickCount
GetModuleHandleW
FreeLibrary
RtlCaptureContext
GetVersionExA
Module32NextW
SetThreadAffinityMask
OutputDebugStringA
GetShortPathNameW
GetStartupInfoW
MultiByteToWideChar
HeapSetInformation
QueryPerformanceFrequency
CreateToolhelp32Snapshot
GetProcessAffinityMask
GetThreadPriority
GetModuleFileNameA
SetNamedPipeHandleState
Module32FirstW
CreateEventW
Process32Next
OpenThread
GetLocalTime
GetDiskFreeSpaceW
MoveFileW
VirtualAlloc
GetFileSizeEx
DeleteFiber
IsBadStringPtrA
SetThreadPriority
Thread32Next
FileTimeToSystemTime
IsBadWritePtr
GetExitCodeProcess
SwitchToFiber
Thread32First
WaitNamedPipeW
GetCompressedFileSizeW
IsBadReadPtr
VirtualFree
GetComputerNameW
CreateFiberEx
Process32First
lstrcpynA
VirtualQuery
ConvertThreadToFiber
SleepEx
PeekNamedPipe
LoadLibraryA
ExpandEnvironmentStringsA
GetThreadContext
GetFileSize
CreateFiber

user32

GetSystemMetrics
ReleaseCapture
MessageBoxW
AdjustWindowRectEx
CreateWindowExW
SendMessageW
GetCursorPos
SetWindowPos
GetForegroundWindow
GetActiveWindow
GetWindowThreadProcessId
GetShellWindow
AllowSetForegroundWindow
SetWindowLongW
ReleaseDC
PeekMessageW
GetWindowLongW
InvalidateRect
LoadIconW
RegisterClassExW
TranslateMessage
BeginPaint
LoadCursorW
TrackMouseEvent
SetCapture
IsIconic
GetWindowDC
PostQuitMessage
GetWindowRect
SetWindowTextW
DefWindowProcW
DispatchMessageW
ShowWindow
DrawTextW
GetDC
EndPaint
DestroyWindow
UpdateLayeredWindow
SetTimer

gdi32

DeleteObject
GetObjectW
SetBkColor
CreateFontW
AddFontMemResourceEx
EnumFontFamiliesExW
SetLayout
GetLayout
SetTextColor
DeleteDC
SetBkMode
SelectObject
CreateCompatibleDC
SetMapMode
SetTextAlign
CreateDIBSection

advapi32

DuplicateToken
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetEntriesInAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
SetNamedSecurityInfoW
GetFileSecurityW
AllocateAndInitializeSid
AccessCheck
OpenThreadToken
RegSetValueExA
RegCreateKeyExA
ConvertSidToStringSidA
GetTokenInformation
OpenProcessToken
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
GetUserNameW
LookupPrivilegeValueW
DuplicateTokenEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
RegQueryValueExW
RegSetValueExW
MapGenericMask

shell32

ShellExecuteExW
SHGetFolderPathW
ShellExecuteExA
FindExecutableA
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CoTaskMemFree
CoCreateInstance

ws2_32

select
accept
listen
ioctlsocket
__WSAFDIsSet
getaddrinfo
gethostname
recvfrom
sendto
send
getpeername
connect
WSAGetLastError
htons
ntohs
getsockname
setsockopt
recv
bind
socket
WSASetLastError
getsockopt
closesocket
WSAStartup
WSACleanup
freeaddrinfo

wininet

InternetSetOptionW
InternetCrackUrlA
InternetReadFileExA
InternetSetStatusCallbackA
InternetConnectA
HttpQueryInfoA
InternetSetCookieW
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetSetOptionA
InternetCloseHandle

winhttp

WinHttpOpen
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle

oleaut32

VariantClear

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 590KB - Virtual size: 590KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 466KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24fad820a069c679184b32aa39ad9cc8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

07:d9:00:6d:6b:07:5e:81:fc:79:87:59:6b:6b:5e:56Certificate

Extended Key Usages

Key Usages

b2:fe:6b:ec:1a:6d:b4:97:16:6f:f6:d8:71:e3:b6:72:66:f3:10:f4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msimg32

rpcrt4

version

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

wininet

winhttp

oleaut32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 590KB - Virtual size: 590KB

.data Size: 140KB - Virtual size: 203KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 466KB - Virtual size: 466KB

.reloc Size: 118KB - Virtual size: 117KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

07:d9:00:6d:6b:07:5e:81:fc:79:87:59:6b:6b:5e:56
Certificate

b2:fe:6b:ec:1a:6d:b4:97:16:6f:f6:d8:71:e3:b6:72:66:f3:10:f4
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 590KB - Virtual size: 590KB

.data
Size: 140KB - Virtual size: 203KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 466KB - Virtual size: 466KB

.reloc
Size: 118KB - Virtual size: 117KB