2024-03-27_bf6ecc6c9a37a7a0b06085dcf7c5f890_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-27_bf6ecc6c9a37a7a0b06085dcf7c5f890_magniber
Size

4.6MB
MD5

bf6ecc6c9a37a7a0b06085dcf7c5f890
SHA1

7931b371c636c0f2cabd7d7ee671fb24f9dd66fe
SHA256

f2b75189bedd93724aab5d8b751e93bc2df56871e57db42a4109929460ad288d
SHA512

6bb7cd28ec6feab7060ff64c8b02f60c0846a43b2dd7a634ae90b327a13b354ce7b7a306f11be7aeff9ae3c044764763636153952910b2a36b48ecfd0050e7cc
SSDEEP

98304:3TQZBcyqd7v0w5ydadR4gd9AeHao7Nr4rQ:t0Dq4a63

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-27_bf6ecc6c9a37a7a0b06085dcf7c5f890_magniber

Files

2024-03-27_bf6ecc6c9a37a7a0b06085dcf7c5f890_magniber
.exe windows:6 windows x86 arch:x86

160e701108939fccf856c272491e804c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\suoha\onekeyfun\onekeyfun\Release\uninstall.pdb

Imports

kernel32

SwitchToThread
IsBadReadPtr
GetVersionExA
GetLocalTime
GetVersionExW
MulDiv
FreeResource
GetFullPathNameW
FindFirstFileW
FindClose
FlushInstructionCache
GetCurrentProcess
InitializeCriticalSection
HeapCreate
SystemTimeToFileTime
GetSystemTime
GlobalMemoryStatus
LoadLibraryA
GetCurrentProcessId
GetModuleHandleA
GetCurrentThreadId
WriteFile
FlushConsoleInputBuffer
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
FindNextFileA
FindFirstFileA
WriteConsoleW
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
ExpandEnvironmentStringsA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
PeekConsoleInputA
ReadConsoleInputW
GetNumberOfConsoleInputEvents
SetConsoleMode
SetEndOfFile
SetFileAttributesW
FlushFileBuffers
GetFileSizeEx
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCurrentDirectoryW
GetCurrentThread
ReadConsoleW
GetConsoleMode
ExitProcess
GetConsoleCP
SetConsoleCtrlHandler
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
CreateFileW
GetFileAttributesExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GlobalLock
GlobalUnlock
GlobalAlloc
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
GetTickCount
QueryPerformanceCounter
VerifyVersionInfoW
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
QueryPerformanceFrequency
VerSetConditionMask
SleepEx
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
SetLastError
DeleteFileW
Sleep
SetCurrentDirectoryW
LocalFree
GetCommandLineW
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
GetTempFileNameW
CopyFileW
GetTempPathW
GetDriveTypeW
GetSystemDirectoryW
GetFileAttributesW
GetModuleFileNameW
GetDiskFreeSpaceW
GetLogicalDrives
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
RaiseException
GetNativeSystemInfo
CloseHandle
HeapReAlloc
Process32FirstW
LockResource
Process32NextW
GetLastError
lstrlenA
CreateToolhelp32Snapshot
HeapSize
OpenProcess
InitializeCriticalSectionEx
TerminateProcess
FormatMessageW
HeapFree
GetCommandLineA
SizeofResource

user32

ShowWindow
PostMessageW
GetProcessWindowStation
MessageBoxW
MessageBoxA
GetDC
ReleaseDC
DefWindowProcW
CallWindowProcW
RegisterClassExW
CreateWindowExW
SetWindowPos
SendMessageW
GetClientRect
GetWindowRect
MapWindowPoints
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadCursorW
MonitorFromWindow
GetMonitorInfoW
TrackMouseEvent
GetForegroundWindow
UnregisterClassW
GetActiveWindow
PostQuitMessage
DestroyWindow
GetDlgItem
wsprintfW
GetUserObjectInformationW
IsWindow
GetDesktopWindow
SetActiveWindow
DrawIconEx
InvertRect
FillRect
AnimateWindow
SetLayeredWindowAttributes
IsIconic
IsZoomed
SetFocus
GetCapture
SetCapture
ReleaseCapture
SetTimer
KillTimer
UpdateWindow
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
GetCursorPos
CreateCaret
GetCaretBlinkTime
HideCaret
SetCaretPos
ScreenToClient
CopyRect
InflateRect
IntersectRect
UnionRect
IsRectEmpty
GetClassNameW
DestroyIcon
OffsetRect
PtInRect
SetCursor
SetRect
EqualRect
GetFocus
GetKeyState
DestroyCursor
LoadBitmapW
CreateIconFromResource
LoadImageW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
CharNextW
EnableWindow
MsgWaitForMultipleObjects
SetMenuContextHelpId
SetForegroundWindow
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
DeleteMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
CheckMenuItem
DestroyMenu
CreatePopupMenu
IsWindowEnabled
IsMenu
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
IsWindowVisible
GetWindowPlacement
LoadIconW
GetSystemMetrics
GetSysColor
EnableMenuItem
ClientToScreen
GetIconInfo

gdi32

SetViewportOrgEx
GetDCOrgEx
SetBkMode
Rectangle
GetStockObject
GetClipBox
CreateSolidBrush
CreateFontIndirectW
SetGraphicsMode
CreateBitmap
CreateRoundRectRgn
EnumFontsW
GetObjectW
StretchBlt
SelectObject
Polyline
CreateCompatibleDC
BitBlt
GetObjectA
GetDIBits
GetDeviceCaps
DeleteObject
CreateCompatibleBitmap
GetViewportOrgEx
GetCurrentObject
DeleteDC
ExtCreatePen
Arc
CombineRgn
CreateEllipticRgnIndirect
CreatePen
CreatePatternBrush
CreateRectRgn
CreateRectRgnIndirect
Ellipse
ExcludeClipRect
GetClipRgn
GetRgnBox
GetTextColor
GetTextExtentPoint32W
IntersectClipRect
OffsetRgn
Pie
PtInRegion
RectInRegion
RestoreDC
RoundRect
SaveDC
ExtSelectClipRgn
SetRectRgn
SetROP2
SetTextColor
GetWorldTransform
SetWorldTransform
CreateDIBSection

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
ord165
SHFileOperationW
CommandLineToArgvW
SHBrowseForFolderW
ShellExecuteW

ole32

CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
CreateBindCtx
CoCreateInstance
CoInitialize
OleLockRunning
OleUninitialize

oleaut32

SetErrorInfo
VariantChangeType
CreateErrorInfo
SysAllocString
SysFreeString
VariantInit
GetErrorInfo
VariantClear

shlwapi

PathRemoveFileSpecW
StrToIntExW
SHDeleteKeyW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext

gdiplus

GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipBitmapLockBits
GdipGetImageEncoders
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipGetImageEncodersSize
GdipGraphicsClear
GdipDrawImageRectI

msimg32

GradientFill
AlphaBlend

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty
CertFreeCertificateContext

ws2_32

freeaddrinfo
getaddrinfo
listen
htonl
recvfrom
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
socket
WSAGetLastError
send
closesocket
sendto
gethostbyname
ntohl
shutdown
ioctlsocket
gethostname
getservbyname
accept

wldap32

ord142
ord167
ord127
ord27
ord26
ord117
ord79
ord208
ord216
ord14
ord46
ord219
ord145
ord133
ord147
ord301
ord41

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 676KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 70KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 381KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tvm0
Size: 581KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

160e701108939fccf856c272491e804c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

imm32

gdiplus

msimg32

crypt32

ws2_32

wldap32

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 676KB - Virtual size: 676KB

.data Size: 70KB - Virtual size: 151KB

.rsrc Size: 381KB - Virtual size: 380KB

.tvm0 Size: 581KB - Virtual size: 584KB

.reloc Size: 216KB - Virtual size: 216KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 676KB - Virtual size: 676KB

.data
Size: 70KB - Virtual size: 151KB

.rsrc
Size: 381KB - Virtual size: 380KB

.tvm0
Size: 581KB - Virtual size: 584KB

.reloc
Size: 216KB - Virtual size: 216KB