2024-04-05_0a6a79de4e00aa3049369c17761d0f68_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-05_0a6a79de4e00aa3049369c17761d0f68_magniber_revil
Size

15.0MB
MD5

0a6a79de4e00aa3049369c17761d0f68
SHA1

3dcaa7af1abbe7fe4fc2b8a7a85d19313a29727a
SHA256

1994c92f975eee6dc1b132056cdcd6a6daa488d4aac61db25fc602e23d9e7a62
SHA512

3e364e142d4dd7ea72e62f6ee391d38fe804ed8ad3c02d6a39dfca84c03e24420dc471bb1fe759a8321aa66eb1f227dffc839461e1317173d93d6a85efbc8f73
SSDEEP

196608:hZzrENt07+s5HLyudJiDbJ6ZBDVOPWbN3d9y+FrMD+cpvJ/4H3nmghWoa/fsysMN:hZVzfvzZBDVKWbNNjZMFgXnU7sEl/y

Score

10^/10

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-05_0a6a79de4e00aa3049369c17761d0f68_magniber_revil

Files

2024-04-05_0a6a79de4e00aa3049369c17761d0f68_magniber_revil
.exe windows:5 windows x86 arch:x86

a8fc55ea5e08ff92795c4c3bea84a1bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord145
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord46
ord219

kernel32

GetEnvironmentVariableA
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
SetLastError
FormatMessageW
VerSetConditionMask
VerifyVersionInfoW
CompareFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
CreateFileW
FindResourceW
WriteFile
SizeofResource
LoadResource
MoveFileExW
GetModuleHandleW
SleepEx
GetTickCount
WaitForSingleObject
SetEvent
ExitProcess
CreateDirectoryW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentProcessId
GetSystemDirectoryW
Sleep
FindNextFileW
DeleteFileW
SetFileAttributesW
FindClose
WideCharToMultiByte
MultiByteToWideChar
CreateProcessW
GetModuleFileNameW
LoadLibraryW
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetProcAddress
FreeLibrary
DecodePointer
GetOEMCP
GetStringTypeW
EncodePointer
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
FlushConsoleInputBuffer
OutputDebugStringA
GetCurrentThreadId
GetModuleHandleA
GlobalMemoryStatus
LoadLibraryA
GetSystemTime
SystemTimeToFileTime
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GetCurrentDirectoryW
FreeResource
LockResource
GetACP
GetFileSize
MulDiv
DuplicateHandle
SetFilePointer
DosDateTimeToFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocalTime
LocalFree
GetFileAttributesExW
SetEndOfFile
SetEnvironmentVariableA
GetVersionExA
ReleaseMutex
CreateMutexW
RtlUnwind
LoadLibraryExW
InterlockedPushEntrySList
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
SetConsoleCtrlHandler
GetConsoleMode
IsValidCodePage
ReadConsoleInputA
SetConsoleMode
WriteConsoleW
ReadConsoleW
GetConsoleCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetTimeZoneInformation
GetFullPathNameW
SetStdHandle
FindFirstFileExW

user32

SetWindowLongW
CreateCaret
SetCaretPos
KillTimer
SetTimer
GetCaretBlinkTime
GetFocus
IntersectRect
GetWindow
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
IsIconic
UnionRect
GetWindowRect
UpdateLayeredWindow
InvalidateRect
CreateWindowExW
IsWindowVisible
ScreenToClient
GetCursorPos
GetMessageW
TranslateMessage
DispatchMessageW
IsWindow
SetCapture
ReleaseCapture
PostMessageW
PtInRect
GetParent
OffsetRect
SetCursor
LoadCursorW
DefWindowProcW
GetWindowLongW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetSystemMetrics
RegisterClassW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetPropW
GetPropW
IsZoomed
MonitorFromPoint
SetWindowRgn
MessageBoxW
MoveWindow
GetWindowRgn
CharNextW
DrawTextW
FillRect
SetRect
CharPrevW
ShowCaret
HideCaret
ClientToScreen
GetSysColor
GetCaretPos
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
MapWindowPoints
InvalidateRgn
CreateAcceleratorTableW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
SetWindowPos
GetClientRect
DestroyWindow
GetKeyState
ReleaseDC
EnableWindow
FindWindowW
SetForegroundWindow
SetActiveWindow
SetFocus
ShowWindow
PostQuitMessage
SendMessageW
wsprintfW
GetDC

shell32

SHGetSpecialFolderPathW
SHChangeNotify

ole32

CLSIDFromProgID
OleLockRunning
CLSIDFromString
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal

shlwapi

wnsprintfW

crypt32

CertGetIntendedKeyUsage
CertOpenSystemStoreW
CertOpenStore
CertGetEnhancedKeyUsage
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore

comctl32

ord17
_TrackMouseEvent

ws2_32

send
recv
closesocket
WSAGetLastError
bind
shutdown
ntohl
inet_addr
connect
getpeername
getsockname
getsockopt
getservbyname
gethostname
sendto
recvfrom
htons
ntohs
setsockopt
socket
WSAIoctl
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
gethostbyname
htonl
accept
WSACleanup
WSAStartup
WSASetLastError

gdi32

SetBkColor
CreateCompatibleBitmap
GetTextExtentPoint32W
TextOutW
GetTextMetricsW
BitBlt
RestoreDC
SaveDC
SelectObject
CreateCompatibleDC
SetTextColor
SetBkMode
StretchBlt
SetStretchBltMode
CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
PtInRegion
CreateRectRgn
CreateDIBSection
CreateRoundRectRgn
DeleteDC
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
GetObjectA
GetDeviceCaps
DeleteObject
CreateSolidBrush
GetCharABCWidthsW

advapi32

CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptEnumProvidersA

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdiplus

GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipMeasureString
GdipDrawString
GdipFillRectangleI
GdipCreatePen1
GdipDeletePen
GdipSetStringFormatTrimming
GdipDrawLineI
GdipSetPenMode
GdipDrawRectangleI
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipDrawPath
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipCloneImage
GdipDrawImageRectI
GdipImageSelectActiveFrame
GdipLoadImageFromStream
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusStartup
GdipSetPenDashStyle

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12.0MB - Virtual size: 12.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8fc55ea5e08ff92795c4c3bea84a1bd

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

kernel32

user32

shell32

ole32

shlwapi

crypt32

comctl32

ws2_32

gdi32

advapi32

oleaut32

gdiplus

imm32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 568KB - Virtual size: 567KB

.data Size: 52KB - Virtual size: 73KB

.gfids Size: 1024B - Virtual size: 592B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 12.0MB - Virtual size: 12.0MB

.reloc Size: 106KB - Virtual size: 105KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 568KB - Virtual size: 567KB

.data
Size: 52KB - Virtual size: 73KB

.gfids
Size: 1024B - Virtual size: 592B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 12.0MB - Virtual size: 12.0MB

.reloc
Size: 106KB - Virtual size: 105KB