2024-04-05_dbf02f65228be1acd23cf2b79e71da48_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-05_dbf02f65228be1acd23cf2b79e71da48_magniber
Size

1.3MB
MD5

dbf02f65228be1acd23cf2b79e71da48
SHA1

fe98dfb628f33bcf2405e7b4050ee836107fc4c5
SHA256

9d518536c8ea3f641d2bc340549f808a75176f0e212a18d1dcb79b5a21dc1015
SHA512

3c45f403dc2f7a85b08cc1ef8a7373362124c565d6ddf197790c4a50d3d2cbf1fcc80a5c95476370ff222e908d187456494094eae0e45481f5fd0744d0b8d95f
SSDEEP

24576:DLAruk4gr1S6yK4QjIrMjcnwpps/QgLJ5RYrXUfUSVNTVNLVNlpzTw/:DFQg6T4XMYnwPs/x2AzTw/

Score

1^/10

Malware Config

Signatures

Files

2024-04-05_dbf02f65228be1acd23cf2b79e71da48_magniber
.exe windows:6 windows x86 arch:x86

85464f19fd8b9b612035a96b7867ee05

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:08:dc:27:77:a9:e7:36:f4:a1:c0:7b:a8:59:7d:94
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/04/2023, 00:00

Not After

13/07/2024, 23:59

Subject

CN=Shanghai YouXin Media Studio,O=Shanghai YouXin Media Studio,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:3c:fb:43:d3:0f:af:47:a1:c2:10:ba:88:8a:7e:bd:00:c5:6f:9f:cb:bd:ff:c9:c8:c7:46:33:78:ca:33:0e
Signer

Actual PE Digest

58:3c:fb:43:d3:0f:af:47:a1:c2:10:ba:88:8a:7e:bd:00:c5:6f:9f:cb:bd:ff:c9:c8:c7:46:33:78:ca:33:0e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\RNGImage\OutPutFile\Release\uninst.pdb

Imports

kernel32

MoveFileExW
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
GetTempPathW
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
FreeLibraryAndExitThread
Sleep
GetEnvironmentVariableW
RemoveDirectoryW
TerminateProcess
SizeofResource
lstrcmpW
CopyFileW
FindResourceW
CreateProcessW
DeleteCriticalSection
ReleaseMutex
CreateMutexW
InitializeCriticalSection
GetCommandLineW
CreateThread
LoadResource
GetFileSize
WTSGetActiveConsoleSessionId
LocalFree
GetLocalTime
GetSystemInfo
CloseHandle
Process32FirstW
QueueUserWorkItem
InitOnceComplete
InitOnceBeginInitialize
TryEnterCriticalSection
Process32NextW
ProcessIdToSessionId
CreateToolhelp32Snapshot
GetCommandLineA
OpenProcess
GetModuleHandleA
GetVersionExW
CreateFileW
WaitForSingleObject
FindClose
SetFilePointer
WriteFile
GetCurrentProcess
FindNextFileW
FindFirstFileW
ReadFile
CreateDirectoryW
GetTickCount
lstrcpyW
WideCharToMultiByte
GetModuleHandleW
GetProcAddress
DeleteFileW
lstrcatW
GetLastError
GetNativeSystemInfo
FreeLibrary
MultiByteToWideChar
SetFileAttributesW
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
ChangeTimerQueueTimer
GetModuleFileNameW
WriteConsoleW
SetEndOfFile
FlushFileBuffers
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetStringTypeW
GetCPInfo
GetCurrentDirectoryW
LoadLibraryW
GetACP
ExitProcess
FreeResource
LockResource
MulDiv
GetFileType
SetFileTime
DuplicateHandle
DosDateTimeToFileTime
SystemTimeToFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
SetEvent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceFrequency
GetThreadTimes
GetCurrentThread
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
HeapAlloc
HeapFree
HeapReAlloc
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileSizeEx
GetConsoleCP
FindFirstFileExW

user32

SetPropW
GetPropW
GetClientRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadCursorW
LoadImageW
MonitorFromWindow
GetMonitorInfoW
DestroyWindow
UpdateLayeredWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetCursorPos
ScreenToClient
MapWindowPoints
IsRectEmpty
PtInRect
wvsprintfW
SetCursor
OffsetRect
IsIconic
IsZoomed
SetWindowRgn
MessageBoxW
MoveWindow
EnableWindow
ClientToScreen
CharNextW
IntersectRect
CharPrevW
DrawTextW
FillRect
SetRect
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetSysColor
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
SendMessageW
ReleaseDC
SetFocus
CreateWindowExW
LoadStringW
FindWindowW
SetWindowPos
SetForegroundWindow
PostMessageW
FindWindowExW
ShowWindow
AnimateWindow
PostQuitMessage
GetWindowRect
InflateRect
GetDC
GetClassInfoExW
RegisterClassExW
GetSystemMetrics
IsWindow
RegisterClassW
CallWindowProcW
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowRgn

gdi32

GetDeviceCaps
SetStretchBltMode
StretchBlt
ExtTextOutW
SetTextColor
MoveToEx
TextOutW
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
RoundRect
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
CreateDIBSection
GetTextMetricsW
SaveDC
RestoreDC
DeleteDC
CreateFontIndirectW
CreateCompatibleDC
GetObjectA
BitBlt
SelectObject
GetStockObject
CreatePen
Rectangle
DeleteObject
CreateCompatibleBitmap

advapi32

RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
GetTokenInformation
OpenProcessToken
ConvertSidToStringSidA
RegOpenKeyW
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA

shell32

ShellExecuteExW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetPathFromIDListW
ShellExecuteW

ole32

CoTaskMemFree
CoUninitialize
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoInitialize
CoCreateInstance

shlwapi

SHDeleteKeyW
PathFileExistsW
StrCmpIW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
EnumProcessModules

iphlpapi

GetAdaptersInfo
SendARP

ws2_32

inet_addr

wtsapi32

WTSEnumerateSessionsA
WTSQuerySessionInformationW
WTSFreeMemory

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpWriteData
WinHttpSendRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpReceiveResponse

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeleteFont
GdipDeleteBrush
GdipCloneBrush
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdipSetStringFormatLineAlign

Sections

.text
Size: 569KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 504KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85464f19fd8b9b612035a96b7867ee05

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:08:dc:27:77:a9:e7:36:f4:a1:c0:7b:a8:59:7d:94Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

58:3c:fb:43:d3:0f:af:47:a1:c2:10:ba:88:8a:7e:bd:00:c5:6f:9f:cb:bd:ff:c9:c8:c7:46:33:78:ca:33:0eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

version

psapi

iphlpapi

ws2_32

wtsapi32

winhttp

oleaut32

comctl32

gdiplus

Sections

.text Size: 569KB - Virtual size: 568KB

.rdata Size: 155KB - Virtual size: 154KB

.data Size: 19KB - Virtual size: 29KB

.rsrc Size: 504KB - Virtual size: 503KB

.reloc Size: 40KB - Virtual size: 39KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:08:dc:27:77:a9:e7:36:f4:a1:c0:7b:a8:59:7d:94
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

58:3c:fb:43:d3:0f:af:47:a1:c2:10:ba:88:8a:7e:bd:00:c5:6f:9f:cb:bd:ff:c9:c8:c7:46:33:78:ca:33:0e
Signer

.text
Size: 569KB - Virtual size: 568KB

.rdata
Size: 155KB - Virtual size: 154KB

.data
Size: 19KB - Virtual size: 29KB

.rsrc
Size: 504KB - Virtual size: 503KB

.reloc
Size: 40KB - Virtual size: 39KB