2024-04-06_9f07c295a915211e9fcb31b373812638_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-06_9f07c295a915211e9fcb31b373812638_magniber
Size

7.2MB
MD5

9f07c295a915211e9fcb31b373812638
SHA1

1304b798b407e48ef53b932865583a4e6d43534e
SHA256

096e27b6c1a79a6bba5bc863baf1949373df9caa302416c592676f05e6946c8a
SHA512

c5ddf1556a9cb6079d6eb814f72f7639ea0fe7d33c74a9e42c58381816ef797d4edf3c3adf774d707aa78ce543c729e7fae72014b2d4698ba19f33a7b34c74de
SSDEEP

196608:buVt+wd8eMBOP34CYGJXreiPg8AoVQBWG:U+U8euIYSqiPgbB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-06_9f07c295a915211e9fcb31b373812638_magniber

Files

2024-04-06_9f07c295a915211e9fcb31b373812638_magniber
.exe windows:6 windows x86 arch:x86

20de211c4a5b7c9cac80ffcd683754cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

PDB Paths

B:\RunTimeBuild\CM_RELEASE_7_40\wibu\dev\lib\Release\winX86V1420\codemeter.pdb

Imports

ws2_32

WSASetLastError
sendto
recvfrom
ntohl
inet_ntoa
getsockname
recv
getsockopt
shutdown
WSASend
select
getpeername
htons
ioctlsocket
closesocket
bind
accept
__WSAFDIsSet
WSACloseEvent
WSAGetLastError
WSASendTo
WSASocketW
WSAStringToAddressW
setsockopt
send
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAAddressToStringW
WSARecv
listen
connect
WSAWaitForMultipleEvents
ntohs
WSAIoctl
socket
inet_pton
WSACleanup
WSAStartup
getnameinfo
freeaddrinfo
getaddrinfo
htonl
gethostname

secur32

GetUserNameExW

kernel32

TlsSetValue
TlsFree
VerifyVersionInfoA
GetDriveTypeW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
OutputDebugStringA
WTSGetActiveConsoleSessionId
GetEnvironmentVariableW
HeapAlloc
HeapFree
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
LoadLibraryExA
DeviceIoControl
GetSystemTimeAsFileTime
GetFileInformationByHandle
DuplicateHandle
SetErrorMode
GetFileSizeEx
GetDiskFreeSpaceW
GetFileAttributesW
GetFileSize
GetVolumeInformationW
GetLogicalDriveStringsW
QueryDosDeviceW
GetLogicalDriveStringsA
SetFilePointerEx
FindFirstFileA
TlsGetValue
OpenSemaphoreA
CreateSemaphoreA
FlushFileBuffers
VerifyVersionInfoW
FormatMessageA
GlobalFree
WaitForMultipleObjects
GetTickCount
GetCurrentProcess
SetLastError
VerSetConditionMask
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
MoveFileA
CopyFileA
SetFileTime
SetFileAttributesA
DeleteFileA
CreateFileA
CreateDirectoryA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleA
SetWaitableTimer
GetExitCodeThread
TerminateThread
TlsAlloc
VirtualAlloc
QueueUserAPC
ExitThread
GetCurrentThreadId
GetCurrentThread
Sleep
GetFullPathNameA
GetFileAttributesA
ReleaseSemaphore
GetCurrentDirectoryA
SetCurrentDirectoryA
ExpandEnvironmentStringsA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
PulseEvent
OpenEventA
CreateWaitableTimerA
GetComputerNameA
InitializeCriticalSectionAndSpinCount
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
ExitProcess
lstrcmpiA
SetFileAttributesW
DeleteFileW
CreateFileW
LocalFree
LocalAlloc
SetEvent
GetDriveTypeA
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
IsWow64Process
GetFileTime
GetEnvironmentVariableA
GetConsoleScreenBufferInfo
FlushConsoleInputBuffer
SetConsoleCtrlHandler
ReadConsoleInputA
GetNumberOfConsoleInputEvents
SetConsoleMode
GetConsoleMode
GetStdHandle
GetProcAddress
FreeLibrary
OpenProcess
GetSystemDirectoryA
CreateProcessA
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
WaitForSingleObject
GetLastError
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultUILanguage
LoadLibraryA
GetModuleFileNameA
AreFileApisANSI
VirtualFree
VirtualLock
VirtualUnlock
MoveFileExA
FindFirstFileW
GetFileAttributesExW
RemoveDirectoryW
CreateDirectoryW
GetStringTypeW
WaitForSingleObjectEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
QueryPerformanceCounter
QueryPerformanceFrequency
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
IsProcessorFeaturePresent
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
LoadLibraryExW
CreateThread
FreeLibraryAndExitThread
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetModuleFileNameW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
ReadConsoleW
HeapReAlloc
HeapSize
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetComputerNameExA
CopyFileW
ReplaceFileA
GetWindowsDirectoryA
FileTimeToLocalFileTime
IsBadReadPtr
CancelIo
CreateEventA
FormatMessageW
GetStartupInfoA
SleepEx
FindNextFileA

shell32

SHGetPathFromIDListA
SHGetFolderLocation
SHGetFolderPathA
SHGetPathFromIDListW
SHGetSpecialFolderLocation

advapi32

CloseEventLog
OpenEventLogA
ReadEventLogA
ConvertSidToStringSidA
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
GetSecurityDescriptorDacl
LookupPrivilegeNameA
ChangeServiceConfig2A
ControlService
CreateServiceA
DeleteService
EnumDependentServicesA
QueryServiceStatusEx
QueryServiceObjectSecurity
QueryServiceStatus
SetServiceObjectSecurity
StartServiceA
SetEntriesInAclA
RegisterServiceCtrlHandlerExA
SetServiceStatus
StartServiceCtrlDispatcherA
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegConnectRegistryA
RegFlushKey
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
OpenServiceA
OpenSCManagerA
CloseServiceHandle
QueryServiceConfigA
SystemFunction036
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
LookupPrivilegeValueA
ImpersonateSelf
AdjustTokenPrivileges
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
FreeSid
AllocateAndInitializeSid
OpenThreadToken
LookupAccountSidA
EqualSid
GetTokenInformation
OpenProcessToken
CryptImportKey
CryptEncrypt
RegDeleteKeyA

iphlpapi

GetIpAddrTable
GetAdaptersAddresses

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen

wtsapi32

WTSWaitSystemEvent

activeds

ord6
ord9
ord13
ord3

netapi32

DsGetDcNameW
NetUserGetLocalGroups
NetUserGetGroups
NetUserEnum
NetGroupEnum
NetApiBufferFree
DsEnumerateDomainTrustsA

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptUnprotectMemory
CryptProtectMemory
CertFreeCertificateChain

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
CM_Get_Child
SetupDiEnumDeviceInterfaces
CMP_WaitNoPendingInstallEvents
CM_Get_Device_IDA
CM_Get_Device_ID_Size
CM_Get_DevNode_Registry_PropertyA
CM_Get_Parent
CM_Get_Sibling
SetupDiOpenDeviceInfoA

psapi

GetModuleFileNameExA

Sections

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 771KB - Virtual size: 771KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 234KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 856KB - Virtual size: 860KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

20de211c4a5b7c9cac80ffcd683754cc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

secur32

kernel32

shell32

advapi32

iphlpapi

winhttp

wtsapi32

activeds

netapi32

crypt32

version

setupapi

psapi

Sections

.text Size: 5.1MB - Virtual size: 5.1MB

.rdata Size: 771KB - Virtual size: 771KB

.data Size: 234KB - Virtual size: 405KB

.rsrc Size: 210KB - Virtual size: 209KB

.reloc Size: 856KB - Virtual size: 860KB

.text
Size: 5.1MB - Virtual size: 5.1MB

.rdata
Size: 771KB - Virtual size: 771KB

.data
Size: 234KB - Virtual size: 405KB

.rsrc
Size: 210KB - Virtual size: 209KB

.reloc
Size: 856KB - Virtual size: 860KB