2024-04-09_0aeb4b3f1fad8f758ed6eaa7d3f33e14_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-09_0aeb4b3f1fad8f758ed6eaa7d3f33e14_magniber_revil
Size

6.4MB
MD5

0aeb4b3f1fad8f758ed6eaa7d3f33e14
SHA1

587dc992f9b8c66d8467b9656693d3f7330b6f00
SHA256

3aeda5e61d755fdd1457670a03b69b87534034c96a6322ce11c1bc8315ca79e0
SHA512

dc76e51961f6efcef4d9087deeb3fc76778bd46aacc0848f0b99cb9985e6945c616b0506571201be10109558b9b2ab1b158a1c6a83a971daaefb8109004dff0f
SSDEEP

98304:9OEwwacJLDw44Cki5Z6dmxFsslSUHbx6PBQQ4ZcIzZXurJc:9WoJLDA4VxFJ16Pn4fzRurJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-09_0aeb4b3f1fad8f758ed6eaa7d3f33e14_magniber_revil

Files

2024-04-09_0aeb4b3f1fad8f758ed6eaa7d3f33e14_magniber_revil
.exe windows:6 windows x86 arch:x86

76cfdb39d392d0a336a80acf1ae3785f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Admin\Documents\Visual Studio 2017\Projects\Koinonein\Build x86\Koinonein BitTorrent Client.pdb

Imports

iphlpapi

NotifyAddrChange
CancelIPChangeNotify
GetAdaptersAddresses

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

wsock32

recv
send
WSASetLastError
htonl
ntohl
htons
WSAStartup
WSACleanup
WSAGetLastError
ntohs
__WSAFDIsSet
accept
bind
closesocket
getpeername
inet_ntoa
getsockname
getsockopt
listen
select
setsockopt
ord1141
ord1142
socket
connect

winmm

PlaySoundW

dbghelp

SymGetLineFromAddr64
UnDecorateSymbolName
StackWalk64
SymFunctionTableAccess64
SymGetModuleBase64
SymFromAddr
SymInitialize
SymRefreshModuleList

advapi32

CryptGetUserKey
RegCreateKeyExW
RegSetValueExW
CryptGenRandom
RegCloseKey
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegGetValueW
RegDeleteValueW
DeregisterEventSource
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
RegOpenKeyExW
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW

ole32

OleInitialize
OleRun
CoTaskMemFree
OleUninitialize
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
PropVariantClear

kernel32

GetACP
SetConsoleCtrlHandler
ExitThread
GetModuleHandleExW
ExitProcess
RtlUnwind
QueryDepthSList
InterlockedFlushSList
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
VirtualQuery
LoadLibraryExA
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetDateFormatW
GetConsoleCP
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
UnregisterWait
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
GetLogicalProcessorInformation
GetModuleFileNameW
GetLastError
TlsAlloc
GetFileAttributesA
GetDynamicTimeZoneInformation
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
FreeLibrary
LoadLibraryW
SetPriorityClass
GetCurrentProcess
DeleteFileW
SetThreadExecutionState
TlsFree
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
VerifyVersionInfoW
VerSetConditionMask
DeleteTimerQueueEx
CreateTimerQueue
CreateTimerQueueTimer
GetTempPathW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateThread
CloseHandle
FormatMessageW
GetModuleFileNameA
GetVolumeInformationW
CreateDirectoryW
CreateDirectoryA
GetLogicalDrives
GetCommandLineW
CreateEventW
CreateMutexW
SetEvent
Sleep
LocalFree
InitializeCriticalSectionEx
RaiseException
DecodePointer
FormatMessageA
RtlCaptureContext
GetCurrentThread
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
SetWaitableTimer
WaitForMultipleObjects
QueueUserAPC
TerminateThread
TlsGetValue
TlsSetValue
VerifyVersionInfoA
GetFileAttributesExW
SleepEx
CreateWaitableTimerA
GetDriveTypeW
CreateFileW
GetFileInformationByHandle
RemoveDirectoryW
CopyFileW
CreateHardLinkW
FindClose
FindFirstFileW
FindNextFileW
GetFileSizeEx
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
DeviceIoControl
GetOverlappedResult
CreateEventA
LoadLibraryA
CancelIo
ReleaseMutex
GetCurrentProcessId
GetModuleHandleA
GetSystemTimeAsFileTime
UnregisterWaitEx
RegisterWaitForSingleObject
GlobalMemoryStatusEx
GetSystemInfo
CreateFileA
GetFileSize
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
QueryPerformanceCounter
QueryPerformanceFrequency
GetThreadTimes
GetStdHandle
GetFileType
SwitchToFiber
DeleteFiber
CreateFiber
GetTickCount
GlobalMemoryStatus
ConvertFiberToThread
ConvertThreadToFiber
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
GetSystemTime
SystemTimeToFileTime
TryEnterCriticalSection
DuplicateHandle
WaitForSingleObjectEx
GetExitCodeThread
GetStringTypeW
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
MoveFileExW
AreFileApisANSI
IsDebuggerPresent
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
InitializeSListHead
FileTimeToSystemTime

ws2_32

WSACreateEvent
WSARecvFrom
freeaddrinfo
getaddrinfo
WSASocketW
WSASend
WSARecv
WSAIoctl
WSAStringToAddressW
WSAAddressToStringW
WSASendTo

wlanapi

WlanQueryInterface
WlanFreeMemory
WlanOpenHandle
WlanEnumInterfaces

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76cfdb39d392d0a336a80acf1ae3785f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

crypt32

wsock32

winmm

dbghelp

advapi32

ole32

kernel32

ws2_32

wlanapi

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 134KB - Virtual size: 172KB

.rsrc Size: 304KB - Virtual size: 303KB

.reloc Size: 215KB - Virtual size: 215KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 134KB - Virtual size: 172KB

.rsrc
Size: 304KB - Virtual size: 303KB

.reloc
Size: 215KB - Virtual size: 215KB