2024-04-09_e8529b7b9d9dd3555269df62eb94e856_magniber_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-09_e8529b7b9d9dd3555269df62eb94e856_magniber_revil
Size

6.2MB
MD5

e8529b7b9d9dd3555269df62eb94e856
SHA1

35a0aa5d47108c7d79f9d5beee87e6f66bb0315a
SHA256

692160bfcc499070b1800b11069cd20bd47243aec780b08332e08ab390874dff
SHA512

9d5003aabc9198d78728cc8b74c0c188a4122c0a604f28aa63f58b32dbb27c08af2b0c082b6bc4e6661d95837accb980b7da194d16e4845ce799ab478c191407
SSDEEP

98304:jgjR12IdCeyHfwskSJGhrWDd6gsdduRMcO13SENLD3T:+RA/eU4hW6gsZPdD3T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-09_e8529b7b9d9dd3555269df62eb94e856_magniber_revil

Files

2024-04-09_e8529b7b9d9dd3555269df62eb94e856_magniber_revil
.exe windows:6 windows x86 arch:x86

ce5499ec70534cace22adae2bea0c1f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\code\workspace\yebaolauncher\output\Update.pdb

Imports

kernel32

GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCurrentThread
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
ExitProcess
GetFileAttributesExW
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
SetFilePointer
WriteFile
GetFileSize
SetFileAttributesW
SetFileTime
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
CompareFileTime
MoveFileExA
VerifyVersionInfoW
GetSystemDirectoryW
VerSetConditionMask
SleepEx
RaiseException
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
FindFirstFileExW
GlobalLock
GlobalUnlock
GlobalAlloc
GetCPInfo
CompareStringEx
GetStringTypeW
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
InitOnceExecuteOnce
ReadConsoleW
LCMapStringEx
GetLocaleInfoEx
LocalFree
EncodePointer
QueryPerformanceFrequency
QueryPerformanceCounter
SleepConditionVariableSRW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
HeapSize
GetCurrentDirectoryW
SetEndOfFile
WriteConsoleW
GlobalFree
lstrcmpW
lstrcpyW
CopyFileW
lstrcatW
OutputDebugStringW
CreateMutexW
GetTempPathW
TerminateProcess
GetConsoleOutputCP
MoveFileW
CreateProcessW
GetProcessHeap
MoveFileExW
DecodePointer
Process32FirstW
DeleteFileW
Process32NextW
CreateToolhelp32Snapshot
CreateFileW
WaitForSingleObject
InitializeCriticalSectionEx
RemoveDirectoryW
DeviceIoControl
FindNextFileW
CreateDirectoryW
IsBadReadPtr
LoadLibraryA
GetModuleHandleA
WakeAllConditionVariable
WakeConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FormatMessageA
GetNativeSystemInfo
GetExitCodeThread
GetModuleFileNameW
SwitchToThread
WaitForSingleObjectEx
GetCurrentThreadId
GetModuleHandleW
GetVersionExA
GetLocalTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
GetTickCount
FindResourceW
SizeofResource
LockResource
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
lstrlenA
GetSystemTime
SystemTimeToFileTime
GetFileSizeEx
HeapReAlloc
SetStdHandle
GetTimeZoneInformation
GetEnvironmentVariableW
ReadConsoleA
LoadResource
FlushFileBuffers
SetFileInformationByHandle
SetConsoleCtrlHandler
FreeResource
SetLastError
GetFullPathNameW
FindFirstFileW
FindClose
Sleep
MulDiv
GetFileAttributesW
FlushInstructionCache
GetCurrentProcess
SetConsoleMode
SwitchToFiber
DeleteFiber
CreateFiber
FormatMessageW
ConvertFiberToThread
ConvertThreadToFiber
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
MultiByteToWideChar
GetLastError
WideCharToMultiByte
OutputDebugStringA
GetCurrentProcessId
SetCurrentDirectoryW
CloseHandle
SetEvent
OpenEventW
UnhandledExceptionFilter

user32

CallWindowProcW
DefWindowProcW
LoadStringW
LoadStringA
PostMessageW
DestroyWindow
UnregisterClassW
DrawIconEx
CreateWindowExW
SetWindowPos
GetDlgItem
GetClientRect
GetActiveWindow
ShowWindow
RegisterClassExW
OffsetRect
SystemParametersInfoW
GetProcessWindowStation
GetUserObjectInformationW
SendMessageW
GetWindowRect
GetPropW
EnumWindows
GetDesktopWindow
SetActiveWindow
EnableWindow
GetForegroundWindow
MsgWaitForMultipleObjects
SetMenuContextHelpId
SetForegroundWindow
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
DeleteMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
CheckMenuItem
DestroyMenu
CreatePopupMenu
IsWindowEnabled
IsMenu
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
IsWindowVisible
GetWindowPlacement
LoadIconW
MessageBoxW
GetSystemMetrics
GetSysColor
EnableMenuItem
ClientToScreen
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetIconInfo
CharNextW
EqualRect
SetRect
SetCursor
GetKeyState
GetFocus
PtInRect
LoadImageW
CreateIconFromResource
LoadBitmapW
DestroyIcon
GetClassNameW
IsRectEmpty
UnionRect
IntersectRect
ScreenToClient
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
GetCursorPos
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture
SetFocus
IsZoomed
IsIconic
SetLayeredWindowAttributes
AnimateWindow
PostQuitMessage
TrackMouseEvent
InflateRect
CopyRect
IsWindow
DestroyCursor
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
MapWindowPoints

gdi32

GetViewportOrgEx
GetCurrentObject
EnumFontFamiliesExW
GetCharABCWidthsW
GdiFlush
GetTextFaceW
ExtTextOutW
SetWorldTransform
GetTextMetricsW
SetTextAlign
SetTextColor
RemoveFontMemResourceEx
AddFontMemResourceEx
GetTextExtentPointI
GetGlyphIndicesW
GetFontUnicodeRanges
GetOutlineTextMetricsW
GetGlyphOutlineW
CreateDIBSection
SetViewportOrgEx
CreateCompatibleBitmap
StretchBlt
GetDCOrgEx
GetObjectW
SetBkMode
Rectangle
GetStockObject
GetClipBox
SelectClipRgn
IntersectClipRect
GetRegionData
ExtCreateRegion
CreateSolidBrush
CreateFontIndirectW
SetGraphicsMode
GetDeviceCaps
SelectObject
DeleteDC
CreateCompatibleDC
CreateBitmap
EnumFontsW
BitBlt
DeleteObject
CreateRoundRectRgn
GetFontData

advapi32

RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptDeriveKey
CryptCreateHash
CryptDecrypt
CryptEncrypt
DeregisterEventSource
CryptAcquireContextW
CryptGetKeyParam
CryptSignHashW
CryptEnumProvidersW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptDestroyKey
RegisterEventSourceW
ReportEventW
CryptGenRandom
CryptSetHashParam

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
CreateBindCtx
CoCreateInstance
CLSIDFromProgID
CoTaskMemFree
OleLockRunning
CoCreateGuid
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
CLSIDFromString

oleaut32

VariantClear
SysFreeString
CreateErrorInfo
SetErrorInfo
SysAllocString
GetErrorInfo
VariantInit
VariantChangeType

shlwapi

PathRemoveFileSpecW
PathCanonicalizeW
PathFileExistsW
StrCmpW
StrToIntExW
PathIsDirectoryW

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

netapi32

NetApiBufferFree
NetWkstaGetInfo

iphlpapi

GetIpForwardTable
GetAdaptersInfo

ws2_32

WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
getnameinfo
shutdown
inet_addr
closesocket
recv
gethostbyname

wintrust

WinVerifyTrust

winhttp

WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpConnect
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpReceiveResponse

gdiplus

GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipDeleteGraphics
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipGraphicsClear
GdipDrawImageRectI
GdipGetImageEncoders
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipCreateBitmapFromStreamICM

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertCloseStore
CertEnumCertificatesInStore

wldap32

ord301
ord79
ord142
ord167
ord133
ord147
ord145
ord27
ord219
ord46
ord14
ord216
ord73
ord208
ord41
ord117
ord26
ord127

usp10

ScriptShape
ScriptItemize
ScriptFreeCache

opengl32

wglGetProcAddress
wglGetCurrentContext

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 411KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce5499ec70534cace22adae2bea0c1f9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

imm32

netapi32

iphlpapi

ws2_32

wintrust

winhttp

gdiplus

crypt32

wldap32

usp10

opengl32

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 84KB - Virtual size: 196KB

.rsrc Size: 411KB - Virtual size: 410KB

.reloc Size: 226KB - Virtual size: 226KB

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 84KB - Virtual size: 196KB

.rsrc
Size: 411KB - Virtual size: 410KB

.reloc
Size: 226KB - Virtual size: 226KB