2024-04-10_92172ea33556db854a478ae854752f21_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-10_92172ea33556db854a478ae854752f21_magniber
Size

4.1MB
MD5

92172ea33556db854a478ae854752f21
SHA1

7daeb20461ae312f23b792317ee4218aa3794fa5
SHA256

d571707c96da5516e6a88de5d2b104ae7f776b5d37195f81e09cfd28775ae85f
SHA512

b37bd54fb2e1214598643516726b089f445a5a8f45f5d00ab61d69acf62c81db013cb7c70ae2751efee66e400e7825396bcf5d5e418233222ac7391ae8c77714
SSDEEP

98304:IXqn2a7C8KxKkNjquPdcXX++s9iYxwwY2sA:I62a7o3Nj8XyoB7A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-10_92172ea33556db854a478ae854752f21_magniber

Files

2024-04-10_92172ea33556db854a478ae854752f21_magniber
.exe windows:5 windows x86 arch:x86

586270801d1e52ab1f5c4fe5f5daee58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

F:\Office\Target\x86\ship\click2run\en-us\bootstrapper.pdb

Imports

advapi32

RegCreateKeyExW
RegCloseKey
CryptReleaseContext
CryptAcquireContextW
EventWrite
EventWriteTransfer
EventRegister
EventUnregister
RegQueryValueExW
RegGetValueW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegDeleteTreeW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
AllocateAndInitializeSid
FreeSid
EqualSid
CreateWellKnownSid
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
RevertToSelf
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenSCManagerW
CloseServiceHandle
OpenServiceW
QueryServiceStatusEx
QueryServiceConfigW
StartServiceW
ControlService
EnumDependentServicesW
DeleteService
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
SetServiceObjectSecurity
GetLengthSid
CopySid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertSidToStringSidA
CheckTokenMembership
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
CryptHashData
RegNotifyChangeKeyValue
RegSetKeySecurity

kernel32

SetFileAttributesW
GetFileAttributesExW
GetDiskFreeSpaceExW
DeleteFileW
CloseHandle
GetCurrentDirectoryW
GetWindowsDirectoryW
GetProcAddress
SetFilePointerEx
MoveFileExW
CopyFileW
AreFileApisANSI
WideCharToMultiByte
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
Sleep
GetStringTypeExW
GetUserDefaultLCID
LoadLibraryA
LCMapStringW
FreeLibrary
LocalFree
FormatMessageA
GetCurrentThreadId
TlsAlloc
TlsFree
FlsGetValue
TlsGetValue
FlsSetValue
TlsSetValue
GetTickCount64
GetModuleHandleExW
K32GetProcessMemoryInfo
GlobalMemoryStatusEx
LeaveCriticalSection
EnterCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
GetCurrentProcessId
FileTimeToSystemTime
GetUserDefaultLocaleName
IsValidCodePage
SetLastError
GetSystemTime
SystemTimeToFileTime
GetCPInfoExW
CreateEventExW
GetStringTypeW
RaiseException
LoadLibraryExW
GetModuleHandleW
VerSetConditionMask
VerifyVersionInfoW
GetVersionExW
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
CreateProcessW
FindResourceW
SizeofResource
LoadResource
OpenProcess
SetErrorMode
GetComputerNameW
MulDiv
FormatMessageW
GetLogicalProcessorInformation
GetNativeSystemInfo
GetSystemDirectoryW
ReleaseMutex
WaitForSingleObjectEx
SystemTimeToTzSpecificLocalTime
ExpandEnvironmentStringsW
GetCommandLineW
GlobalFree
ProcessIdToSessionId
GetExitCodeThread
WaitForMultipleObjects
WaitForMultipleObjectsEx
GetCurrentProcess
GetProcessAffinityMask
CreateWaitableTimerW
SetWaitableTimerEx
CancelWaitableTimer
QueryDepthSList
TryEnterCriticalSection
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
HeapFree
GetProcessHeap
ReadFile
GetFileSizeEx
GetTempPathW
GetTempFileNameW
GetTickCount
GetThreadLocale
SetEvent
FindFirstFileExW
CreateMutexW
ReleaseSemaphore
lstrcmpW
OpenEventA
CreateEventA
OpenMutexA
CreateMutexA
OpenSemaphoreA
CreateSemaphoreA
OpenFileMappingA
GlobalAlloc
LocalAlloc
HeapAlloc
FindClose
GetModuleHandleA
GetPriorityClass
GetExitCodeProcess
GetTimeZoneInformation
IsValidLocale
QueryUnbiasedInterruptTime
LCMapStringEx
CreateThread
CreateEventW
LoadLibraryW
OutputDebugStringA
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForSingleObject
GetLongPathNameW
ResetEvent
GetOverlappedResult
FlushFileBuffers
CancelIoEx
GetFileType
SetFileInformationByHandle
GetFileInformationByHandleEx
GetDriveTypeW
GetLocaleInfoEx
LockResource
LCIDToLocaleName
LocaleNameToLCID
GetSystemDefaultLCID
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
QueryFullProcessImageNameW
SetThreadAffinityMask
IsProcessorFeaturePresent
CreateIoCompletionPort
PostQueuedCompletionStatus
GetThreadIOPendingFlag
GetQueuedCompletionStatus
RtlCaptureStackBackTrace
IsDebuggerPresent
CreateMemoryResourceNotification
GetSystemPowerStatus
IsSystemResumeAutomatic
OutputDebugStringW
VirtualFree
VirtualAlloc
GetProductInfo
LoadLibraryExA
VirtualQuery
GetSystemInfo
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
EnumSystemLocalesW
GetTimeFormatW
GetDateFormatW
SetStdHandle
ExitProcess
HeapReAlloc
GetACP
HeapSize
GetConsoleCP
ReadConsoleW
GetConsoleMode
UnregisterWaitEx
VirtualProtect
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
SwitchToThread
CreateTimerQueue
InterlockedFlushSList
RtlUnwind
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
SetEndOfFile
GetEnvironmentVariableW
RemoveDirectoryW
DeviceIoControl
CompareStringW
GetCPInfo
InitializeCriticalSectionAndSpinCount
EncodePointer
DuplicateHandle
GetSystemPreferredUILanguages
GetUserGeoID
OpenThread
lstrcmpA
FreeConsole
WriteConsoleW
GetStdHandle
AllocConsole
AttachConsole
DecodePointer
GetFileAttributesW
WriteFile
CreateFileW
FindNextFileW
GetFullPathNameW
FindFirstFileW
CreateDirectoryW
GetThreadTimes
GetCurrentThread
GetProcessTimes
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
MultiByteToWideChar
GetModuleFileNameW
IsWow64Process
FlsAlloc
FlsFree
DeleteCriticalSection
CompareStringEx
GetLastError
InitializeCriticalSectionEx
SignalObjectAndWait
GetLocalTime

ole32

CoRevokeInitializeSpy
CoRegisterInitializeSpy
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
IIDFromString
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CLSIDFromString
StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitializeEx

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

cabinet

ord13
ord14

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

setupapi

SetupIterateCabinetW

ws2_32

GetAddrInfoW
WSAStartup
FreeAddrInfoW

iphlpapi

CreateSortedAddressPairs
FreeMibTable

gdi32

GetTextMetricsW
SelectObject
CreateFontW
GetStockObject
SetBkColor
SetTextColor
CreatePen
DeleteObject
GetDeviceCaps
SetDCPenColor
Rectangle
GetTextExtentPoint32W
CreateSolidBrush
SetDCBrushColor

gdiplus

GdipCreateFromHDC
GdipCloneBrush
GdipFillRectangleI
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipLoadImageFromStream
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdipDrawImageRectI
GdiplusStartup
GdipDrawImageRectRectI
GdipDeleteGraphics

rpcrt4

RpcStringFreeW
UuidToStringW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1011KB - Virtual size: 1010KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 171KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 557KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

586270801d1e52ab1f5c4fe5f5daee58

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ole32

oleaut32

cabinet

wintrust

setupapi

ws2_32

iphlpapi

gdi32

gdiplus

rpcrt4

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 1011KB - Virtual size: 1010KB

.data Size: 171KB - Virtual size: 172KB

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 557KB - Virtual size: 560KB

.reloc Size: 211KB - Virtual size: 210KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 1011KB - Virtual size: 1010KB

.data
Size: 171KB - Virtual size: 172KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 557KB - Virtual size: 560KB

.reloc
Size: 211KB - Virtual size: 210KB