2024-04-15_2716e45f808bdb63f6722a0180c052fd_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-15_2716e45f808bdb63f6722a0180c052fd_magniber
Size

3.5MB
MD5

2716e45f808bdb63f6722a0180c052fd
SHA1

d76758a40f189d53af2bce5039fb2490f12b72a9
SHA256

56b7d56c605305447a11eee6d23d8c86a314703dd9b8086c9e76c401a10e002d
SHA512

614bfe835eae33a277deafbcdc34625b477f4a152b66772aa1d5cf4f74bc4ea6cf2b76969e364530890d6695877be79a8004d9ef12e9e6390095b3bab5b18752
SSDEEP

49152:rCYMJk2ZKFBt4aKzi1DI+JsUhqC5vqyqqqqqqqqqqoqqqqqqqqpqqq+5dqqqqqAo:rCY6lKFDKzi1DIoJSBQdGIJeTy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-15_2716e45f808bdb63f6722a0180c052fd_magniber

Files

2024-04-15_2716e45f808bdb63f6722a0180c052fd_magniber
.exe windows:5 windows x86 arch:x86

7a7b37bca1d306fa13fae5707a7aec4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Projects\RegHunter\Release\RegHunter.pdb

Imports

wininet

InternetCheckConnectionW

kernel32

GetEnvironmentVariableW
FindVolumeClose
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
FindFirstVolumeW
GetUserDefaultLangID
DebugBreak
SleepEx
ExpandEnvironmentStringsA
InterlockedCompareExchange
HeapAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetDriveTypeW
GetSystemTimeAsFileTime
HeapReAlloc
GetDriveTypeA
FindFirstFileA
ExitThread
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
HeapSize
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
FileTimeToLocalFileTime
GetConsoleCP
GetConsoleMode
CreateDirectoryW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTimeZoneInformation
GetFullPathNameW
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableA
GetStringTypeA
FlushFileBuffers
GetFullPathNameA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
GetCurrentProcess
LeaveCriticalSection
FlushInstructionCache
ExpandEnvironmentStringsW
GetSystemInfo
IsWow64Process
GetLongPathNameW
GetFileSizeEx
GetComputerNameW
SetFilePointer
FileTimeToSystemTime
GetFileSize
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateMutexA
CreatePipe
CreateProcessA
CreateSemaphoreA
DeviceIoControl
DuplicateHandle
FormatMessageA
InterlockedExchange
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentThread
GetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
GetSystemDirectoryW
GetThreadContext
GetVersionExA
GetWindowsDirectoryW
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LoadLibraryExA
MapViewOfFile
OpenEventA
OpenEventW
OpenFileMappingA
OpenFileMappingW
OpenMutexA
OpenMutexW
ReadFile
ReleaseMutex
ReleaseSemaphore
ResumeThread
SetEvent
SetThreadPriority
UnmapViewOfFile
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WriteProcessMemory
lstrcmpA
lstrcmpiA
lstrcpyA
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetStdHandle
RtlUnwind
UnhandledExceptionFilter
WriteFile
ExitProcess
GetCommandLineA
GetLocaleInfoA
GetStartupInfoA
GetThreadLocale
WideCharToMultiByte
VirtualAlloc
VirtualFree
GetSystemTime
GetFileTime
GetFileAttributesW
SwitchToThread
TerminateProcess
GlobalMemoryStatusEx
CreateProcessW
RaiseException
GetVolumeInformationW
GetDiskFreeSpaceExW
GetTimeFormatW
GetLogicalDriveStringsW
GetDateFormatW
lstrcatW
lstrcmpW
MulDiv
LockResource
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
OpenProcess
LocalFree
GetVersion
LocalAlloc
SystemTimeToFileTime
GetCurrentProcessId
DeleteCriticalSection
FindNextFileW
lstrcmpiW
GetLocalTime
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
SizeofResource
CopyFileW
LoadLibraryW
InitializeCriticalSection
GetTickCount
CompareFileTime
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
SetUnhandledExceptionFilter
LoadResource
FreeLibrary
FindResourceW
SetErrorMode
CreateMutexW
DeleteFileW
CloseHandle
QueryDosDeviceW
FindClose
SetLastError
EnterCriticalSection
GetCurrentThreadId
HeapFree
WaitForSingleObject
GetLastError
GetLogicalDrives
FindFirstFileW
GetProcAddress
lstrlenW
lstrcpynW
GetVersionExW
Sleep
SetEndOfFile
CompareStringW
GetProcessHeap
GetExitCodeThread
CreateThread
lstrcpyW
lstrlenA
lstrcpynA
GetModuleHandleW
TerminateThread
FreeEnvironmentStringsW

user32

MsgWaitForMultipleObjects
OpenInputDesktop
PeekMessageA
MessageBoxA
GetKeyboardType
SetLayeredWindowAttributes
AdjustWindowRectEx
AdjustWindowRect
SetDlgItemTextW
SystemParametersInfoW
GetUserObjectInformationA
ScrollWindowEx
CopyRect
GetAsyncKeyState
BroadcastSystemMessageW
GetSystemMetrics
DrawIconEx
GetClassLongW
IsCharAlphaNumericW
GetDlgCtrlID
DestroyIcon
TrackMouseEvent
CloseClipboard
GetScrollInfo
EmptyClipboard
OpenClipboard
EnableWindow
SetClipboardData
SetScrollInfo
ClientToScreen
GetWindowTextLengthW
DestroyAcceleratorTable
IsChild
InvalidateRgn
CreateAcceleratorTableW
GetWindowTextW
GetClassNameW
GetDlgItem
RedrawWindow
GetDesktopWindow
GetThreadDesktop
DispatchMessageA
CloseDesktop
GetClassInfoExW
RegisterClassExW
InvalidateRect
SetWindowLongW
ShowWindow
CreateWindowExW
UnregisterClassA
IsCharAlphaNumericA
WaitForInputIdle
SetScrollPos
FindWindowExW
LoadCursorW
wsprintfA
GetMessagePos
DefWindowProcW
CallWindowProcW
SendMessageW
IsWindow
GetSysColor
IsWindowVisible
SetCapture
GetFocus
GetCapture
EnumDisplaySettingsW
GetWindowThreadProcessId
GetDC
SetActiveWindow
GetMessageW
CharNextW
wvsprintfW
LoadImageW
FindWindowW
wsprintfW
GetClassInfoW
TranslateMessage
LoadAcceleratorsW
InflateRect
LoadMenuW
BringWindowToTop
EndDialog
MessageBoxW
RegisterClassW
DispatchMessageW
EndPaint
DestroyWindow
SetCursor
TranslateAcceleratorW
SetWindowRgn
GetSystemMenu
SetTimer
GetWindowRect
MonitorFromPoint
PostQuitMessage
TrackPopupMenu
GetWindowDC
RegisterWindowMessageW
PostMessageW
KillTimer
IsZoomed
SetForegroundWindow
LoadStringA
DialogBoxParamW
MessageBeep
IsWindowEnabled
GetClientRect
GetMenuItemInfoW
BeginPaint
IsDialogMessageW
LoadIconW
OffsetRect
TrackPopupMenuEx
SetRect
FlashWindowEx
AppendMenuW
PeekMessageW
ReleaseDC
MonitorFromWindow
SetWindowPos
GetCursorPos
LoadStringW
CreatePopupMenu
CreateDialogParamW
GetActiveWindow
GetMenuItemCount
RemoveMenu
ReleaseCapture
MapWindowPoints
UpdateWindow
DestroyMenu
SetWindowTextW
GetMonitorInfoW
CheckMenuItem
GetWindow
MoveWindow
ScreenToClient
FillRect
DrawTextW
GetParent
SetFocus
PtInRect
DrawFocusRect
GetWindowLongW
LoadBitmapW

gdi32

CreateBrushIndirect
CreateSolidBrush
CreatePen
SelectObject
DeleteObject
SetBkMode
SetTextColor
LineTo
MoveToEx
GetObjectA
RoundRect
CreateRectRgn
CreateRoundRectRgn
ExtTextOutW
CreateCompatibleBitmap
CreateCompatibleDC
Rectangle
GetDeviceCaps
SelectClipRgn
ExcludeClipRect
SetBkColor
StretchBlt
GetObjectW
BitBlt
GetStockObject
ExtCreatePen
OffsetViewportOrgEx
CreateFontW
GetTextColor
TextOutW
SetViewportOrgEx
SetStretchBltMode
DeleteDC
GetTextExtentPoint32W

advapi32

GetTokenInformation
OpenProcessToken
RegSaveKeyW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
RegQueryValueExW
QueryServiceConfigW
GetUserNameW
EnumServicesStatusW
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
IsTextUnicode
RegSetValueExA
RegEnumKeyW
LookupPrivilegeValueA
InitializeSecurityDescriptor
GetLengthSid
FreeSid
AllocateAndInitializeSid
GetKernelObjectSecurity
AdjustTokenPrivileges
RegReplaceKeyW

shell32

ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW

ole32

CoGetClassObject
OleUninitialize
OleInitialize
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
CoTaskMemAlloc
CoSetProxyBlanket
CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
OleLockRunning

oleaut32

LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
LoadTypeLi
SysStringLen
VariantInit
VariantClear
SysReAllocStringLen
VarUI4FromStr
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocString
SafeArrayCreateVector

acp

?Get@CAcp@@SAPAV1@XZ
?Init@CAcp@@SAPAV1@XZ
?GetItemCount@CAcp@@QAEIII@Z
?Dispose@CAcp@@SAXXZ
?Collect@CAcp@@QAEXXZ
?StopCollect@CAcp@@QAEXXZ
?GetCategoryCount@CAcp@@QAEIXZ
?GetLocationCount@CAcp@@QAEII@Z
?GetLocationPath@CAcp@@QAEPB_WII@Z
?GetLocationType@CAcp@@QAEIII@Z
?GetLocationHandlerType@CAcp@@QAE?AW4EAcpHandlerType@@II@Z
?IsRemoved@CAcp@@QAEHI@Z
?IsWhiteListed@CAcp@@QAE_NI@Z
?GoTo@CAcp@@QAEXI@Z
?RemoveItem@CAcp@@QAEHI@Z
?EnableItem@CAcp@@QAEHI@Z
?DisableItem@CAcp@@QAEHI@Z
?GetItemLocationType@CAcp@@QAEII@Z
?GetItemFileDescription@CAcp@@QAEPB_WI@Z
?GetItemFilePublisher@CAcp@@QAEPB_WI@Z
?GetItemFileModified@CAcp@@QAEPB_WI@Z
?GetItemFileCreated@CAcp@@QAEPB_WI@Z
?GetItemFileExtension@CAcp@@QAEPB_WI@Z
?GetItemFileShortcutTarget@CAcp@@QAEPB_WI@Z
?GetItemFileName@CAcp@@QAEPB_WI@Z
?GetItemFilePath@CAcp@@QAEPB_WI@Z
?GetItemIcon@CAcp@@QAEPAUHICON__@@I@Z
?GetItemEnabled@CAcp@@QAEHI@Z
?GetItemTitle@CAcp@@QAEPB_WI@Z
?GetItemGlobalID@CAcp@@QAEIIII@Z
?GetCategoryName@CAcp@@QAEPB_WI@Z

updater

?Reset@CUpdateManager@@QAEXXZ
?GetStatus@CUpdateManager@@QAEHXZ
?Get@CUpdateManager@@SAAAV1@XZ
?SetAutoUpdate@CUpdateManager@@QAEX_N@Z
?GetCurrentFileName@CUpdateManager@@QAEPB_WXZ
?SetDownloadPath@CUpdateManager@@QAEXPB_W@Z
?SetMsgHandler@CUpdateManager@@QAEXPAUHWND__@@@Z
?AutoUpdate@CUpdateManager@@QAE_NXZ
?ValidateProgramUpdate@CUpdateManager@@QAE_NPB_W@Z
?Checking@CUpdateManager@@QAE_NXZ
?Updating@CUpdateManager@@QAE_NXZ
?BeginUpdate@CUpdateManager@@QAE_N_NPAUHWND__@@@Z
?CancelUpdate@CUpdateManager@@QAEXXZ
?GetDownloadStatus@CUpdateManager@@QAEXAAK000AAM@Z
?GetDownloadStatusStr@CUpdateManager@@QAEHXZ
?CheckForUpdates@CUpdateManager@@QAEXPB_WUSUpdateCfg@@@Z

scanner

Scan_GetItem
Scan_GetScanPath
Scan_StopScan
Scan_GetProgress
Scan_GetSectionId
Scan_StartScanner
Scan_SetResponseWnd
Scan_GetSystemHealth
Scan_IsItemLocked
AddToExclussions
Scan_Init
?ScanLog@@YAAAVCScanLog@@XZ
?GetXmlScanLog@CScanLog@@QAEPB_WXZ
Scan_Ptr
Scan_Destroy
Scan_GetItemCount
LoadExclussions
Scan_GetRemSummary
Scan_StartRemove

defmanager

?AddArg@CDefUrlInfo@@QAEXPB_WK@Z
?LoadPurlData@CDefManager@@QAEXXZ
?GetProductIdPurl@CDefManager@@QBEKXZ
?GetProductId@CDefManager@@QBEKXZ
?SetProductId@CDefManager@@QAEXK@Z
?SpecialHelpdesk@CDefManager@@QAE_NXZ
?AddArg@CDefUrlInfo@@QAEXPB_W0@Z
?GetVersion@CDefManager@@QAEPB_WXZ
?GetNumeralVersion@CDefManager@@QAEHXZ
?LoadDefs@CDefManager@@QAE_NPB_W@Z
?GetAffiliateID@CDefManager@@QAEHXZ
??1CDefUrlInfo@@QAE@XZ
??0CDefUrlInfo@@QAE@XZ
?Link@CDefUrlInfo@@QAEPB_WXZ
?Get@CDefManager@@SAAAV1@XZ
?GetUrl@CDefManager@@QAEHW4EDefUrlId@@AAVCDefUrlInfo@@@Z

common

ord1
ord32
ord33
ord20
ord28
ord26
ord29
ord27
ord8
ord2
ord31
ord6
ord35
ord5
ord34
ord11
ord4
ord36
ord38
ord3
ord12
ord9
ord30
ord7

systeminformation

?FillGeneralInformation@CSystemInformation@@QAEXXZ
?GetCPULoad@CSystemInformation@@QAEHHAAJ@Z
?UpdateCPUInfo@CSystemInformation@@QAEHXZ
?_Destroy@CSystemInformation@@SAXXZ
?_Create@CSystemInformation@@SAPAV1@XZ
?_Ptr@CSystemInformation@@SAPAV1@XZ
?EnumProcesses@CSystemInformation@@QAEHHAAUSPROCESSINFO@@@Z
?FillProcessCPULoad@CSystemInformation@@QAEHXZ
?GetGeneralInfo@CSystemInformation@@QAEXAAUSSysInformation@@@Z
?FillWindowsVersion@CSystemInformation@@QAEXXZ
?PrepareCPUCounters@CSystemInformation@@QAEXXZ
?GetCPUCount@CSystemInformation@@QAEHXZ
?FillPrintersInfo@CSystemInformation@@QAEXXZ

shlwapi

PathUnExpandEnvStringsW
PathFileExistsW
StrCmpIW
StrCmpNIW
PathStripPathW
StrToIntW
StrCmpNW

comctl32

ImageList_SetImageCount
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_Destroy
InitCommonControlsEx
ImageList_Create
ImageList_Add
ImageList_Draw
ImageList_GetImageCount

msimg32

TransparentBlt

gdiplus

GdipCreateHICONFromBitmap
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipRotateWorldTransform
GdipMeasureString
GdipSetStringFormatFlags
GdipDrawImage
GdipSetPenDashArray
GdipSetPenLineJoin
GdipDrawLineI
GdipFillRectangle
GdipDrawRectangle
GdipDrawLine
GdipGraphicsClear
GdipCreateLineBrush
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipSetLineColors
GdipFillRectangleI
GdipDrawImageI
GdipReleaseDC
GdipFillPath
GdipGetDC
GdipCreateBitmapFromHBITMAP
GdipAddPathLine
GdipCreateBitmapFromResource
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDeleteFontFamily
GdipSetTextRenderingHint
GdipCreatePen1
GdipCreatePath
GdipSetPenDashStyle
GdipCloneImage
GdipDrawImageRect
GdipCreateImageAttributes
GdipDeletePath
GdipDisposeImage
GdipDisposeImageAttributes
GdipClosePathFigure
GdipSetSmoothingMode
GdipDrawPath
GdipCreateBitmapFromStream
GdipAddPathArc
GdipSetImageAttributesColorMatrix
GdiplusStartup
GdiplusShutdown
GdipCreateFontFromDC
GdipDeleteStringFormat
GdipGetImageWidth
GdipCreateStringFormat
GdipCreateFromHDC
GdipDrawString
GdipAlloc
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipDrawImageRectI
GdipDeleteGraphics
GdipDeleteFont
GdipSetStringFormatLineAlign
GdipDrawImagePointRectI
GdipGetImageHeight
GdipCreateFontFromLogfontA
GdipCloneBrush
GdipDeletePen
GdipFree
GdipDeleteBrush
GdipDrawImageRectRect

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

iphlpapi

GetAdaptersInfo

ws2_32

freeaddrinfo
getaddrinfo
WSASetLastError
ioctlsocket
connect
WSAGetLastError
htons
select
__WSAFDIsSet
send
ntohs
getsockname
setsockopt
recv
bind
socket
getsockopt
closesocket
WSAStartup
WSACleanup

psapi

EnumProcessModules
GetProcessImageFileNameW
GetModuleFileNameExW

wintrust

WinVerifyTrustEx
CryptCATAdminEnumCatalogFromHash

Sections

CODE
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a7b37bca1d306fa13fae5707a7aec4b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

acp

updater

scanner

defmanager

common

systeminformation

shlwapi

comctl32

msimg32

gdiplus

version

iphlpapi

ws2_32

psapi

wintrust

Sections

CODE Size: 125KB - Virtual size: 125KB

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 188KB - Virtual size: 188KB

.data Size: 63KB - Virtual size: 109KB

DATA Size: 5KB - Virtual size: 5KB

BSS Size: 2KB - Virtual size: 2KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 86KB - Virtual size: 85KB

CODE
Size: 125KB - Virtual size: 125KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 188KB - Virtual size: 188KB

.data
Size: 63KB - Virtual size: 109KB

DATA
Size: 5KB - Virtual size: 5KB

BSS
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 86KB - Virtual size: 85KB