2024-04-16_0cac6ded8bcecfebb38666620ca6e8d2_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-16_0cac6ded8bcecfebb38666620ca6e8d2_magniber
Size

2.7MB
MD5

0cac6ded8bcecfebb38666620ca6e8d2
SHA1

eccbbda363f0bfc3059bd9b4cb1fc40896349730
SHA256

334d22b4626edd5aff9b660775ed4ef6f89ae188815ad56fd84994b3a273a3e4
SHA512

d8696bd3ae3f1da8fa5d605005542599a898e7f431c91221b79460f21b7dca2b7dff3e041be58124282584e5cf53f1fe7597d84aae24861ed1e50aaba5f9513a
SSDEEP

24576:q0hz54/FGK8WMuuturKzh2oAfNYQeSBADiSGMPq2kR9r11Vck9:fw/FG7turK1qWPDi4qjL1i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-16_0cac6ded8bcecfebb38666620ca6e8d2_magniber

Files

2024-04-16_0cac6ded8bcecfebb38666620ca6e8d2_magniber
.exe windows:5 windows x86 arch:x86

fec72561910894cc8dd17c3771a88ac8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\440818\out\Release\MedalWall.pdb

Imports

kernel32

GetVersion
GetCurrentThread
MulDiv
DisableThreadLibraryCalls
InterlockedCompareExchange
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualQuery
GetThreadContext
SetThreadContext
SuspendThread
ResumeThread
lstrcmpW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
MoveFileExW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
GetCommandLineW
WideCharToMultiByte
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
CreateMutexW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
InitializeCriticalSection
LoadLibraryW
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
CreateFileA
lstrcmpiA
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
FreeResource
Sleep
GetLocalTime
GetFileSize
FlushFileBuffers
WriteConsoleW
OpenProcess
SetStdHandle
WaitForSingleObjectEx
OutputDebugStringA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
CreateProcessW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFileType
GetACP
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
ReadFile
InterlockedFlushSList
RtlUnwind
WaitForMultipleObjects
SetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
FormatMessageW
GetStringTypeW
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetStartupInfoW
FreeEnvironmentStringsW
GetLongPathNameW
FreeLibrary
MultiByteToWideChar
FindNextFileW
FindFirstFileW
DeleteFileW
GetFullPathNameW
RemoveDirectoryW
GetDiskFreeSpaceExW
GetTempPathW
GetSystemDirectoryW
GetDriveTypeW
GetLogicalDriveStringsW
lstrlenW
FindClose
WriteFile
GetFileAttributesExW
CreateFileW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
SetFilePointer
GetVersionExW
GetModuleHandleW
GetProcAddress
FindResourceExW
FindResourceW
SizeofResource
LoadResource
LocalFree
LockResource
DeleteCriticalSection
DecodePointer
Process32NextW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
GetCurrentThreadId
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetEndOfFile
ResetEvent

user32

UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
DestroyWindow
GetWindowLongW
SetWindowLongW
DefWindowProcW
wsprintfW
SetTimer
UnregisterClassA
KillTimer
GetDC
ReleaseDC
ShowWindow
IsWindowVisible
IsIconic
SetForegroundWindow
FindWindowExW
GetWindowThreadProcessId
CopyRect
OffsetRect
DestroyCursor
SendMessageTimeoutW
IsWindow
GetSystemMetrics
GetMenuStringW
GetMenuItemInfoW
DrawTextW
SetRectEmpty
PostMessageW
SendMessageW
CallWindowProcW
LoadCursorW
SetWindowPos
CharNextW
PeekMessageW
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
DispatchMessageW
TranslateMessage
GetMessageW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
SetWindowTextW
GetAsyncKeyState
UpdateLayeredWindow
PostQuitMessage
RegisterWindowMessageW
SystemParametersInfoW
GetWindow
ClientToScreen
ScrollWindowEx
InvalidateRect
EnableScrollBar
BeginPaint
UpdateWindow
SetFocus
GetDlgCtrlID
IsRectEmpty
MoveWindow
DrawFocusRect
EqualRect
UnionRect
GetParent
PtInRect
InflateRect
SetRect
FrameRect
FillRect
GetSysColorBrush
GetSysColor
MapWindowPoints
ScreenToClient
GetCursorPos
SetCursor
GetWindowRect
GetWindowDC
WindowFromDC
ReleaseCapture
SetCapture
GetMessagePos
DrawFrameControl
DrawEdge
GetScrollInfo
SetScrollInfo
GetClientRect
RemovePropW
GetPropW
SetPropW
EndPaint

gdi32

GetStockObject
SetViewportOrgEx
GetObjectW
CreateDIBSection
SelectObject
SetBkMode
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
EnumFontFamiliesW
DeleteObject
CreateFontW
SetBkColor
DeleteDC
SetDCPenColor
CreateRectRgnIndirect
SetTextColor
MoveToEx
ExtTextOutW
CreateBitmap
IntersectClipRect
SelectClipRgn
PlayEnhMetaFile
SetWindowOrgEx
UnrealizeObject
RectVisible
RestoreDC
SaveDC
OffsetViewportOrgEx
StretchBlt
LineTo

advapi32

RegQueryValueExA
CryptReleaseContext
CryptDestroyKey
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
RegQueryValueExW
RegEnumValueW
CryptContextAddRef
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptAcquireContextW

shell32

SHGetSpecialFolderPathW
ord165
ShellExecuteW
ShellExecuteExW
CommandLineToArgvW
SHCreateDirectoryExW

ole32

OleRun
CoCreateGuid
CoCreateInstance
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

VarUI4FromStr
SysAllocString
CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantClear
VariantInit
GetErrorInfo
SysFreeString

shlwapi

PathAppendW
SHGetValueW
PathFileExistsW
PathRemoveFileSpecW
PathIsPrefixW
SHSetValueA
SHGetValueA
StrToIntExW
StrStrIA
StrTrimA
StrCmpNIW
StrCmpIW
StrStrIW
StrCmpW
PathFindFileNameW
PathCombineW
wnsprintfW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdiplusStartup
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImagePointRectI
GdipFillRectangleI
GdipSetTextRenderingHint
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
EnumProcesses

setupapi

SetupIterateCabinetW

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 21KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 123KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fec72561910894cc8dd17c3771a88ac8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

psapi

setupapi

crypt32

wintrust

wininet

iphlpapi

urlmon

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 222KB - Virtual size: 221KB

.data Size: 21KB - Virtual size: 30KB

.rsrc Size: 219KB - Virtual size: 219KB

.reloc Size: 123KB - Virtual size: 124KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 222KB - Virtual size: 221KB

.data
Size: 21KB - Virtual size: 30KB

.rsrc
Size: 219KB - Virtual size: 219KB

.reloc
Size: 123KB - Virtual size: 124KB