2024-04-16_47d86eac1088df33f42ca7fea7f5e0d8_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-16_47d86eac1088df33f42ca7fea7f5e0d8_magniber
Size

1.9MB
MD5

47d86eac1088df33f42ca7fea7f5e0d8
SHA1

d86ddac191a08fca022dac96f8eeb6bd06615491
SHA256

61254f6330b9e55adc466ece364fab3142260ab8e6e02bddf9db2f02964f6373
SHA512

fa0325af26b1c21f00a9b087819910f914a53ce80c48b6244d009a7204794faf8db2921f8d8056652bf24933673e2690dcf54a6bd2d6ec84b03745b1c85edd56
SSDEEP

24576:4dqEdCOht7ninhhm0Ke6dIRM4jk46o6GclorpTs1hGALHfjLyrJWIF:4cGy6daEWrpTg8gHfjLAJWIF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-16_47d86eac1088df33f42ca7fea7f5e0d8_magniber

Files

2024-04-16_47d86eac1088df33f42ca7fea7f5e0d8_magniber
.exe windows:6 windows x86 arch:x86

5851a8fb8b8ea0172eb77699d601562b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\halodesk\install_uninstall_coral\UInst\uninst_exe.pdb

Imports

kernel32

SetLastError
VerSetConditionMask
LoadLibraryW
FreeLibrary
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
DeleteFileW
UnlockFile
ReadFile
LockFile
GetFileSize
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
OpenProcess
GetCurrentProcessId
GetLocalTime
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
FormatMessageW
ReleaseMutex
WriteConsoleW
SetEndOfFile
ReadConsoleW
SetFilePointerEx
SearchPathW
CreateDirectoryW
GetShortPathNameW
GetTempFileNameW
SetFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
CompareFileTime
GetFileInformationByHandle
SwitchToThread
lstrcmpiW
LoadLibraryExW
GetSystemDirectoryW
Sleep
CreateMutexW
VerifyVersionInfoW
EnterCriticalSection
InitializeCriticalSection
GetLongPathNameW
GetLastError
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetProcessHeap
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindFirstFileExA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetCurrentThread
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
HeapSize
HeapFree
HeapReAlloc
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
LeaveCriticalSection
MultiByteToWideChar
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcmpA
GetSystemWindowsDirectoryW
FreeResource
InterlockedCompareExchange
HeapAlloc
HeapDestroy
CloseHandle
SetFilePointer
GetFileAttributesExW
CreateFileW
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
GetCurrentProcess
lstrcpynW
lstrlenW
InitializeCriticalSectionEx
GetFileSizeEx
FindClose
FindFirstFileW
FindNextFileW
GetFullPathNameW
RemoveDirectoryW
OutputDebugStringW
DeviceIoControl
SetEvent
WaitForSingleObject
GetPrivateProfileStringW
OutputDebugStringA
WriteFile
GetFileAttributesW
SetFileAttributesW
GetWindowsDirectoryW
MoveFileW
MoveFileExW
CreateProcessW
GetStartupInfoW
GetTickCount
GetPrivateProfileIntW
CreateEventW
WaitForMultipleObjects
LocalAlloc
LocalFree
GetEnvironmentVariableW
GetVersionExW
GetLogicalDriveStringsW
QueryDosDeviceW
TerminateProcess
GetExitCodeProcess
CreateFileA
DeleteFileA
GetTempPathA
GetTempFileNameA
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
OpenFileMappingW
FlushFileBuffers
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ResetEvent

user32

CopyRect
PtInRect
EnumDisplayMonitors
RegisterWindowMessageW
SendMessageTimeoutW
GetWindowThreadProcessId
FindWindowW
LoadStringW
GetShellWindow
OffsetRect
UnionRect
GetMessageW
TranslateMessage
DestroyCursor
MoveWindow
UnregisterClassA
GetClassInfoExW
RegisterClassExW
SetFocus
IsDialogMessageW
SetCursor
EndDialog
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
MapWindowPoints
ScreenToClient
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
ReleaseCapture
SetCapture
GetAsyncKeyState
GetActiveWindow
DialogBoxParamW
IsIconic
IsWindowVisible
SetWindowPos
UpdateLayeredWindow
ShowWindow
IsWindow
CreateWindowExW
UnregisterClassW
CallWindowProcW
PostQuitMessage
DispatchMessageW
PeekMessageW
CharNextW
GetCursorPos
DestroyWindow
SendMessageW
DrawFocusRect
FindWindowExW
PostMessageW
KillTimer
SetTimer
EqualRect
DefWindowProcW
wsprintfW
SendNotifyMessageW

gdi32

RestoreDC
SetViewportOrgEx
GetObjectW
CreateDIBSection
SelectObject
SelectClipRgn
SaveDC
CreateFontW
DeleteObject
DeleteDC
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
RectVisible
OffsetViewportOrgEx
EnumFontFamiliesW

advapi32

OpenSCManagerW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
CryptContextAddRef
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CloseServiceHandle
ControlService
DeleteService
CryptSetKeyParam
OpenServiceW
OpenProcessToken
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueW
RegEnumValueW
ChangeServiceConfigW
ChangeServiceConfig2W
CreateServiceW
LockServiceDatabase
QueryServiceConfigW
QueryServiceConfig2W
QueryServiceLockStatusW
QueryServiceStatus
StartServiceW
UnlockServiceDatabase
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
RegGetValueW

shell32

ShellExecuteExW
ord165
SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW
SHGetFolderPathW
CommandLineToArgvW
SHCreateDirectoryExW

ole32

CoInitializeSecurity
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
OleRun
CoCreateGuid
CreateStreamOnHGlobal
CoInitializeEx
CoSetProxyBlanket

oleaut32

VariantCopy
SysAllocString
SysAllocStringByteLen
VariantClear
SysStringLen
VariantInit
VarBstrCmp
VariantChangeType
SysStringByteLen
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysAllocStringLen
SysFreeString
VarUI4FromStr

shlwapi

PathCombineW
PathFileExistsW
wnsprintfW
SHGetValueW
PathRemoveFileSpecW
PathAppendW
PathFindFileNameW
SHSetValueW
PathIsPrefixW
PathFindExtensionW
PathIsRelativeW
StrCmpIW
StrStrIW
StrTrimA
StrCmpNIW
StrStrIA
StrToIntExW
SHGetValueA
SHDeleteKeyW
PathIsRootW
PathAppendA
SHSetValueA
AssocQueryStringW
PathRenameExtensionA
PathFindFileNameA
PathIsDirectoryW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

EnumProcesses
GetProcessImageFileNameW
GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

setupapi

SetupIterateCabinetW

crypt32

CertGetNameStringW
CryptStringToBinaryA
CryptStringToBinaryW
CryptBinaryToStringA
CryptBinaryToStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

Exports

Exports

_BasicEntry@8

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 18KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 441KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 118KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5851a8fb8b8ea0172eb77699d601562b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

psapi

iphlpapi

wininet

urlmon

setupapi

crypt32

wintrust

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 229KB - Virtual size: 229KB

.data Size: 18KB - Virtual size: 39KB

.rsrc Size: 441KB - Virtual size: 441KB

.reloc Size: 118KB - Virtual size: 120KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 229KB - Virtual size: 229KB

.data
Size: 18KB - Virtual size: 39KB

.rsrc
Size: 441KB - Virtual size: 441KB

.reloc
Size: 118KB - Virtual size: 120KB