2024-04-16_16bba0e44fa5b1cd2301298454decb64_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-16_16bba0e44fa5b1cd2301298454decb64_magniber
Size

1.7MB
MD5

16bba0e44fa5b1cd2301298454decb64
SHA1

621ab56992dde9f0a53d2a346a0c81de128ed819
SHA256

535c0785cf3203d9daae71f02f8f728c62b39ea93432c8dd135b0ecf1de8a528
SHA512

02538573b25cc8d88beec7f1c700ac6db2c5a6938ac39d99f6789410b9e71f3f39a0f1a789563b21b586121fb387fa3a0d470f4cd4eacbb15cc1407ed6150cc8
SSDEEP

49152:dGMv9D7Rfzrk7CTPhfe8k3XTmClkPZ+MJ:rVdE7N36CU+MJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-16_16bba0e44fa5b1cd2301298454decb64_magniber

Files

2024-04-16_16bba0e44fa5b1cd2301298454decb64_magniber
.exe windows:4 windows x86 arch:x86

aa6eeb23445f3b1ff9df3830b7ee0f37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_Trunk\workspace\Cku\qqpcmgr_proj\Basic\Output\BinFinal\Uninst.pdb

Imports

kernel32

SetUnhandledExceptionFilter
SearchPathW
CreateEventW
WriteProcessMemory
GetCurrentProcessId
HeapFree
VirtualAllocEx
TerminateProcess
GetProcessHeap
HeapAlloc
FreeResource
WriteFile
SetEvent
CreateFileA
GetWindowsDirectoryW
CreateDirectoryW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
IsBadReadPtr
SetErrorMode
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetDriveTypeA
GetCurrentDirectoryA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
lstrcpynW
IsValidCodePage
GetOEMCP
HeapCreate
GetModuleFileNameA
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
CreateThread
ExitThread
GetFullPathNameW
GetModuleHandleA
IsDebuggerPresent
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetLocaleInfoW
GetUserDefaultUILanguage
SetFilePointer
MoveFileW
DuplicateHandle
CreatePipe
GetStdHandle
IsDBCSLeadByte
GetCPInfo
LoadLibraryA
ReleaseMutex
QueryDosDeviceW
GetLogicalDriveStringsW
VirtualQuery
GetSystemDefaultLangID
SystemTimeToFileTime
GetPrivateProfileStringW
SetFileAttributesW
LocalAlloc
WaitForSingleObject
GetEnvironmentVariableW
GetLocalTime
CreateProcessW
LocalFree
GetFileAttributesW
GetCommandLineW
FindNextFileW
RemoveDirectoryW
FindClose
Process32FirstW
GetSystemInfo
GetFileSize
Process32NextW
ReadFile
ExitProcess
GetTickCount
GetTempFileNameW
DeviceIoControl
DeleteFileW
CreateFileW
GetExitCodeProcess
CopyFileW
MoveFileExW
Sleep
FindFirstFileW
CreateToolhelp32Snapshot
GetTempPathW
GetProcessTimes
GetSystemTimeAsFileTime
OpenProcess
GlobalLock
lstrcmpW
OutputDebugStringW
GlobalUnlock
MulDiv
GlobalAlloc
WideCharToMultiByte
FlushInstructionCache
CreateFileMappingW
LeaveCriticalSection
lstrcmpiW
LoadLibraryExW
CreateMutexW
EnterCriticalSection
lstrlenW
FreeLibrary
UnmapViewOfFile
GetVersion
MapViewOfFileEx
MultiByteToWideChar
lstrlenA
InterlockedDecrement
SetLastError
RaiseException
InterlockedIncrement
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
GetVersionExW
GetSystemDirectoryW
LoadResource
LockResource
FindResourceExW
GetCurrentProcess
FindResourceW
SizeofResource
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
DebugBreak

user32

InvalidateRect
SetForegroundWindow
LoadStringW
LoadImageW
CopyImage
mouse_event
UnregisterClassA
RegisterWindowMessageW
PostQuitMessage
ShowCursor
MoveWindow
SetWindowLongW
AttachThreadInput
GetWindowThreadProcessId
MapWindowPoints
CopyRect
GetProcessWindowStation
CloseWindowStation
CloseDesktop
GetThreadDesktop
ReleaseDC
SetRect
GetDesktopWindow
GetWindowLongW
RegisterClassExW
SystemParametersInfoW
InflateRect
IsWindowEnabled
IsWindow
GetActiveWindow
GetParent
SetActiveWindow
CharNextW
DispatchMessageW
GetMessageW
GetDlgItem
GetClientRect
GetWindowRect
SendMessageW
TranslateMessage
LoadCursorW
GetDC
ShowWindow
SetWindowPos
GetWindow
PeekMessageW
DestroyWindow
GetForegroundWindow
EnableWindow
LoadIconW
GetSystemMetrics
DrawFrameControl
DrawIconEx
OffsetRect
GetDlgCtrlID
SetTimer
GetUserObjectInformationW
PostThreadMessageW
UpdateLayeredWindow
EqualRect
PtInRect
GetMonitorInfoW
SetCursor
GetSystemMenu
DrawTextW
GetKeyState
DestroyIcon
MonitorFromWindow
TrackPopupMenu
SendMessageTimeoutW
FindWindowW
MsgWaitForMultipleObjects
FillRect
InvalidateRgn
BeginPaint
EndPaint
SetFocus
FindWindowExW
DestroyAcceleratorTable
IsWindowVisible
ClientToScreen
KillTimer
RedrawWindow
SetCapture
GetClassNameW
ScreenToClient
IsChild
CreateAcceleratorTableW
ReleaseCapture
CallWindowProcW
DefWindowProcW
GetFocus
PostMessageW
GetWindowTextW
SetWindowTextW
GetSysColor
FrameRect
GetWindowTextLengthW
GetClassInfoExW
CreateWindowExW

gdi32

CreateFontIndirectW
CreateBitmap
CreateCompatibleBitmap
GetObjectW
DeleteObject
SetBkColor
Rectangle
StretchBlt
SetTextColor
DeleteDC
GetStockObject
GetCurrentObject
CreateDIBSection
SelectObject
CreatePen
BitBlt
MoveToEx
TextOutW
LineTo
RoundRect
CombineRgn
CreateRectRgnIndirect
GetClipRgn
GetDeviceCaps
SelectClipRgn
CreateCompatibleDC
CreateSolidBrush
RectInRegion
SetBkMode
GetTextExtentPoint32W
ExtTextOutW
SaveDC
CreateRectRgn
RestoreDC

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenServiceW
RegLoadKeyW
DeleteService
QueryServiceConfig2W
OpenSCManagerW
ChangeServiceConfig2W
CloseServiceHandle
RegEnumValueW
ControlService
QueryServiceStatus
RegUnLoadKeyW
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
RegRestoreKeyW
IsTextUnicode

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHChangeNotify

ole32

CoInitialize
CoUninitialize
CoGetClassObject
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
StringFromGUID2
CLSIDFromProgID
PropVariantClear
CoInitializeEx
OleLockRunning
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

DispCallFunc
VariantClear
LoadRegTypeLi
SysStringByteLen
VarBstrCmp
VariantInit
SysStringLen
OleCreateFontIndirect
LoadTypeLi
VarUI4FromStr
OleLoadPicture
SysAllocString
SysFreeString
SysAllocStringLen

shlwapi

PathAddBackslashW
PathAppendW
StrToIntA
SHDeleteKeyW
PathRemoveFileSpecW
PathFindFileNameW
SHStrDupW
SHDeleteValueW
wnsprintfW
PathUnquoteSpacesW
PathFileExistsW

comctl32

_TrackMouseEvent

ws2_32

ntohl
htons
htonl
WSCDeinstallProvider
WSCEnumProtocols

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
GetProcessMemoryInfo

gdiplus

GdipAlloc
GdipLoadImageFromStream
GdipCreateImageAttributes
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipDrawImageI
GdipGetImageWidth
GdipDrawImageRectRectI
GdiplusStartup
GdipGetImageHeight
GdipDrawImageRectI
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipFree
GdiplusShutdown
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipDeleteGraphics

wininet

InternetOpenW
InternetOpenUrlW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

fltlib

FilterUnload

crypt32

CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW

netapi32

Netbios

Sections

.text
Size: 836KB - Virtual size: 832KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aa6eeb23445f3b1ff9df3830b7ee0f37

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

psapi

gdiplus

wininet

version

fltlib

crypt32

netapi32

Sections

.text Size: 836KB - Virtual size: 832KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 20KB - Virtual size: 28KB

.rsrc Size: 584KB - Virtual size: 583KB

.reloc Size: 108KB - Virtual size: 108KB

.text
Size: 836KB - Virtual size: 832KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 20KB - Virtual size: 28KB

.rsrc
Size: 584KB - Virtual size: 583KB

.reloc
Size: 108KB - Virtual size: 108KB