2024-04-16_eddd4bf5850376ce01ddb88220b72f6b_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-16_eddd4bf5850376ce01ddb88220b72f6b_magniber
Size

3.4MB
MD5

eddd4bf5850376ce01ddb88220b72f6b
SHA1

ed06c0434c32c037cb4b29f8efc5689fd7b23bd3
SHA256

2b27b0256554a4af525dff5b7e5b1293b1b5de04e3173b6b233f7069ab364d32
SHA512

35179ac62113fe62d932b6f080f469a911051a30fa433622350fd40ec67c6ab7515cd41b6f4e24159748131fcc6a045b78e115a04d5d243b7d00486145b128bc
SSDEEP

49152:0aagsNvpR0xUgjzpfCSE3hjXvApLnnoCfs+DTNDpmuCc6CE934PZ9T:vwNvpqKgjzdZLnoCfsu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-16_eddd4bf5850376ce01ddb88220b72f6b_magniber

Files

2024-04-16_eddd4bf5850376ce01ddb88220b72f6b_magniber
.exe windows:5 windows x86 arch:x86

f28ce1356a85fcfcb46834bd5f6151b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\pc-2345softmgr-build\SoftMgr\main\bin\Win32\release\pdb\2345SoftMgr.pdb

Imports

crypt32

CryptMsgClose
CryptDecodeObject
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptQueryObject
CertFreeCertificateContext

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

Sleep
GetCurrentProcess
ExpandEnvironmentStringsW
GetVersion
GetDriveTypeW
GetCurrentThread
GetVolumeInformationW
GetDiskFreeSpaceW
GetLogicalDriveStringsW
InterlockedCompareExchange
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
GetThreadContext
SetThreadContext
SuspendThread
ResumeThread
SetLastError
WaitForMultipleObjects
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
ReadFile
SetEndOfFile
GetFileSize
GetComputerNameW
GetTickCount
WaitForSingleObject
GetProcessHeap
GetACP
GlobalMemoryStatusEx
InterlockedExchange
InterlockedExchangeAdd
lstrlenW
GetPrivateProfileStringW
GetModuleHandleW
GetVersionExW
GetFileAttributesW
HeapAlloc
GlobalFree
GlobalAlloc
OpenProcess
HeapFree
DeleteFileW
lstrcpyW
LocalFree
lstrcmpA
LocalAlloc
CreateFileMappingW
FileTimeToLocalFileTime
FileTimeToSystemTime
EnumResourceNamesW
SizeofResource
GetUserDefaultLangID
WriteConsoleW
GetLocalTime
GetCurrentThreadId
CreateFileW
SetFilePointer
GetModuleFileNameW
WriteFile
FreeLibrary
GetProcAddress
GetWindowsDirectoryW
CreateDirectoryW
LoadLibraryW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcessId
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
MoveFileExW
CloseHandle
GetLastError
HeapSize
SetStdHandle
OutputDebugStringA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
HeapReAlloc
SetConsoleCtrlHandler
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
CreateMutexW
SetEvent
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetFileType
GetStdHandle
WaitNamedPipeW
TransactNamedPipe
DuplicateHandle
SetNamedPipeHandleState
VirtualQueryEx
OpenThread
InterlockedIncrement
CreateSemaphoreW
CreateThread
TerminateThread
GetProcessId
InterlockedDecrement
ReleaseSemaphore
RtlCaptureContext
WritePrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileSectionW
GetSystemDirectoryW
FindFirstFileW
FindNextFileW
DeviceIoControl
FindClose
CreateProcessW
QueryInformationJobObject
WriteProcessMemory
AssignProcessToJobObject
CreateJobObjectW
IsProcessInJob
GetModuleHandleA
VirtualAllocEx
CreateRemoteThread
TerminateJobObject
GetExitCodeProcess
GetLongPathNameW
GetShortPathNameW
GetFileAttributesExW
SearchPathW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
LockResource
GetSystemInfo
LoadResource
FindResourceW
lstrcmpiW
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
ReleaseMutex
OpenMutexW
QueryDosDeviceW
LoadLibraryExW
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
OpenEventW
CreateEventW
ResetEvent
SetFileTime
GetFileTime
GetComputerNameExW
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
DosDateTimeToFileTime
FileTimeToDosDateTime
TerminateProcess
GetFullPathNameW
RemoveDirectoryW
GetTempPathW
SetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
CopyFileW
GetTempFileNameW
MoveFileW
lstrcatW
GetFileSizeEx
FormatMessageW
GetStringTypeW
EncodePointer
GetCPInfo
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
OutputDebugStringW

user32

GetClassNameW
GetDesktopWindow
GetForegroundWindow
SetFocus
AttachThreadInput
WindowFromPoint
GetShellWindow
GetSystemMetrics
SetWindowPos
GetFocus
CreateIconFromResourceEx
PrivateExtractIconsW
UnregisterClassW
GetWindowThreadProcessId
DestroyIcon
LookupIconIdFromDirectoryEx
LoadImageW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetWindowTextLengthW
GetDC
IsWindowVisible
EnumChildWindows
IsWindow
EnumDesktopWindows
ReleaseDC
GetActiveWindow
GetParent
GetWindowRect
FindWindowW
SendMessageW
GetIconInfo
OpenDesktopW
CloseDesktop
GetWindowTextW

advapi32

LookupPrivilegeValueW
IsValidSid
GetTokenInformation
GetLengthSid
ConvertSidToStringSidW
FreeSid
OpenProcessToken
AllocateAndInitializeSid
EqualSid
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetEntriesInAclW
RegQueryValueExW
RegOpenKeyExW
SystemFunction036
CheckTokenMembership
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
SetNamedSecurityInfoW
AdjustTokenPrivileges

shell32

SHGetFileInfoW
SHFileOperationW
ShellExecuteExW
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteW
SHChangeNotify
SHGetSpecialFolderLocation
ExtractIconExW
SHGetPathFromIDListW
DuplicateIcon
ord727

ole32

OleInitialize
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
OleUninitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
VariantClear
SysAllocString

shlwapi

SHDeleteKeyW
PathRemoveFileSpecW
PathFileExistsW

wininet

InternetGetConnectedState
InternetCheckConnectionW

iphlpapi

GetAdaptersInfo

imagehlp

ImageEnumerateCertificates
ImageRemoveCertificate

gdiplus

GdipGetImageHeight
GdipGetImageEncoders
GdipLoadImageFromFileICM
GdipCloneImage
GdipLoadImageFromFile
GdipDisposeImage
GdipCreateHICONFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipFree
GdipGetImageRawFormat
GdipGetImageEncodersSize
GdipGetImageWidth
GdiplusShutdown
GdiplusStartup
GdipAlloc
GdipSaveImageToFile

gdi32

DeleteDC
DeleteObject
CreateCompatibleDC
CreateFontIndirectW
GetObjectW
GetStockObject
GetTextExtentPointW
GetTextExtentExPointW
SelectObject
GetDIBits

Exports

Exports

CheckSignerInfo
ExportFunc01
ExportFunc02
IsNetConnect

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f28ce1356a85fcfcb46834bd5f6151b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

iphlpapi

imagehlp

gdiplus

gdi32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 393KB - Virtual size: 392KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 60KB - Virtual size: 60KB

.reloc Size: 1.0MB - Virtual size: 1.0MB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 393KB - Virtual size: 392KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 60KB - Virtual size: 60KB

.reloc
Size: 1.0MB - Virtual size: 1.0MB