2024-04-16_18c428b7806a42626ce68622769866b7_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-16_18c428b7806a42626ce68622769866b7_magniber
Size

3.0MB
MD5

18c428b7806a42626ce68622769866b7
SHA1

ca6d7d43ac100cd34d13f70e1c2f6cd9d421a15f
SHA256

81827199b7d3fa4855462ce24a841266fd5642cc342351e27c3830cc55de2ad2
SHA512

bd4dba0bf28b559e279f2d50f2aaedae6a0ce2a5cbb355a518c03909a7015315e0cf326b81483777db147920b4daba8e53273e43f1c18cafcfc36ba5a3891f1d
SSDEEP

49152:TVKEZNNfnV9mAFu1UTYrEAV1Uhw7osb0b7BLEjEt:T8CNNfnLmAFu1+Y1dE9

Score

1^/10

Malware Config

Signatures

Files

2024-04-16_18c428b7806a42626ce68622769866b7_magniber
.exe windows:6 windows x86 arch:x86

fee869329d95739d997a767258e5a81f

Code Sign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:76:99:1c:eb:b0:7f:56:8c:5f:cf:ba:1c:cc:ee:97:32:6c:ce:5b:bf:c1:25:05:8e:f4:83:d2:b6:b3:4c:f3
Signer

Actual PE Digest

f1:76:99:1c:eb:b0:7f:56:8c:5f:cf:ba:1c:cc:ee:97:32:6c:ce:5b:bf:c1:25:05:8e:f4:83:d2:b6:b3:4c:f3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\_work\1\s\target\x86\Release\QuickAssist.pdb

Imports

rpcrt4

RpcStringBindingComposeW
RpcExceptionFilter
RpcBindingSetAuthInfoExW
UuidCreate
NdrClientCall2
RpcStringFreeW
RpcBindingFromStringBindingW
NdrAsyncClientCall
RpcBindingFree

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableA
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
GetEnvironmentVariableW
FreeEnvironmentStringsW
GetStdHandle
SetStdHandle
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW

api-ms-win-core-file-l1-1-0

GetFinalPathNameByHandleW
SetFileAttributesW
FindNextFileW
GetFullPathNameW
SetEndOfFile
SetFileTime
FindFirstFileExW
GetFileType
CreateDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
SetFileInformationByHandle
CreateFileW
GetFileSizeEx
WriteFile
DeleteFileW
GetTempFileNameW
GetFileAttributesW
FlushFileBuffers
ReadFile
GetDiskFreeSpaceExW
SetFilePointerEx
FindClose

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
InitializeConditionVariable
WakeConditionVariable
InitOnceComplete
InitOnceBeginInitialize
WakeAllConditionVariable
InitOnceExecuteOnce
Sleep

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
CreateSemaphoreExW
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
WaitForSingleObjectEx
WaitForSingleObject
ReleaseMutex
OpenMutexW
ReleaseSemaphore
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventExW
CreateMutexExW
OpenSemaphoreW
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeCriticalSection
WaitForMultipleObjectsEx
LeaveCriticalSection
DeleteCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
CreateEventW
ResetEvent
SetEvent

api-ms-win-core-processthreads-l1-1-0

CreateThread
ResumeThread
GetCurrentThread
ExitProcess
GetCurrentProcessId
GetStartupInfoW
ExitThread
TlsAlloc
GetCurrentProcess
OpenProcessToken
TlsGetValue
TlsSetValue
TerminateProcess
TlsFree
SwitchToThread
CreateProcessAsUserW
GetExitCodeThread
GetCurrentThreadId

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
LoadLibraryExW
LoadResource
FreeLibraryAndExitThread
LockResource
SizeofResource
GetModuleFileNameW
GetModuleHandleW
FreeLibrary
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
GetTokenInformation
CheckTokenMembership
CreateRestrictedToken
CreateWellKnownSid

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

GetCPInfo
GetOEMCP
FormatMessageW
EnumSystemLocalesW
IsValidCodePage
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FormatMessageA
GetACP

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
GetMonitorInfoW
EnumDisplayMonitors
GetSystemMetrics

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumValueW
RegGetValueW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-com-l1-1-0

CoCreateInstance
PropVariantClear
StringFromCLSID
CLSIDFromString
CoCreateFreeThreadedMarshaler
CoUninitialize
CoInitializeEx
CoGetApartmentType
CLSIDFromProgID
CoTaskMemAlloc
CoCreateInstanceFromApp
StringFromGUID2
CoCreateGuid
CoTaskMemFree
CreateStreamOnHGlobal
CoGetObjectContext

urlmon

URLDownloadToFileW

oleaut32

SysAllocStringLen
SysStringLen
SysAllocString
SetErrorInfo
GetErrorInfo
VariantClear
LoadRegTypeLi
OleCreateFontIndirect
VariantInit
VariantChangeType
SysFreeString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsDeleteString
WindowsGetStringLen
WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer
WindowsSubstringWithSpecifiedLength
WindowsDuplicateString

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventWrite
EventRegister
EventUnregister
EventSetInformation

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
GetScaleFactorForMonitor
SetProcessDpiAwareness

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

wintrust

WinVerifyTrust

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoOriginateErrorW
SetRestrictedErrorInfo
RoOriginateError
RoTransformError

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrcmpW
lstrcmpiW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-com-l1-1-1

RoGetAgileReference

d3d11

D3D11CreateDevice

d2d1

ord1

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetSystemInfo

api-ms-win-core-threadpool-l1-2-0

FreeLibraryWhenCallbackReturns
CloseThreadpoolWork
SubmitThreadpoolWork
TrySubmitThreadpoolCallback
CreateThreadpoolWork
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CallbackMayRunLong

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

api-ms-win-eventlog-legacy-l1-1-0

DeregisterEventSource
RegisterEventSourceW
ReportEventW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeExW
CompareStringW
WideCharToMultiByte
GetStringTypeW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

crypt32

CryptUnprotectData
CryptProtectData

api-ms-win-core-stringansi-l1-1-0

CharLowerA
CharUpperA

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-localization-ansi-l1-1-0

GetStringTypeExA

api-ms-win-core-string-l2-1-0

CharUpperW
CharLowerW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualAlloc
VirtualFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetSystemTimePreciseAsFileTime

api-ms-win-core-file-l2-1-0

CreateDirectoryExW
MoveFileExW
GetFileInformationByHandleEx
CreateHardLinkW
CreateSymbolicLinkW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind
RtlCaptureStackBackTrace

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
ReadConsoleW
SetConsoleCtrlHandler

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-fibers-l1-1-0

FlsGetValue
FlsAlloc
FlsSetValue
FlsFree

netapi32

NetGetAadJoinInformation

user32

DispatchMessageW
SendMessageW
CreateWindowExW
TranslateMessage
GetMessageW
SetWindowLongW
SetFocus
GetWindowLongW
InvalidateRect
IsDialogMessageW
GetAncestor
wsprintfW
RegisterWindowMessageW
GetDesktopWindow
CallWindowProcW
RegisterClassExW
GetClassInfoExW
PostMessageW
GetClientRect
MessageBoxW
DefWindowProcW
PostQuitMessage
UnregisterClassW
DestroyWindow
IsWindow
IsChild
GetDlgItem
GetFocus
SetCapture
ReleaseCapture
CreateAcceleratorTableW
SetLayeredWindowAttributes
LoadIconW
GetSysColorBrush
SetClassLongW
GetClassLongW
CallNextHookEx
ShowWindow
SetWindowPos
BringWindowToTop
GetSystemMenu
EnableMenuItem
UnhookWindowsHookEx
SetWindowsHookExW
SendInput
UpdateWindow
GetDC
ReleaseDC
BeginPaint
EndPaint
UpdateLayeredWindow
KillTimer
SetWindowTextW
GetWindowRect
SetTimer
LoadCursorW
GetWindow
InvalidateRgn
GetClassNameW
GetParent
FillRect
RedrawWindow
GetSysColor
GetWindowTextLengthW
GetWindowTextW
MonitorFromWindow

gdi32

GetDeviceCaps
DeleteObject
GetStockObject
GetObjectW
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SelectObject
GetTextExtentPoint32W
CreateFontIndirectW
SetBkMode

uxtheme

SetWindowThemeAttribute

comctl32

InitCommonControlsEx

dcomp

DCompositionCreateSurfaceHandle
DCompositionCreateDevice2

sas

SendSAS

gdiplus

GdipGetImageGraphicsContext
GdipFree
GdipImageGetFrameCount
GdipDrawImageI
GdipGetImageWidth
GdipGetPropertyItemSize
GdipDisposeImage
GdipCloneImage
GdipGraphicsClear
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipAlloc
GdipImageGetFrameDimensionsList
GdipGetPropertyItem
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipGetImageHeight
GdipImageSelectActiveFrame
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI
GdipCreateFromHDC

ext-ms-win-com-ole32-l1-1-0

OleUninitialize
OleInitialize
OleLockRunning

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ext-ms-win-ole32-bindctx-l1-1-0

CoGetObject

ext-ms-win-shell-shell32-l1-2-0

ShellExecuteW

ext-ms-win-kernel32-windowserrorreporting-l1-1-1

RegisterApplicationRestart

mdmregistration

IsDeviceRegisteredWithManagement

dwmapi

DwmSetWindowAttribute

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 159KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 427KB - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fee869329d95739d997a767258e5a81f

Code Sign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

f1:76:99:1c:eb:b0:7f:56:8c:5f:cf:ba:1c:cc:ee:97:32:6c:ce:5b:bf:c1:25:05:8e:f4:83:d2:b6:b3:4c:f3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-com-l1-1-0

urlmon

oleaut32

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-shcore-scaling-l1-1-1

api-ms-win-shcore-obsolete-l1-1-0

wintrust

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-com-l1-1-1

d3d11

d2d1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-url-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-shutdown-l1-1-1

api-ms-win-eventlog-legacy-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-profile-l1-1-0

crypt32

api-ms-win-core-stringansi-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-localization-ansi-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-fibers-l1-1-0

netapi32

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

f1:76:99:1c:eb:b0:7f:56:8c:5f:cf:ba:1c:cc:ee:97:32:6c:ce:5b:bf:c1:25:05:8e:f4:83:d2:b6:b3:4c:f3
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 159KB - Virtual size: 167KB

.rsrc
Size: 427KB - Virtual size: 426KB

.reloc
Size: 140KB - Virtual size: 140KB