General

Malware Config

Signatures

Files

• 2024-04-19_de717951989420c6b9790c9160a23d35_magniber

  .exe windows:5 windows x86 arch:x86

  770b6801a0e74e55768ad77ae3655811

  
  

  Code Sign

  04:5b:d7:bd:e9:5f:97:12

  Certificate

  Issuer

  CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Not Before

  09-10-2020 11:32

  Not After

  09-10-2021 11:32

  Subject

  CN=JetBrains s.r.o.,O=JetBrains s.r.o.,L=Praha 4,C=CZ

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  07

  Certificate

  Issuer

  CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Not Before

  03-05-2011 07:00

  Not After

  03-05-2031 07:00

  Subject

  CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  04:00:00:00:00:01:2f:4e:e1:52:d7

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  13-04-2011 10:00

  Not After

  28-01-2028 12:00

  Subject

  CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  24-05-2016 00:00

  Not After

  24-06-2027 00:00

  Subject

  CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  04:5b:d7:bd:e9:5f:97:12

  Certificate

  Issuer

  CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Not Before

  09-10-2020 11:32

  Not After

  09-10-2021 11:32

  Subject

  CN=JetBrains s.r.o.,O=JetBrains s.r.o.,L=Praha 4,C=CZ

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  07

  Certificate

  Issuer

  CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Not Before

  03-05-2011 07:00

  Not After

  03-05-2031 07:00

  Subject

  CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  04:00:00:00:00:01:2f:4e:e1:52:d7

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  13-04-2011 10:00

  Not After

  28-01-2028 12:00

  Subject

  CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  24-05-2016 00:00

  Not After

  24-06-2027 00:00

  Subject

  CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  fb:ee:33:f2:0a:3b:24:cd:21:75:dd:5f:9c:1d:29:98:a6:d5:cd:89:6c:73:91:88:9c:47:82:58:0c:47:f0:a2

  Signer

  Actual PE Digest

  fb:ee:33:f2:0a:3b:24:cd:21:75:dd:5f:9c:1d:29:98:a6:d5:cd:89:6c:73:91:88:9c:47:82:58:0c:47:f0:a2

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  07:c9:fd:f5:e4:9c:8f:e7:98:12:90:af:19:1f:b5:0a:7a:be:7b:51

  Signer

  Actual PE Digest

  07:c9:fd:f5:e4:9c:8f:e7:98:12:90:af:19:1f:b5:0a:7a:be:7b:51

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\vmagent_new\bin\joblist\222359\out\Release\360AdvToolExecutor.pdb

  Imports

  kernel32

  LockResource

  LoadResource

  FindResourceExW

  InterlockedIncrement

  InterlockedDecrement

  lstrlenW

  GetLastError

  InitializeCriticalSection

  MultiByteToWideChar

  LoadLibraryExW

  lstrcmpiW

  Sleep

  GetCommandLineW

  CloseHandle

  DeviceIoControl

  CreateFileW

  GetCurrentProcessId

  CreateProcessW

  WriteFile

  GetLocalTime

  FileTimeToSystemTime

  FileTimeToLocalFileTime

  GetProcessTimes

  SetFilePointer

  GetFileSize

  GetTickCount

  DeleteFileW

  CreateThread

  WaitForSingleObject

  CreateEventW

  LocalFree

  CreateMutexW

  OpenMutexW

  SetEnvironmentVariableA

  CompareStringW

  CompareStringA

  GetTimeZoneInformation

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  SetStdHandle

  IsValidLocale

  EnumSystemLocalesA

  GetUserDefaultLCID

  GetDateFormatA

  SizeofResource

  GetStringTypeW

  GetStringTypeA

  LCMapStringA

  GetLocaleInfoA

  GetLocaleInfoW

  QueryPerformanceCounter

  GetStartupInfoA

  GetFileType

  SetHandleCount

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  LCMapStringW

  FlushFileBuffers

  GetConsoleMode

  GetConsoleCP

  WideCharToMultiByte

  InitializeCriticalSectionAndSpinCount

  InterlockedExchange

  SetConsoleCtrlHandler

  GetModuleHandleA

  FindResourceW

  EnterCriticalSection

  LeaveCriticalSection

  GetModuleFileNameW

  GetModuleHandleW

  LoadLibraryW

  GetCurrentProcess

  FlushInstructionCache

  DeleteCriticalSection

  RaiseException

  IsValidCodePage

  GetOEMCP

  GetACP

  GetCPInfo

  GetModuleFileNameA

  GetStdHandle

  GetCurrentThread

  FatalAppExitA

  HeapCreate

  GetStartupInfoW

  ExitProcess

  FreeLibrary

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  TerminateProcess

  RtlUnwind

  ExitThread

  TlsFree

  DeleteAtom

  FindAtomW

  TlsAlloc

  ReleaseMutex

  AddAtomW

  GetCurrentThreadId

  SetLastError

  OpenThread

  GetAtomNameW

  TlsSetValue

  GetProcAddress

  GetTimeFormatA

  InterlockedCompareExchange

  HeapFree

  GetProcessHeap

  HeapAlloc

  LoadLibraryA

  IsProcessorFeaturePresent

  VirtualFree

  VirtualAlloc

  HeapDestroy

  HeapReAlloc

  HeapSize

  CreateFileA

  SystemTimeToFileTime

  GetSystemTimeAsFileTime

  LocalFileTimeToFileTime

  SetEndOfFile

  SetFilePointerEx

  ReadFile

  GetFileSizeEx

  OutputDebugStringW

  FormatMessageW

  GetSystemTime

  TlsGetValue

  user32

  TranslateMessage

  GetMessageW

  DefWindowProcW

  UnregisterClassA

  CreateDialogParamW

  DispatchMessageW

  SetWindowLongW

  DestroyWindow

  SendMessageTimeoutW

  FindWindowW

  GetActiveWindow

  MessageBoxW

  RegisterClassW

  GetWindowThreadProcessId

  GetParent

  GetWindow

  GetWindowRect

  GetWindowLongW

  MonitorFromWindow

  GetMonitorInfoW

  GetClientRect

  MapWindowPoints

  SetWindowPos

  IsDialogMessageW

  SendMessageW

  PostQuitMessage

  GetSystemMetrics

  LoadImageW

  IsWindow

  PostMessageW

  CharNextW

  GetClassInfoW

  PeekMessageW

  advapi32

  RegQueryValueExA

  RegDeleteValueW

  RegCloseKey

  RegCreateKeyExW

  RegQueryValueExW

  RegQueryInfoKeyW

  RegSetValueExW

  RegEnumKeyExW

  RegOpenKeyExW

  RegDeleteKeyW

  shell32

  ShellExecuteExW

  SHCreateDirectoryExW

  ShellExecuteW

  CommandLineToArgvW

  SHGetSpecialFolderPathW

  ole32

  CoInitialize

  CoCreateInstance

  CoTaskMemFree

  CoTaskMemAlloc

  CoTaskMemRealloc

  CoUninitialize

  oleaut32

  VarUI4FromStr

  SysFreeString

  shlwapi

  PathRemoveFileSpecW

  PathAppendW

  PathFindFileNameW

  PathFileExistsW

  PathRemoveExtensionW

  SHGetValueW

  PathCombineW

  comctl32

  InitCommonControlsEx

  wintrust

  WinVerifyTrust

  WTHelperProvDataFromStateData

  crypt32

  CertGetNameStringW

  Sections

  .text

  Size: 361KB - Virtual size: 364KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 42KB - Virtual size: 44KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 9KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 883KB - Virtual size: 882KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ