2024-04-19_e5b2879b6573b16c2f064d381e89774e_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-19_e5b2879b6573b16c2f064d381e89774e_magniber
Size

6.6MB
MD5

e5b2879b6573b16c2f064d381e89774e
SHA1

418d30894d1de8c4dd89184e3e3a3d0e49d10122
SHA256

9de5065a94052cb11d124e22083ef15d32dda59142f1ebfc2cdc61ea94f82869
SHA512

0cb6e05aa00c4dbb2b8ed935b46d997d0a7599865c1e1f73e2b68f79c6ecce3a4ca2dcfd133ed2217f3fc69981cbda83350748c89a141bf4e2e8ed7acd2ecdc8
SSDEEP

98304:0y9CUn9m2x86y4k5+mX1OOl8raKxXN5SSeDE33U6:0y93ki86y4nVOCP3SSem3U6

Score

10^/10

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-19_e5b2879b6573b16c2f064d381e89774e_magniber

Files

2024-04-19_e5b2879b6573b16c2f064d381e89774e_magniber
.exe windows:5 windows x86 arch:x86

f7612069d192758b9abba5899653620c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
GetCurrentProcess
lstrcmpiW
FileTimeToSystemTime
SystemTimeToFileTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetFileAttributesW
GetCommandLineW
RtlUnwind
ExitProcess
GetModuleHandleExW
AreFileApisANSI
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
HeapQueryInformation
GetStdHandle
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
GetTickCount
IsValidCodePage
GetOEMCP
GetCPInfo
GetTimeZoneInformation
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
CreateFileW
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableA
GetSystemDefaultLangID
GetTempFileNameW
CreateFileA
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
GetLogicalDrives
GetSystemDefaultLCID
GetSystemPowerStatus
GetSystemDirectoryA
GetTempPathW
CreateFileMappingW
QueryDosDeviceW
GetSystemInfo
GetTempPathA
OpenFile
SystemTimeToTzSpecificLocalTime
GetLogicalDriveStringsW
CreateDirectoryW
GetDriveTypeA
OpenProcess
GetFileAttributesA
FindFirstFileA
RemoveDirectoryW
FindNextFileW
GetLocalTime
DeviceIoControl
FindResourceA
MoveFileExW
Process32FirstW
LockFile
Process32NextW
CreateToolhelp32Snapshot
FindVolumeClose
SetVolumeMountPointW
GetVolumeInformationA
DeleteVolumeMountPointW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
DefineDosDeviceW
SetVolumeLabelW
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
FindFirstVolumeW
GetVolumeNameForVolumeMountPointW
lstrlenW
PeekNamedPipe
CreateProcessW
GetExitCodeProcess
CreatePipe
TryEnterCriticalSection
InterlockedCompareExchange
InterlockedExchange
InterlockedDecrement
WaitForMultipleObjects
GetExitCodeThread
GetLogicalDriveStringsA
lstrlenA
FindClose
GetVolumeInformationW
DeleteFileW
GlobalFlags
GetCurrentDirectoryW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateEventW
SetEvent
GlobalFindAtomW
GlobalAddAtomW
FreeResource
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
EncodePointer
lstrcmpW
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
FreeLibrary
GetCurrentThreadId
GetCurrentThread
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
FindResourceW
LoadLibraryA
SizeofResource
LockResource
LoadResource
GetVersionExW
LoadLibraryW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
SetLastError
OutputDebugStringA
GetACP
WideCharToMultiByte
MultiByteToWideChar
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindFirstFileExW
GetFileInformationByHandle
GetFullPathNameA
SetDllDirectoryW
GlobalMemoryStatusEx
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
CopyFileExW
CreateMutexW
HeapCompact
FlushViewOfFile
WaitForSingleObjectEx
UnlockFileEx
FormatMessageA
HeapCreate
HeapValidate
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
GetDiskFreeSpaceA
GetVersionExA
GetSystemTime
DeleteFileA
GetThreadTimes
InitializeSListHead
GetModuleHandleW
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentProcessId
CreateThread
CloseHandle
GetConsoleMode
WaitForSingleObject

user32

RemovePropW
GetPropW
SetPropW
RedrawWindow
ValidateRect
GetForegroundWindow
SetActiveWindow
UpdateWindow
SetRect
OffsetRect
ShowWindow
InflateRect
KillTimer
SetTimer
SetMenu
GetMenu
GetCapture
GetKeyState
GetDlgCtrlID
GetDlgItem
IsWindowVisible
SetWindowPos
DestroyWindow
CreateWindowExW
IsIconic
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
UnhookWindowsHookEx
PostQuitMessage
GetMenuItemCount
GetMenuItemID
GetSubMenu
IsWindowEnabled
GetTopWindow
GetLastActivePopup
GetWindow
SetWindowsHookExW
CallNextHookEx
WinHelpW
MonitorFromWindow
GetMonitorInfoW
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetActiveWindow
GetDesktopWindow
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
SetForegroundWindow
SendMessageW
PostMessageW
UnregisterClassW
GetClassInfoW
GetWindowTextW
MessageBoxW
EnableWindow
LoadBitmapW
GetMessageW
TranslateMessage
GetCursorPos
GetClientRect
GetWindowRect
AdjustWindowRectEx
ScreenToClient
MapWindowPoints
GetSysColor
SetCursor
GetWindowThreadProcessId
MoveWindow
DestroyIcon
CharUpperW
GetCaretPos
SetWindowRgn
IsZoomed
GetWindowRgn
RegisterClassExW
UpdateLayeredWindow
CloseWindow
SetCaretPos
HideCaret
IntersectRect
CreateCaret
DestroyCaret
SendMessageA
wsprintfW
CloseClipboard
ExitWindowsEx
EnumWindows
GetAsyncKeyState
GetClipboardData
OpenClipboard
GetFocus
SetFocus
IsWindow
CopyRect
EqualRect
PtInRect
GetWindowLongW
SetWindowLongW
GetClassLongW
SetWindowTextW
IsDialogMessageW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColorBrush
LoadCursorW
SetCapture
ReleaseCapture
ClientToScreen
WindowFromPoint
SystemParametersInfoW
RealChildWindowFromPoint
InvalidateRect
DrawTextW
LoadIconW
DrawTextExW
CreateDesktopW
CloseDesktop
UnionRect
GrayStringW
TabbedTextOutW
GetWindowDC
BeginPaint
EndPaint
DestroyMenu
GetClassNameW
GetClassInfoExW
SendDlgItemMessageA
GetParent

shell32

ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
DragAcceptFiles
ord165
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA
ShellExecuteW
DragQueryFileW
SHGetFileInfoW
SHGetSpecialFolderLocation

shlwapi

PathFileExistsW
PathIsRootW
PathIsDirectoryW
PathFileExistsA
PathCanonicalizeW
PathIsRootA
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW

ws2_32

shutdown
htons
setsockopt
select
inet_addr
WSAStartup
connect
ioctlsocket
WSACleanup
send
socket
closesocket
WSAGetLastError
gethostbyname
recv

oleacc

LresultFromObject
CreateStdAccessibleObject

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA

imagehlp

MakeSureDirectoryPathExists

winmm

timeSetEvent
timeKillEvent
timeGetDevCaps

gdi32

SetBkMode
EnumFontFamiliesExW
MoveToEx
TextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateFontW
GetDIBits
CreateRoundRectRgn
CreateDIBSection
CreatePolygonRgn
FillRgn
GetBitmapBits
SetBitmapBits
PtInRegion
SetPixel
SetMapMode
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
GetStockObject
GetClipBox
Escape
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePen
CreateCompatibleDC
BitBlt
DeleteObject
CreateBitmap
GetObjectW
SetTextColor
SetBkColor
GetDeviceCaps
ExtTextOutW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

GetSidIdentifierAuthority
LsaNtStatusToWinError
RegQueryInfoKeyW
ControlService
UnlockServiceDatabase
ChangeServiceConfigW
QueryServiceStatus
StartServiceW
LockServiceDatabase
OpenServiceW
OpenSCManagerW
CloseServiceHandle
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupAccountNameW
GetSidSubAuthorityCount
GetUserNameW
GetSidSubAuthority
OpenProcessToken
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LsaRetrievePrivateData
ImpersonateLoggedOnUser
RevertToSelf
RegQueryValueExA
RegOpenKeyExA
LsaOpenPolicy
LsaClose
LsaFreeMemory

ole32

CoInitialize
CoCreateGuid
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
OleSetContainedObject
CoSetProxyBlanket

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocString
VarDateFromStr
VariantTimeToSystemTime
SysFreeString

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

setupapi

SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_IDA
CM_Get_Parent
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

gdiplus

GdipDrawLineI
GdipCreateBitmapFromFile
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipCreateHBITMAPFromBitmap
GdipLoadImageFromStream
GdipCreateFontFamilyFromName
GdipCreateSolidFill
GdipDeleteBrush
GdipFillPath
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsCount
GdipGetImageWidth
GdipGetImageHeight
GdipDeletePath
GdipDrawPath
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipCreatePath
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipDeletePen
GdipDeleteFontFamily
GdipCreatePen1
GdipResetClip
GdipSetClipPath
GdipAddPathRectangleI
GdipAddPathEllipseI
GdipResetPath
GdipDrawImageRectRect
GdipSetSmoothingMode
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateFont
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetPenDashStyle

imm32

ImmDestroyContext
ImmReleaseContext
ImmSetCompositionWindow
ImmAssociateContext
ImmGetContext

iphlpapi

GetAdaptersInfo

wlanapi

WlanCloseHandle
WlanGetProfileList
WlanFreeMemory
WlanEnumInterfaces
WlanOpenHandle
WlanGetProfile

rpcrt4

UuidFromStringW
UuidToStringW
RpcStringFreeW

crypt32

CryptUnprotectData
CryptStringToBinaryW

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 570KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 198KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 510KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31.8MB - Virtual size: 31.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7612069d192758b9abba5899653620c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

ws2_32

oleacc

version

wininet

imagehlp

winmm

gdi32

winspool.drv

advapi32

ole32

oleaut32

msimg32

comctl32

setupapi

gdiplus

imm32

iphlpapi

wlanapi

rpcrt4

crypt32

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 570KB - Virtual size: 569KB

.data Size: 198KB - Virtual size: 241KB

.vmp0 Size: 510KB - Virtual size: 510KB

.reloc Size: 227KB - Virtual size: 226KB

.rsrc Size: 31.8MB - Virtual size: 31.8MB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 570KB - Virtual size: 569KB

.data
Size: 198KB - Virtual size: 241KB

.vmp0
Size: 510KB - Virtual size: 510KB

.reloc
Size: 227KB - Virtual size: 226KB

.rsrc
Size: 31.8MB - Virtual size: 31.8MB