2024-04-25_d4dd9a926fa3fd5f01dcef893b6d66b7_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-25_d4dd9a926fa3fd5f01dcef893b6d66b7_magniber
Size

3.5MB
MD5

d4dd9a926fa3fd5f01dcef893b6d66b7
SHA1

554765742bfbb841c12bb8d0adf5447bcb21ef90
SHA256

a5c57d7508b842002907235298ab8d0c1d8304f7cc9e82f65ec8e399aa929137
SHA512

18c9a9e9f48b41246178a429f281769dc1e416c5c3bd98539499b03ab2f7dffc1adc2b1923df4aa3478445f22fdccdf7acae2478fee98c6300bedb1f7e94d45e
SSDEEP

49152:Vk/UimpVJqxt2w5UnaDaMBiD2OtOwjd1mgwUGDTAFzb0+tlw1R7e03OlJvb+rnbB:Gt7t2w5X0plwUGvGzbi1RvmCrnbvLF

Score

1^/10

Malware Config

Signatures

Files

2024-04-25_d4dd9a926fa3fd5f01dcef893b6d66b7_magniber
.exe windows:5 windows x86 arch:x86

84ec01823f73f4652e88cb5ded83c3fb

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:de:6c:1e:6d:cb:34:df:98:69:ae:dc:15:7f:07:25
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/05/2021, 00:00

Not After

28/05/2024, 23:59

Subject

CN=Chengdu Qilu Technology Co. Ltd.,O=Chengdu Qilu Technology Co. Ltd.,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:4d:4e:9c:76:d2:8b:c4:d6:93:26:4c:17:f0:7f:a6:98:c2:fe:a1:09:e4:65:70:74:6a:9f:73:88:1b:08:1d
Signer

Actual PE Digest

16:4d:4e:9c:76:d2:8b:c4:d6:93:26:4c:17:f0:7f:a6:98:c2:fe:a1:09:e4:65:70:74:6a:9f:73:88:1b:08:1d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\master_lu\ComputerZTray\ComputerZTray\Release\ComputerZTray.pdb

Imports

kernel32

SystemTimeToFileTime
LocalFileTimeToFileTime
WaitForSingleObjectEx
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetShortPathNameW
GetLongPathNameW
ReleaseMutex
CreateMutexW
GetLogicalDriveStringsW
QueryDosDeviceW
MulDiv
CopyFileW
GetExitCodeProcess
ResetEvent
DeviceIoControl
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
OpenEventW
OutputDebugStringW
GetTempFileNameW
SetCurrentDirectoryW
GetFileSize
FlushFileBuffers
CreateDirectoryW
ExpandEnvironmentStringsW
GlobalAddAtomW
GlobalFindAtomW
RegisterWaitForSingleObject
UnregisterWait
FreeResource
FormatMessageW
GetSystemDirectoryW
CreateFileW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
SetFilePointer
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
GetVersionExW
GetStartupInfoW
CreateProcessW
OpenMutexW
WritePrivateProfileStringW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
ReadConsoleW
SetStdHandle
GetCurrentDirectoryW
EnumSystemLocalesW
GetCurrentProcess
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCurrentThread
WriteConsoleW
GetACP
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetDriveTypeW
QueryPerformanceFrequency
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
RtlUnwind
TerminateThread
DosDateTimeToFileTime
GetPrivateProfileStringW
FileTimeToLocalFileTime
SetFileTime
GetFileTime
TryEnterCriticalSection
AreFileApisANSI
HeapCreate
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
SetEndOfFile
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
OpenProcess
LoadLibraryA
GetVersionExA
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
GetSystemTime
FormatMessageA
InterlockedExchangeAdd
QueryPerformanceCounter
UnhandledExceptionFilter
GetFileSizeEx
GetSystemWindowsDirectoryW
CreateFileA
lstrcmpiA
lstrcmpA
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetStringTypeW
LoadLibraryExA
VirtualFree
GetLocalTime
IsBadReadPtr
GetCommandLineW
LoadLibraryExW
lstrcmpiW
SetErrorMode
SetUnhandledExceptionFilter
GetCurrentProcessId
VirtualProtect
InterlockedDecrement
InterlockedIncrement
DecodePointer
LocalAlloc
PeekNamedPipe
CreatePipe
SetHandleInformation
ReadFile
WriteFile
Sleep
TerminateProcess
MoveFileExW
MoveFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetVersion
FreeLibrary
LocalFree
GetPrivateProfileIntW
CreateEventW
WaitForMultipleObjects
SetEvent
InterlockedCompareExchange
InterlockedExchange
SetLastError
FindResourceExW
FindResourceW
GetModuleHandleW
GetModuleFileNameW
SizeofResource
LoadResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetTickCount
CloseHandle
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetProcAddress
GetCurrentThreadId
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetFullPathNameW
RemoveDirectoryW
GetWindowsDirectoryW
GetTempPathW
lstrlenW
FindClose
ResumeThread
FlushViewOfFile
GlobalMemoryStatusEx
FileTimeToDosDateTime
GetFileAttributesExW
GetUserDefaultLCID

user32

DispatchMessageW
PeekMessageW
ShowWindow
CharNextW
MessageBoxW
WaitForInputIdle
CloseClipboard
EmptyClipboard
SendNotifyMessageW
IsWindowVisible
IsIconic
SetForegroundWindow
FindWindowExW
TranslateMessage
SendMessageTimeoutW
GetSystemMetrics
GetMenuStringW
GetMenuItemInfoW
DrawTextW
SetRectEmpty
CopyRect
FindWindowW
OffsetRect
PtInRect
SetCursor
DrawFocusRect
BeginPaint
GetMessageW
GetWindowThreadProcessId
EndPaint
IsRectEmpty
RegisterDeviceNotificationW
UnregisterDeviceNotification
wsprintfW
KillTimer
SetTimer
IsWindow
UnregisterClassA
PostQuitMessage
SetWindowPos
BringWindowToTop
LoadStringW
SetLayeredWindowAttributes
GetActiveWindow
GetMenuInfo
GetForegroundWindow
GetWindowRect
GetCursorPos
WindowFromPoint
GetDesktopWindow
GetShellWindow
RedrawWindow
RegisterWindowMessageW
LoadCursorW
SetWindowLongW
GetWindowLongW
DestroyWindow
CreateWindowExW
GetClassInfoExW
GetClassNameW
GetWindow
CallNextHookEx
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW
SetRect
OpenClipboard
SetWindowsHookExW
TrackMouseEvent
SetWindowTextW
EnableWindow
SetFocus
MonitorFromWindow
IsDialogMessageW
FrameRect
FillRect
GetSysColor
MapWindowPoints
GetWindowTextLengthW
InvalidateRect
IsWindowEnabled
GetFocus
GetDialogBaseUnits
GetDlgItem
InflateRect
ExitWindowsEx
LoadIconW
GetParent
SetWindowRgn
ReleaseDC
GetDC
GetClientRect
UpdateLayeredWindow
UnhookWinEvent
SetWinEventHook
GetWindowTextW
GetAncestor
GetWindowInfo
GetMonitorInfoW
MonitorFromPoint
SystemParametersInfoW
UnhookWindowsHookEx

gdi32

CreateFontW
GetObjectA
GetTextMetricsW
CreateSolidBrush
CreateRectRgn
CombineRgn
ExtTextOutW
MoveToEx
SetTextColor
SetBkMode
SetDCPenColor
SetBkColor
LineTo
GetStockObject
GetTextExtentPoint32W
GetDeviceCaps
CreateFontIndirectW
SetViewportOrgEx
GetObjectW
CreateDIBSection
SelectObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
GetCurrentObject

advapi32

LookupPrivilegeValueW
CryptContextAddRef
DuplicateTokenEx
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetLengthSid
CreateWellKnownSid
SetTokenInformation
GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
UnlockServiceDatabase
StartServiceW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
GetUserNameW
CryptDecrypt
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptEncrypt
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHLoadInProc
Shell_NotifyIconW
SHCreateDirectoryExW
SHAppBarMessage
SHGetPathFromIDListW
ord165
SHFileOperationW
ShellExecuteExW
ShellExecuteW
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoCreateGuid
CoInitializeEx
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemRealloc
CLSIDFromProgID
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemFree

oleaut32

SetErrorInfo
CreateErrorInfo
GetErrorInfo
VariantChangeType
SysAllocString
SysFreeString
VariantInit
VariantClear
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SysStringLen
DispCallFunc

shlwapi

PathFileExistsW
SHGetValueW
PathAppendW
PathRemoveFileSpecW
StrCmpIW
PathIsRelativeW
PathFindExtensionW
StrStrIW
SHSetValueW
PathFindFileNameW
PathIsDirectoryW
StrToIntExW
SHGetValueA
SHSetValueA
StrCmpNIW
StrTrimA
PathIsURLW
PathIsRootW
SHDeleteValueW
AssocQueryStringW
PathCombineW
StrStrIA
StrToIntW

comctl32

_TrackMouseEvent

gdiplus

GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetSmoothingMode
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDrawImagePointRectI
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipSetTextRenderingHint
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImagePointsI

ws2_32

select
closesocket
connect
ioctlsocket
WSAGetLastError
socket
send
__WSAFDIsSet
recv
inet_addr
htons

secur32

GetUserNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

EmptyWorkingSet
GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

imm32

ImmDisableIME

winmm

timeEndPeriod
PlaySoundW
timeGetDevCaps
timeGetTime
timeBeginPeriod

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

crypt32

CryptStringToBinaryA
CryptStringToBinaryW
CryptBinaryToStringA
CryptBinaryToStringW
CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 462KB - Virtual size: 461KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84ec01823f73f4652e88cb5ded83c3fb

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

05:de:6c:1e:6d:cb:34:df:98:69:ae:dc:15:7f:07:25Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

16:4d:4e:9c:76:d2:8b:c4:d6:93:26:4c:17:f0:7f:a6:98:c2:fe:a1:09:e4:65:70:74:6a:9f:73:88:1b:08:1dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

ws2_32

secur32

version

psapi

wtsapi32

imm32

winmm

wininet

iphlpapi

crypt32

wintrust

urlmon

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 462KB - Virtual size: 461KB

.data Size: 56KB - Virtual size: 75KB

.rsrc Size: 502KB - Virtual size: 501KB

.reloc Size: 117KB - Virtual size: 117KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:de:6c:1e:6d:cb:34:df:98:69:ae:dc:15:7f:07:25
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

16:4d:4e:9c:76:d2:8b:c4:d6:93:26:4c:17:f0:7f:a6:98:c2:fe:a1:09:e4:65:70:74:6a:9f:73:88:1b:08:1d
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 462KB - Virtual size: 461KB

.data
Size: 56KB - Virtual size: 75KB

.rsrc
Size: 502KB - Virtual size: 501KB

.reloc
Size: 117KB - Virtual size: 117KB