2024-04-27_cf267515b29af34cb7d6dd3ff018fa8a_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-27_cf267515b29af34cb7d6dd3ff018fa8a_magniber
Size

1.3MB
MD5

cf267515b29af34cb7d6dd3ff018fa8a
SHA1

fe745601cf168071122044c991a7db4f860997f2
SHA256

d32569d4adb49b16a00761100b7cfa62a86d9ea41683b713411baf29664d958d
SHA512

7558299d898db7b067b38218dcc0d0cca42a09d99c8abf87494958db2d125f59b86010c5de27afaad0736fa0792cb48b9befcec147137a13c75fbb52babb519d
SSDEEP

24576:0vaBeYlRN9lfLgCdPP8iYTIgetQF6sqjnhMgeiCl7G0nehbGZpbD:C0RdfECdPP9YTTet8ODmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-27_cf267515b29af34cb7d6dd3ff018fa8a_magniber

Files

2024-04-27_cf267515b29af34cb7d6dd3ff018fa8a_magniber
.exe windows:5 windows x86 arch:x86

a6702fad00e9d67e2a96bf077bfc7cad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\ccd-hyperdrive\main\native\win32\build\msvs_win32_x86\Release\x86\sym\Setup\Setup\Setup.pdb

Imports

kernel32

LCMapStringA
GetStringTypeExA
SetDllDirectoryW
GetConsoleWindow
DeleteCriticalSection
DecodePointer
LoadLibraryA
AttachConsole
GetLastError
InitializeCriticalSectionEx
GetStdHandle
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
QueryPerformanceFrequency
FreeConsole
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
SetFilePointerEx
ReadConsoleW
GetCurrentProcessId
FindFirstFileW
FindNextFileW
WriteFile
SetFilePointer
GetTempPathW
CreateFileW
GetCurrentThreadId
DeleteFileW
CloseHandle
lstrcmpW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
ReadFile
GetFullPathNameW
GetModuleFileNameW
FindClose
GetFileAttributesW
SetFileAttributesW
LocalFree
MoveFileExW
FlushFileBuffers
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetCurrentProcess
GetVersionExW
GetComputerNameExW
CreateEventW
GetCurrentThread
HeapAlloc
GetProcAddress
VerSetConditionMask
GetProcessHeap
GetModuleHandleW
VerifyVersionInfoW
WaitForSingleObject
Sleep
CreateThread
LoadLibraryW
FreeLibrary
GetUserDefaultLangID
GetUserDefaultUILanguage
GetFileSizeEx
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
CreateMutexW
ReleaseMutex
OpenMutexW
GetFileInformationByHandle
SetEvent
ResetEvent
SetLastError
TerminateProcess
HeapSize
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
InitializeSListHead
QueryPerformanceCounter
GetSystemTimeAsFileTime
IsDebuggerPresent
GetStartupInfoW
GetStringTypeW
EncodePointer
LCMapStringEx
GetCPInfo
RaiseException
RtlUnwind
InterlockedPushEntrySList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetStdHandle
GetFileType
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
OutputDebugStringW

user32

LoadStringA
SendMessageW

ole32

CoTaskMemFree
OleRun
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString

crclient

ShowCRDialogOnlyOnFirstCrash
SetCRDisplayName
CrashReporterInitialize

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathIsDirectoryW
PathRemoveExtensionW
PathIsFileSpecW
PathAddExtensionW
PathAppendW
PathFileExistsW
PathRenameExtensionW

advapi32

LookupAccountSidW
GetTokenInformation
RegQueryValueExW
OpenThreadToken
RegOpenKeyExW
OpenProcessToken
RegCloseKey

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetFolderLocation

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantInit
VariantCopy
GetErrorInfo
VariantClear

Sections

.text
Size: 540KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 596KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a6702fad00e9d67e2a96bf077bfc7cad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

crclient

version

shlwapi

advapi32

shell32

oleaut32

Sections

.text Size: 540KB - Virtual size: 540KB

.rdata Size: 141KB - Virtual size: 141KB

.data Size: 10KB - Virtual size: 17KB

.rsrc Size: 88KB - Virtual size: 87KB

.reloc Size: 596KB - Virtual size: 600KB

.text
Size: 540KB - Virtual size: 540KB

.rdata
Size: 141KB - Virtual size: 141KB

.data
Size: 10KB - Virtual size: 17KB

.rsrc
Size: 88KB - Virtual size: 87KB

.reloc
Size: 596KB - Virtual size: 600KB