2024-04-27_4cc0dca3267469362678cf23133937e2_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-27_4cc0dca3267469362678cf23133937e2_magniber
Size

2.1MB
MD5

4cc0dca3267469362678cf23133937e2
SHA1

69fc84e97da121602a93a81817f2aa9528790498
SHA256

48428b09f1900c7aa4b3e74661325e9ff93963d32b202fd0e60deca8a672772f
SHA512

186a2e868ddeef7556752d6b6a400b4a650788290279b9c20591a71918e0718ff6792260e3d689473c0fddd63b1f1d12bd666d7f391ca11364df179eaa0cb01c
SSDEEP

49152:uGMiaB+EqQvzpRb2c5VKv2Cbg20ijqb3m5:7SqW1KuCv5+m5

Score

1^/10

Malware Config

Signatures

Files

2024-04-27_4cc0dca3267469362678cf23133937e2_magniber
.exe windows:5 windows x86 arch:x86

7c86a9166a6eabb8d911b0eb45d19511

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:de:6c:1e:6d:cb:34:df:98:69:ae:dc:15:7f:07:25
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25-05-2021 00:00

Not After

28-05-2024 23:59

Subject

CN=Chengdu Qilu Technology Co. Ltd.,O=Chengdu Qilu Technology Co. Ltd.,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ea:16:08:f6:f0:8c:b9:84:02:39:da:4d:81:c7:48:3b:e3:d6:ba:00:3b:64:0b:81:88:56:19:34:b8:e5:41:5f
Signer

Actual PE Digest

ea:16:08:f6:f0:8c:b9:84:02:39:da:4d:81:c7:48:3b:e3:d6:ba:00:3b:64:0b:81:88:56:19:34:b8:e5:41:5f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\hardware_info\ComputerZService\computerz_service\ComputerZService\Release\ComputerZService.pdb

Imports

kernel32

InterlockedExchange
InterlockedCompareExchange
GetCurrentThreadId
WaitForSingleObject
CloseHandle
GetLastError
SetLastError
LockResource
FreeLibrary
GetProcAddress
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetCurrentProcess
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LoadResource
SizeofResource
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FindResourceExW
WideCharToMultiByte
DecodePointer
InterlockedIncrement
InterlockedDecrement
VirtualProtect
GetCurrentProcessId
RaiseException
SetUnhandledExceptionFilter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
lstrcmpiW
LoadLibraryExW
IsBadReadPtr
MultiByteToWideChar
GetFileSizeEx
WriteFile
ReadFile
WritePrivateProfileStringW
CreateFileW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
GetShortPathNameW
GetLongPathNameW
OpenProcess
CreateMutexW
GetCommandLineW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Sleep
GetTickCount
FlushFileBuffers
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
GetNamedPipeInfo
CreateNamedPipeW
GetNamedPipeHandleStateW
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventW
GetOverlappedResult
PeekNamedPipe
CancelIo
GetTimeZoneInformation
TlsGetValue
TlsSetValue
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentProcessorNumber
GetSystemInfo
FormatMessageA
TlsAlloc
VirtualAlloc
VirtualFree
InitializeSRWLock
AcquireSRWLockExclusive
SwitchToThread
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
FreeResource
OutputDebugStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindFirstFileExA
ReadConsoleW
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
WriteConsoleW
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetConsoleMode
GetConsoleCP
RtlCaptureStackBackTrace
SetFilePointerEx
VirtualQuery
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
FormatMessageW
GetStringTypeW
TryEnterCriticalSection
TlsFree
QueryPerformanceCounter
QueryPerformanceFrequency
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
LocalFree
ReleaseMutex
GetVersionExW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
SetFilePointer
UnhandledExceptionFilter
TerminateProcess
WaitForSingleObjectEx
GetStartupInfoW
FindClose
GetSystemDirectoryW
GetWindowsDirectoryW
FindFirstFileW
FindNextFileW
GetCurrentThread
OpenThread
SetThreadPriority
GetThreadPriority
GetThreadContext
SuspendThread
ResumeThread
GetThreadSelectorEntry
InterlockedExchangeAdd
DeviceIoControl
lstrcmpA
lstrcmpiA
CreateFileA
SignalObjectAndWait
CreateThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
SetProcessAffinityMask
DuplicateHandle
ReleaseSemaphore
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
WaitForMultipleObjectsEx
FindFirstFileA
FindNextFileA
GetTempPathW
GetFileSize
RtlUnwind
ExitThread
GetModuleHandleExW
GetFileAttributesExW
SetConsoleCtrlHandler
GetFileType

user32

GetWindowLongW
KillTimer
SetTimer
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
PostMessageW
GetWindowThreadProcessId
SetWindowLongW
IsWindow
SendMessageTimeoutW
CharNextW
DestroyWindow
UnregisterClassW
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
wsprintfW
UnregisterClassA
PostQuitMessage
FindWindowExW

oleaut32

VarUI4FromStr
VariantClear
VariantInit
SysAllocString
SysFreeString

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c86a9166a6eabb8d911b0eb45d19511

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

05:de:6c:1e:6d:cb:34:df:98:69:ae:dc:15:7f:07:25Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

ea:16:08:f6:f0:8c:b9:84:02:39:da:4d:81:c7:48:3b:e3:d6:ba:00:3b:64:0b:81:88:56:19:34:b8:e5:41:5fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

oleaut32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 258KB - Virtual size: 257KB

.data Size: 176KB - Virtual size: 232KB

.rsrc Size: 94KB - Virtual size: 94KB

.reloc Size: 79KB - Virtual size: 78KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:de:6c:1e:6d:cb:34:df:98:69:ae:dc:15:7f:07:25
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

ea:16:08:f6:f0:8c:b9:84:02:39:da:4d:81:c7:48:3b:e3:d6:ba:00:3b:64:0b:81:88:56:19:34:b8:e5:41:5f
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 258KB - Virtual size: 257KB

.data
Size: 176KB - Virtual size: 232KB

.rsrc
Size: 94KB - Virtual size: 94KB

.reloc
Size: 79KB - Virtual size: 78KB