2024-04-28_9246308069b0715011e1e5cfa2fa1cb3_floxif_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-28_9246308069b0715011e1e5cfa2fa1cb3_floxif_magniber_revil
Size

4.3MB
MD5

9246308069b0715011e1e5cfa2fa1cb3
SHA1

16e2188555ee7b53f10559b3da42f0ad0a470791
SHA256

5022756aaa1c01eaf4e8ea303729a31d3cea00d85c767efcfc97f2f5d3d2a154
SHA512

9fd4a78b88d8a19b38db3ce1b843cf7bc0c8be5711feb8337e73ecddc91c356ccc1851ef8c8a3d1e3622452455b2f95448a7b027fd7ad9089ad42d578e097d42
SSDEEP

98304:fStsQWrM83C5/fTC6AjK3NFwS6fcXHJjhcQ8:0sQWrM836f246fshc5

Score

1^/10

Malware Config

Signatures

Files

2024-04-28_9246308069b0715011e1e5cfa2fa1cb3_floxif_magniber_revil
.exe windows:6 windows x86 arch:x86

42b469f69dd5f8cf85a356ec22929007

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:5a:12:fe:f0:c9:d1:48:75:d6:96:8d:3e:3f:67:3f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/02/2021, 00:00

Not After

25/04/2023, 23:59

Subject

CN=Wargaming.net Limited,OU=Wargaming.net Limited,O=Wargaming.net Limited,L=Nicosia,C=CY,1.2.840.113549.1.9.1=#0c14646f6d61696e4077617267616d696e672e6e6574

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:2a:c9:d4:ae:aa:64:9d:58:16:45:af:18:1b:be:63:47:30:95:78:db:19:c5:35:3b:a8:ca:c5:c1:95:52:b9
Signer

Actual PE Digest

b1:2a:c9:d4:ae:aa:64:9d:58:16:45:af:18:1b:be:63:47:30:95:78:db:19:c5:35:3b:a8:ca:c5:c1:95:52:b9

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dev\jenkins\workspace\monitor_win_build\bin\win32\Release\WargamingErrorMonitor.pdb

Imports

dbghelp

MiniDumpWriteDump
ImageNtHeader

powrprof

CallNtPowerInformation

ws2_32

listen
htonl
accept
select
__WSAFDIsSet
inet_ntop
inet_pton
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
getaddrinfo
bind
recv
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSAStartup
WSACleanup
WSAGetLastError
freeaddrinfo
ioctlsocket
connect

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
GetUserNameW
RegOpenKeyExW
RegQueryValueExA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
DeregisterEventSource

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

dxgi

CreateDXGIFactory1

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

kernel32

RemoveVectoredExceptionHandler
RtlCaptureContext
IsDebuggerPresent
RaiseException
WaitForSingleObject
FindFirstFileW
FindClose
K32GetModuleFileNameExW
DeleteFileW
FindNextFileW
RemoveDirectoryW
GetFileTime
GetFileSizeEx
WriteFile
FlushFileBuffers
GetFileSize
ReadFile
GetModuleHandleExW
GetProcAddress
VerSetConditionMask
SetLastError
GetModuleHandleA
GetComputerNameExW
K32GetProcessMemoryInfo
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
LoadLibraryW
SetEnvironmentVariableW
GetEnvironmentVariableW
CreateProcessW
CloseHandle
GetProcessId
ReadProcessMemory
K32EnumProcessModules
RtlCaptureStackBackTrace
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetProcessTimes
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
EnterCriticalSection
RegisterWaitForSingleObject
UnregisterWait
CreateNamedPipeW
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
ReleaseMutex
DuplicateHandle
DisconnectNamedPipe
CreateEventW
Sleep
ResetEvent
GetOverlappedResult
UnregisterWaitEx
ConnectNamedPipe
GetExitCodeProcess
SetNamedPipeHandleState
WaitForMultipleObjects
UnmapViewOfFile
CreateFileMappingA
TransactNamedPipe
MapViewOfFile
WaitNamedPipeW
TlsSetValue
InitializeCriticalSectionAndSpinCount
SleepEx
OpenFileMappingA
VerifyVersionInfoW
TlsGetValue
AddVectoredContinueHandler
GetVersion
GetSystemInfo
VirtualQueryEx
SuspendThread
ResumeThread
GetThreadContext
IsProcessorFeaturePresent
GetTimeZoneInformation
GetStdHandle
GetFileType
SetEndOfFile
SetFilePointerEx
GetThreadLocale
GetSystemDefaultLCID
GetUserDefaultLCID
GetFileInformationByHandle
FileTimeToSystemTime
CreateFileA
SetFilePointer
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
QueryPerformanceCounter
GetTickCount
MultiByteToWideChar
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
SetFileAttributesW
DeviceIoControl
GetWindowsDirectoryW
CreateDirectoryExW
CopyFileExW
MoveFileExW
AreFileApisANSI
DeleteFiber
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetExitCodeThread
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetStringTypeW
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeSRWLock
SetUnhandledExceptionFilter
TlsFree
TlsAlloc
WideCharToMultiByte
FormatMessageW
FormatMessageA
GetCurrentThreadId
LocalUnlock
LocalFree
LocalLock
LocalAlloc
MulDiv
GetModuleHandleW
GetLocalTime
GetLastError
OpenProcess
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
CreateFileW
GetCommandLineW
SetEvent
OpenEventW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
HeapSize
CompareStringEx
EncodePointer
LCMapStringEx
GetDateFormatW
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
OutputDebugStringW
CreateMutexA
GetCPInfo
GetLocaleInfoEx
InitializeSListHead
UnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
HeapAlloc
HeapFree
HeapReAlloc
GetConsoleOutputCP
GetModuleFileNameW
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitProcess

user32

EnumDisplayDevicesW
EnumWindows
GetWindowThreadProcessId
GetLastActivePopup
GetActiveWindow
DestroyWindow
WaitMessage
IsDialogMessageW
PeekMessageW
EnableWindow
CreateDialogIndirectParamW
KillTimer
SetTimer
GetParent
MoveWindow
EnumDisplaySettingsW
EnableMenuItem
SetFocus
SendMessageW
SetWindowLongW
GetProcessWindowStation
GetClientRect
LoadCursorW
SetCursor
InvalidateRect
PtInRect
ClientToScreen
SetWindowTextW
GetWindowTextW
GetDlgItem
DestroyIcon
LoadIconW
DrawTextW
SystemParametersInfoW
LoadStringW
GetDC
GetDialogBaseUnits
GetSysColor
EndPaint
GetWindowLongW
DrawIcon
BeginPaint
SetRect
SetForegroundWindow
IsWindow
IsWindowVisible
GetWindowRect
GetDesktopWindow
SetWindowPos
DispatchMessageW
TranslateMessage
GetMessageW
PostQuitMessage
GetSystemMetrics
LoadImageW
IsHungAppWindow
GetUserObjectInformationW
MessageBoxW
FillRect
GetSystemMenu

gdi32

GetDeviceCaps
CreateCompatibleDC
DeleteDC
CreateSolidBrush
GetTextExtentPoint32W
GetTextMetricsW
CreateDCW
CreateFontIndirectW
SelectObject
DeleteObject
SetTextColor
SetBkMode
GetStockObject
SetBkColor

shell32

SHGetSpecialFolderPathW
ShellExecuteW
CommandLineToArgvW
SHOpenFolderAndSelectItems
ord190
ord155
ShellExecuteExW

ole32

CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysStringLen
SysAllocString
VariantClear
VariantInit
SysFreeString

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

Exports

Exports

?$TSS0@?1??create@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@CAAAUVersions@34@XZ@4HA
?$TSS0@?1??lock@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@SA?AVLockGuard@234@XZ@4HA
??4?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@QAEAAV012@ABV012@@Z
?create@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@CAAAUVersions@23@XZ
?getInstance@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@SAAAUVersions@23@XZ
?instance@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@0AAUVersions@23@A
?instanceMutex@?1??lock@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@SA?AVLockGuard@234@XZ@4Vmutex@std@@A
?lock@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@SA?AVLockGuard@123@XZ
?t@?1??create@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@CAAAUVersions@34@XZ@4U534@A

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 769KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 466KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42b469f69dd5f8cf85a356ec22929007

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:5a:12:fe:f0:c9:d1:48:75:d6:96:8d:3e:3f:67:3fCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

b1:2a:c9:d4:ae:aa:64:9d:58:16:45:af:18:1b:be:63:47:30:95:78:db:19:c5:35:3b:a8:ca:c5:c1:95:52:b9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

powrprof

ws2_32

advapi32

version

dxgi

bcrypt

kernel32

user32

gdi32

shell32

ole32

oleaut32

crypt32

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 769KB - Virtual size: 768KB

.data Size: 91KB - Virtual size: 111KB

.rsrc Size: 466KB - Virtual size: 466KB

.reloc Size: 131KB - Virtual size: 130KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:5a:12:fe:f0:c9:d1:48:75:d6:96:8d:3e:3f:67:3f
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b1:2a:c9:d4:ae:aa:64:9d:58:16:45:af:18:1b:be:63:47:30:95:78:db:19:c5:35:3b:a8:ca:c5:c1:95:52:b9
Signer

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 769KB - Virtual size: 768KB

.data
Size: 91KB - Virtual size: 111KB

.rsrc
Size: 466KB - Virtual size: 466KB

.reloc
Size: 131KB - Virtual size: 130KB