2024-04-30_479984b7dea218be952cd3b5480eeed0_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-30_479984b7dea218be952cd3b5480eeed0_magniber
Size

1.7MB
MD5

479984b7dea218be952cd3b5480eeed0
SHA1

cb8c7d69f85e3993be6b6c25d9d0c0b7e383fd4e
SHA256

e40b43617d0cd1cf8c9a445761dd260113e007fe31eb1e539654833074d6080a
SHA512

314ec02ed40e976e77ae1831b147b7815c805ce82a52abacebb026f62ac6e3b3226dee0189ed0a60ee3cb66dcaeb40a720c592f3e85c90a1d8b1e4e33fc54862
SSDEEP

49152:fGw+D5Gd071LlC08a82z4uhO++XIGDNP2l:fgDgdGX8aPcYl

Score

1^/10

Malware Config

Signatures

Files

2024-04-30_479984b7dea218be952cd3b5480eeed0_magniber
.exe windows:5 windows x86 arch:x86

f7d35639a6628f045c50f0afa97225bd

Code Sign

30:20:cd:c2:db:9e:d0:be:86:6d:83:92:bb:5c:4d:0e
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/04/2016, 00:00

Not After

12/04/2021, 23:59

Subject

CN=ALCPU,O=ALCPU,POSTALCODE=67298,STREET=Snapir st. 1/12,L=Tel Aviv,ST=Tel Aviv,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/08/2013, 20:26

Not After

15/08/2023, 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:fe:ab:bf:39:c3:ba:53:90:a1:96:26:de:ca:39:c6:17:5f:b2:11:73:f3:51:2d:60:3d:80:59:f4:59:90:1c
Signer

Actual PE Digest

9e:fe:ab:bf:39:c3:ba:53:90:a1:96:26:de:ca:39:c6:17:5f:b2:11:73:f3:51:2d:60:3d:80:59:f4:59:90:1c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\330530\out\Release\360searchlite.pdb

Imports

kernel32

GetVersionExW
WideCharToMultiByte
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
SetEvent
CreateEventW
GetCommandLineW
WaitForMultipleObjects
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetPrivateProfileStringW
ReadFile
GetFileSize
CreateFileW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
DeviceIoControl
GetCurrentProcessId
CreateProcessW
InterlockedCompareExchange
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
SetErrorMode
SetFilePointer
CreateFileA
GetCurrentThreadId
FreeLibrary
LoadLibraryW
GetCurrentProcess
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushInstructionCache
GetConsoleMode
GetVersion
GetStartupInfoA
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GetModuleFileNameA
GetStdHandle
GetCurrentThread
IsValidCodePage
GetOEMCP
GetACP
FatalAppExitA
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
MoveFileA
RtlUnwind
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitProcess
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
TlsGetValue
GetSystemTime
LocalFree
GetLocalTime
FormatMessageW
OutputDebugStringW
GetFileSizeEx
WriteFile
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
lstrlenA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedExchange
FindResourceExW
WaitForSingleObject
GetEnvironmentVariableW
GetModuleHandleA
GetSystemInfo
CloseHandle
SetCurrentDirectoryW
CreateMutexW
TerminateProcess
GetModuleFileNameW
LoadLibraryExW
MultiByteToWideChar
SetLastError
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
GetConsoleCP
lstrlenW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetModuleHandleW
FlushFileBuffers
GetProcAddress

user32

TranslateMessage
GetMessageW
PeekMessageW
RegisterClassExW
DestroyWindow
CharNextW
DispatchMessageW
UnregisterClassA
LoadCursorW
GetClassInfoExW
ShowWindow
MessageBoxW
SendMessageW
SwitchToThisWindow
SetForegroundWindow
BringWindowToTop
PostMessageW
IsIconic
IsWindowEnabled
FindWindowW
DefWindowProcW
GetActiveWindow
PostQuitMessage
GetWindowLongW
SetWindowTextW
IsZoomed
SetWindowPos
GetWindowRect
SetTimer
KillTimer
SetFocus
MapWindowPoints
GetClientRect
SetWindowLongW
MonitorFromWindow
GetWindow
GetParent
ReleaseDC
GetDC
CopyRect
DestroyMenu
TrackPopupMenu
GetCursorPos
GetSubMenu
LoadMenuW
GetWindowTextW
CallWindowProcW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClipboardFormatW
DeleteMenu
GetMenuStringW
GetMenuItemInfoW
GetMenuItemCount
InsertMenuW
GetMenuItemID
CreatePopupMenu
GetFocus
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
GetKeyState
LoadIconW
EndDialog
DialogBoxParamW
PrivateExtractIconsW
ScreenToClient
LoadImageW
SetRect
OffsetRect
SetCursor
IsWindow
SetClassLongW
GetClassLongW
GetMessagePos
IsRectEmpty
PtInRect
SetRectEmpty
DrawTextW
CreateWindowExW
RegisterWindowMessageW
MonitorFromRect
GetSystemMetrics
SystemParametersInfoW
GetClipboardData
GetMonitorInfoW

gdi32

GetTextMetricsW
BitBlt
SetViewportOrgEx
CreateFontW
DeleteDC
GetObjectA
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
GetPixel
GetObjectW
CreateFontIndirectW
GetStockObject
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
CreateDIBSection

advapi32

RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExA

shell32

ShellExecuteExW
ShellExecuteW
SHGetDesktopFolder
ord155
SHGetFileInfoW
ExtractIconExW
SHOpenFolderAndSelectItems
SHGetFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CLSIDFromString
DoDragDrop
ReleaseStgMedium
OleDuplicateData
CoInitializeEx

oleaut32

SetErrorInfo
VariantChangeType
GetErrorInfo
VarBstrCmp
DispCallFunc
VariantClear
SysStringByteLen
SysAllocStringByteLen
VariantInit
SysAllocString
SysFreeString
VarUI4FromStr
CreateErrorInfo

shlwapi

SHGetValueW
ColorRGBToHLS
ColorHLSToRGB
PathCompactPathW
StrCmpNIW
SHSetValueW
PathRemoveFileSpecW
PathFileExistsW
ord176
PathCombineW
PathFindExtensionW
PathAppendW

comctl32

ord410
InitCommonControlsEx
ord413

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdipAddPathLine
GdipCreateBitmapFromHBITMAP
GdipSetPathGradientGammaCorrection
GdipAddPathPie
GdipSetInterpolationMode
GdipSaveImageToFile
GdipAddPathLine2
GdipGetPathWorldBoundsI
GdipCreateHBITMAPFromBitmap
GdipGetFontHeight
GdipAddPathArc
GdipSetPathGradientCenterPoint
GdipCreateFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipSetClipRectI
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipMeasureString
GdipDrawString
GdipFillRectangle
GdipDrawEllipseI
GdipDrawRectangleI
GdipDrawLineI
GdipDrawLine
GdipSetPixelOffsetMode
GdipGetPixelOffsetMode
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipCreatePathGradientFromPath
GdipAddPathEllipseI
GdipAddPathRectangleI
GdipAddPathLineI
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetPenDashOffset
GdipSetPenDashStyle
GdipSetPenWidth
GdipCreateLineBrushFromRect
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipDeleteFont
GdipDeleteFontFamily
GdipPrivateAddMemoryFont
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipSetPathGradientCenterColor
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreatePen2
GdipSetLinePresetBlend
GdipCloneImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneBrush
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipCreateFromHDC
GdipAddPathArcI
GdipClosePathFigure
GdipResetPath
GdipCreateLineBrushFromRectI
GdipCreateSolidFill
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipAlloc
GdipFree
GdipDeleteBrush
GdipResetClip

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

version

VerQueryValueW

Sections

.text
Size: 745KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 869KB - Virtual size: 868KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7d35639a6628f045c50f0afa97225bd

Code Sign

30:20:cd:c2:db:9e:d0:be:86:6d:83:92:bb:5c:4d:0eCertificate

Extended Key Usages

Key Usages

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

9e:fe:ab:bf:39:c3:ba:53:90:a1:96:26:de:ca:39:c6:17:5f:b2:11:73:f3:51:2d:60:3d:80:59:f4:59:90:1cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

wintrust

crypt32

version

Sections

.text Size: 745KB - Virtual size: 748KB

.rdata Size: 90KB - Virtual size: 92KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 869KB - Virtual size: 868KB

30:20:cd:c2:db:9e:d0:be:86:6d:83:92:bb:5c:4d:0e
Certificate

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

9e:fe:ab:bf:39:c3:ba:53:90:a1:96:26:de:ca:39:c6:17:5f:b2:11:73:f3:51:2d:60:3d:80:59:f4:59:90:1c
Signer

.text
Size: 745KB - Virtual size: 748KB

.rdata
Size: 90KB - Virtual size: 92KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 869KB - Virtual size: 868KB