2024-04-30_0025bb91dc4a993a5beebcf99eb0d826_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-30_0025bb91dc4a993a5beebcf99eb0d826_magniber
Size

1.2MB
MD5

0025bb91dc4a993a5beebcf99eb0d826
SHA1

a22d138b8f429d0cdf9f6bd8de1ec7caa001bcd6
SHA256

637d97450bd7be8adfbd02610e8c2deb0cd482b5a8838bba24b4611d2ca85e9d
SHA512

72c51c9c22deae70b62b8ec60d4cd29395b175a511570785b841dc0685ee2abd077792bdf0851a94d2640de4883bf307fc242ef39fb2a64a08bce16885c97bc4
SSDEEP

24576:eV/cbOL6YGrSjXWTbN4Y7grQWP/f6yNco8lVh:e3LarSjXWTbN48k3XXNcl

Score

1^/10

Malware Config

Signatures

Files

2024-04-30_0025bb91dc4a993a5beebcf99eb0d826_magniber
.exe windows:4 windows x86 arch:x86

2d76a24f6eb4db81f7b99ab8180939c7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b5:87:a7:6a:4a:94:6b:47:05:4b:05:0b:64:9e:e3:25:35:98:ab:b1
Signer

Actual PE Digest

b5:87:a7:6a:4a:94:6b:47:05:4b:05:0b:64:9e:e3:25:35:98:ab:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SoftMgr\FTSoft\Output\BinFinal\Uninst.pdb

Imports

kernel32

GetLocalTime
IsBadReadPtr
GetCurrentDirectoryW
ExpandEnvironmentStringsW
CreateDirectoryW
GetCPInfo
IsDBCSLeadByte
SetFilePointer
GetVersionExW
GetSystemInfo
VirtualQuery
GetSystemDefaultLangID
DeviceIoControl
WriteFile
FreeResource
SetEndOfFile
GetDriveTypeA
GetCurrentDirectoryA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
ExitProcess
HeapCreate
SearchPathW
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetFullPathNameW
GetStartupInfoW
CreateThread
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
DuplicateHandle
CreatePipe
GetStdHandle
GetLocaleInfoW
GetUserDefaultUILanguage
CreateFileA
LoadLibraryA
GetCommandLineA
GlobalAlloc
GlobalLock
FindNextFileW
GetTempPathW
GetFileAttributesW
FindFirstFileW
FindClose
RemoveDirectoryW
SetUnhandledExceptionFilter
SetErrorMode
CreateEventW
HeapAlloc
GetProcessHeap
HeapFree
VirtualAllocEx
WriteProcessMemory
lstrcpynW
ReadFile
CreateFileW
GetFileSize
GetTickCount
Sleep
GetCommandLineW
GetTempFileNameW
DeleteFileW
CopyFileW
MultiByteToWideChar
InterlockedIncrement
EnterCriticalSection
lstrcmpiW
InitializeCriticalSection
WideCharToMultiByte
DeleteCriticalSection
lstrlenW
GetVersion
LoadLibraryExW
SetLastError
LeaveCriticalSection
UnmapViewOfFile
GetCurrentThreadId
RaiseException
MapViewOfFileEx
FreeLibrary
lstrlenA
SizeofResource
InterlockedDecrement
CreateFileMappingW
FlushInstructionCache
GetModuleFileNameW
CreateProcessW
LoadLibraryW
GetCurrentProcess
GetLastError
GetExitCodeProcess
OutputDebugStringW
TerminateProcess
ReleaseMutex
WaitForSingleObject
CreateMutexW
LocalAlloc
FindResourceW
Process32NextW
LoadResource
GetCurrentProcessId
CreateToolhelp32Snapshot
GetModuleHandleW
FindResourceExW
GetSystemDirectoryW
OpenProcess
GetProcAddress
MoveFileExW
MoveFileW
SetFileAttributesW
SetEvent
GetLogicalDriveStringsW
CloseHandle
LockResource
Process32FirstW
LocalFree
QueryDosDeviceW
DebugBreak

user32

LoadCursorW
DestroyWindow
GetDesktopWindow
SystemParametersInfoW
MoveWindow
GetClassInfoExW
SetForegroundWindow
GetWindowThreadProcessId
IsWindow
TranslateMessage
UnregisterClassA
CopyRect
AttachThreadInput
GetDC
GetWindow
GetDlgItem
GetForegroundWindow
GetClientRect
GetWindowLongW
SendMessageW
IsWindowEnabled
ShowWindow
InvalidateRect
LoadImageW
LoadStringW
CopyImage
GetActiveWindow
ReleaseDC
GetFocus
GetSysColor
GetWindowTextW
GetWindowTextLengthW
PostThreadMessageW
DefWindowProcW
SetPropW
EqualRect
SetWindowTextW
EndPaint
mouse_event
BeginPaint
SetTimer
DrawTextW
DrawFrameControl
KillTimer
PostQuitMessage
ReleaseCapture
OffsetRect
SetCapture
PtInRect
ClientToScreen
SetWindowRgn
RegisterClassW
GetKeyState
FrameRect
GetSystemMetrics
IsWindowVisible
FindWindowExW
GetSystemMenu
GetPropW
TrackPopupMenu
FillRect
SetCursor
FindWindowW
MonitorFromWindow
GetDlgCtrlID
LoadIconW
GetMonitorInfoW
DrawIconEx
CallWindowProcW
GetWindowDC
DestroyIcon
SendMessageTimeoutW
PostMessageW
GetWindowRect
InflateRect
MapWindowPoints
RegisterClassExW
SetRect
SetWindowLongW
GetParent
CreateWindowExW
SetActiveWindow
EnableWindow
GetMessageW
CharNextW
DispatchMessageW
PeekMessageW
SetWindowPos

gdi32

RoundRect
OffsetRgn
GetTextExtentPoint32W
CombineRgn
GetTextMetricsW
SetBkMode
ExtSelectClipRgn
CreateRectRgn
SaveDC
RectInRegion
TextOutW
CreateSolidBrush
CreateRectRgnIndirect
MoveToEx
LineTo
GetClipRgn
CreateCompatibleDC
StretchBlt
DeleteDC
SetBkColor
DeleteObject
SetTextColor
CreateCompatibleBitmap
GetObjectW
SelectObject
Rectangle
GetStockObject
CreateDIBSection
CreateFontIndirectW
ExtTextOutW
BitBlt
CreateBitmap
CreatePen
GetCurrentObject
SelectClipRgn
RestoreDC

advapi32

RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
IsTextUnicode
RegOpenKeyW
AdjustTokenPrivileges
RegUnLoadKeyW
LookupPrivilegeValueW
OpenProcessToken
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW

shell32

ShellExecuteW
SHChangeNotify
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
StgOpenStorage
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysFreeString
VarUI4FromStr
OleLoadPicture
SysAllocString
VariantInit
VariantClear

shlwapi

wnsprintfW
PathAppendW
PathAddBackslashW
PathFileExistsW
SHDeleteKeyW
StrToIntA

comctl32

_TrackMouseEvent

ws2_32

htons
htonl

gdiplus

GdipLoadImageFromStream
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipCreateImageAttributes
GdipSetImageAttributesColorMatrix
GdipFree
GdipDeleteBrush
GdipDisposeImageAttributes
GdipCreateSolidFill
GdipFillRectangleI
GdipCloneBrush
GdipDrawImageI
GdipGetImageWidth
GdipDrawImageRectRectI
GdiplusStartup
GdipGetImageHeight
GdipDrawImageRectI
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipDeleteGraphics
GdipAlloc
GdiplusShutdown

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

crypt32

CertFindCertificateInStore
CryptQueryObject
CertGetNameStringW
CryptMsgGetParam

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

Netbios

Sections

.text
Size: 640KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 516KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d76a24f6eb4db81f7b99ab8180939c7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b5:87:a7:6a:4a:94:6b:47:05:4b:05:0b:64:9e:e3:25:35:98:ab:b1Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

gdiplus

psapi

crypt32

version

netapi32

Sections

.text Size: 640KB - Virtual size: 636KB

.rdata Size: 100KB - Virtual size: 97KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 516KB - Virtual size: 512KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b5:87:a7:6a:4a:94:6b:47:05:4b:05:0b:64:9e:e3:25:35:98:ab:b1
Signer

.text
Size: 640KB - Virtual size: 636KB

.rdata
Size: 100KB - Virtual size: 97KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 516KB - Virtual size: 512KB