2024-05-01_1d5c5ba746823dea2b306a5d090f833b_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-01_1d5c5ba746823dea2b306a5d090f833b_magniber
Size

2.1MB
MD5

1d5c5ba746823dea2b306a5d090f833b
SHA1

2538b103e91b5376f816bb1b1640f0b359fd87e6
SHA256

4b25dd3f5d2ab5cce0066e657463459c39de73e918ac7363521fd7f04d27f713
SHA512

95116eb84759b5546ec5bfbcb1b542b7a8b44e8fc9c2e5bca11faa273f73f3bacf625aafcec820482984298d27716c82d8a8e408ae7a8840b54f9dfb2fcb196c
SSDEEP

49152:WhWSGltAJskBJiKlhmQ3OWv0Wylj2t7ZAPZ8dzsDmg27RnWGj:WhWStdLv0WyljsAPlD527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-01_1d5c5ba746823dea2b306a5d090f833b_magniber

Files

2024-05-01_1d5c5ba746823dea2b306a5d090f833b_magniber
.exe windows:6 windows x86 arch:x86

cbf380d705ac8839b0821d74ee8d5f47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\code\bytedance\installer\LVInstallerCC\VideofusionInstaller\build\CC_RELEASE\FeedbackTool.pdb

Imports

powrprof

PowerDeterminePlatformRole

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Get_Device_IDW

kernel32

UnmapViewOfFile
FileTimeToSystemTime
ProcessIdToSessionId
GetCommandLineW
GetEnvironmentVariableW
GetDiskFreeSpaceExW
GetVolumeInformationW
QueryDosDeviceW
GetTempPathW
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetVersion
GetSystemDirectoryW
LocalAlloc
lstrcmpW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CopyFileW
MoveFileExW
WTSGetActiveConsoleSessionId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
CreateEventW
CreateThread
MoveFileW
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
LoadLibraryExW
lstrcmpiW
lstrlenW
GetProcessId
GetModuleHandleA
GetTempFileNameW
GetLogicalDriveStringsW
GetVolumePathNameW
ReplaceFileW
SetCurrentDirectoryW
GetFileAttributesExW
GetNativeSystemInfo
CreateMutexW
FormatMessageA
OutputDebugStringA
ReleaseMutex
RegisterWaitForSingleObject
UnregisterWaitEx
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
GetSystemTimeAsFileTime
TzSpecificLocalTimeToSystemTime
QueryPerformanceFrequency
SetEndOfFile
SetFilePointerEx
UnlockFile
LockFile
FlushFileBuffers
DeleteCriticalSection
MapViewOfFile
Sleep
SetThreadPriority
GetThreadPriority
IsDebuggerPresent
GetUserDefaultLangID
TryEnterCriticalSection
GetModuleHandleExW
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
SetInformationJobObject
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
WaitForMultipleObjects
GlobalMemoryStatusEx
RtlCaptureStackBackTrace
QueueUserWorkItem
GetModuleHandleExA
GetProcessHeaps
HeapSetInformation
HeapUnlock
HeapLock
HeapWalk
GetProcessIoCounters
VirtualQueryEx
GetProcessTimes
GetSystemInfo
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
WriteConsoleW
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
FatalAppExitA
ReadConsoleW
CreateSemaphoreW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
CreateFileMappingW
AreFileApisANSI
ExitProcess
GetConsoleMode
GetConsoleCP
GetFileType
SetStdHandle
SetConsoleCtrlHandler
IsProcessorFeaturePresent
VirtualQuery
VirtualProtect
GetTickCount
GetLocalTime
DuplicateHandle
InitializeCriticalSectionEx
DecodePointer
SystemTimeToFileTime
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
GetCurrentDirectoryW
GetCurrentThread
GetCurrentProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryW
FreeLibrary
GetWindowsDirectoryW
OpenProcess
WaitForSingleObject
LocalFree
GetProcAddress
GetModuleHandleW
GetVersionExW
DeviceIoControl
SetLastError
SetFileAttributesW
GetLongPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
WriteFile
ReadFile
GetFileSize
CreateFileW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
RemoveDirectoryW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
EnumSystemLocalesW
GetDriveTypeW
GetFullPathNameA
SetEnvironmentVariableA
GetFileInformationByHandle
GetFileSizeEx
LoadLibraryExA
VirtualAlloc
RtlUnwind
EncodePointer
OutputDebugStringW

user32

GetClassNameW
MsgWaitForMultipleObjectsEx
EnumWindows
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
DefWindowProcW
DestroyWindow
CharNextW
UnregisterClassW
GetDesktopWindow
GetDC
ExitWindowsEx
SetTimer
PostQuitMessage
KillTimer
WaitMessage
GetQueueStatus
TranslateMessage
RegisterClassExW
CallMsgFilterW
PeekMessageW
CreateWindowExW
DispatchMessageW
CharUpperW
GetKeyState
IsWindowEnabled
FindWindowW
SystemParametersInfoW
IsWindow
GetSystemMetrics
PostMessageW

gdi32

DeleteObject
GetDeviceCaps

advapi32

GetTraceEnableLevel
UnregisterTraceGuids
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
SystemFunction036
RegNotifyChangeKeyValue
RegEnumValueW
ConvertSidToStringSidW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegEnumKeyExW
RegDeleteKeyExW
RegCreateKeyExW
RegOpenCurrentUser
RegCloseKey
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
MapGenericMask
IsValidSecurityDescriptor
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
GetFileSecurityW
FreeSid
EqualSid
DuplicateToken
AllocateAndInitializeSid
AddAccessAllowedAce
AccessCheck
LookupPrivilegeValueW
RevertToSelf
ImpersonateSelf
AdjustTokenPrivileges
OpenThreadToken
SetThreadToken
ConvertStringSidToSidW
LookupAccountSidW
SetTokenInformation
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
IsValidSid
InitializeSid
InitializeAcl
GetSidSubAuthority
GetSidLengthRequired
GetLengthSid
GetAclInformation
GetAce
CopySid
AddAce
RegisterTraceGuidsW

shell32

ShellExecuteW
SHFileOperationW
SHGetFolderPathW
ShellExecuteExW
SHGetFolderPathA
SHGetKnownFolderPath
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
PropVariantClear

oleaut32

SysAllocString
SysFreeString
VarUI4FromStr
VariantClear
SysStringLen

shlwapi

SHSetValueW
ord176
StrToIntW
SHStrDupW
StrChrW
SHGetValueW
StrCmpNW
StrCmpNIW
StrRChrW
StrCmpIW
StrCpyNW
PathRemoveFileSpecW
PathIsDirectoryW
PathGetDriveNumberW
PathFindExtensionW
PathAddBackslashW
PathFileExistsW
PathAppendW

comctl32

InitCommonControlsEx

userenv

LoadUserProfileW
UnloadUserProfile
CreateEnvironmentBlock
DestroyEnvironmentBlock

mpr

WNetGetResourceInformationW

psapi

GetProcessMemoryInfo
EnumProcessModules
GetModuleFileNameExW
GetProcessImageFileNameW
GetMappedFileNameW
QueryWorkingSet
EnumProcesses

netapi32

NetApiBufferFree
NetGetJoinInformation

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 604KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cbf380d705ac8839b0821d74ee8d5f47

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

powrprof

setupapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

userenv

mpr

psapi

netapi32

winmm

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 169KB - Virtual size: 168KB

.data Size: 12KB - Virtual size: 26KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 133KB - Virtual size: 132KB

.reloc Size: 604KB - Virtual size: 608KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 169KB - Virtual size: 168KB

.data
Size: 12KB - Virtual size: 26KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 133KB - Virtual size: 132KB

.reloc
Size: 604KB - Virtual size: 608KB