2024-05-01_aac4adcefd5d039fb0d6070087d0b2fd_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-01_aac4adcefd5d039fb0d6070087d0b2fd_magniber
Size

8.8MB
MD5

aac4adcefd5d039fb0d6070087d0b2fd
SHA1

e9b831c65337f7cbea965baa2e799684aa4f7025
SHA256

7fcf55cdcedd76e32ae62593501212ce7e25737b8940147b42da31a6764928e9
SHA512

00ca6def8c706a39577629e5a39d89aa7f01eb11b9a22a5b3b3ef542cc209f3c030345e891a827945b02332a1455c29a8589601a358d69891a363d5726c5cb31
SSDEEP

196608:uffspG7PvvF2ItESel0F1zlDvKT7HKmnJoh7E8vRLVsogtG:uHcNlkJlDvSKxh7E8vRv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-01_aac4adcefd5d039fb0d6070087d0b2fd_magniber

Files

2024-05-01_aac4adcefd5d039fb0d6070087d0b2fd_magniber
.exe windows:5 windows x86 arch:x86

3e1aaf18f2c1205331a85bc2f2657338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\WarInc - Source\bin\WarInc.pdb

Imports

shell32

SHGetSpecialFolderPathW
ShellExecuteA
SHGetFolderPathA

psapi

GetModuleFileNameExA
EnumProcessModules

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

ws2_32

inet_ntoa
setsockopt
accept
ioctlsocket
WSAGetLastError
socket
WSAStartup
ntohs
getsockname
gethostbyname
inet_addr
htons
connect
select
WSACleanup
htonl
WSAIoctl
getsockopt
sendto
recvfrom
recv
send
shutdown
closesocket
gethostname
listen
bind
__WSAFDIsSet

d3dx9_43

D3DXMatrixTranslation
D3DXPlaneIntersectLine
D3DXPlaneFromPointNormal
D3DXLoadSurfaceFromSurface
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXPlaneFromPoints
D3DXGetShaderConstantTable
D3DXCompileShader
D3DXVec4Normalize
D3DXMatrixScaling
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileExA
D3DXSaveTextureToFileInMemory
D3DXGetImageInfoFromFileInMemory
D3DXSaveSurfaceToFileA
D3DXVec3Project
D3DXGetDeclVertexSize
D3DXCreateFontA
D3DXQuaternionMultiply
D3DXMatrixDecompose
D3DXMatrixRotationQuaternion
D3DXMatrixMultiplyTranspose
D3DXQuaternionSlerp
D3DXPlaneTransform
D3DXVec2Normalize
D3DXSaveSurfaceToFileInMemory
D3DXMatrixPerspectiveOffCenterLH
D3DXQuaternionRotationMatrix
D3DXMatrixPerspectiveFovLH
D3DXQuaternionInverse
D3DXMatrixOrthoOffCenterLH
D3DXSaveTextureToFileA
D3DXMatrixLookAtLH
D3DXQuaternionRotationYawPitchRoll
D3DXMatrixRotationAxis
D3DXMatrixRotationX
D3DXMatrixInverse
D3DXVec3TransformCoord
D3DXMatrixRotationY
D3DXMatrixRotationYawPitchRoll
D3DXVec3Transform
D3DXVec4Transform
D3DXVec3Normalize
D3DXMatrixTranspose
D3DXVec3TransformNormal
D3DXMatrixMultiply
D3DXMatrixOrthoLH

iphlpapi

GetAdaptersInfo
IcmpCloseHandle
IcmpSendEcho
IcmpCreateFile

crypt32

CryptEncryptMessage
CryptEncodeObject
CryptDecryptMessage
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgClose
CertFreeCertificateContext
CertNameToStrW
CertDuplicateCertificateContext
CryptMsgGetParam
CryptDecodeObject
CertGetCertificateContextProperty
CertCreateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertSetCertificateContextProperty
CertGetSubjectCertificateFromStore
CryptMsgControl

kernel32

GetModuleHandleA
CreateThread
SetEvent
WaitForSingleObject
GetLastError
TerminateThread
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryA
LocalFree
GetACP
GetOEMCP
GetComputerNameA
FormatMessageA
GetModuleFileNameA
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
GetLocalTime
GetFullPathNameW
GetFullPathNameA
GetCurrentDirectoryW
GetUserDefaultLCID
GetTempPathW
GetTempPathA
GetModuleFileNameW
MoveFileW
MoveFileA
DeleteFileW
DeleteFileA
SetFilePointer
GetFileAttributesW
CreateDirectoryW
GlobalMemoryStatusEx
SetFileAttributesW
SetFileAttributesA
GetFileAttributesA
GetFileTime
SetFileTime
ReadFile
WriteFile
GetTimeZoneInformation
GetVersionExA
CreateFileW
FindFirstFileW
FreeLibrary
SetThreadPriority
HeapFree
HeapAlloc
UnhandledExceptionFilter
GetCurrentProcess
GetFileSize
GlobalFree
GetPrivateProfileStringW
CreateFileA
ExitProcess
SwitchToThread
CloseHandle
InterlockedExchange
Sleep
GetTickCount
EnterCriticalSection
LeaveCriticalSection
FindNextFileA
FindClose
FindFirstFileA
CreateDirectoryA
TerminateProcess
Beep
CreateEventA
InterlockedDecrement
InterlockedIncrement
GetProcessAffinityMask
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileMappingW
OpenFileMappingW
CreateEventW
CreateProcessW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetDriveTypeA
ExitThread
OutputDebugStringW
DebugBreak
lstrlenA
lstrlenW
SetErrorMode
SuspendThread
ReleaseMutex
ReleaseSemaphore
CreateMutexA
CreateSemaphoreA
GetThreadPriority
SetThreadAffinityMask
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead
GetModuleHandleW
WaitForMultipleObjects
GetExitCodeThread
GetCurrentProcessId
GetSystemInfo
GlobalAlloc
MulDiv
ResetEvent
WideCharToMultiByte
IsDebuggerPresent
QueryPerformanceCounter
QueryPerformanceFrequency
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryW
MultiByteToWideChar
GetCurrentThread
GetDriveTypeW
VirtualQuery
DuplicateHandle
GetCurrentThreadId
InterlockedCompareExchange
InterlockedExchangeAdd
GetCurrentDirectoryA
GetCommandLineA
GetStartupInfoA
SetEnvironmentVariableA
CompareStringW
CompareStringA
RtlUnwind
GetFileType
GetFileInformationByHandle
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetProcessHeap
SetEndOfFile
FlushFileBuffers
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetConsoleCtrlHandler
LCMapStringW
LCMapStringA
IsValidCodePage
GetCPInfo
GetConsoleMode
GetConsoleCP
SetHandleCount
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
PeekNamedPipe
RaiseException
HeapReAlloc
TryEnterCriticalSection

user32

SetCursorPos
LoadIconA
FindWindowExA
RegisterClassA
LoadCursorA
SetWindowLongA
EndPaint
BeginPaint
DefWindowProcA
ScreenToClient
GetCursorPos
ClientToScreen
GetClientRect
ShowCursor
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetDesktopWindow
GetWindowRect
GetMonitorInfoA
EnumDisplayDevicesA
SetWindowPos
GetWindowLongA
AdjustWindowRect
SetRect
MoveWindow
ClipCursor
CreateWindowExA
FindWindowA
ShowWindow
MessageBoxA
GetWindowTextA
SetFocus
MessageBoxW
CharNextW
wvsprintfW
LoadStringW
PostQuitMessage
UpdateWindow
InvalidateRect
SendMessageA
GetActiveWindow
GetKeyState
ToUnicode
GetKeyboardState
WindowFromPoint

advapi32

CryptGenRandom
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
GetUserNameA
CryptAcquireContextA
CryptReleaseContext
CryptExportKey
CryptDestroyKey
CryptGetUserKey
CryptEnumProvidersA
CryptGetProvParam
CryptAcquireContextW

vmprotectsdk32

VMProtectDecryptStringA
VMProtectEnd
VMProtectBeginMutation
VMProtectBeginVirtualization

physx3cooking_x86

PxCreateCooking

physx3_x86

?createShape@PxRigidActorShapeCollectionHelper@physx@@QBEPAVPxShape@2@PAVPxRigidActor@2@ABVPxGeometry@2@PBQAVPxMaterial@2@IABVPxTransform@pubfnd3@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QBE_NPBVPxShape@2@AAVPxConvexMeshGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QBE_NPBVPxShape@2@AAVPxTriangleMeshGeometry@2@@Z
PxCreatePhysics
??0PxTolerancesScaleGeneratedInfo@physx@@QAE@XZ
??0PxMaterialGeneratedInfo@physx@@QAE@XZ
??0PxSphereGeometryGeneratedInfo@physx@@QAE@XZ
??0PxPlaneGeometryGeneratedInfo@physx@@QAE@XZ
??0PxCapsuleGeometryGeneratedInfo@physx@@QAE@XZ
??0PxBoxGeometryGeneratedInfo@physx@@QAE@XZ
??0PxConvexMeshGeometryGeneratedInfo@physx@@QAE@XZ
??0PxTriangleMeshGeometryGeneratedInfo@physx@@QAE@XZ
??0PxHeightFieldGeometryGeneratedInfo@physx@@QAE@XZ
??0PxRigidStaticGeneratedInfo@physx@@QAE@XZ
??0PxShapeGeneratedInfo@physx@@QAE@XZ
??0PxMeshScaleGeneratedInfo@physx@@QAE@XZ
??0PxRigidDynamicGeneratedInfo@physx@@QAE@XZ
??0PxClothFabricGeneratedInfo@physx@@QAE@XZ
??0PxClothGeneratedInfo@physx@@QAE@XZ
??0PxArticulationJointGeneratedInfo@physx@@QAE@XZ
??0PxArticulationLinkGeneratedInfo@physx@@QAE@XZ
??0PxArticulationGeneratedInfo@physx@@QAE@XZ
??0PxHeightFieldDescGeneratedInfo@physx@@QAE@XZ
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QBE_NPBVPxShape@2@AAVPxPlaneGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QBE_NPBVPxShape@2@AAVPxSphereGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QBE_NPBVPxShape@2@AAVPxCapsuleGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QBE_NPBVPxShape@2@AAVPxBoxGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QBE_NPBVPxShape@2@AAVPxHeightFieldGeometry@2@@Z

berkelium

??_7WindowDelegate@Berkelium@@6B@
?init@Berkelium@@YA_NU?$WeakString@_W@1@@Z
?create@Context@Berkelium@@SAPAV12@XZ
?create@Window@Berkelium@@SAPAV12@PBVContext@2@@Z
?destroy@Window@Berkelium@@QAEXXZ
?destroy@Context@Berkelium@@QAEXXZ
?destroy@Berkelium@@YAXXZ
?update@Berkelium@@YAXXZ
?onCursorUpdated@WindowDelegate@Berkelium@@UAEXPAVWindow@2@ABVCursor@2@@Z
?onWidgetPaint@WindowDelegate@Berkelium@@UAEXPAVWindow@2@PAVWidget@2@PBEABURect@2@IPBU52@HH3@Z
?onWidgetDestroyed@WindowDelegate@Berkelium@@UAEXPAVWindow@2@PAVWidget@2@@Z
?freeLastScriptAlert@WindowDelegate@Berkelium@@UAEXU?$WeakString@_W@2@@Z
?navigateTo@Window@Berkelium@@QAE_NPBDI@Z

gdi32

SetTextColor
SetTextAlign
GetTextExtentPoint32A
SelectObject
DeleteDC
DeleteObject
SetBkColor
CreateDIBSection
CreateCompatibleDC
SetMapMode
CreatePen
ExtTextOutA
MoveToEx
LineTo
CreateICA
GetDeviceCaps
GetStockObject
CreateFontA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

rpcrt4

UuidToStringA
RpcStringFreeA

d3d9

Direct3DCreate9
D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_SetOptions

dinput8

DirectInput8Create

xinput1_3

ord2

fmodex

?getNumDrivers@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?setOutput@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_OUTPUTTYPE@@@Z
?getDriverCaps@System@FMOD@@QAG?AW4FMOD_RESULT@@HPAIPAHPAW4FMOD_SPEAKERMODE@@@Z
?setSpeakerMode@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_SPEAKERMODE@@@Z
?setDSPBufferSize@System@FMOD@@QAG?AW4FMOD_RESULT@@IH@Z
?createSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setReverbAmbientProperties@System@FMOD@@QAG?AW4FMOD_RESULT@@PAUFMOD_REVERB_PROPERTIES@@@Z
?set3DSettings@System@FMOD@@QAG?AW4FMOD_RESULT@@MMM@Z
?setFileSystem@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PBDHPAIPAPAX2@ZP6G?AW43@PAX4@ZP6G?AW43@44I14@ZP6G?AW43@4I4@ZP6G?AW43@PAUFMOD_ASYNCREADINFO@@4@Z5H@Z
?setSoftwareFormat@System@FMOD@@QAG?AW4FMOD_RESULT@@HW4FMOD_SOUND_FORMAT@@HHW4FMOD_DSP_RESAMPLER@@@Z
?getDriverInfo@System@FMOD@@QAG?AW4FMOD_RESULT@@HPADHPAUFMOD_GUID@@@Z
?getVersion@System@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z

fmod_event

?setPropertyByIndex@Event@FMOD@@QAG?AW4FMOD_RESULT@@HPAX_N@Z
?setMediaPath@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PBD@Z
?load@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAUFMOD_EVENT_LOADINFO@@PAPAVEventProject@2@@Z
?preloadFSB@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PBDHPAVSound@2@@Z
?getReverbPreset@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAUFMOD_REVERB_PROPERTIES@@PAH@Z
?createReverb@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVEventReverb@2@@Z
?start@Event@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getPaused@Event@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?set3DAttributes@Event@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_VECTOR@@00@Z
?stop@Event@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?getParameter@Event@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAPAVEventParameter@2@@Z
?keyOff@EventParameter@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setValue@EventParameter@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
FMOD_EventSystem_Create
?getState@Event@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z
?getCategory@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAPAVEventCategory@2@@Z
?set3DListenerAttributes@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@HPBUFMOD_VECTOR@@000@Z
?update@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getParentGroup@Event@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVEventGroup@2@@Z
?getSystemObject@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVSystem@2@@Z
?init@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@HIPAXI@Z
?release@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?release@Event@FMOD@@QAG?AW4FMOD_RESULT@@_N0@Z
?getPropertyByIndex@Event@FMOD@@QAG?AW4FMOD_RESULT@@HPAX_N@Z
?getEvent@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAPAVEvent@2@@Z
?unloadFSB@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PBDH@Z
?get3DListenerAttributes@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@HPAUFMOD_VECTOR@@000@Z
?getInfo@Event@FMOD@@QAG?AW4FMOD_RESULT@@PAHPAPADPAUFMOD_EVENT_INFO@@@Z

fmod_event_net

?NetEventSystem_Update@FMOD@@YG?AW4FMOD_RESULT@@XZ
?NetEventSystem_Shutdown@FMOD@@YG?AW4FMOD_RESULT@@XZ

ole32

CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
VariantClear
SysAllocString

Exports

Exports

??0System@Scaleform@@QAE@ABUHeapDesc@MemoryHeap@1@PAVSysAllocBase@1@@Z
??0System@Scaleform@@QAE@PAVSysAllocBase@1@@Z
??1AcquireInterface@Scaleform@@UAE@XZ
??1DefaultAcquireInterface@Scaleform@@UAE@XZ
??1System@Scaleform@@QAE@XZ
??_FEvent@Scaleform@@QAEXXZ
??_FMutex@Scaleform@@QAEXXZ
??_FSemaphore@Scaleform@@QAEXXZ
??_FSysAllocPagedMalloc@Scaleform@@QAEXXZ
??_FSysAllocStatic@Scaleform@@QAEXXZ
??_FSysAllocWinAPI@Scaleform@@QAEXXZ
??_FSystem@Scaleform@@QAEXXZ
??_FThread@Scaleform@@QAEXXZ
?GetXScale@?$Matrix2x4@M@Render@Scaleform@@QBEMXZ
?GetYScale@?$Matrix2x4@M@Render@Scaleform@@QBEMXZ
?Init@System@GFx@Scaleform@@SAXPAVSysAllocBase@3@@Z
?Init@System@Scaleform@@SAXPAVSysAllocBase@2@@Z
?Prepend@?$Matrix2x4@M@Render@Scaleform@@QAEAAV123@ABV123@@Z
?SetIdentity@?$Matrix2x4@M@Render@Scaleform@@QAEXXZ
?SetIdentity@?$Matrix3x4@M@Render@Scaleform@@QAEXXZ
?SetIdentity@?$Matrix4x4@M@Render@Scaleform@@QAEXXZ

Sections

.text
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 46.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e1aaf18f2c1205331a85bc2f2657338

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

psapi

winmm

ws2_32

d3dx9_43

iphlpapi

crypt32

kernel32

user32

advapi32

vmprotectsdk32

physx3cooking_x86

physx3_x86

berkelium

gdi32

version

rpcrt4

d3d9

dinput8

xinput1_3

fmodex

fmod_event

fmod_event_net

ole32

oleaut32

Exports

Exports

Sections

.text Size: 5.9MB - Virtual size: 5.9MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 225KB - Virtual size: 46.7MB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 442KB - Virtual size: 441KB

.text
Size: 5.9MB - Virtual size: 5.9MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 225KB - Virtual size: 46.7MB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 442KB - Virtual size: 441KB