2024-05-14_0118ab8853e46da74d94610e63c8e3b5_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-14_0118ab8853e46da74d94610e63c8e3b5_magniber
Size

12.1MB
MD5

0118ab8853e46da74d94610e63c8e3b5
SHA1

78aa8a61302694544ce5d9653df42e59af127a61
SHA256

ef70dad8ea83fc18dc410e334b460a7d8507deeb54191b6289c8bb1ab9919ea4
SHA512

d7b33f7a0b44b14aba083e95a24eaeeb0ab8183e91f2fc60128795c771cd36ae7c12ff2200e6df32fdf2658f8574f63aeeb6dee80757c5044ba9fc4d6d9008ad
SSDEEP

98304:buWK1cl98ClNQu6WDGKZPeDcVRN/HEDRtohTWwJRf/9WZcat7eeYLZNeKW4KQ61f:b7Bjn6Ax1QIRNnWu5/sYeYYQAcW

Score

10^/10

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-14_0118ab8853e46da74d94610e63c8e3b5_magniber

Files

2024-05-14_0118ab8853e46da74d94610e63c8e3b5_magniber
.exe windows:5 windows x86 arch:x86

b4f61fefeff65f05fa7c4b7d7d7ce9c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DailyBuild\Rail\trunk\build\railproxy\bin\Release\rail.pdb

Imports

kernel32

CreateToolhelp32Snapshot
Process32First
Process32Next
FreeLibrary
TryEnterCriticalSection
CreateProcessA
CreatePipe
TzSpecificLocalTimeToSystemTime
UnlockFileEx
UnlockFile
LockFileEx
LockFile
GetFileAttributesA
CreateFileA
CreateDirectoryA
Module32First
GetVersionExA
GenerateConsoleCtrlEvent
SetPriorityClass
DeviceIoControl
CancelIo
CreateNamedPipeW
DisconnectNamedPipe
ConnectNamedPipe
GetOverlappedResult
Module32NextW
Module32FirstW
SearchPathW
FindResourceExW
FindResourceW
SizeofResource
LoadResource
WriteProcessMemory
ReadProcessMemory
GetPrivateProfileIntW
OutputDebugStringW
OutputDebugStringA
GetCommandLineW
GetModuleHandleW
LoadLibraryW
CreateFileMappingW
SetErrorMode
VirtualAllocEx
VirtualQuery
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
SetLastError
TerminateProcess
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
GetACP
GetCurrentDirectoryA
SetCurrentDirectoryW
SetCurrentDirectoryA
SetEnvironmentVariableW
SetEnvironmentVariableA
SetConsoleCtrlHandler
ExitProcess
GetCurrentProcessId
GetCommandLineA
ResumeThread
ExitThread
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
GetCurrentProcess
OpenProcess
GetProcAddress
InterlockedDecrement
MoveFileExW
CopyFileW
DeleteFileW
GetFileAttributesW
CreateFileW
LockResource
MultiByteToWideChar
InterlockedPushEntrySList
InterlockedPopEntrySList
SetProcessAffinityMask
VirtualProtect
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
GetEnvironmentVariableW
GlobalMemoryStatus
CreateFiber
DeleteFiber
SwitchToFiber
ExpandEnvironmentStringsA
PeekNamedPipe
VerifyVersionInfoA
LoadLibraryA
GetSystemDirectoryA
GetFileType
GetStdHandle
SleepEx
FormatMessageA
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
GetDiskFreeSpaceExW
GetPrivateProfileStringW
CreateProcessW
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
RtlCaptureStackBackTrace
QueueUserWorkItem
EncodePointer
GetNativeSystemInfo
GetExitCodeThread
WaitForSingleObjectEx
DuplicateHandle
GetStringTypeW
AreFileApisANSI
CreateHardLinkW
SetFilePointerEx
FindFirstFileExW
GlobalAlloc
GlobalFree
FormatMessageW
WritePrivateProfileStringW
SystemTimeToTzSpecificLocalTime
GetTempFileNameW
GetTempPathW
GetModuleHandleExW
OpenFileMappingW
GetSystemInfo
WaitForMultipleObjects
GetTickCount
CloseHandle
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetExitCodeProcess
GetShortPathNameW
GetProcessHeap
HeapFree
HeapAlloc
CreateDirectoryW
GetModuleHandleA
GetFullPathNameA
GetModuleFileNameW
SuspendThread
Thread32Next
OpenThread
Thread32First
GetLongPathNameW
TerminateThread
ReleaseSemaphore
WriteFile
FlushFileBuffers
CreateSemaphoreW
GetFullPathNameW
FindClose
RemoveDirectoryW
GetFileAttributesExW
FindFirstFileW
FindNextFileW
Process32FirstW
Process32NextW
InterlockedIncrement
VerSetConditionMask
GetSystemDirectoryW
VerifyVersionInfoW
GetFileSize
ReadFile
GetCurrentThreadId
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
SetEvent
ReleaseMutex
Sleep
CreateMutexA
CreateEventA
OpenEventA
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleExA
GlobalMemoryStatusEx
LocalAlloc
LocalFree
GetSystemTime
GetSystemTimes
SystemTimeToFileTime
lstrcpyW
OpenFileMappingA
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetDriveTypeA
GetDriveTypeW
GetDiskFreeSpaceExA
QueryDosDeviceW
GetVersionExW
GetCurrentThread
SetThreadAffinityMask
GetModuleFileNameA
DeleteFileA
CopyFileA
CreateFileMappingA
CreateWaitableTimerA
SetWaitableTimer
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
GetFileInformationByHandle
GetLocalTime
FileTimeToSystemTime
GetComputerNameW
SetFileAttributesW
SetEndOfFile
CreateThread
InitializeCriticalSection
CreateEventW
ResetEvent
VirtualFree
VirtualAlloc
InterlockedExchange
InterlockedCompareExchange
InterlockedExchangeAdd
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler

user32

GetParent
GetClassNameA
SendMessageW
UnregisterClassW
GetDesktopWindow
MsgWaitForMultipleObjects
SetWindowLongA
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
SetFocus
SetCursor
ClipCursor
TranslateMessage
PostMessageA
SetTimer
KillTimer
GetSystemMetrics
SystemParametersInfoA
GetWindowLongA
UpdateWindow
ShowWindow
DestroyWindow
CreateWindowExA
DefWindowProcA
EnumDisplayDevicesA
DispatchMessageA
PeekMessageA
UnregisterClassA
IsWindow
SendMessageA
CallWindowProcW
SetWindowPos
EndDialog
SetDlgItemTextW
GetWindowRect
GetWindowLongW
SetWindowLongW

shell32

ShellExecuteA
ord165
SHGetDesktopFolder
SHBrowseForFolderW
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree
CoCreateGuid
StringFromCLSID
CoLoadLibrary
CoInitialize
CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoUninitialize
IIDFromString
OleInitialize

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear
GetErrorInfo
VariantChangeType
CreateErrorInfo
SetErrorInfo

advapi32

CryptGenRandom
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW

rail_sdk_for_tgp

GetPlatformInterface

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VerQueryValueA

shlwapi

StrStrIW
StrCmpW
PathFileExistsW
StrStrIA
PathAppendW

lua51

lua_pushstring
lua_tocfunction
lua_iscfunction
lua_call
luaL_error
lua_setfield
lua_isnumber
lua_replace
lua_typename
lua_isstring
lua_concat
lua_gettable
lua_tolstring
lua_tonumber
lua_newuserdata
lua_remove
lua_toboolean
lua_pushnumber
luaL_loadbuffer
lua_pcall
lua_getfenv
lua_error
lua_setfenv
lua_isuserdata
lua_gc
lua_pushlightuserdata
lua_rawequal
lua_getmetatable
lua_pushlstring
lua_setmetatable
lua_getfield
lua_type
lua_createtable
lua_rawset
lua_pushboolean
lua_pushnil
lua_next
lua_insert
luaL_newmetatable
lua_pushvalue
lua_settable
lua_settop
lua_gettop
lua_touserdata
lua_pushcclosure
lua_rawget

railtr

RailTrW
RailTrP
RailTrPW
RailTrD
RailTr
RailTrDP
RailTrDPW
RailSetLanguage
RailBindDomain
RailDomain
RailTrDW

ws2_32

sendto
recvfrom
listen
accept
WSAIoctl
setsockopt
htons
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
socket
getnameinfo
WSACleanup
ioctlsocket
gethostname
shutdown
getsockname
getsockopt
gethostbyname
inet_ntoa
WSAGetLastError
getaddrinfo
htonl
ntohl
select
__WSAFDIsSet
inet_addr
ntohs
freeaddrinfo
WSAStartup

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

crypt32

CertGetCertificateContextProperty
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringA
CertGetNameStringW
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CryptQueryObject

iphlpapi

GetAdaptersInfo

wldap32

ord30
ord79
ord200
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord301
ord35
ord211
ord46
ord143

normaliz

IdnToUnicode
IdnToAscii

comdlg32

GetOpenFileNameW

winmm

timeGetDevCaps
timeKillEvent
timeBeginPeriod
timeSetEvent

Sections

.text
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 124KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tvm0
Size: 684KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b4f61fefeff65f05fa7c4b7d7d7ce9c5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

oleaut32

advapi32

rail_sdk_for_tgp

version

shlwapi

lua51

railtr

ws2_32

psapi

crypt32

iphlpapi

wldap32

normaliz

comdlg32

winmm

Sections

.text Size: 8.0MB - Virtual size: 8.0MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 124KB - Virtual size: 209KB

.tls Size: 40KB - Virtual size: 40KB

.gfids Size: 5KB - Virtual size: 4KB

.rsrc Size: 147KB - Virtual size: 146KB

.tvm0 Size: 684KB - Virtual size: 684KB

.text
Size: 8.0MB - Virtual size: 8.0MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 124KB - Virtual size: 209KB

.tls
Size: 40KB - Virtual size: 40KB

.gfids
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 147KB - Virtual size: 146KB

.tvm0
Size: 684KB - Virtual size: 684KB