2024-05-14_06dc28c7414d3050464c253652e8cb7d_magniber_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-14_06dc28c7414d3050464c253652e8cb7d_magniber_revil
Size

18.5MB
MD5

06dc28c7414d3050464c253652e8cb7d
SHA1

072f770bebce12387eebf2e9096d186cfdb87cda
SHA256

5c46aec4468bcd0f358054adcee783eab587ba5017b1edee8881b78904623e35
SHA512

75018a2101fd20b8275d27884d1c34c8816415865cfdf81d635237b2a25b67409ed42857533d8a8dbc6fe3e7a5de30b62ea797e38454ba383a23d63db43b3878
SSDEEP

393216:H+Rf4UdVEy9qMBNLtl+H3orJHXSPyQeEeov42xZzKMsZWrEcbLXoE8yS2R5J:Uf4UdVEy9qMBNW4rJ3SPDV423kZfgP8A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-14_06dc28c7414d3050464c253652e8cb7d_magniber_revil

Files

2024-05-14_06dc28c7414d3050464c253652e8cb7d_magniber_revil
.exe windows:6 windows x86 arch:x86

987bd31d326bf65bc0c721c873e3d5c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\MGame\Ultra Uninstaller\Uninstaller_inst_uninst\Inst\Install_exe.pdb

Imports

kernel32

FindFirstChangeNotificationW
CompareFileTime
GetFileInformationByHandle
RtlCaptureStackBackTrace
GetDriveTypeW
WritePrivateProfileStringW
lstrcmpiW
LoadLibraryExW
GetCommandLineW
VerifyVersionInfoW
VerSetConditionMask
GetCurrentThreadId
InitializeCriticalSectionEx
RaiseException
DecodePointer
lstrcpynW
GetLocalTime
WaitForMultipleObjects
Sleep
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
K32GetProcessImageFileNameW
GetTickCount
GetCurrentProcess
ReadFile
QueryDosDeviceW
GetLogicalDriveStringsW
GetFileSize
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetModuleFileNameExW
GetModuleFileNameW
OpenProcess
GetCurrentProcessId
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLongPathNameW
MoveFileExW
MoveFileW
lstrlenW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
FindCloseChangeNotification
GetWindowsDirectoryW
GetProcessHeap
HeapSize
CreateDirectoryW
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
WriteConsoleW
SetFilePointerEx
ReadConsoleW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitThread
RtlUnwind
WaitForMultipleObjectsEx
CreateTimerQueue
FindClose
DeleteFileW
CloseHandle
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
DuplicateHandle
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
HeapFree
SearchPathW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
GetTempFileNameA
GetTempPathA
WriteFile
DeleteFileA
CreateFileA
GetFileAttributesExW
SetFilePointer
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
GetShortPathNameW
OutputDebugStringA
OutputDebugStringW
GetFileSizeEx
ResetEvent
GetSystemInfo
GetTempFileNameW
LocalFree
FormatMessageW
GetEnvironmentVariableW
GetVersionExW
GetDiskFreeSpaceExW
GetSystemDirectoryW
TerminateProcess
GetExitCodeProcess
LocalAlloc
GetPrivateProfileStringW
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FlushFileBuffers
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WaitForSingleObjectEx
GetStartupInfoW
InterlockedCompareExchange
FreeResource
GetSystemWindowsDirectoryW
DeviceIoControl
lstrcmpA
lstrcmpiA
SetCurrentDirectoryW
GetCurrentDirectoryW
MulDiv
GetACP
ExitProcess
lstrcmpW
FileTimeToLocalFileTime
GetFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFileTime
GetSystemTime
FileTimeToDosDateTime
DosDateTimeToFileTime
SystemTimeToFileTime
GetVersion
ResumeThread
IsBadReadPtr
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer

user32

DestroyCursor
DrawFocusRect
MoveWindow
UnregisterClassA
IsChild
IsZoomed
GetKeyState
GetUpdateRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
IntersectRect
IsRectEmpty
GetClassNameW
RegisterClassW
EnableWindow
GetMenu
SetPropW
GetPropW
AdjustWindowRectEx
wvsprintfW
InflateRect
SetWindowRgn
MonitorFromPoint
CopyImage
CharPrevW
SetRect
DestroyIcon
DrawIconEx
GetIconInfo
HideCaret
ShowCaret
ClientToScreen
GetSysColor
GetWindowDC
GetMessagePos
GetDlgCtrlID
CreateAcceleratorTableW
EqualRect
RemovePropW
IsWindowEnabled
OffsetRect
SendMessageW
SystemParametersInfoW
GetForegroundWindow
AttachThreadInput
LoadImageW
SetForegroundWindow
GetSystemMetrics
GetActiveWindow
DialogBoxParamW
IsIconic
IsWindowVisible
PostQuitMessage
CharNextW
BringWindowToTop
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
FillRect
ScreenToClient
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DrawTextW
GetAsyncKeyState
GetFocus
UpdateLayeredWindow
ShowWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
DestroyWindow
MonitorFromWindow
UnionRect
LoadCursorW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
MapWindowPoints
SetCursor
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
SetFocus
EndDialog
SetWindowPos
FindWindowW
SendNotifyMessageW
RegisterWindowMessageW
MessageBoxW
wsprintfW
SendMessageTimeoutW
GetMonitorInfoW
CopyRect
GetShellWindow
GetWindowThreadProcessId
FindWindowExW
PostMessageW
KillTimer
SetTimer
InvalidateRgn
IsDialogMessageW

gdi32

TextOutW
ExtTextOutW
GdiFlush
CreateDCW
GetDIBits
SetDIBitsToDevice
GetTextColor
SetDIBColorTable
SetStretchBltMode
StretchBlt
ExtSelectClipRgn
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
GetDeviceCaps
CreateRoundRectRgn
SetWindowOrgEx
GetTextMetricsW
Rectangle
CreatePen
CreateFontIndirectW
OffsetViewportOrgEx
RectVisible
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject
SetViewportOrgEx
CreateFontW
CreateRectRgnIndirect
CreateSolidBrush
GetStockObject
RestoreDC
SaveDC
SelectClipRgn
SetBkColor
SetBkMode
SetTextColor
CreateDIBSection
GetObjectW
EnumFontFamiliesW
CombineRgn

advapi32

CryptReleaseContext
RegDeleteKeyValueW
RegDeleteTreeW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
DeleteAce
EqualSid
CryptDestroyKey
LookupAccountSidW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
LookupPrivilegeValueW
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptContextAddRef
GetTokenInformation
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCreateKeyW
LookupAccountNameW
SetEntriesInAclW
GetExplicitEntriesFromAclW
CryptAcquireContextW
GetTrusteeNameW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetUserNameW

shell32

SHFileOperationW
SHChangeNotify
ord165
ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW

ole32

CoUninitialize
CoCreateGuid
CLSIDFromProgID
OleRun
CreateStreamOnHGlobal
CoInitialize
CoInitializeSecurity
CoSetProxyBlanket
CLSIDFromString
OleLockRunning
StringFromGUID2
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysFreeString
VariantCopy
SafeArrayPutElement
SafeArrayCreate
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VarUI4FromStr
SysAllocString
VariantClear
SysStringByteLen
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen

shlwapi

PathIsRelativeW
PathIsRootW
SHSetValueA
PathIsPrefixW
SHSetValueW
PathIsDirectoryW
StrCmpNIW
PathRenameExtensionA
StrStrIA
StrStrIW
StrCmpIW
PathFindFileNameA
PathAppendW
PathCombineW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
wnsprintfW
StrToIntExW
SHGetValueA
SHAutoComplete
PathCompactPathW
PathRemoveFileSpecW
StrTrimA
AssocQueryStringW
SHGetValueW

comctl32

ord17
ImageList_DrawEx
_TrackMouseEvent
InitCommonControlsEx
ImageList_GetIconSize

gdiplus

GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipLoadImageFromFileICM
GdiplusShutdown
GdipLoadImageFromFile
GdipDrawEllipseI
GdipImageGetFrameCount
GdipAddPathArc
GdipGetImageEncoders
GdipAlloc
GdipFree
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipSetPenMode
GdipSetPenDashStyle
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawPath
GdipFillEllipseI
GdipClosePathFigure
GdipCreateTexture
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipGraphicsClear
GdipFillPath
GdipDrawImagePointsI
GdipGetImageEncodersSize
GdiplusStartup

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcesses

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

setupapi

SetupIterateCabinetW

crypt32

CryptStringToBinaryW
CryptBinaryToStringA
CryptBinaryToStringW
CryptStringToBinaryA

msimg32

GradientFill
AlphaBlend

Exports

Exports

_BasicEntry@12
_CreateApp@0
_Start@4
_Uninst@4

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

987bd31d326bf65bc0c721c873e3d5c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

version

iphlpapi

wininet

urlmon

setupapi

crypt32

msimg32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 402KB - Virtual size: 401KB

.data Size: 36KB - Virtual size: 61KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 107KB - Virtual size: 106KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 402KB - Virtual size: 401KB

.data
Size: 36KB - Virtual size: 61KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 107KB - Virtual size: 106KB