2024-05-15_0c39ca02509564ce6472f361270e19e2_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-15_0c39ca02509564ce6472f361270e19e2_magniber
Size

2.5MB
MD5

0c39ca02509564ce6472f361270e19e2
SHA1

88d3be7aade900ced24c03c5c271512be91cf01d
SHA256

23bb08fda478abd256a51c45b3944262066a1154ce6cd8dae896b4452c4c617b
SHA512

2beb0fc5d307ee4064523426ba10f48b6af0b3b5c3f7e881e9d82acb21f2daede5e91806f72b73620d2c67d9892f307fae964ed557f5a18c9287e5a3c99eb350
SSDEEP

24576:LHcQdU/REYRBeTLbFav6eWe88w0Lr6M1PFuZHgTluYFvOlfpfFPhxljI88I7AjK6:L86d8l6MfsHgTluOvepd5U5IsOleVMq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-15_0c39ca02509564ce6472f361270e19e2_magniber

Files

2024-05-15_0c39ca02509564ce6472f361270e19e2_magniber
.exe windows:4 windows x86 arch:x86

cfc8a215ccc1cbd97cf7d6debc1e4fd9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_Trunk\workspace\8.12Patch_SourceJob\qqpcmgr_proj\Basic\Output\BinFinal\QQPCMgrPacket.pdb

Imports

kernel32

UnmapViewOfFile
MoveFileExW
RemoveDirectoryW
CreateDirectoryW
SetFilePointer
OutputDebugStringW
GetExitCodeProcess
QueryDosDeviceW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
LocalAlloc
LocalFree
GetDriveTypeW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
VirtualFree
VirtualAlloc
ReleaseSemaphore
CreateSemaphoreW
GetStdHandle
SetEndOfFile
GetTempFileNameW
GetFullPathNameW
SetFileTime
SetFileAttributesW
MoveFileW
GetSystemInfo
IsBadReadPtr
LoadLibraryExW
SetCurrentDirectoryW
CreateFileMappingW
MapViewOfFileEx
CreateMutexW
OpenMutexW
lstrcmpiW
GetPrivateProfileIntW
GlobalMemoryStatus
DeviceIoControl
GetDiskFreeSpaceExW
GetVersion
OpenSemaphoreW
CreateNamedPipeW
OpenEventW
MapViewOfFile
LocalFileTimeToFileTime
lstrcmpW
GetSystemTime
GetProcessTimes
ResumeThread
SleepEx
TerminateThread
GetDriveTypeA
GetCurrentDirectoryA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
LCMapStringW
LCMapStringA
RtlUnwind
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleA
IsDebuggerPresent
UnhandledExceptionFilter
ExitThread
GetStartupInfoW
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetLocalTime
CreatePipe
GetCPInfo
LoadLibraryA
lstrlenW
FindClose
CreateThread
FindNextFileW
FindFirstFileW
WriteFile
FreeResource
SetLastError
GetFileAttributesW
WideCharToMultiByte
RaiseException
FreeLibrary
FlushInstructionCache
GetPrivateProfileStringW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
WritePrivateProfileStringW
GetCurrentDirectoryW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
OpenProcess
SearchPathW
MultiByteToWideChar
InitializeCriticalSection
SetErrorMode
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameW
GetCommandLineW
lstrcpynW
VirtualAllocEx
WriteProcessMemory
SetUnhandledExceptionFilter
TerminateProcess
CreateProcessW
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
DuplicateHandle
GetCurrentProcess
GetLastError
InitializeCriticalSectionAndSpinCount
HeapAlloc
InterlockedIncrement
GetProcessHeap
HeapFree
DeleteCriticalSection
GlobalFree
InterlockedDecrement
WaitForMultipleObjects
ResetEvent
CreateEventW
GetVersionExW
CopyFileW
Sleep
GetTickCount
SetEvent
WaitForSingleObject
ReadFile
CloseHandle
GetFileSize
CreateFileW
DeleteFileW
ReleaseMutex
VirtualQuery
GetSystemDefaultLangID
CreateFileA
GetTempPathW
lstrlenA
SystemTimeToFileTime

user32

PostMessageW
DefWindowProcW
CreateWindowExW
SetWindowLongW
DestroyWindow
FindWindowW
FindWindowExW
SetActiveWindow
PeekMessageW
IsWindow
GetMessageW
FindWindowA
IsIconic
SendMessageTimeoutW
UnregisterClassW
GetPropW
MessageBoxW
SetPropW
PostQuitMessage
RemovePropW
EnumWindows
UnregisterClassA
LoadStringW
CopyImage
CharLowerW
InvalidateRgn
GetWindowTextW
FrameRect
LoadIconW
FillRect
GetSysColor
SetWindowTextW
GetWindowDC
DestroyAcceleratorTable
mouse_event
GetSystemMetrics
CreateAcceleratorTableW
GetClassNameW
SetTimer
IsChild
GetFocus
KillTimer
SetFocus
GetWindowTextLengthW
RedrawWindow
LoadImageW
PostThreadMessageW
DrawFrameControl
GetKeyState
OffsetRect
ClientToScreen
GetMonitorInfoW
MonitorFromWindow
EqualRect
GetDlgCtrlID
IsWindowVisible
DrawIconEx
ReleaseCapture
DrawTextW
SetCapture
SetCursor
PtInRect
SetWindowRgn
TrackPopupMenu
ScreenToClient
EndPaint
BeginPaint
CallWindowProcW
CharUpperW
RegisterWindowMessageW
CharNextW
GetDC
SetForegroundWindow
AttachThreadInput
GetForegroundWindow
GetWindowThreadProcessId
InflateRect
ReleaseDC
LoadCursorW
SetWindowPos
ShowWindow
GetWindow
GetClassInfoExW
InvalidateRect
SystemParametersInfoW
MapWindowPoints
RegisterClassExW
SetRect
EnableWindow
IsWindowEnabled
GetDesktopWindow
GetActiveWindow
GetClientRect
GetWindowRect
SendMessageW
GetDlgItem
GetParent
CopyRect
MoveWindow
GetWindowLongW
DispatchMessageW
TranslateMessage
GetSystemMenu

gdi32

GetTextExtentPoint32W
OffsetRgn
CreateRectRgn
RoundRect
CreateRectRgnIndirect
TextOutW
RestoreDC
SaveDC
CreatePen
Rectangle
CreateFontIndirectW
CreateDIBSection
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
CreateBitmap
StretchBlt
SetBkColor
SetTextColor
SelectObject
DeleteDC
ExtTextOutW
GetObjectW
GetStockObject
DeleteObject
SetBkMode
LineTo
MoveToEx
RectInRegion
SelectClipRgn
GetDeviceCaps
ExtSelectClipRgn
CreateSolidBrush
GetCurrentObject
GetTextMetricsW
GetClipRgn
CombineRgn

advapi32

SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
FreeSid
DeleteService
QueryServiceConfigW
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
LookupAccountNameW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
ord680
SHCreateDirectoryExW
CommandLineToArgvW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CreateStreamOnHGlobal
OleUninitialize
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoGetClassObject
OleInitialize
OleLockRunning
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoFreeLibrary
CoLoadLibrary
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoInitialize
CoTaskMemAlloc

oleaut32

OleLoadPicture
VariantCopy
SysAllocStringByteLen
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
VarBstrCmp
DispCallFunc
VarUI4FromStr
SysFreeString
LoadTypeLi
SysAllocString
SysStringLen
SysAllocStringLen
VariantClear
VariantInit

shlwapi

PathAddBackslashW
StrToIntA
PathRemoveBackslashW
PathIsDirectoryW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW

comctl32

_TrackMouseEvent
InitCommonControlsEx

ws2_32

ntohl
htons
htonl

wininet

HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetGetConnectedState
InternetCloseHandle
InternetReadFile

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

Netbios

Sections

.text
Size: 924KB - Virtual size: 923KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfc8a215ccc1cbd97cf7d6debc1e4fd9

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

wininet

version

netapi32

Sections

.text Size: 924KB - Virtual size: 923KB

.rdata Size: 168KB - Virtual size: 164KB

.data Size: 24KB - Virtual size: 43KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 68KB - Virtual size: 65KB

.text
Size: 924KB - Virtual size: 923KB

.rdata
Size: 168KB - Virtual size: 164KB

.data
Size: 24KB - Virtual size: 43KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 68KB - Virtual size: 65KB