2024-05-17_bb0abcc057dffc7643fb44d200844547_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-17_bb0abcc057dffc7643fb44d200844547_magniber
Size

3.1MB
MD5

bb0abcc057dffc7643fb44d200844547
SHA1

52197039c88e2afc0726a9fd904d07b82b7439c8
SHA256

1784a65dc3247ce6823960dbb6c11d7ce573b2b730fe5803e2bd2adbe69b9024
SHA512

9777d1e8138c833e9ffe5180ae6efd3b8d94002780855aabab9c13980fd2e374f9247e57f9260fba9cf154ad7ffd5c35868db57681ceb0ae47a8bde548c1d9a9
SSDEEP

98304:IKvsrgwtmxSouc+XO3xT8x/MiP7Vu0VLGMb5Cx0taAUgLdpq+Xvna9k7VoiX996Q:HUrgW6uc+Hx/FVu0VLGMb5Cx0taAUgLS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-17_bb0abcc057dffc7643fb44d200844547_magniber

Files

2024-05-17_bb0abcc057dffc7643fb44d200844547_magniber
.exe windows:6 windows x86 arch:x86

00ea679733586155089e2d834f860ad9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

McsAgent.pdb

Imports

advapi32

StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
GetTokenInformation
OpenProcessToken
IsWellKnownSid
ConvertSidToStringSidA
OpenThreadToken
ConvertSidToStringSidW
ImpersonateLoggedOnUser
RevertToSelf
SetSecurityInfo
SetNamedSecurityInfoA
CryptGetHashParam
CryptImportKey
CryptSetKeyParam
CryptHashData
CryptCreateHash
CryptDecrypt
CryptAcquireContextW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorDacl
RegNotifyChangeKeyValue
RegQueryValueExW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegDeleteTreeW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyExW
RegCloseKey
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey

shell32

SHGetFolderPathW
SHGetKnownFolderPath

ole32

CoSetProxyBlanket
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

bcrypt

BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDeriveKeyPBKDF2
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptDestroyHash

winhttp

WinHttpReadData
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpOpen
WinHttpSendRequest

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
GetConsoleOutputCP
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetCommandLineW
GetCommandLineA
ExitProcess
ReadFile
GetFileType
SetStdHandle
FreeLibraryAndExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
GetCurrentProcess
TerminateProcess
GetLastError
WriteFile
CreateFileW
FlushFileBuffers
MultiByteToWideChar
WideCharToMultiByte
CreateEventW
GetProcAddress
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
WaitForSingleObject
SetEvent
MoveFileExW
ReplaceFileW
OutputDebugStringA
GetCurrentProcessId
LoadLibraryExW
OpenProcess
SetEnvironmentVariableW
SetSearchPathMode
HeapSetInformation
GetProcessHeap
GetModuleHandleW
HeapSize
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CloseHandle
ReleaseSRWLockShared
AcquireSRWLockShared
GetComputerNameExW
GetNativeSystemInfo
GetSystemDefaultUILanguage
GetCurrentThread
GetTickCount64
IsWow64Process
GetQueuedCompletionStatus
CancelIoEx
CreateIoCompletionPort
GetCurrentThreadId
ExitThread
Sleep
CreateThread
ResetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
WaitForMultipleObjects
LocalFree
GetFileSizeEx
CompareFileTime
GetFileTime
LoadLibraryW
FreeLibrary
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
ExpandEnvironmentStringsW
SetWaitableTimer
CancelWaitableTimer
GetFileInformationByHandleEx
GetStdHandle
DeviceIoControl
SetFilePointer
SetEndOfFile
UnlockFileEx
GetConsoleMode
GetFileInformationByHandle
GetOverlappedResult
WriteConsoleW
GetOverlappedResultEx
LockFileEx
GetModuleHandleExW
GetModuleFileNameW
CreateWaitableTimerW
FindClose
FreeEnvironmentStringsW
FormatMessageW
GetSystemInfo
VirtualProtect
VirtualQuery
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
FormatMessageA
CreateDirectoryW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
CreateHardLinkW
InitializeSRWLock
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
GetExitCodeThread
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
QueryPerformanceFrequency
InitOnceComplete
InitOnceBeginInitialize
GetStringTypeW
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
OutputDebugStringW
InterlockedPushEntrySList
RtlUnwind
GetEnvironmentStringsW
SetDllDirectoryW

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

iphlpapi

GetAdaptersAddresses

ws2_32

WSACleanup
closesocket
WSAStartup
WSAGetLastError
WSAIoctl
socket

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory
WTSQuerySessionInformationW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 452KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 672KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

00ea679733586155089e2d834f860ad9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

shell32

ole32

bcrypt

winhttp

version

kernel32

oleaut32

iphlpapi

ws2_32

wtsapi32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 452KB - Virtual size: 452KB

.data Size: 104KB - Virtual size: 114KB

.didat Size: 512B - Virtual size: 76B

.rsrc Size: 232KB - Virtual size: 231KB

.reloc Size: 672KB - Virtual size: 676KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 452KB - Virtual size: 452KB

.data
Size: 104KB - Virtual size: 114KB

.didat
Size: 512B - Virtual size: 76B

.rsrc
Size: 232KB - Virtual size: 231KB

.reloc
Size: 672KB - Virtual size: 676KB