General

Malware Config

Signatures

Files

• 2024-05-20_3f933bdc452d740ce982e66d1baca69a_magniber_revil

  .exe windows:5 windows x86 arch:x86

  4014c520f1a2eab6130072cc984b5944

  
  

  Code Sign

  4a:53:8c:28

  Certificate

  Issuer

  CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

  Not Before

  07-07-2009 17:25

  Not After

  07-12-2030 17:55

  Subject

  CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f

  Certificate

  Issuer

  CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

  Not Before

  07-05-2021 15:43

  Not After

  07-11-2030 16:13

  Subject

  CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b

  Certificate

  Issuer

  CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

  Not Before

  07-05-2021 19:19

  Not After

  29-12-2040 23:59

  Subject

  CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  02:d2:a8:b1:8b:10:e7:51:6f:c6:ec:7a:88:80:c2:72

  Certificate

  Issuer

  CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

  Not Before

  12-05-2022 20:02

  Not After

  12-05-2024 20:02

  Subject

  SERIALNUMBER=727035-6,CN=Adaware Software (7270356 CANADA INC.),O=Adaware Software (7270356 CANADA INC.),L=Montreal,ST=Quebec,C=CA,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024341

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  21-09-2022 00:00

  Not After

  21-11-2033 23:59

  Subject

  CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  e2:05:91:7a:57:f9:d4:a4:ac:13:dc:6b:52:86:1a:53:39:4c:23:32:6b:0b:66:15:ca:13:b6:e3:cd:8d:7f:28

  Signer

  Actual PE Digest

  e2:05:91:7a:57:f9:d4:a4:ac:13:dc:6b:52:86:1a:53:39:4c:23:32:6b:0b:66:15:ca:13:b6:e3:cd:8d:7f:28

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  D:\TemporaryBuilds\installer_builder_2\100\s\_bin\adaware-pc-cleaner\Win32\Adaware_PC_Cleaner_Installer.pdb

  Imports

  kernel32

  CloseHandle

  ReadFile

  SystemTimeToFileTime

  GetCurrentDirectoryW

  MultiByteToWideChar

  LocalFileTimeToFileTime

  WideCharToMultiByte

  GetFileAttributesW

  CreateDirectoryW

  WriteFile

  SetFileTime

  FormatMessageA

  FormatMessageW

  LocalFree

  TlsAlloc

  GetLastError

  EnterCriticalSection

  LeaveCriticalSection

  WaitForSingleObject

  DeleteCriticalSection

  WaitForMultipleObjects

  TerminateThread

  QueueUserAPC

  SetEvent

  CreateEventA

  TlsFree

  WaitForSingleObjectEx

  PostQueuedCompletionStatus

  GetCurrentThreadId

  InitializeCriticalSection

  GetCommandLineW

  InitializeCriticalSectionAndSpinCount

  CreateEventW

  GetProcAddress

  RaiseException

  GetModuleHandleW

  DecodePointer

  CreateThread

  HeapAlloc

  GetProcessHeap

  HeapFree

  GetCurrentProcess

  GetCurrentProcessId

  GetModuleFileNameW

  GetFileSize

  HeapDestroy

  HeapReAlloc

  HeapSize

  TerminateProcess

  OutputDebugStringW

  SetUnhandledExceptionFilter

  OpenProcess

  CreateProcessW

  GetExitCodeProcess

  Sleep

  DeleteFileW

  SetFileAttributesW

  GetFullPathNameW

  CopyFileW

  FindFirstFileW

  RemoveDirectoryW

  FindNextFileW

  FindClose

  QueryPerformanceCounter

  QueryPerformanceFrequency

  SleepEx

  CreateIoCompletionPort

  SetWaitableTimer

  GetQueuedCompletionStatus

  SetLastError

  VerSetConditionMask

  VerifyVersionInfoW

  CreateSemaphoreA

  ReleaseSemaphore

  WaitForMultipleObjectsEx

  TlsGetValue

  TlsSetValue

  GetFileAttributesExW

  GetWindowsDirectoryW

  LocalAlloc

  GetUserDefaultLCID

  CreateMutexW

  ReleaseMutex

  LoadResource

  SizeofResource

  FindResourceW

  LoadLibraryExW

  lstrcmpiW

  FreeLibrary

  GetShortPathNameW

  CreateToolhelp32Snapshot

  Module32FirstW

  Module32NextW

  IsWow64Process

  Process32FirstW

  Process32NextW

  GetModuleHandleA

  LockResource

  BeginUpdateResourceW

  UpdateResourceW

  EndUpdateResourceW

  GlobalAlloc

  GlobalLock

  GlobalUnlock

  GlobalFree

  CreateMutexA

  GetModuleFileNameA

  LoadLibraryExA

  DuplicateHandle

  GetSystemInfo

  ProcessIdToSessionId

  LoadLibraryW

  MoveFileW

  GetTickCount

  GetSystemDirectoryW

  MoveFileExA

  CompareFileTime

  GetSystemTimeAsFileTime

  GetEnvironmentVariableA

  GetStdHandle

  GetFileType

  PeekNamedPipe

  GetCurrentThread

  GetEnvironmentVariableW

  GetConsoleMode

  SetConsoleMode

  ReadConsoleA

  ReadConsoleW

  GetModuleHandleExW

  SwitchToFiber

  DeleteFiber

  CreateFiber

  LoadLibraryA

  ConvertFiberToThread

  ConvertThreadToFiber

  GetSystemTime

  GetLocalTime

  FileTimeToSystemTime

  GetTimeZoneInformation

  GetDateFormatW

  GetTimeFormatW

  GetLocaleInfoW

  TryEnterCriticalSection

  ResetEvent

  CreateSemaphoreW

  ResumeThread

  GetComputerNameW

  CompareStringW

  CompareStringA

  GetNumberFormatW

  GetCurrencyFormatW

  GetSystemDefaultLCID

  SetFilePointer

  GetTempPathA

  GetTempFileNameA

  GlobalSize

  AllocConsole

  DebugBreak

  SetErrorMode

  SetEndOfFile

  CreateFileMappingW

  MapViewOfFile

  FlushViewOfFile

  UnmapViewOfFile

  ExitProcess

  LocalSize

  lstrlenW

  GetCPInfo

  SetHandleInformation

  CancelIo

  RegisterWaitForSingleObject

  UnregisterWait

  FlushFileBuffers

  ConnectNamedPipe

  SetNamedPipeHandleState

  CreateNamedPipeW

  WaitNamedPipeW

  GetNamedPipeHandleStateW

  SwitchToThread

  QueueUserWorkItem

  CreateNamedPipeA

  CreateFileA

  GetNumberOfConsoleInputEvents

  ReadConsoleInputW

  WriteConsoleW

  FillConsoleOutputCharacterW

  FillConsoleOutputAttribute

  GetConsoleCursorInfo

  SetConsoleCursorInfo

  GetConsoleScreenBufferInfo

  SetConsoleCursorPosition

  SetConsoleTextAttribute

  WriteConsoleInputW

  SetConsoleCtrlHandler

  UnregisterWaitEx

  CreateJobObjectW

  AssignProcessToJobObject

  SetInformationJobObject

  LCMapStringW

  GetFileInformationByHandle

  SetFilePointerEx

  DeviceIoControl

  MoveFileExW

  CreateHardLinkW

  GetLongPathNameW

  ReadDirectoryChangesW

  SetEnvironmentVariableW

  GetTempPathW

  InitializeCriticalSectionEx

  GetLogicalDriveStringsW

  GetVolumeInformationW

  GetStartupInfoW

  VirtualAlloc

  VirtualFree

  lstrcmpW

  SetThreadPriority

  GetThreadPriority

  GetVersionExW

  VirtualProtect

  OutputDebugStringA

  GetWindowsDirectoryA

  GetEnvironmentStringsW

  GetCommandLineA

  GetOEMCP

  GetACP

  FindFirstFileExW

  GetFileSizeEx

  EnumSystemLocalesW

  IsValidLocale

  GetConsoleOutputCP

  SetStdHandle

  SystemTimeToTzSpecificLocalTime

  GetDriveTypeW

  FreeLibraryAndExitThread

  ExitThread

  InterlockedPushEntrySList

  RtlUnwind

  FoldStringW

  EnumSystemLocalesA

  GetLocaleInfoA

  IsDBCSLeadByteEx

  IsValidCodePage

  GetStringTypeExA

  LCMapStringA

  GetStringTypeExW

  AreFileApisANSI

  CreateWaitableTimerA

  OpenEventA

  CompareStringEx

  GetLocaleInfoEx

  LCMapStringEx

  EncodePointer

  AcquireSRWLockExclusive

  ReleaseSRWLockExclusive

  InitializeSRWLock

  GetExitCodeThread

  GetStringTypeW

  IsDebuggerPresent

  InitializeSListHead

  IsProcessorFeaturePresent

  UnhandledExceptionFilter

  MapViewOfFileEx

  CreateFileMappingA

  lstrcpynW

  VirtualQuery

  MulDiv

  CreateFileW

  FreeEnvironmentStringsW

  winspool.drv

  ord203

  userenv

  CreateEnvironmentBlock

  DestroyEnvironmentBlock

  LoadUserProfileW

  UnloadUserProfile

  gdiplus

  GdiplusShutdown

  GdipDeleteFontFamily

  GdipGetEmHeight

  GdipGetCellAscent

  GdipGetLineSpacing

  GdipCreateFontFromDC

  GdipCreateFontFromLogfontA

  GdipDeleteFont

  GdipGetFamily

  GdipGetFontSize

  GdipCreateBitmapFromGraphics

  GdipCreateHBITMAPFromBitmap

  GdipDrawImageI

  GdipDrawDriverString

  GdipEndContainer

  GdipBeginContainer2

  GdipRestoreGraphics

  GdipSaveGraphics

  GdipGetClipBoundsI

  GdipSetClipRectI

  GdipSetClipRect

  GdipDrawImageRectRect

  GdipGetWorldTransform

  GdipTranslateWorldTransform

  GdipFillPath

  GdipFillPie

  GdipFillEllipse

  GdipFillRectanglesI

  GdipFillRectangleI

  GdipFillRectangle

  GdipGraphicsClear

  GdipMultiplyWorldTransform

  GdipSetInterpolationMode

  GdipSetTextRenderingHint

  GdipSetPixelOffsetMode

  GdipGetSmoothingMode

  GdipSetSmoothingMode

  GdipSetCompositingQuality

  GdipDeleteGraphics

  GdipCreateFromHWND

  GdipCreateFromHDC

  GdipDrawPath

  GdipDisposeImageAttributes

  GdipCreateImageAttributes

  GdipBitmapUnlockBits

  GdipBitmapLockBits

  GdipCreateBitmapFromScan0

  GdipGetImageHeight

  GdipGetImageWidth

  GdipGetImageGraphicsContext

  GdipDisposeImage

  GdipCloneImage

  GdipSetPenDashArray

  GdipSetPenDashOffset

  GdipSetPenDashStyle

  GdipSetPenMiterLimit

  GdipSetPenLineJoin

  GdipSetPenEndCap

  GdipSetPenStartCap

  GdipDeletePen

  GdipCreatePen2

  GdipCreatePen1

  GdipSetPathGradientTransform

  GdipSetPathGradientWrapMode

  GdipSetPathGradientPresetBlend

  GdipSetPathGradientCenterPoint

  GdipCreatePathGradientFromPath

  GdipMultiplyLineTransform

  GdipSetLineWrapMode

  GdipSetLinePresetBlend

  GdipCreateLineBrush

  GdipCreateSolidFill

  GdipCreateTexture

  GdipDeleteBrush

  GdipCloneBrush

  GdipGetMatrixElements

  GdipShearMatrix

  GdipRotateMatrix

  GdipScaleMatrix

  GdipTranslateMatrix

  GdipDeleteMatrix

  GdipCreateMatrix2

  GdipCreateMatrix

  GdipIsVisiblePathPoint

  GdipGetPathWorldBounds

  GdipAddPathRectangleI

  GdipAddPathArcI

  GdipAddPathLineI

  GdipAddPathEllipse

  GdipAddPathBezier

  GdipAddPathArc

  GdipAddPathLine

  GdipClosePathFigure

  GdipStartPathFigure

  GdipSetPathFillMode

  GdipResetPath

  GdipDeletePath

  GdipClonePath

  GdipCreatePath

  GdipFree

  GdipAlloc

  GdipDrawPie

  GdipDrawEllipse

  GdipDrawRectangle

  GdipDrawArc

  GdipDrawLine

  GdipTransformPoints

  GdiplusStartup

  GdipSetImageAttributesColorMatrix

  GdipSetPageUnit

  uxtheme

  SetWindowTheme

  IsThemeBackgroundPartiallyTransparent

  GetThemePartSize

  DrawThemeBackground

  CloseThemeData

  OpenThemeData

  usp10

  ScriptApplyDigitSubstitution

  ScriptBreak

  ScriptFreeCache

  ScriptItemize

  ScriptShape

  ScriptPlace

  Sections

  .text

  Size: 8.6MB - Virtual size: 8.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.8MB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 309KB - Virtual size: 429KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2.9MB - Virtual size: 2.9MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 490KB - Virtual size: 489KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ