2024-05-20_7b7be2ba6edcca3e7961d8e85d73fafc_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-20_7b7be2ba6edcca3e7961d8e85d73fafc_magniber
Size

4.2MB
MD5

7b7be2ba6edcca3e7961d8e85d73fafc
SHA1

2cdfffbfe3b48914b18a09d6b62d360c60380903
SHA256

69f0a928a800fc40581f6741056a3051e662040907661ff99f22df962a783b80
SHA512

6e180d40ee2464ed91b657524934f2365ecde51c5e830f398cde4acf920ea923afb535ad81d341d1eef5d63dde9ddb8d5ec6ed884bd2a346258c3d6c8feb2cac
SSDEEP

49152:3Io080XuWKBk6ZcyjJJVSL6VlIWi7C2nDTp402U/Gn3ucfH9EMDLSjwMUskHAOhU:muXBekJVI6iC2DTpMuumjwMUskTUtq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-05-20_7b7be2ba6edcca3e7961d8e85d73fafc_magniber

Files

2024-05-20_7b7be2ba6edcca3e7961d8e85d73fafc_magniber
.exe windows:6 windows x86 arch:x86

f8077778452df96cff92fb34fe332e80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

D:\dbs\sh\ddvsm\0128_230433\cmd\2z\out\binaries\x86ret\bin\i386\Opt\rdajgpzw.d3y\Output\msvsmon.pdb

Imports

kernel32

FreeLibrary
LoadLibraryW
GetComputerNameExW
GetVersionExW
LoadLibraryExW
LocalFree
GetCurrentThreadId
Sleep
UnmapViewOfFile
CreateEventW
CreateFileMappingW
MapViewOfFile
GetCurrentProcessId
SetEvent
WaitForMultipleObjectsEx
GetExitCodeProcess
TerminateProcess
OpenProcess
MultiByteToWideChar
CreateThread
WaitForSingleObject
GetExitCodeThread
GetTempPathW
GetModuleFileNameW
GetFileAttributesW
InterlockedExchange
SwitchToThread
InterlockedCompareExchange
GetTickCount
CreateFileW
GetFileSize
ReadFile
FindFirstFileExW
FindNextFileW
FindClose
HeapSetInformation
SetErrorMode
CreateNamedPipeW
WriteFile
FlushFileBuffers
InitializeCriticalSectionEx
DisconnectNamedPipe
CancelSynchronousIo
GetProcessId
GetCommandLineW
OpenEventW
SetEnvironmentVariableW
WideCharToMultiByte
LocalAlloc
GetDateFormatW
GetTimeFormatW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocalTime
ExpandEnvironmentStringsW
GetThreadLocale
RaiseException
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
QueryFullProcessImageNameW
GetLongPathNameW
GetThreadContext
GetCurrentThread
SetLastError
SetUnhandledExceptionFilter
SetThreadPriority
SuspendThread
IsDebuggerPresent
DecodePointer
GetFileInformationByHandle
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
ResumeThread
CreateProcessW
ConnectNamedPipe
MulDiv
GetCurrentProcess
GetSystemDirectoryW
FindFirstFileW
FormatMessageA
GetComputerNameW
IsWow64Process
GetVersion
OpenFileMappingW
WriteProcessMemory
VirtualAllocEx
DeleteFileW
WaitForMultipleObjects
SetThreadAffinityMask
GetProcessAffinityMask
GetThreadPriority
SetFilePointer
RegisterWaitForSingleObject
UnregisterWaitEx
QueueUserWorkItem
OpenThread
ResetEvent
GetEnvironmentVariableW
InitializeCriticalSection
lstrcmpW
FormatMessageW
GetEnvironmentVariableA
VirtualAlloc
VirtualFree
GetVersionExA
FindResourceExW
LockResource
FindResourceA
IsDBCSLeadByte
lstrcmpiA
GetModuleHandleA
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
OutputDebugStringW
GetStringTypeW
GetFileType
GetACP
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetStdHandle
TlsFree
CompareStringOrdinal
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlUnwind
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
UnhandledExceptionFilter
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
SetHandleInformation
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
CloseHandle
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
GetLastError

vsdebugeng

DkmDllEnsureInitialized
DkmDllSetRootProcessId
DkmDllUninitialize
ProcDkmString3

gdiplus

GdiplusShutdown

user32

GetDlgItem
EnableWindow
CheckDlgButton
GetWindowLongW
SendMessageW
SetWindowLongW
EndDialog
SetDlgItemTextW
DialogBoxParamW
SetDlgItemInt
GetDlgItemInt
SetCursor
ReleaseDC
GetDC
CharUpperBuffW
PeekMessageW
PostThreadMessageW
LoadStringW
PeekMessageA
CharNextA
MessageBoxW
OpenClipboard
CharNextW
KillTimer
SetTimer
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
GetSubMenu
PostMessageW
PostQuitMessage
CloseClipboard
SetClipboardData
EmptyClipboard
SetFocus
GetSystemMetrics
SetMenu
LoadMenuW
DefWindowProcW
MoveWindow
DestroyWindow
RegisterClassW
LoadIconW
EnableMenuItem
GetMenu
SetForegroundWindow
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
UpdateWindow
CreateWindowExW
DestroyMenu
CheckRadioButton
SetWindowTextW
GetParent
NotifyWinEvent
ShowWindow
LoadCursorW

oleaut32

VarUI2FromDec
VarUI4FromDec
VarR4FromDec
VarR8FromDec
VarDecAdd
VarDecSu
VarDecMul
VarDecDiv
VarDecCmp
VarBstrCmp
VariantCopy
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayRedim
VariantChangeType
CreateErrorInfo
SysAllocString
VarUI1FromDec
VarI1FromDec
VarDecFix
VarDecFromR8
VarDecFromR4
VarDecFromUI4
VarDecFromI4
GetErrorInfo
VarI4FromDec
VarBstrFromDec
VarR8FromStr
SetErrorInfo
VarUI4FromStr
VariantClear
VarI2FromDec
SysFreeString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VarBstrCat
VariantInit
SysAllocStringLen

comctl32

ord17

ws2_32

inet_addr
ntohs
getsockname
bind
htonl
closesocket
setsockopt
socket
htons
WSAStartup
WSAGetLastError

gdi32

DeleteDC
GetDeviceCaps
SelectObject

Exports

Exports

_CreateHostedInstance@12
_IsFallbackLoadRemoteManagedPdbsEnabled@0
_IsInServiceMode@0
_OnAbnormalAbort@0

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 756KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f8077778452df96cff92fb34fe332e80

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vsdebugeng

gdiplus

user32

oleaut32

comctl32

ws2_32

gdi32

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.data Size: 139KB - Virtual size: 150KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 310KB - Virtual size: 309KB

.reloc Size: 756KB - Virtual size: 760KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 139KB - Virtual size: 150KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 310KB - Virtual size: 309KB

.reloc
Size: 756KB - Virtual size: 760KB