2024-05-21_7c43f7ae2d8cf78017821d1d9483ab64_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-21_7c43f7ae2d8cf78017821d1d9483ab64_magniber
Size

990KB
MD5

7c43f7ae2d8cf78017821d1d9483ab64
SHA1

d728a65a7ab2266a4b285bbe39cc1bf25f0fc721
SHA256

d0747604b570713b4a5781cb463ad000395b76157c62f70b975b84b650258b4b
SHA512

965a23194003667d52f1781528e15d82cae10356f31fb5e04005ed1364a476e1bf8881ce6c811e7843afa9e0571221abdddd5a904f1d00acc12c08efdb757d94
SSDEEP

12288:9RqN/ntEEK86rcpvoccZPMY2d48610tVWuu806STsyIANtj2OtdF4uuU6tp+:9oN/ntEE2GqcVWFVTbIA/2WFjuntp+

Score

1^/10

Malware Config

Signatures

Files

2024-05-21_7c43f7ae2d8cf78017821d1d9483ab64_magniber
.exe windows:6 windows x86 arch:x86

61ec3b9c9e1b8acd85f0870460a97371

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

91:92:f8:01:c0:70:8d:c6:51:2a:fd:2c:96:13:fd:b7
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

20/01/2015, 00:00

Not After

19/01/2018, 23:59

Subject

CN=GfK SE,O=GfK SE,POSTALCODE=90419,STREET=Nordwestring 101,L=Nürnberg,ST=BY,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

21:44:3b:7d:16:23:fd:10:e9:14:60:b7:a9:fe:c0:40:f2:90:17:84
Signer

Actual PE Digest

21:44:3b:7d:16:23:fd:10:e9:14:60:b7:a9:fe:c0:40:f2:90:17:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetEvent
QueryFullProcessImageNameW
OpenProcess
Process32FirstW
CreateEventW
WaitForMultipleObjects
Process32NextW
CreateToolhelp32Snapshot
ResetEvent
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetLongPathNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetTempPathW
GetCurrentDirectoryW
WideCharToMultiByte
SetEndOfFile
SetFilePointer
CreateDirectoryW
CreateFileW
GetFileAttributesW
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
SetThreadPriority
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentVariableW
GetTimeZoneInformation
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
Sleep
CreateMutexW
GetLastError
MultiByteToWideChar
lstrlenA
LocalFree
InterlockedDecrement
InterlockedIncrement
GetCommandLineW
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
ReadConsoleW
LoadLibraryW
GetOEMCP
OutputDebugStringW
GetACP
IsValidCodePage
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
ReadFile
GetProcessHeap
GetFileType
GetModuleFileNameW
WriteFile
GetStdHandle
HeapSize
GetStringTypeW
EncodePointer
DecodePointer
HeapFree
HeapAlloc
GetCPInfo
HeapReAlloc
RaiseException
RtlUnwind
CreateThread
ExitThread
GetProcAddress
LoadLibraryExW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetModuleHandleW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
FreeEnvironmentStringsW

user32

GetClassNameW
DispatchMessageW
TranslateMessage
FindWindowExW
PostThreadMessageW
EnumWindows
SetTimer
GetMessageW
PostQuitMessage
KillTimer

advapi32

RegOpenKeyExA
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegNotifyChangeKeyValue
RegOpenKeyExW
RegSetValueExW

shell32

CommandLineToArgvW

ole32

CLSIDFromProgID
CLSIDFromString
OleRun
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VarBstrCmp
SysFreeString
SysStringByteLen
SysAllocStringByteLen
VariantCopy
SysStringLen
SysAllocString
SafeArrayGetUBound
SafeArrayUnaccessData
VariantInit
SafeArrayAccessData
VariantClear
SafeArrayGetLBound
GetErrorInfo

Sections

.text
Size: 591KB - Virtual size: 590KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61ec3b9c9e1b8acd85f0870460a97371

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

91:92:f8:01:c0:70:8d:c6:51:2a:fd:2c:96:13:fd:b7Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

21:44:3b:7d:16:23:fd:10:e9:14:60:b7:a9:fe:c0:40:f2:90:17:84Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 591KB - Virtual size: 590KB

.rdata Size: 134KB - Virtual size: 134KB

.data Size: 16KB - Virtual size: 25KB

.rsrc Size: 85KB - Virtual size: 85KB

.reloc Size: 148KB - Virtual size: 148KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

91:92:f8:01:c0:70:8d:c6:51:2a:fd:2c:96:13:fd:b7
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

21:44:3b:7d:16:23:fd:10:e9:14:60:b7:a9:fe:c0:40:f2:90:17:84
Signer

.text
Size: 591KB - Virtual size: 590KB

.rdata
Size: 134KB - Virtual size: 134KB

.data
Size: 16KB - Virtual size: 25KB

.rsrc
Size: 85KB - Virtual size: 85KB

.reloc
Size: 148KB - Virtual size: 148KB