2024-05-21_0d2d4bcdd276c6ce843aa0a3ed9faa8e_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-21_0d2d4bcdd276c6ce843aa0a3ed9faa8e_magniber_revil
Size

13.4MB
MD5

0d2d4bcdd276c6ce843aa0a3ed9faa8e
SHA1

16af427ce921ee0671969384497a2f5fb11bbeaa
SHA256

b5cb23250a2c6b1c977d2bb768accd2b30f48b01ace2faf2952ca9ae7a369f37
SHA512

eaffd8c0ea5ea856cfc162573734f5607614a54a41cccf67688addd1592e495383bd78881665e401011c033e5e2d9901d66fa4f20f77cc481eed3d6ce207ddeb
SSDEEP

393216:YmcNdoU2rqNQK42hvJcBoMIB+rJCktcBoMIB+KJqYZX:badSKHhvJcBoMIB+rbcBoMIB+KbZX

Score

1^/10

Malware Config

Signatures

Files

2024-05-21_0d2d4bcdd276c6ce843aa0a3ed9faa8e_magniber_revil
.exe windows:5 windows x86 arch:x86

9a00de703efcbcf0c63ca268f9e903f6

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:63:9a:e7:a9:4e:2f:34:ff:39:2d:6c:4b:e2:24:12
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

10/06/2019, 00:00

Not After

09/06/2021, 23:59

Subject

CN=LULU Software,O=LULU Software,L=Saint-Laurent,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:9e:87:64:f1:bd:37:9f:e4:39:aa:9e:2e:ee:30:73:0e:a3:12:67:60:81:77:4d:62:70:dc:67:1a:c6:35:db
Signer

Actual PE Digest

cf:9e:87:64:f1:bd:37:9f:e4:39:aa:9e:2e:ee:30:73:0e:a3:12:67:60:81:77:4d:62:70:dc:67:1a:c6:35:db

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\TemporaryBuilds\installer_builder_1\38\s\_bin\soda11\Win32\Soda_PDF_Desktop_11_Installer.pdb

Imports

kernel32

CreateFileW
SetFilePointer
CloseHandle
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryW
MultiByteToWideChar
LocalFileTimeToFileTime
WideCharToMultiByte
GetFileAttributesW
CreateDirectoryW
WriteFile
SetFileTime
HeapAlloc
GetProcessHeap
HeapFree
CreateEventA
SetEvent
GetLastError
InterlockedIncrement
InterlockedDecrement
TlsAlloc
InterlockedExchange
InterlockedExchangeAdd
RemoveDirectoryW
TlsFree
WaitForSingleObjectEx
GetCurrentThreadId
GetCurrentProcess
LocalAlloc
LocalFree
GetDriveTypeW
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCommandLineW
RaiseException
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateThread
WaitForSingleObject
CreateEventW
GetCurrentProcessId
GetModuleFileNameW
GetFileSize
HeapDestroy
HeapReAlloc
HeapSize
TerminateProcess
OutputDebugStringW
SetUnhandledExceptionFilter
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
DeleteFileW
SetFileAttributesW
GetFullPathNameW
GetVersionExW
CopyFileW
CreateProcessW
FindFirstFileW
FindNextFileW
FindClose
Sleep
CreateMutexW
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreA
WaitForMultipleObjectsEx
LoadResource
SizeofResource
FindResourceW
lstrcmpiW
LoadLibraryExW
FreeLibrary
QueryPerformanceCounter
QueryPerformanceFrequency
CreateMutexA
GetShortPathNameW
GetUserDefaultLCID
OpenProcess
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
IsWow64Process
GetExitCodeProcess
Process32FirstW
Process32NextW
GetModuleHandleA
LockResource
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetModuleFileNameA
LoadLibraryExA
DuplicateHandle
FormatMessageW
WaitForMultipleObjects
TerminateThread
QueueUserAPC
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
InterlockedCompareExchange
SetLastError
VerSetConditionMask
VerifyVersionInfoW
TlsGetValue
TlsSetValue
GetSystemInfo
ProcessIdToSessionId
MoveFileW
GetTickCount
GetTempPathW
GetFileInformationByHandle
GetLocalTime
FileTimeToSystemTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
lstrcpynW
SwitchToThread
CreateFileMappingA
MapViewOfFileEx
CreateFileA
FormatMessageA
GlobalSize
LoadLibraryA
GetTempPathA
GetTempFileNameA
GetLocaleInfoA
FindResourceA
MulDiv
ExitThread
GetCPInfo
SetThreadLocale
GetNumberFormatW
GetCurrencyFormatW
GetSystemTime
GetTimeZoneInformation
GetLocaleInfoW
GetDateFormatW
GetThreadLocale
GetVersionExA
SetEndOfFile
FlushViewOfFile
CompareStringW
GetCurrentThread
GetThreadTimes
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetFileType
GetStdHandle
PeekNamedPipe
OutputDebugStringA
GetWindowsDirectoryA
GetComputerNameA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetSystemTimeAsFileTime
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
LoadLibraryW
ConvertFiberToThread
ConvertThreadToFiber
GetStringTypeA
VirtualProtect
VirtualQuery
UnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetStringTypeW
GetExitCodeThread
TryEnterCriticalSection
EncodePointer
LCMapStringW
OpenEventA
ResumeThread
CreateWaitableTimerA
GetFileAttributesExW
SetFilePointerEx
DeviceIoControl
AreFileApisANSI
GetStringTypeExW
LCMapStringA
GetStringTypeExA
IsValidCodePage
IsDBCSLeadByteEx
EnumSystemLocalesA
FoldStringW
GetTimeFormatW
CreateProcessA
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
SetConsoleCtrlHandler
VirtualAlloc
ExitProcess
SystemTimeToTzSpecificLocalTime
FreeLibraryAndExitThread
WriteConsoleW
GetConsoleCP
GetACP
IsValidLocale
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
CreatePipe
FindFirstFileExW
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
VirtualFree
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx

Exports

Exports

??0?$oserializer@Vbinary_oarchive@archive@boost@@UtagRECT@@@detail@archive@boost@@QAE@XZ
??0?$oserializer@Vbinary_oarchive@archive@boost@@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@detail@archive@boost@@QAE@XZ
??0?$singleton@V?$extended_type_info_typeid@UtagRECT@@@serialization@boost@@@serialization@boost@@QAE@XZ
??0?$singleton@V?$extended_type_info_typeid@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@serialization@boost@@@serialization@boost@@QAE@XZ
??1?$singleton@V?$extended_type_info_typeid@UtagRECT@@@serialization@boost@@@serialization@boost@@QAE@XZ
??1?$singleton@V?$extended_type_info_typeid@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@serialization@boost@@@serialization@boost@@QAE@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UtagRECT@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UtagRECT@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@23@XZ
?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@UtagRECT@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vbinary_iarchive@archive@boost@@UtagRECT@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vbinary_iarchive@archive@boost@@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@UtagRECT@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vbinary_oarchive@archive@boost@@UtagRECT@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vbinary_oarchive@archive@boost@@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@detail@archive@3@XZ
?get_lock@singleton_module@serialization@boost@@CAAA_NXZ
?get_mutable_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?is_destroyed@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_locked@singleton_module@serialization@boost@@SA_NXZ
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@UtagRECT@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?lock@?1??get_lock@singleton_module@serialization@boost@@CAAA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@SAXXZ
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@UtagRECT@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VPlacement@HtmlWindowPlacementStrategy@GuiFramework@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?unlock@singleton_module@serialization@boost@@SAXXZ

Sections

.text
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 217KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a00de703efcbcf0c63ca268f9e903f6

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

2c:63:9a:e7:a9:4e:2f:34:ff:39:2d:6c:4b:e2:24:12Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

cf:9e:87:64:f1:bd:37:9f:e4:39:aa:9e:2e:ee:30:73:0e:a3:12:67:60:81:77:4d:62:70:dc:67:1a:c6:35:dbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 6.2MB - Virtual size: 6.2MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 217KB - Virtual size: 312KB

.rsrc Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 348KB - Virtual size: 347KB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

2c:63:9a:e7:a9:4e:2f:34:ff:39:2d:6c:4b:e2:24:12
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

cf:9e:87:64:f1:bd:37:9f:e4:39:aa:9e:2e:ee:30:73:0e:a3:12:67:60:81:77:4d:62:70:dc:67:1a:c6:35:db
Signer

.text
Size: 6.2MB - Virtual size: 6.2MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 217KB - Virtual size: 312KB

.rsrc
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 348KB - Virtual size: 347KB