General

Malware Config

Signatures

Files

• 2024-05-22_d6edf3c417c9585b34b5bd6252f4cbdc_magniber

  .exe windows:5 windows x86 arch:x86

  ca22963003c94ba0b47d810f72ca32e6

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2013 12:00

  Not After

  22-10-2028 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0d:89:b5:84:dc:ba:29:af:71:97:9d:aa:87:fd:24:d4

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  19-03-2019 00:00

  Not After

  23-03-2020 12:00

  Subject

  CN=Shanghai DingXuan Technology Co. Ltd.,OU=IT,O=Shanghai DingXuan Technology Co. Ltd.,L=Shanghai,ST=Shanghai,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  43:9e:0d:b8:bd:a7:7b:de:95:a2:c8:da:70:b1:e4:07:3f:1f:9f:e9

  Signer

  Actual PE Digest

  43:9e:0d:b8:bd:a7:7b:de:95:a2:c8:da:70:b1:e4:07:3f:1f:9f:e9

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  F:\QiEImage\OutPutFile\Release\uninst.pdb

  Imports

  kernel32

  RemoveDirectoryW

  VirtualProtect

  VirtualFree

  VirtualAlloc

  UnregisterWaitEx

  InitializeSListHead

  ReleaseSemaphore

  FreeLibraryAndExitThread

  UnregisterWait

  RegisterWaitForSingleObject

  SetThreadAffinityMask

  GetProcessAffinityMask

  MoveFileExW

  DeleteTimerQueueTimer

  ChangeTimerQueueTimer

  CreateTimerQueueTimer

  GetLogicalProcessorInformation

  GetThreadPriority

  SetThreadPriority

  SwitchToThread

  SignalObjectAndWait

  WaitForSingleObjectEx

  SetEvent

  LoadResource

  FindResourceW

  GetNativeSystemInfo

  GetEnvironmentVariableW

  ReleaseMutex

  DeleteCriticalSection

  lstrcmpW

  GetModuleFileNameW

  CopyFileW

  InitializeCriticalSection

  CreateProcessW

  CreateMutexW

  GetCommandLineW

  CreateThread

  LocalFree

  CloseHandle

  CreateToolhelp32Snapshot

  FindNextFileW

  GetTempPathW

  WTSGetActiveConsoleSessionId

  Process32NextW

  GetSystemInfo

  ProcessIdToSessionId

  Process32FirstW

  GetLocalTime

  FindClose

  QueryDepthSList

  InterlockedFlushSList

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  CreateTimerQueue

  CreateFileW

  ReadFile

  GetVersionExW

  OpenProcess

  WriteFile

  WaitForSingleObject

  CreateDirectoryW

  GetCurrentProcess

  FreeLibrary

  SetFilePointer

  FindFirstFileW

  GetFileSize

  SetFileAttributesW

  lstrcpyW

  DeleteFileW

  lstrcatW

  TerminateProcess

  GetModuleHandleA

  SizeofResource

  EnterCriticalSection

  GetProcAddress

  GetLastError

  MultiByteToWideChar

  GetFileAttributesW

  LeaveCriticalSection

  WideCharToMultiByte

  GetTickCount

  GetModuleHandleW

  GetNumaHighestNodeNumber

  lstrlenW

  SystemTimeToFileTime

  DosDateTimeToFileTime

  DuplicateHandle

  SetFileTime

  MulDiv

  LoadLibraryW

  GetCurrentDirectoryW

  LockResource

  EncodePointer

  DecodePointer

  GetStringTypeW

  HeapFree

  HeapAlloc

  IsDebuggerPresent

  IsProcessorFeaturePresent

  HeapReAlloc

  RaiseException

  RtlUnwind

  GetCPInfo

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  SetLastError

  InitializeCriticalSectionAndSpinCount

  CreateEventW

  Sleep

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetStartupInfoW

  CreateSemaphoreW

  LCMapStringW

  GetProcessHeap

  ExitProcess

  GetModuleHandleExW

  AreFileApisANSI

  GetStdHandle

  HeapSize

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCurrentThread

  GetCurrentThreadId

  GetFileType

  GetConsoleMode

  ReadConsoleW

  SetFilePointerEx

  GetConsoleCP

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  LoadLibraryExW

  OutputDebugStringW

  SetStdHandle

  FlushFileBuffers

  WriteConsoleW

  SetEndOfFile

  GetThreadTimes

  FreeResource

  user32

  GetClientRect

  GetWindowLongW

  SetWindowLongW

  GetParent

  GetWindow

  LoadCursorW

  LoadImageW

  MonitorFromWindow

  GetMonitorInfoW

  wvsprintfW

  SetCursor

  OffsetRect

  IsIconic

  IsZoomed

  SetWindowRgn

  MessageBoxW

  ScreenToClient

  DestroyWindow

  UpdateLayeredWindow

  GetFocus

  GetKeyState

  SetCapture

  ReleaseCapture

  SetTimer

  KillTimer

  BeginPaint

  EndPaint

  GetUpdateRect

  InvalidateRect

  GetCursorPos

  MapWindowPoints

  IsRectEmpty

  PtInRect

  CharNextW

  MoveWindow

  GetWindowRgn

  ClientToScreen

  GetPropW

  CharPrevW

  DrawTextW

  FillRect

  SetRect

  CreateCaret

  HideCaret

  ShowCaret

  SetCaretPos

  GetSysColor

  SetWindowTextW

  GetWindowTextW

  GetWindowTextLengthW

  CreateAcceleratorTableW

  InvalidateRgn

  SetPropW

  SendMessageW

  GetSystemMetrics

  EnableWindow

  SetFocus

  FindWindowW

  IsWindow

  LoadStringW

  SetForegroundWindow

  SetWindowPos

  PostMessageW

  ReleaseDC

  FindWindowExW

  PostQuitMessage

  AnimateWindow

  ShowWindow

  GetWindowRect

  CreateWindowExW

  GetClassInfoExW

  RegisterClassExW

  RegisterClassW

  CallWindowProcW

  DefWindowProcW

  DispatchMessageW

  TranslateMessage

  IntersectRect

  InflateRect

  GetDC

  GetMessageW

  gdi32

  GetObjectA

  SetStretchBltMode

  StretchBlt

  ExtTextOutW

  SetTextColor

  MoveToEx

  TextOutW

  SetBkMode

  SetBkColor

  ExtSelectClipRgn

  SelectClipRgn

  RoundRect

  LineTo

  GetTextExtentPoint32W

  GetClipBox

  GetCharABCWidthsW

  CreateSolidBrush

  CreateRectRgnIndirect

  CreatePenIndirect

  CombineRgn

  PtInRegion

  CreateRectRgn

  SetWindowOrgEx

  GetObjectW

  CreateDIBSection

  GetTextMetricsW

  SaveDC

  RestoreDC

  DeleteDC

  CreateFontIndirectW

  CreateCompatibleDC

  CreateCompatibleBitmap

  GetDeviceCaps

  CreateRoundRectRgn

  DeleteObject

  SelectObject

  Rectangle

  CreatePen

  GetStockObject

  BitBlt

  advapi32

  RegCreateKeyExW

  RegQueryValueExW

  RegDeleteValueW

  RegOpenKeyExW

  RegCloseKey

  OpenProcessToken

  ConvertSidToStringSidA

  GetTokenInformation

  RegOpenKeyW

  RegDeleteKeyA

  LookupPrivilegeValueW

  RegDeleteValueA

  RegOpenKeyA

  AdjustTokenPrivileges

  shell32

  SHGetPathFromIDListW

  SHGetSpecialFolderLocation

  ShellExecuteExW

  SHGetSpecialFolderPathW

  ole32

  CLSIDFromString

  CLSIDFromProgID

  OleLockRunning

  CoTaskMemFree

  CoInitialize

  CoCreateInstance

  CoUninitialize

  shlwapi

  SHDeleteKeyW

  PathFileExistsW

  StrCmpIW

  version

  VerQueryValueW

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  psapi

  EnumProcessModules

  GetModuleFileNameExW

  iphlpapi

  GetAdaptersInfo

  SendARP

  ws2_32

  inet_addr

  wtsapi32

  WTSEnumerateSessionsA

  WTSQuerySessionInformationW

  WTSFreeMemory

  winhttp

  WinHttpCloseHandle

  WinHttpConnect

  WinHttpWriteData

  WinHttpReadData

  WinHttpCrackUrl

  WinHttpOpenRequest

  WinHttpOpen

  WinHttpReceiveResponse

  WinHttpSendRequest

  WinHttpAddRequestHeaders

  oleaut32

  VariantClear

  VariantInit

  SysFreeString

  SysAllocString

  comctl32

  ord17

  _TrackMouseEvent

  gdiplus

  GdipDeleteGraphics

  GdipCreateFromHDC

  GdipCreateLineBrushI

  GdipSetTextRenderingHint

  GdipCloneBrush

  GdiplusShutdown

  GdiplusStartup

  GdipFree

  GdipAlloc

  GdipCreateFontFromDC

  GdipCreateFontFromLogfontA

  GdipDeleteFont

  GdipSetStringFormatLineAlign

  GdipSetStringFormatAlign

  GdipDeleteStringFormat

  GdipCreateStringFormat

  GdipDeleteBrush

  GdipDrawString

  Sections

  .text

  Size: 560KB - Virtual size: 559KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 134KB - Virtual size: 134KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 23KB - Virtual size: 46KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 453KB - Virtual size: 452KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 39KB - Virtual size: 38KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ