2024-05-22_66dcc48e5fbfa78c9c097c3819a7b2bf_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-22_66dcc48e5fbfa78c9c097c3819a7b2bf_magniber
Size

6.2MB
MD5

66dcc48e5fbfa78c9c097c3819a7b2bf
SHA1

27afbc77fa1d1b1e638753fcd6e42dcbd97c0ab9
SHA256

8e2cb2e1522c7317e81d02e9546a81cb21eb542d43d65095c1122f761a254d89
SHA512

a9c04e8356d00dc7c5da173319e265d9d47c329e96637565d49179f6c749fce42979b6c23641e4f7521d5f2ed71446f9e9db2cabe5ae3c3853131680bdd68e84
SSDEEP

98304:GUL3ROYGhmUdWVZm5rttyITFe+cdeVK2ix5bDnrP3K01tYd/bTQGX4D7y/e:bGnaZQSKF5cdH1xZDnrvxYdP5ay/

Score

1^/10

Malware Config

Signatures

Files

2024-05-22_66dcc48e5fbfa78c9c097c3819a7b2bf_magniber
.exe windows:5 windows x86 arch:x86

2082f032b86d41b7886c0a2776cb9914

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11-03-2013 00:00

Not After

10-03-2016 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

87:cf:cc:b5:38:63:bc:5c:e2:4e:98:71:45:cf:95:fc:91:40:01:9c
Signer

Actual PE Digest

87:cf:cc:b5:38:63:bc:5c:e2:4e:98:71:45:cf:95:fc:91:40:01:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Build3\src\tags\360Game_2.8.6.1018\360Game\installer_plugin\bin\Release\360Game_chs.pdb

Imports

kernel32

CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
CreateThread
SuspendThread
TerminateThread
ReleaseSemaphore
FlushInstructionCache
GetTickCount
SetFileAttributesW
WriteFile
SetEndOfFile
GetFileAttributesW
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
CreateSemaphoreW
HeapDestroy
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentThreadId
CreateMutexW
GetVersionExW
GetFileSize
GetModuleFileNameW
MoveFileExW
MoveFileW
DeleteFileW
GetPrivateProfileIntW
TryEnterCriticalSection
DeleteAtom
FindAtomW
ReleaseMutex
AddAtomW
LoadLibraryExW
GetAtomNameW
GetLocalTime
FormatMessageW
OutputDebugStringW
GlobalSize
SetFilePointerEx
LocalFileTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
CreateFileA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetModuleHandleA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
SetStdHandle
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
HeapCreate
FatalAppExitA
GetStartupInfoA
GetStdHandle
SetHandleCount
GetCurrentThread
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CancelWaitableTimer
FindClose
TerminateProcess
GetSystemTime
GetVersion
SetEvent
CreateEventW
lstrcpyW
lstrcatW
GlobalFree
GlobalUnlock
FreeResource
GlobalLock
GlobalAlloc
lstrcmpW
WritePrivateProfileStringW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
GetPrivateProfileStringW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
CopyFileW
GetTempFileNameW
GetTempPathW
GetLongPathNameW
WaitForSingleObject
SetFileTime
CreateDirectoryW
DosDateTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
SetFilePointer
GetFileType
DuplicateHandle
GetFileSizeEx
SetLastError
RaiseException
OpenThread
lstrcmpiW
lstrlenA
GetVolumeInformationW
DeviceIoControl
GetCurrentProcess
ReadFile
GetLastError
CreateFileW
MultiByteToWideChar
lstrcpynW
LocalFree
WideCharToMultiByte
lstrlenW
GetProcAddress
LoadLibraryW
Sleep
CloseHandle
CreateProcessW
FreeLibrary
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
SetProcessWorkingSetSize
CreateWaitableTimerW
SetWaitableTimer
ResetEvent
IsBadReadPtr
IsBadWritePtr
TlsSetValue
TlsAlloc
TlsFree
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsW
WaitForMultipleObjects
ExitProcess
OpenProcess
VirtualQuery
GetWindowsDirectoryW
GetShortPathNameW
GetExitCodeProcess
SearchPathW
LocalAlloc
GetSystemTimeAsFileTime
GetProcessTimes
GetSystemInfo
SetErrorMode
GetFileTime
FileTimeToLocalFileTime

user32

SetWindowLongW
PeekMessageW
GetMessageW
LoadStringW
SetForegroundWindow
ShowWindow
TranslateMessage
DispatchMessageW
WaitForInputIdle
PostMessageW
FindWindowW
CharNextW
DestroyWindow
DefWindowProcW
SwitchToThisWindow
BringWindowToTop
GetWindowThreadProcessId
GetDesktopWindow
AttachThreadInput
GetForegroundWindow
GetWindowLongW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
SetTimer
SetWindowPos
IsWindow
KillTimer
GetClientRect
GetShellWindow
MapVirtualKeyW
GetDlgItemTextW
FindWindowExW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
MessageBoxW
SetActiveWindow
GetDlgItem
TrackMouseEvent
IsIconic
IsWindowVisible
SendMessageTimeoutW
IsRectEmpty
EnumDisplaySettingsW
UpdateLayeredWindow
PtInRect
MsgWaitForMultipleObjects
MonitorFromPoint
EndPaint
BeginPaint
GetKeyState
GetFocus
MoveWindow
ClientToScreen
CopyRect
GetIconInfo
FillRect
DrawIconEx
DrawIcon
SetCapture
DrawTextW
GetKeyNameTextW
GetDC
InvalidateRect
SetClassLongW
OffsetRect
SetWindowRgn
AnimateWindow
RedrawWindow
GetMessagePos
SystemParametersInfoW
IsZoomed
ScreenToClient
EnableWindow
UpdateWindow
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
SetFocus
GetSystemMetrics
LoadImageW
PostQuitMessage
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
MapWindowPoints
SendMessageW
UnregisterClassA
GetClipboardData
IsClipboardFormatAvailable
SetRect
SubtractRect
ReleaseDC

gdi32

SetBitmapBits
GetBitmapBits
SetBrushOrgEx
SetBkColor
CreateFontIndirectW
GetCurrentObject
GetClipBox
StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
GetDIBits
CreateDCW
GetStockObject
CreateFontW
BitBlt
CreateDIBSection
RoundRect
ExcludeClipRect
GetObjectA
SetTextColor
LineTo
MoveToEx
CreatePen
CreateCompatibleDC
GetTextExtentPoint32W
SetBkMode
SelectObject
CombineRgn
CreateRoundRectRgn
CreateRectRgn
DeleteObject
CreateSolidBrush
GetObjectW
DeleteDC
SetViewportOrgEx
GetDeviceCaps
Rectangle

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetSidIdentifierAuthority
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyW
GetSidSubAuthority
GetSidSubAuthorityCount
RegGetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegEnumKeyW
RegSetKeySecurity
CopySid
GetTokenInformation
DuplicateTokenEx
RegQueryValueExA

shell32

SHChangeNotify
SHBrowseForFolderW
Shell_NotifyIconW
SHFreeNameMappings
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationW
ord165
CommandLineToArgvW
SHGetPathFromIDListW
SHAppBarMessage

ole32

CoMarshalInterface
GetHGlobalFromStream
CreateStreamOnHGlobal
CoCreateGuid
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
OleUninitialize
OleInitialize
CoSetProxyBlanket
CoInitializeSecurity
CoUnmarshalInterface
CoInitializeEx

oleaut32

VarUI4FromStr
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
VariantInit

shlwapi

StrToIntExW
PathIsURLW
PathFileExistsW
SHGetValueW
SHGetValueA
PathIsDirectoryW
StrCatW
StrStrIW
PathIsRootW
PathCombineW
StrCmpNIW
SHDeleteKeyW
SHSetValueW
PathRemoveFileSpecW
PathAddBackslashW
PathBuildRootW
PathGetDriveNumberW
StrStrW
StrDupW
StrToIntW
StrRStrIW
UrlCanonicalizeW
UrlCompareW
StrCmpIW
PathMatchSpecW
PathFindExtensionW
PathRemoveExtensionW
PathCanonicalizeW
PathFindFileNameW
PathAppendW

comctl32

ImageList_Remove
ImageList_GetIcon
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetImageCount
ImageList_Draw
ImageList_Duplicate
ImageList_Destroy
ImageList_Create

msimg32

TransparentBlt
AlphaBlend

wininet

InternetConnectW
InternetSetStatusCallbackW
HttpSendRequestExW
HttpOpenRequestW
FtpOpenFileW
HttpEndRequestW
InternetSetOptionA
InternetWriteFile
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
InternetQueryOptionW
FindCloseUrlCache
InternetSetOptionW
InternetGetLastResponseInfoW
FtpCommandW
FtpGetFileSize
InternetReadFileExA
InternetOpenW
GetUrlCacheEntryInfoW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
InternetCrackUrlW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
WTHelperProvDataFromStateData
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash

netapi32

Netbios

winmm

timeKillEvent
timeBeginPeriod
timeSetEvent

setupapi

SetupIterateCabinetW

crypt32

CertGetNameStringW

psapi

GetModuleFileNameExW
GetModuleBaseNameW
EnumProcesses
EnumProcessModules
GetProcessMemoryInfo

urlmon

ObtainUserAgentString

Sections

.text
Size: 763KB - Virtual size: 763KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2082f032b86d41b7886c0a2776cb9914

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

87:cf:cc:b5:38:63:bc:5c:e2:4e:98:71:45:cf:95:fc:91:40:01:9cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

wininet

version

wintrust

netapi32

winmm

setupapi

crypt32

psapi

urlmon

Sections

.text Size: 763KB - Virtual size: 763KB

.rdata Size: 161KB - Virtual size: 161KB

.data Size: 28KB - Virtual size: 63KB

.rsrc Size: 5.2MB - Virtual size: 5.2MB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

87:cf:cc:b5:38:63:bc:5c:e2:4e:98:71:45:cf:95:fc:91:40:01:9c
Signer

.text
Size: 763KB - Virtual size: 763KB

.rdata
Size: 161KB - Virtual size: 161KB

.data
Size: 28KB - Virtual size: 63KB

.rsrc
Size: 5.2MB - Virtual size: 5.2MB