2024-05-22_09ceb46f692e6d37197ddfc54238a28a_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-22_09ceb46f692e6d37197ddfc54238a28a_magniber
Size

4.2MB
MD5

09ceb46f692e6d37197ddfc54238a28a
SHA1

83be3d97cc83420b7a26c285b562b8116c46e8a7
SHA256

5b9a4b6c0570b2c09a05d34486e5d7a9a0fb848c26d60690b61efd4c30e34e6d
SHA512

1fbd45474f9e02d4ebf9410c107e778e41af2a41f8c71430947cb93399aa820f50ed7978f4f7647dd3b60f212f955885276d258b8ba39c68541d1defef29e070
SSDEEP

98304:yuXBekJVI6iC2DTpMuumjwMUsk0TjYvH:lXBd2/pMulHv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-05-22_09ceb46f692e6d37197ddfc54238a28a_magniber

Files

2024-05-22_09ceb46f692e6d37197ddfc54238a28a_magniber
.exe windows:6 windows x86 arch:x86

f8077778452df96cff92fb34fe332e80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

D:\dbs\sh\ddvsm\0128_230433\cmd\2z\out\binaries\x86ret\bin\i386\Opt\rdajgpzw.d3y\Output\msvsmon.pdb

Imports

kernel32

FreeLibrary
LoadLibraryW
GetComputerNameExW
GetVersionExW
LoadLibraryExW
LocalFree
GetCurrentThreadId
Sleep
UnmapViewOfFile
CreateEventW
CreateFileMappingW
MapViewOfFile
GetCurrentProcessId
SetEvent
WaitForMultipleObjectsEx
GetExitCodeProcess
TerminateProcess
OpenProcess
MultiByteToWideChar
CreateThread
WaitForSingleObject
GetExitCodeThread
GetTempPathW
GetModuleFileNameW
GetFileAttributesW
InterlockedExchange
SwitchToThread
InterlockedCompareExchange
GetTickCount
CreateFileW
GetFileSize
ReadFile
FindFirstFileExW
FindNextFileW
FindClose
HeapSetInformation
SetErrorMode
CreateNamedPipeW
WriteFile
FlushFileBuffers
InitializeCriticalSectionEx
DisconnectNamedPipe
CancelSynchronousIo
GetProcessId
GetCommandLineW
OpenEventW
SetEnvironmentVariableW
WideCharToMultiByte
LocalAlloc
GetDateFormatW
GetTimeFormatW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocalTime
ExpandEnvironmentStringsW
GetThreadLocale
RaiseException
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
QueryFullProcessImageNameW
GetLongPathNameW
GetThreadContext
GetCurrentThread
SetLastError
SetUnhandledExceptionFilter
SetThreadPriority
SuspendThread
IsDebuggerPresent
DecodePointer
GetFileInformationByHandle
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
ResumeThread
CreateProcessW
ConnectNamedPipe
MulDiv
GetCurrentProcess
GetSystemDirectoryW
FindFirstFileW
FormatMessageA
GetComputerNameW
IsWow64Process
GetVersion
OpenFileMappingW
WriteProcessMemory
VirtualAllocEx
DeleteFileW
WaitForMultipleObjects
SetThreadAffinityMask
GetProcessAffinityMask
GetThreadPriority
SetFilePointer
RegisterWaitForSingleObject
UnregisterWaitEx
QueueUserWorkItem
OpenThread
ResetEvent
GetEnvironmentVariableW
InitializeCriticalSection
lstrcmpW
FormatMessageW
GetEnvironmentVariableA
VirtualAlloc
VirtualFree
GetVersionExA
FindResourceExW
LockResource
FindResourceA
IsDBCSLeadByte
lstrcmpiA
GetModuleHandleA
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
OutputDebugStringW
GetStringTypeW
GetFileType
GetACP
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetStdHandle
TlsFree
CompareStringOrdinal
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlUnwind
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
UnhandledExceptionFilter
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
SetHandleInformation
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
CloseHandle
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
GetLastError

vsdebugeng

DkmDllEnsureInitialized
DkmDllSetRootProcessId
DkmDllUninitialize
ProcDkmString3

gdiplus

GdiplusShutdown

user32

GetDlgItem
EnableWindow
CheckDlgButton
GetWindowLongW
SendMessageW
SetWindowLongW
EndDialog
SetDlgItemTextW
DialogBoxParamW
SetDlgItemInt
GetDlgItemInt
SetCursor
ReleaseDC
GetDC
CharUpperBuffW
PeekMessageW
PostThreadMessageW
LoadStringW
PeekMessageA
CharNextA
MessageBoxW
OpenClipboard
CharNextW
KillTimer
SetTimer
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
GetSubMenu
PostMessageW
PostQuitMessage
CloseClipboard
SetClipboardData
EmptyClipboard
SetFocus
GetSystemMetrics
SetMenu
LoadMenuW
DefWindowProcW
MoveWindow
DestroyWindow
RegisterClassW
LoadIconW
EnableMenuItem
GetMenu
SetForegroundWindow
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
UpdateWindow
CreateWindowExW
DestroyMenu
CheckRadioButton
SetWindowTextW
GetParent
NotifyWinEvent
ShowWindow
LoadCursorW

oleaut32

VarUI2FromDec
VarUI4FromDec
VarR4FromDec
VarR8FromDec
VarDecAdd
VarDecSu
VarDecMul
VarDecDiv
VarDecCmp
VarBstrCmp
VariantCopy
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayRedim
VariantChangeType
CreateErrorInfo
SysAllocString
VarUI1FromDec
VarI1FromDec
VarDecFix
VarDecFromR8
VarDecFromR4
VarDecFromUI4
VarDecFromI4
GetErrorInfo
VarI4FromDec
VarBstrFromDec
VarR8FromStr
SetErrorInfo
VarUI4FromStr
VariantClear
VarI2FromDec
SysFreeString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VarBstrCat
VariantInit
SysAllocStringLen

comctl32

ord17

ws2_32

inet_addr
ntohs
getsockname
bind
htonl
closesocket
setsockopt
socket
htons
WSAStartup
WSAGetLastError

gdi32

DeleteDC
GetDeviceCaps
SelectObject

Exports

Exports

_CreateHostedInstance@12
_IsFallbackLoadRemoteManagedPdbsEnabled@0
_IsInServiceMode@0
_OnAbnormalAbort@0

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 756KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f8077778452df96cff92fb34fe332e80

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vsdebugeng

gdiplus

user32

oleaut32

comctl32

ws2_32

gdi32

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.data Size: 139KB - Virtual size: 150KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 310KB - Virtual size: 309KB

.reloc Size: 756KB - Virtual size: 760KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 139KB - Virtual size: 150KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 310KB - Virtual size: 309KB

.reloc
Size: 756KB - Virtual size: 760KB