2024-05-22_e06fb5fdae5d1d9fa751d399078c0d42_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-22_e06fb5fdae5d1d9fa751d399078c0d42_magniber_revil
Size

18.0MB
MD5

e06fb5fdae5d1d9fa751d399078c0d42
SHA1

c9b1c28fe439032a3c06db7911b385abb775681c
SHA256

6a88144c5d75b34c16426b11aafdf43973027391022f974c18fcd79343310988
SHA512

5a1c2d9d57fd0fbf9c46cf723433529dcfb00537d205d19506545d4d5b4aeaddb5d5cae73c7cb5c0f647fbc5b81fae6756d5144ed4e662561cc8d5facc9140c0
SSDEEP

393216:mpjUUwk++SFHWEE9G47L/ZvruDYKiBaAZhElcGKMvIuyBRXiuXEcawDh9l9PeU9:9+K244HxvruDYKiBaAZhElcGKMvIuMRr

Score

10^/10

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-22_e06fb5fdae5d1d9fa751d399078c0d42_magniber_revil

Files

2024-05-22_e06fb5fdae5d1d9fa751d399078c0d42_magniber_revil
.exe windows:5 windows x86 arch:x86

2f56bb9347c73afe83e05a0168e0f9f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ord22
ord211
ord217
ord143
ord50
ord26
ord30
ord60
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord41
ord46

kernel32

GetSystemTimeAsFileTime
CompareFileTime
GetEnvironmentVariableA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
FormatMessageW
SetLastError
MoveFileExA
DeleteFileA
VerSetConditionMask
VerifyVersionInfoA
QueryPerformanceCounter
SleepEx
TryEnterCriticalSection
ResetEvent
ReleaseMutex
CreateMutexW
CreateEventW
LoadLibraryA
GetSystemDirectoryA
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
InitializeCriticalSection
GetTempPathW
DeleteCriticalSection
GetModuleFileNameA
CreateFileW
QueryPerformanceFrequency
GetModuleHandleA
WriteFile
FindResourceW
LoadResource
SizeofResource
SetEvent
MoveFileExW
CreateDirectoryW
GetTickCount
GetLastError
GetShortPathNameW
lstrcpyW
lstrcatW
SetPriorityClass
GetCurrentProcess
GetCurrentThread
SetThreadPriority
ExitProcess
WaitForSingleObject
Sleep
GetSystemDirectoryW
FindFirstFileW
FindNextFileW
DeleteFileW
CopyFileW
FindClose
GetFileAttributesW
SetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
FreeLibrary
CreateProcessW
CreateFileA
CloseHandle
GetModuleFileNameW
GetEnvironmentVariableW
GetExitCodeProcess
GetProcessTimes
GetConsoleWindow
OpenProcess
GetExitCodeThread
CreatePipe
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetDiskFreeSpaceExW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
FlushConsoleInputBuffer
GetCurrentThreadId
GetVersion
GlobalMemoryStatus
SystemTimeToFileTime
GetSystemTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
MoveFileW
HeapFree
ExitThread
CreateThread
GetModuleHandleW
GetStartupInfoW
HeapReAlloc
HeapAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetFileAttributesA
GetFileInformationByHandle
SetFilePointer
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetConsoleCP
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStartupInfoA
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetFullPathNameA
GetCurrentDirectoryA
SetStdHandle
GetLocaleInfoA
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
GetProcessHeap
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
RemoveDirectoryW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentDirectoryW
FreeResource
LockResource
GetFileSize
MulDiv
DuplicateHandle
DosDateTimeToFileTime
SetFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocalTime
LocalFree
GetLongPathNameW
ExpandEnvironmentStringsW
GetLogicalDriveStringsW
GetVersionExA
GetSystemInfo
GetComputerNameA
GetFileAttributesExW
CreateHardLinkW
WriteConsoleW

user32

SetCaretPos
KillTimer
SetTimer
GetCaretBlinkTime
GetFocus
IntersectRect
GetWindow
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
IsIconic
UnionRect
GetWindowRect
UpdateLayeredWindow
InvalidateRect
CreateWindowExW
ScreenToClient
GetCursorPos
GetMessageW
TranslateMessage
DispatchMessageW
IsWindow
SetCapture
ReleaseCapture
PostMessageW
PtInRect
GetParent
OffsetRect
SetCursor
LoadCursorW
DefWindowProcW
EnableWindow
GetMonitorInfoW
CreateCaret
LoadImageW
GetSystemMetrics
RegisterClassW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetPropW
GetPropW
IsZoomed
MonitorFromPoint
SetWindowRgn
MessageBoxW
MoveWindow
GetWindowRgn
CharNextW
DrawTextW
FillRect
SetRect
CharPrevW
ShowCaret
HideCaret
ClientToScreen
GetSysColor
GetCaretPos
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
MapWindowPoints
InvalidateRgn
CreateAcceleratorTableW
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
SetWindowLongW
GetWindowLongW
SetWindowPos
GetClientRect
DestroyWindow
GetKeyState
GetDC
MonitorFromWindow
PostQuitMessage
FindWindowW
ShowWindow
SetFocus
SetActiveWindow
SetForegroundWindow
SendMessageW
wsprintfW
ReleaseDC

shell32

SHGetSpecialFolderLocation
SHChangeNotify
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetPathFromIDListW

ole32

CLSIDFromProgID
OleLockRunning
CLSIDFromString
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

shlwapi

wnsprintfW

iphlpapi

GetAdaptersInfo

crypt32

CertEnumCertificatesInStore
CertOpenSystemStoreA
CertGetCertificateContextProperty
CertGetIntendedKeyUsage
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetEnhancedKeyUsage
CertOpenStore
CertCloseStore
CertFreeCertificateContext

comctl32

ord17
_TrackMouseEvent

ws2_32

send
closesocket
WSAGetLastError
WSACleanup
inet_addr
ntohl
shutdown
getnameinfo
WSAStartup
recv
WSAIoctl
setsockopt
getservbyname
gethostname
ioctlsocket
__WSAFDIsSet
getsockname
ntohs
bind
htons
getpeername
select
WSACreateEvent
WSAEventSelect
WSACloseEvent
WSAEnumNetworkEvents
recvfrom
sendto
htonl
listen
accept
getaddrinfo
gethostbyname
freeaddrinfo
WSASetLastError
connect
socket
getsockopt

gdi32

SetBkColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GetTextMetricsW
BitBlt
RestoreDC
SaveDC
SelectObject
CreateCompatibleDC
SetTextColor
DeleteObject
StretchBlt
SetStretchBltMode
CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
PtInRegion
CreateRectRgn
CreateDIBSection
CreateRoundRectRgn
DeleteDC
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
GetDeviceCaps
CreateCompatibleBitmap
GetObjectA
CreateSolidBrush
SetBkMode

advapi32

CryptCreateHash
CryptSetHashParam
CryptSignHashA
RegCreateKeyExW
RegSetValueExW
RegCloseKey
ReportEventW
RegisterEventSourceW
CryptGenRandom
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptAcquireContextA
CryptGetProvParam
CryptDestroyKey
CryptReleaseContext
CryptEnumProvidersA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptDecrypt

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdiplus

GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipMeasureString
GdipDrawString
GdipFillRectangleI
GdipCreatePen1
GdipDeletePen
GdipSetPenDashStyle
GdipSetStringFormatFlags
GdipSetPenMode
GdipDrawRectangleI
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipDrawPath
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipCloneImage
GdipDrawImageRectI
GdipImageSelectActiveFrame
GdipLoadImageFromStream
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusStartup
GdipDrawLineI

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 705KB - Virtual size: 705KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13.8MB - Virtual size: 13.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f56bb9347c73afe83e05a0168e0f9f2

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

kernel32

user32

shell32

ole32

shlwapi

iphlpapi

crypt32

comctl32

ws2_32

gdi32

advapi32

oleaut32

gdiplus

imm32

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 705KB - Virtual size: 705KB

.data Size: 76KB - Virtual size: 106KB

.rsrc Size: 13.8MB - Virtual size: 13.8MB

.reloc Size: 176KB - Virtual size: 175KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 705KB - Virtual size: 705KB

.data
Size: 76KB - Virtual size: 106KB

.rsrc
Size: 13.8MB - Virtual size: 13.8MB

.reloc
Size: 176KB - Virtual size: 175KB