2024-05-24_c622f2d7610da11596365cae3e435af9_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-24_c622f2d7610da11596365cae3e435af9_magniber
Size

2.6MB
MD5

c622f2d7610da11596365cae3e435af9
SHA1

a7ff89f6270178ca654b85f2e60832d58b944b69
SHA256

58e91e6a86103ec2b64bcca5bfe24d1b372a95ed8f0f88edb704e8c93065b74b
SHA512

9e4549a00c5e24376863b287c00f3e9be038d2e7aeabebf7441f7929e95cd8f46123e8e78159cef3095de1372f639a420d646187f189ff865a08219e22a1449d
SSDEEP

49152:1yW8ocWWbb5CgT/lTXAAhdZDYHKC18at8nSNG/ppdfiaTomDmg27RnWGj:sWoWWbJTXZhdZiBfNEpdfiQD527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-05-24_c622f2d7610da11596365cae3e435af9_magniber

Files

2024-05-24_c622f2d7610da11596365cae3e435af9_magniber
.exe windows:6 windows x86 arch:x86

dbda034a8ca649c786664472e238f52f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\webex-msi\output\maps\release\i386\uninstaller.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetACP
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapFree
GetFileType
HeapAlloc
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
HeapSize
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetOEMCP
InitializeSListHead
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
SetStdHandle
ReadConsoleW
GetTimeZoneInformation
CreateFileW
WriteConsoleW
InterlockedPopEntrySList
GetStringTypeW
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReadFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
SetLastError
InterlockedPushEntrySList
RtlUnwind
CreateThread
OutputDebugStringW
LocalFree
GlobalFree
GlobalAlloc
GetCurrentProcess
SetCurrentDirectoryW
CreateEventW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
GetModuleHandleW
WaitForSingleObject
IsProcessorFeaturePresent
WaitForMultipleObjects
WinExec
SetEvent
OpenEventW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentDirectoryW
WideCharToMultiByte
lstrcmpW
GetTempFileNameW
CopyFileW
CreateProcessW
GetCurrentProcessId
DeleteCriticalSection
MoveFileExW
GetWindowsDirectoryW
DecodePointer
GetLocalTime
RaiseException
CloseHandle
DeleteFileW
GetLastError
Sleep
OpenProcess
GetFileAttributesW
FindClose
InitializeCriticalSectionEx
VerSetConditionMask
GetFileSize
SetFilePointer
InitializeCriticalSection
GetExitCodeThread
GetSystemDirectoryW
GetVersionExW
LoadResource
LockResource
SizeofResource
FindResourceW
GlobalUnlock
GlobalLock
PulseEvent
MulDiv
VerifyVersionInfoW
LoadLibraryExA
lstrcmpiW
ResetEvent
WaitForSingleObjectEx
QueryPerformanceFrequency
GetTempPathW
GetModuleFileNameW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
CreateDirectoryW
FlushInstructionCache
VirtualAlloc
VirtualFree
GetCommandLineA

user32

EnableMenuItem
GetSubMenu
GetMenuItemID
GetMenuItemCount
DeleteMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
UpdateWindow
SetForegroundWindow
GetDC
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
GetWindowRgn
InvalidateRect
SetPropW
GetPropW
SetWindowTextW
GetClientRect
GetWindowRect
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
ShowCaret
SetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
DrawFocusRect
FillRect
InvertRect
GetWindowLongW
SetWindowLongW
GetClassLongW
GetDesktopWindow
GetSystemMenu
LoadMenuW
GetWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
LoadCursorW
DestroyIcon
CreateIconFromResourceEx
SystemParametersInfoW
MonitorFromRect
MonitorFromWindow
GetMonitorInfoW
GetGUIThreadInfo
GetRawInputData
RegisterRawInputDevices
CharNextW
mouse_event
SetCursorPos
NotifyWinEvent
SetActiveWindow
GetWindowTextW
RegisterClassExW
PostQuitMessage
DefWindowProcW
AttachThreadInput
PostThreadMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetKeyboardLayout
LoadStringW
DestroyAcceleratorTable
IsWindowEnabled
EnableWindow
ReleaseCapture
EmptyClipboard
SetCapture
GetCapture
RegisterClipboardFormatW
GetClipboardData
SetClipboardData
FindWindowW
DestroyMenu
GetMenuState
GetParent
GetAsyncKeyState
CloseClipboard
PostMessageW
GetWindowThreadProcessId
GetMenuStringW
GetKeyState
GetFocus
GetActiveWindow
SetFocus
GetForegroundWindow
IsWindow
SetTimer
IsClipboardFormatAvailable
CharLowerBuffW
SendMessageW
LoadImageW
GetSystemMetrics
KillTimer
OpenClipboard
GetNextDlgTabItem
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
MoveWindow
SetLayeredWindowAttributes
UpdateLayeredWindow
ShowWindow
DestroyWindow
IsChild
GetClassNameW
CreateWindowExW

advapi32

RegQueryInfoKeyW
RegQueryValueExW
GetUserNameW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ControlService
DeleteService
RegEnumKeyExW
RegDeleteKeyExW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegDeleteValueW
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
EqualSid
FreeSid

shell32

SHChangeNotify
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHAppBarMessage
ShellExecuteExW
ShellExecuteW

ole32

CLSIDFromString
CoUninitialize
CoInitialize
CoTaskMemFree
OleDuplicateData
CoTaskMemAlloc
CoCreateInstance
RegisterDragDrop
OleLockRunning
CoTaskMemRealloc

oleaut32

SysAllocString
VarBstrFromI4
SysStringLen
SysAllocStringLen
VariantInit
LoadTypeLi
SysFreeString
VariantClear
VarBstrCmp
LoadRegTypeLi
VariantCopy
VarUI4FromStr

shlwapi

PathRemoveFileSpecW
PathFileExistsW

wininet

InternetCloseHandle
HttpQueryInfoW
HttpSendRequestW
InternetOpenW
InternetConnectW
HttpOpenRequestW
InternetSetOptionW

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

crypt32

CryptStringToBinaryW
CryptUnprotectData

gdi32

CreateDIBSection
ExtTextOutW
StretchBlt
SetLayout
SetGraphicsMode
SetBkMode
SetStretchBltMode
SelectObject
ExtSelectClipRgn
SaveDC
RestoreDC
PatBlt
OffsetRgn
IntersectClipRect
SetWorldTransform
GetWorldTransform
GetTextMetricsW
SetBkColor
SetTextColor
GetTextExtentExPointW
GetStockObject
ExcludeClipRect
DeleteObject
DeleteDC
CreateRectRgn
CreateFontIndirectW
CreateCompatibleDC
ModifyWorldTransform
BitBlt
CreateBitmap

comctl32

ord413
ord410
ord412

oleacc

AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetCompositionFontW
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmIsIME

usp10

ScriptItemize
ScriptLayout
ScriptRecordDigitSubstitution
ScriptApplyDigitSubstitution
ScriptBreak

msimg32

AlphaBlend
GradientFill

dwmapi

DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea
DwmFlush

Exports

Exports

GetWclAccObject
GetWclAccObjectUsage
GetWclAccStyleByClassName

Sections

.text
Size: 1003KB - Virtual size: 1003KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 665KB - Virtual size: 665KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 632KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dbda034a8ca649c786664472e238f52f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

psapi

crypt32

gdi32

comctl32

oleacc

imm32

usp10

msimg32

dwmapi

Exports

Exports

Sections

.text Size: 1003KB - Virtual size: 1003KB

.rdata Size: 313KB - Virtual size: 313KB

.data Size: 34KB - Virtual size: 43KB

.rsrc Size: 665KB - Virtual size: 665KB

.reloc Size: 632KB - Virtual size: 636KB

.text
Size: 1003KB - Virtual size: 1003KB

.rdata
Size: 313KB - Virtual size: 313KB

.data
Size: 34KB - Virtual size: 43KB

.rsrc
Size: 665KB - Virtual size: 665KB

.reloc
Size: 632KB - Virtual size: 636KB