2024-05-25_132041154160c35bdc9209539ad03315_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-25_132041154160c35bdc9209539ad03315_magniber
Size

13.7MB
MD5

132041154160c35bdc9209539ad03315
SHA1

925a08fcdad548770614001d06da4fbeade3f12c
SHA256

35dfafa141149289a6120a542f7ab4be33c907625af8f1d38dbc37bf9a59710b
SHA512

19d309b0e091d9acf6d9f76e5a4ee405b242c39c3d0e6f730ef9e0fa0bb1d2a2b1ab22a645feb670f5b48cadd3d3661eba49375f600be4bb86835fef9a83d66c
SSDEEP

393216:YP1toG4DRiOlfcl1ZjKQ+sVY8bR7WRdYGJzRD:Y3oZlOhBbRaRdNDD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-25_132041154160c35bdc9209539ad03315_magniber

Files

2024-05-25_132041154160c35bdc9209539ad03315_magniber
.exe windows:5 windows x86 arch:x86

553aa3db0244e49b1c1659a7f62253d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\DUOWAN_BUILD\yypublish_build\console\source\packages\tools\setup4.0\bin\YYSetup.pdb

Imports

kernel32

DeleteFileW
MultiByteToWideChar
lstrlenA
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
CreateDirectoryW
GetEnvironmentVariableW
CreateProcessW
lstrcpyW
MoveFileExW
FindClose
FindNextFileW
FindFirstFileW
ExpandEnvironmentStringsW
GetDiskFreeSpaceExW
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
GetVersionExW
lstrcmpiW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
FindResourceExW
WideCharToMultiByte
GetLocalTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
SetEndOfFile
GetVersion
GetFullPathNameW
GetSystemDirectoryW
GetProcAddress
LoadLibraryW
GetWindowsDirectoryW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetFileAttributesW
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetModuleHandleA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
ExitProcess
Sleep
HeapCreate
SetFileAttributesW
MoveFileW
RemoveDirectoryW
GetLastError
CreateEventW
CreateToolhelp32Snapshot
Process32FirstW
Module32FirstW
Module32NextW
Process32NextW
CopyFileW
SetLastError
GetCurrentThreadId
GetExitCodeThread
SetEvent
WaitForSingleObject
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
CreateMutexW
InterlockedIncrement
lstrlenW
InterlockedDecrement
SetFilePointer
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
WriteFile
ReadFile
CloseHandle
CreateFileW

user32

SendMessageW
GetDlgItem
GetClientRect
GetSystemMenu
GetWindowLongW
DestroyMenu
EnableMenuItem
EndDialog
SetWindowTextW
DestroyWindow
InsertMenuW
MessageBoxW
GetWindowTextLengthW
GetWindowTextW
LoadBitmapW
MessageBeep
SetFocus
SetDlgItemTextW
GetSysColor
GetSysColorBrush
IsIconic
PostQuitMessage
CharNextW
EnableWindow
ScreenToClient
MoveWindow
CallWindowProcW
LoadCursorW
SetCursor
DefWindowProcW
GetActiveWindow
PostMessageW
DialogBoxParamW
ShowWindow
LoadIconW
EndPaint
BeginPaint
SetWindowLongW
DestroyIcon
LoadStringW
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SetWindowPos
UnregisterClassA

gdi32

SelectObject
StretchBlt
CreateSolidBrush
CreateFontIndirectW
DeleteObject
SetTextColor
SetBkMode
GetObjectW
CreateCompatibleDC
SetBkColor
ExtTextOutW
GetStockObject

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderW
ord165
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW
SHGetFolderPathW

ole32

CoInitialize
CoTaskMemRealloc
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathIsRootW
PathRemoveFileSpecW
PathFileExistsW

comctl32

PropertySheetW
InitCommonControlsEx
CreatePropertySheetPageW
DestroyPropertySheetPage

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13.4MB - Virtual size: 13.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

553aa3db0244e49b1c1659a7f62253d5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 175KB - Virtual size: 174KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 13.4MB - Virtual size: 13.4MB

.reloc Size: 45KB - Virtual size: 45KB

.text
Size: 175KB - Virtual size: 174KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 13.4MB - Virtual size: 13.4MB

.reloc
Size: 45KB - Virtual size: 45KB