2024-05-25_8037edd850bcb33c66c30e6834b80756_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-25_8037edd850bcb33c66c30e6834b80756_magniber
Size

1.4MB
MD5

8037edd850bcb33c66c30e6834b80756
SHA1

adaed0304bc75529fb23b5066c5d95f1f7e9ddf1
SHA256

018e49aa5887fa9ef58aef1710e525b01052611d0a872d41712a72475a264e61
SHA512

b280fa2dbc6b56b17a430cf1fbc8dfd9f2de5e3e0bcb614d380d5894bd485298234fe7f5c1bd6d668ffa84f7971f1c04bb98a295b26e0bf1160f74683aab60b0
SSDEEP

24576:CqZIsU5y7j72ulxFptP11G9+1CTYa+Y7grQWP/fY6wtHlNqX:C6dj7xhIaCTYa+8k3XVw1U

Score

1^/10

Malware Config

Signatures

Files

2024-05-25_8037edd850bcb33c66c30e6834b80756_magniber
.exe windows:4 windows x86 arch:x86

4553e90ab027a4f2ba4f80facd6245c5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b8:70:d9:22:23:72:63:7f:2f:cd:68:dd:c4:ad:6c:0e:3b:72:e2:28
Signer

Actual PE Digest

b8:70:d9:22:23:72:63:7f:2f:cd:68:dd:c4:ad:6c:0e:3b:72:e2:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_Trunk\workspace\CEN_Hive_SepcialJob_For_60041\8.10.11221.216\qqpcmgr_proj_2\Basic\Output\BinFinal\Uninst.pdb

Imports

kernel32

FreeResource
DeviceIoControl
WriteFile
GetVersionExW
SetEvent
LocalFree
LocalAlloc
GetWindowsDirectoryW
CreateFileA
CreateDirectoryW
ExpandEnvironmentStringsW
IsBadReadPtr
GetCurrentDirectoryW
LoadLibraryA
SearchPathW
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetDriveTypeA
GetCurrentDirectoryA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
SetUnhandledExceptionFilter
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
CreateThread
ExitThread
GetModuleHandleA
GetFullPathNameW
IsDebuggerPresent
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
GetLocaleInfoW
GetUserDefaultUILanguage
MoveFileW
SetFileAttributesW
GetLocalTime
GetTempPathW
DuplicateHandle
CreatePipe
GetStdHandle
IsDBCSLeadByte
GetCPInfo
VirtualQuery
GetSystemDefaultLangID
QueryDosDeviceW
GetLogicalDriveStringsW
ReleaseMutex
SetFilePointer
TerminateProcess
CreateEventW
SetErrorMode
GetProcessHeap
WriteProcessMemory
HeapAlloc
HeapFree
VirtualAllocEx
lstrcpynW
GlobalLock
GlobalUnlock
InterlockedExchange
GlobalFree
GlobalAlloc
InterlockedCompareExchange
GetPrivateProfileStringW
CreateProcessW
WaitForSingleObject
GetEnvironmentVariableW
ReadFile
CreateFileW
GetFileSize
FindFirstFileW
CopyFileW
OpenProcess
Process32NextW
Sleep
FindNextFileW
GetSystemInfo
GetProcessTimes
GetCurrentProcessId
GetCommandLineW
Process32FirstW
FindClose
GetExitCodeProcess
DeleteFileW
GetTempFileNameW
GetTickCount
InitializeCriticalSection
GetFileAttributesW
MoveFileExW
RemoveDirectoryW
ExitProcess
CreateToolhelp32Snapshot
GetSystemTimeAsFileTime
FreeLibrary
FlushInstructionCache
InterlockedIncrement
LockResource
GetModuleFileNameW
UnmapViewOfFile
GetVersion
FindResourceW
CreateFileMappingW
DeleteCriticalSection
MultiByteToWideChar
SetLastError
lstrlenA
GetSystemDirectoryW
lstrlenW
LoadLibraryExW
LeaveCriticalSection
GetModuleHandleW
LoadResource
GetCurrentProcess
WideCharToMultiByte
CreateMutexW
FindResourceExW
LoadLibraryW
CloseHandle
lstrcmpiW
MapViewOfFileEx
RaiseException
GetCurrentThreadId
SizeofResource
InterlockedDecrement
EnterCriticalSection
GetLastError
GetProcAddress
DebugBreak

user32

LoadImageW
LoadStringW
CopyImage
SetWindowLongW
SetRect
MoveWindow
GetClientRect
GetClassInfoExW
CharNextW
RegisterClassExW
GetWindowThreadProcessId
ShowWindow
GetParent
SendMessageW
DestroyWindow
EnableWindow
GetMessageW
SetWindowPos
InflateRect
LoadCursorW
MapWindowPoints
ReleaseDC
SetActiveWindow
DispatchMessageW
IsWindow
UnregisterClassA
GetFocus
GetWindowTextLengthW
GetWindowTextW
GetSysColor
CreateWindowExW
PeekMessageW
SetWindowRgn
PtInRect
GetKeyState
GetSystemMenu
FrameRect
GetSystemMetrics
SetCursor
IsWindowVisible
PostThreadMessageA
TrackPopupMenu
FillRect
SetClipboardData
MonitorFromWindow
GetWindowDC
LoadIconW
GetDlgCtrlID
GetMonitorInfoW
KillTimer
CallWindowProcW
DestroyIcon
DefWindowProcW
EndPaint
PostThreadMessageW
EqualRect
SetWindowTextW
SetTimer
mouse_event
PostQuitMessage
BeginPaint
DrawTextW
DrawIconEx
DrawFrameControl
OffsetRect
ClientToScreen
ReleaseCapture
OpenClipboard
CloseClipboard
EmptyClipboard
SetCapture
MsgWaitForMultipleObjects
FindWindowExW
PostMessageW
SendMessageTimeoutW
FindWindowW
GetWindow
IsWindowEnabled
TranslateMessage
GetForegroundWindow
GetWindowLongW
GetDesktopWindow
AttachThreadInput
SetForegroundWindow
GetActiveWindow
GetWindowRect
SystemParametersInfoW
GetDC
InvalidateRect
CopyRect
GetDlgItem

gdi32

CreateRectRgnIndirect
SelectClipRgn
LineTo
GetTextExtentPoint32W
RoundRect
RestoreDC
OffsetRgn
CombineRgn
GetTextMetricsW
SetBkMode
ExtSelectClipRgn
CreateRectRgn
CreatePen
MoveToEx
CreateSolidBrush
CreateFontIndirectW
GetStockObject
CreateCompatibleBitmap
SetTextColor
Rectangle
DeleteDC
SelectObject
BitBlt
StretchBlt
CreateCompatibleDC
SetBkColor
GetObjectW
ExtTextOutW
CreateBitmap
DeleteObject
TextOutW
GetCurrentObject
GetClipRgn
CreateDIBSection
SaveDC
RectInRegion

advapi32

IsTextUnicode
RegCloseKey
RegDeleteValueW
FreeSid
SetEntriesInAclW
SetNamedSecurityInfoW
AllocateAndInitializeSid
RegRestoreKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenServiceW
CloseServiceHandle
OpenSCManagerW
ControlService
QueryServiceStatus
DeleteService
RegQueryValueExW
OpenProcessToken
RegOpenKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegUnLoadKeyW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHChangeNotify

ole32

CoUninitialize
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoInitializeEx

oleaut32

VariantClear
VarUI4FromStr
SysFreeString
SysAllocString
VariantInit
OleLoadPicture

shlwapi

PathFileExistsW
PathAppendW
PathAddBackslashW
StrToIntA
SHDeleteKeyW
wnsprintfW
SHDeleteValueW

comctl32

_TrackMouseEvent

ws2_32

htons
htonl
ntohl
WSCEnumProtocols
WSCDeinstallProvider
ntohs

psapi

GetProcessMemoryInfo
GetModuleFileNameExW
GetProcessImageFileNameW

gdiplus

GdipCloneImage
GdipCreateImageAttributes
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipDrawImageI
GdipGetImageWidth
GdiplusStartup
GdipDrawImageRectRectI
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipDeleteGraphics
GdiplusShutdown
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageHeight

wininet

InternetOpenUrlW
InternetOpenW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

fltlib

FilterUnload

crypt32

CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertGetNameStringW

netapi32

Netbios

Sections

.text
Size: 696KB - Virtual size: 693KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 520KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4553e90ab027a4f2ba4f80facd6245c5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b8:70:d9:22:23:72:63:7f:2f:cd:68:dd:c4:ad:6c:0e:3b:72:e2:28Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

psapi

gdiplus

wininet

version

fltlib

crypt32

netapi32

Sections

.text Size: 696KB - Virtual size: 693KB

.rdata Size: 128KB - Virtual size: 124KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 520KB - Virtual size: 516KB

.reloc Size: 36KB - Virtual size: 34KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b8:70:d9:22:23:72:63:7f:2f:cd:68:dd:c4:ad:6c:0e:3b:72:e2:28
Signer

.text
Size: 696KB - Virtual size: 693KB

.rdata
Size: 128KB - Virtual size: 124KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 520KB - Virtual size: 516KB

.reloc
Size: 36KB - Virtual size: 34KB