2024-05-25_d8a10e09dfc2b4fdcb22282a2b2f0e99_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-25_d8a10e09dfc2b4fdcb22282a2b2f0e99_magniber
Size

17.0MB
MD5

d8a10e09dfc2b4fdcb22282a2b2f0e99
SHA1

9ec5ce242b744e67ae3c9f16830437ca7510636b
SHA256

28c721cede2313ad895852f397b80cb90008f431744ae5d48b4ad390c35267bb
SHA512

11bd123fa7fefed864f3f4826f00eea03b7523be3e757e98284227ac65bf39ce777388388fb8efa1e5005d03c36b6002ba7f31167ff4430cd4fe585e059879b5
SSDEEP

393216:xTet792Y5QH9c/L77wE7qcjPIHi3KRb2dcV2R4q054ZjLxT:xk79VQubBqcjgNbMQ2c4JxT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-25_d8a10e09dfc2b4fdcb22282a2b2f0e99_magniber

Files

2024-05-25_d8a10e09dfc2b4fdcb22282a2b2f0e99_magniber
.exe windows:4 windows x86 arch:x86

d12ef20bffa8f5f2df92744a20600681

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_Trunk\workspace\8.4Patch_SourceJob\qqpcmgr_proj\Basic\Output\BinFinal\QQPCMgrPacket.pdb

Imports

kernel32

lstrlenW
LoadLibraryExW
UnmapViewOfFile
OpenMutexW
CreateMutexW
MapViewOfFileEx
lstrcmpiW
CreateFileMappingW
GetFileAttributesW
MoveFileExW
RemoveDirectoryW
CreateDirectoryW
SetFilePointer
OutputDebugStringW
GetExitCodeProcess
QueryDosDeviceW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
LocalAlloc
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetDriveTypeW
VirtualFree
VirtualAlloc
ReleaseSemaphore
CreateSemaphoreW
GetStdHandle
GetTempFileNameW
SetFileAttributesW
MoveFileW
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
GetSystemInfo
ReleaseMutex
ExpandEnvironmentStringsW
IsBadReadPtr
GlobalMemoryStatus
GetDriveTypeA
GetCurrentDirectoryA
GetLocaleInfoW
FlushFileBuffers
FlushInstructionCache
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
LCMapStringW
LCMapStringA
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleA
ExitThread
GetStartupInfoW
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateFileA
GetLocalTime
CreatePipe
GetCPInfo
LoadLibraryA
VirtualQuery
GetSystemDefaultLangID
DeviceIoControl
WriteFile
GetVersion
lstrcmpW
FreeResource
CreateThread
FindClose
FindNextFileW
FindFirstFileW
FreeLibrary
SetLastError
WideCharToMultiByte
RaiseException
GetDiskFreeSpaceExW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
InitializeCriticalSection
SetErrorMode
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameW
GetCommandLineW
lstrcpynW
MultiByteToWideChar
VirtualAllocEx
WriteProcessMemory
SetUnhandledExceptionFilter
TerminateProcess
CreateProcessW
OpenProcess
SearchPathW
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetCurrentProcess
GetLastError
HeapAlloc
InterlockedIncrement
GetProcessHeap
HeapFree
DeleteCriticalSection
InterlockedDecrement
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
DuplicateHandle
ResetEvent
CreateEventW
GetVersionExW
CopyFileW
Sleep
GetTickCount
SetEvent
WaitForSingleObject
ReadFile
CloseHandle
GetFileSize
CreateFileW
DeleteFileW
GetTempPathW
lstrlenA
SetStdHandle

user32

LoadStringW
PostMessageW
DefWindowProcW
CreateWindowExW
SetWindowLongW
GetWindowTextW
LoadImageW
GetWindowLongW
InvalidateRgn
LoadIconW
RedrawWindow
GetWindowTextLengthW
SetFocus
GetFocus
IsChild
KillTimer
SetTimer
GetClassNameW
CharUpperW
CharLowerW
CopyImage
UnregisterClassA
DestroyWindow
SetWindowTextW
FrameRect
GetSysColor
IsWindow
FillRect
mouse_event
GetWindowDC
GetMessageW
TranslateMessage
DispatchMessageW
MoveWindow
CopyRect
GetParent
GetDlgItem
SendMessageW
GetActiveWindow
GetDesktopWindow
IsWindowEnabled
EnableWindow
SetRect
RegisterClassExW
MapWindowPoints
SystemParametersInfoW
MessageBoxW
GetSystemMetrics
DestroyAcceleratorTable
CreateAcceleratorTableW
GetSystemMenu
PostThreadMessageW
DrawFrameControl
GetKeyState
OffsetRect
ClientToScreen
GetMonitorInfoW
MonitorFromWindow
EqualRect
GetDlgCtrlID
IsWindowVisible
DrawIconEx
ReleaseCapture
DrawTextW
SetCapture
SetCursor
PtInRect
SetWindowRgn
TrackPopupMenu
ScreenToClient
EndPaint
BeginPaint
CallWindowProcW
RegisterWindowMessageW
InflateRect
ReleaseDC
CharNextW
GetDC
SetForegroundWindow
AttachThreadInput
GetForegroundWindow
GetWindowThreadProcessId
PeekMessageW
SetActiveWindow
FindWindowExW
LoadCursorW
SetWindowPos
ShowWindow
GetClientRect
GetWindow
GetWindowRect
GetClassInfoExW
InvalidateRect

gdi32

CreatePen
CreateFontIndirectW
Rectangle
GetObjectW
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
CreateBitmap
StretchBlt
SetTextColor
DeleteObject
SelectObject
SaveDC
RestoreDC
TextOutW
CreateRectRgnIndirect
ExtTextOutW
CreateRectRgn
OffsetRgn
GetTextExtentPoint32W
SetBkMode
LineTo
MoveToEx
RectInRegion
CombineRgn
SelectClipRgn
GetDeviceCaps
ExtSelectClipRgn
CreateSolidBrush
GetTextMetricsW
GetCurrentObject
GetClipRgn
GetStockObject
RoundRect
DeleteDC
SetBkColor
CreateDIBSection

advapi32

RegCloseKey
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
DeleteService
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
ord680
SHCreateDirectoryExW

ole32

CoInitialize
CoTaskMemAlloc
StgOpenStorage
OleUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoGetClassObject
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize
CoTaskMemRealloc
CoCreateInstance
StgCreateDocfile

oleaut32

VariantCopy
VariantInit
DispCallFunc
VariantClear
SysAllocStringLen
SysStringLen
SysAllocString
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
VarBstrCmp
SysFreeString
VarUI4FromStr
OleLoadPicture

shlwapi

PathRemoveBackslashW
StrToIntA
PathAddBackslashW
PathAppendW
PathFileExistsW

comctl32

InitCommonControlsEx
_TrackMouseEvent

ws2_32

htons
htonl

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetGetConnectedState

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

Netbios

Sections

.text
Size: 708KB - Virtual size: 704KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d12ef20bffa8f5f2df92744a20600681

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

wininet

version

netapi32

Sections

.text Size: 708KB - Virtual size: 704KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 20KB - Virtual size: 37KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 708KB - Virtual size: 704KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 20KB - Virtual size: 37KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB