2024-05-27_5616b999037e0fede1128d732c1d10f5_mafia_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-27_5616b999037e0fede1128d732c1d10f5_mafia_magniber
Size

1.4MB
MD5

5616b999037e0fede1128d732c1d10f5
SHA1

5e3c5302f4219724883550549d1da9f70bb3c680
SHA256

cefad2b0c5410041ec8d280ff908299bb6cf7d84fdf8025d3f5f1382ce83684a
SHA512

9cbd9bf41acccee0e6b094a98556b56c21fac001f4fcb884ada9ad2119b950f6f38577fe459990e1579a3a28dd41e6cf854dd73a5b2531a12b87673f4dd8037a
SSDEEP

24576:vz5DJtiO5BdM23UyOJfrUupeHlE/sIcDc5CMos8rBF2XBeAlH7v27Ho:vz5DJgO5Bdl3WrUupeHlE/PN8rBF2Xxv

Score

1^/10

Malware Config

Signatures

Files

2024-05-27_5616b999037e0fede1128d732c1d10f5_mafia_magniber
.exe windows:5 windows x86 arch:x86

b8c7c4812365e26e9115513048151047

Code Sign

48:ef:c8:78:89:80:bd:02:6d:c7:19:0e:92:6a:a6:6c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02/05/2013, 00:00

Not After

02/05/2014, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6e:32:82:1e:a5:46:00:1b:69:7b:82:ba:75:76:aa:8e:00:f0:94:10
Signer

Actual PE Digest

6e:32:82:1e:a5:46:00:1b:69:7b:82:ba:75:76:aa:8e:00:f0:94:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\native\app\mini\project\Release\MiniDownloader.pdb

Imports

gdiplus

GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipFree
GdipImageSelectActiveFrame
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeleteGraphics
GdipCreateFromHDC
GdipLoadImageFromFile

kernel32

TlsAlloc
CloseHandle
WaitForMultipleObjects
WaitForSingleObject
CreateEventW
SetEvent
PostQueuedCompletionStatus
GetProcAddress
GetTempPathW
FindFirstFileW
CreateDirectoryW
FindClose
CreateMutexA
DeleteFileA
GetTickCount
TerminateProcess
GetCurrentProcess
CreateThread
DeleteFileW
GlobalUnlock
CreateProcessW
lstrcpynW
lstrlenW
lstrcpynA
lstrlenA
FreeLibrary
LoadLibraryW
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
FindResourceExW
DeleteCriticalSection
InitializeCriticalSection
Sleep
TlsFree
InitializeCriticalSectionAndSpinCount
SetLastError
GetCurrentThreadId
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
LoadLibraryExW
GetModuleFileNameW
FlushInstructionCache
MulDiv
lstrcmpW
CreateFileW
SetFilePointer
WriteFile
CreateIoCompletionPort
QueueUserAPC
TerminateThread
GetQueuedCompletionStatus
SetWaitableTimer
InterlockedCompareExchange
TlsSetValue
TlsGetValue
SleepEx
GetSystemTimeAsFileTime
CreateWaitableTimerW
GetModuleHandleA
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
GetEnvironmentVariableA
GetModuleFileNameA
GetTempPathA
CreateSemaphoreA
ReleaseSemaphore
GetVolumeInformationW
MoveFileExW
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
GetStringTypeW
EncodePointer
DecodePointer
GetLocaleInfoW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
ExitThread
GetTimeFormatA
GetDateFormatA
VirtualProtect
GetSystemInfo
VirtualQuery
RtlUnwind
LCMapStringW
GetCPInfo
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetStdHandle
HeapCreate
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapReAlloc
InterlockedExchangeAdd
InterlockedDecrement
InterlockedExchange
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
ReadFile
FlushFileBuffers
WriteConsoleW
SetStdHandle
CreateFileA
SetEndOfFile
SetEnvironmentVariableA
InterlockedIncrement
CreateEventA
GlobalLock
GlobalAlloc
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceW
OpenEventA
ResetEvent
ResumeThread
SystemTimeToFileTime
CreateWaitableTimerA
LocalFree
FormatMessageA
DeviceIoControl
GetFileAttributesW
AreFileApisANSI
WideCharToMultiByte
HeapSize

user32

ReleaseCapture
SetCapture
MoveWindow
ClientToScreen
CreateAcceleratorTableW
InvalidateRgn
DestroyWindow
LoadCursorW
RegisterClassExW
GetMessageW
TranslateMessage
DispatchMessageW
GetWindow
MonitorFromWindow
CharNextW
GetParent
CallWindowProcW
GetDlgItem
GetMonitorInfoW
MonitorFromPoint
GetClassInfoExW
RedrawWindow
GetSysColor
GetClassNameW
GetFocus
IsChild
RegisterWindowMessageW
LoadMenuW
LoadAcceleratorsW
LoadImageW
wvsprintfW
UnregisterDeviceNotification
UnregisterClassA
DestroyAcceleratorTable
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
TrackPopupMenuEx
DestroyMenu
CreatePopupMenu
PeekMessageW
IsWindow
MapWindowPoints
MessageBeep
DefWindowProcW
SetFocus
LoadStringA
CreateWindowExW
TranslateAcceleratorW
GetWindowTextLengthW
GetWindowTextW
PostMessageW
PtInRect
ScreenToClient
GetWindowRect
IsIconic
FillRect
DrawTextW
EndPaint
BeginPaint
PostQuitMessage
SetTimer
SetWindowPos
GetClientRect
SetWindowLongW
GetWindowLongW
ShowWindow
SendMessageW
SetWindowTextW
KillTimer
LoadStringW
ReleaseDC
GetDC
GetDesktopWindow
InvalidateRect
AppendMenuW

gdi32

GetObjectW
GetDeviceCaps
CreateCompatibleBitmap
SetTextColor
CreateCompatibleDC
CreateFontIndirectW
SelectObject
DeleteObject
DeleteDC
CreateSolidBrush
CreatePen
SetBkMode
TextOutW
GetStockObject
BitBlt
Rectangle

advapi32

RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderW

ole32

StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
OleUninitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
OleInitialize
CoUninitialize
CLSIDFromString

oleaut32

VariantInit
VarUI4FromStr
SysFreeString
SysAllocString
OleCreateFontIndirect
SysAllocStringLen
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen

shlwapi

PathFileExistsW
SHGetValueW

comctl32

InitCommonControlsEx
_TrackMouseEvent

ws2_32

inet_ntoa
gethostbyname
gethostname
getsockopt
bind
getsockname
inet_addr
listen
accept
select
WSARecv
__WSAFDIsSet
connect
freeaddrinfo
getaddrinfo
WSASocketW
WSASend
setsockopt
ioctlsocket
WSASetLastError
WSAGetLastError
closesocket
WSACleanup
WSAStartup

Sections

.text
Size: 867KB - Virtual size: 866KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8c7c4812365e26e9115513048151047

Code Sign

48:ef:c8:78:89:80:bd:02:6d:c7:19:0e:92:6a:a6:6cCertificate

Extended Key Usages

Key Usages

6e:32:82:1e:a5:46:00:1b:69:7b:82:ba:75:76:aa:8e:00:f0:94:10Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

Sections

.text Size: 867KB - Virtual size: 866KB

.rdata Size: 184KB - Virtual size: 183KB

.data Size: 87KB - Virtual size: 97KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 248KB - Virtual size: 248KB

.reloc Size: 79KB - Virtual size: 78KB

48:ef:c8:78:89:80:bd:02:6d:c7:19:0e:92:6a:a6:6c
Certificate

6e:32:82:1e:a5:46:00:1b:69:7b:82:ba:75:76:aa:8e:00:f0:94:10
Signer

.text
Size: 867KB - Virtual size: 866KB

.rdata
Size: 184KB - Virtual size: 183KB

.data
Size: 87KB - Virtual size: 97KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 248KB - Virtual size: 248KB

.reloc
Size: 79KB - Virtual size: 78KB