2024-05-27_5c54d4a5d0d14bbd65e81365723079d7_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-27_5c54d4a5d0d14bbd65e81365723079d7_magniber
Size

2.6MB
MD5

5c54d4a5d0d14bbd65e81365723079d7
SHA1

bd59d462e9833876eb55a1aafbc8bf191aacf080
SHA256

9d58d481d2482b95c219786edce0e8e32a8068cee7f370cf776c854799d38509
SHA512

5ac13ccaa4632e52d54d482b090c7e433e3a762905932b822ad1523ba3f61a02bcab2d79968a07527e879aed0044b4450f930cbfe6163f2f32bed303604d8a89
SSDEEP

49152:2oP/iZtI3dL5tj1XUNgASK4CTfVf1WZ62U//of6VwcNc+0eW3hz/1bmgZoTZgmGt:2oG1/orcUnTxKgPJh0Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-27_5c54d4a5d0d14bbd65e81365723079d7_magniber

Files

2024-05-27_5c54d4a5d0d14bbd65e81365723079d7_magniber
.exe windows:6 windows x86 arch:x86

ffb6d722f41d44f244d88b7b675d422d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_28\installer3\NvInstallerCacheCleanup\Release\NVCacheCleanup.pdb

Imports

shlwapi

UrlIsW
PathCreateFromUrlW
UrlCreateFromPathW
PathFindFileNameW

sfc

SfcIsFileProtected

wintrust

WinVerifyTrust

kernel32

OutputDebugStringW
SetEvent
LockResource
QueryPerformanceFrequency
HeapReAlloc
CloseHandle
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
VerSetConditionMask
GetCurrentProcessId
GetProcessHeap
WideCharToMultiByte
VerifyVersionInfoW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetTickCount
GetProcessTimes
SetLastError
MultiByteToWideChar
OpenEventW
CreateEventW
Sleep
CreateThread
GetConsoleWindow
SetConsoleTitleW
GetTimeFormatA
FileTimeToSystemTime
GetDateFormatA
GetProcAddress
FreeLibrary
GetVersionExW
InitializeCriticalSectionAndSpinCount
GetSystemInfo
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDriveTypeW
GetFileAttributesExW
GetLastError
GetTempFileNameW
QueryDosDeviceW
SetFileAttributesW
SetFileTime
DeviceIoControl
EnterCriticalSection
LeaveCriticalSection
GetCurrentThread
GetSystemDirectoryW
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
GlobalFree
lstrcmpW
CopyFileW
CopyFileExW
MoveFileExW
LocalFree
FormatMessageW
lstrlenW
LocalAlloc
GetFullPathNameW
CreateProcessA
CreateProcessW
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
LoadLibraryExW
GetModuleHandleExW
LoadLibraryW
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
GetSystemTime
GetLocalTime
SystemTimeToFileTime
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
ReadFile
GetConsoleMode
HeapSize
ReleaseMutex
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
InitializeCriticalSectionEx
CreateMutexW
GetTempPathW
GetModuleFileNameW
RemoveDirectoryW
ExpandEnvironmentStringsW
WriteFile
GetCurrentProcess
HeapFree
CreateEventA
WaitForSingleObjectEx
GetFileSizeEx
SizeofResource
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
ReadConsoleW
SetEnvironmentVariableW
SetStdHandle
GetFileTime
GetConsoleCP
FlushFileBuffers
SetConsoleCtrlHandler
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
OutputDebugStringA
GetACP
GetCommandLineW
GetCommandLineA
ExitProcess
WriteConsoleW
GetFileType
GetStdHandle
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
ResetEvent
IsDebuggerPresent
AreFileApisANSI
CreateDirectoryExW
SetFilePointerEx
SetEndOfFile
GetFileInformationByHandle
GetDiskFreeSpaceExW
GetEnvironmentVariableW
FormatMessageA
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW

user32

GetSystemMenu
EnableMenuItem
UnregisterClassW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegQueryInfoKeyW
LsaNtStatusToWinError
RegSetValueExW
RegGetKeySecurity
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenCurrentUser
InitializeSecurityDescriptor
GetNamedSecurityInfoW
LookupPrivilegeValueW
IsTextUnicode
MapGenericMask
GetFileSecurityW
DuplicateToken
AdjustTokenPrivileges
AccessCheck
OpenThreadToken
RegCloseKey
RegCreateKeyExW
OpenProcessToken
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
GetTokenInformation

shell32

SHGetFolderPathW

oleaut32

SafeArrayUnlock
SafeArrayGetVartype
VariantCopy
SafeArrayGetDim
SafeArrayCopy
SysAllocString
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayCreate
VariantInit
SysFreeString
SysStringLen
SysAllocStringLen
VariantChangeType
VariantClear
SafeArrayGetLBound
SafeArrayLock

rpcrt4

RpcStringFreeW
UuidFromStringW
UuidToStringW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupDiSetDeviceInstallParamsW
SetupDiSetClassInstallParamsW
SetupDiGetDriverInstallParamsW
SetupDiSetDriverInstallParamsW
SetupDiSetSelectedDevice
SetupDiGetActualSectionToInstallExW
SetupDiOpenDevRegKey
SetupDiOpenClassRegKey
SetupDiInstallDevice
SetupDiCallClassInstaller
SetupDiBuildClassInfoList
SetupDiGetINFClassW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupCopyOEMInfW
SetupGetIntField
SetupDiGetDeviceInstallParamsW
SetupGetFieldCount
SetupGetLineTextW
SetupFindNextMatchLineW
SetupFindNextLine
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenAppendInfFileW
SetupOpenInfFileW
CM_Get_DevNode_Status
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
CM_Get_Device_IDW
SetupUninstallOEMInfW
SetupDiGetClassDevsW
SetupDiGetDriverInfoDetailW
SetupDiSetSelectedDriverW
SetupDiGetSelectedDriverW
SetupDiGetClassInstallParamsW
SetupDiSetClassRegistryPropertyW
SetupDiGetClassRegistryPropertyW
SetupDiSetDeviceRegistryPropertyW
SetupGetStringFieldW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiDeleteDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW

userenv

UnloadUserProfile

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 652KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ffb6d722f41d44f244d88b7b675d422d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

sfc

wintrust

kernel32

user32

advapi32

shell32

oleaut32

rpcrt4

version

setupapi

userenv

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 351KB - Virtual size: 351KB

.data Size: 31KB - Virtual size: 38KB

.rsrc Size: 147KB - Virtual size: 147KB

.reloc Size: 652KB - Virtual size: 656KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 351KB - Virtual size: 351KB

.data
Size: 31KB - Virtual size: 38KB

.rsrc
Size: 147KB - Virtual size: 147KB

.reloc
Size: 652KB - Virtual size: 656KB