2024-05-27_18b34ac601d26bdbe538c4ed4aa90240_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-27_18b34ac601d26bdbe538c4ed4aa90240_magniber
Size

10.9MB
MD5

18b34ac601d26bdbe538c4ed4aa90240
SHA1

e5e650ff47a8cab83a54aecf881fdd17fb8bafd1
SHA256

0dea2a4c86e489c31ac24a3651e8a4c7e9e1675354d710f4b333e16f6bd3c8d6
SHA512

cdb161f81633250d4cb6b195257580ce77dd8b8fbfad3c3a7d4d41c8cfe5eacece2fa65811aed302498f9c3dc0a4a7f6b5d6cfabc90eb7ad32870eafd95d1163
SSDEEP

196608:JeLnz4hxsEtpHDR5Fq7xRqYYznckLuQbMW:ADkpHrFqaekLuQbn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-27_18b34ac601d26bdbe538c4ed4aa90240_magniber

Files

2024-05-27_18b34ac601d26bdbe538c4ed4aa90240_magniber
.exe windows:5 windows x86 arch:x86

cc207ca9f0a8662af134375e21d27b3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DailyBuild\Rail\branch\build\railproxy\bin\Release\rail.pdb

Imports

kernel32

TryEnterCriticalSection
CreateProcessA
CreatePipe
TzSpecificLocalTimeToSystemTime
UnlockFileEx
UnlockFile
LockFileEx
LockFile
GetFileAttributesA
CreateFileA
CreateDirectoryA
Module32First
Process32Next
Process32First
GetVersionExA
GenerateConsoleCtrlEvent
SetPriorityClass
DeviceIoControl
OutputDebugStringW
OutputDebugStringA
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
GetModuleHandleW
LoadLibraryW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
TerminateProcess
GetCurrentProcessId
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
FreeLibrary
GetCurrentDirectoryA
SetCurrentDirectoryW
SetCurrentDirectoryA
SetEnvironmentVariableW
SetEnvironmentVariableA
SetConsoleCtrlHandler
ExitProcess
GetFullPathNameA
GetCommandLineA
ResumeThread
ExitThread
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
SetProcessAffinityMask
VirtualProtect
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
GetCurrentProcess
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
GetProcAddress
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
MoveFileExW
CopyFileW
DeleteFileW
GetFileAttributesW
CreateFileW
GetACP
GetPrivateProfileIntW
CreateTimerQueue
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
GetEnvironmentVariableW
GlobalMemoryStatus
CreateFiber
DeleteFiber
SwitchToFiber
ExpandEnvironmentStringsA
PeekNamedPipe
VerifyVersionInfoA
GetSystemDirectoryA
GetFileType
GetStdHandle
SleepEx
FormatMessageA
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
RtlCaptureStackBackTrace
QueueUserWorkItem
EncodePointer
GetNativeSystemInfo
GetExitCodeThread
WaitForSingleObjectEx
DuplicateHandle
GetStringTypeW
AreFileApisANSI
CreateHardLinkW
SetFilePointerEx
FindFirstFileExW
GlobalAlloc
GlobalFree
FormatMessageW
GetDiskFreeSpaceExW
GetPrivateProfileStringW
CreateProcessW
WritePrivateProfileStringW
SystemTimeToTzSpecificLocalTime
GetTempFileNameW
GetTempPathW
GetModuleHandleExW
OpenFileMappingW
GetSystemInfo
SuspendThread
Thread32Next
OpenThread
Thread32First
AddVectoredExceptionHandler
WriteProcessMemory
ReadProcessMemory
RemoveVectoredExceptionHandler
SetUnhandledExceptionFilter
InterlockedExchangeAdd
InterlockedCompareExchange
InterlockedExchange
VirtualAlloc
VirtualFree
ResetEvent
InitializeCriticalSection
CreateThread
SetEndOfFile
SetFileAttributesW
GetTickCount
CloseHandle
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetExitCodeProcess
GetShortPathNameW
GetProcessHeap
HeapFree
HeapAlloc
CreateDirectoryW
GetModuleHandleA
ChangeTimerQueueTimer
GetModuleFileNameW
GetComputerNameW
FileTimeToSystemTime
GetLocalTime
GetFileInformationByHandle
GetLongPathNameW
TerminateThread
ReleaseSemaphore
WriteFile
FlushFileBuffers
CreateSemaphoreW
GetFullPathNameW
FindClose
CompareFileTime
GetCurrentDirectoryW
RemoveDirectoryW
GetFileAttributesExW
FindFirstFileW
FindNextFileW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
InterlockedIncrement
VerSetConditionMask
GetSystemDirectoryW
VerifyVersionInfoW
SetLastError
GetOverlappedResult
SetEvent
WaitForMultipleObjects
Sleep
ReadFile
ConnectNamedPipe
DisconnectNamedPipe
CreateEventW
CreateNamedPipeW
CancelIo
GetFileSize
GetCurrentThreadId
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
ReleaseMutex
CreateMutexA
CreateEventA
OpenEventA
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleExA
GlobalMemoryStatusEx
LocalAlloc
LocalFree
OpenProcess
GetSystemTime
GetSystemTimes
SystemTimeToFileTime
lstrcpyW
OpenFileMappingA
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetCommandLineW
GetDriveTypeA
GetDriveTypeW
GetDiskFreeSpaceExA
QueryDosDeviceW
GetVersionExW
GetCurrentThread
SetThreadAffinityMask
GetModuleFileNameA
DeleteFileA
CopyFileA
CreateFileMappingA
CreateWaitableTimerA
SetWaitableTimer
SetFilePointer
SetFileTime
LocalFileTimeToFileTime

user32

SetWindowLongW
SetDlgItemTextW
GetWindowRect
EnumDisplayDevicesA
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
PeekMessageA
SetCursor
ClipCursor
SendMessageA
GetWindowLongW
SetTimer
KillTimer
GetSystemMetrics
GetWindowTextW
UnregisterClassA
IsWindow
SetFocus
GetParent
GetClassNameA
SendMessageW
CallWindowProcW
SetWindowPos
UpdateWindow
DefWindowProcW
CreateWindowExW
DestroyWindow
PostMessageA
ShowWindow
GetDesktopWindow
UnregisterClassW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
EnumWindows
SystemParametersInfoA
EndDialog

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHBrowseForFolderW
SHGetDesktopFolder
ShellExecuteW
ShellExecuteA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ord165
SHFileOperationW

ole32

CoInitializeSecurity
CoSetProxyBlanket
OleInitialize
IIDFromString
CoCreateInstance
CoInitializeEx
CoUninitialize
StringFromCLSID
CoCreateGuid
CoTaskMemFree
CoInitialize

oleaut32

GetErrorInfo
VariantClear
VariantInit
SysStringLen
SysFreeString
SysAllocString
VariantChangeType
SetErrorInfo
CreateErrorInfo

advapi32

CryptGenRandom
RegDeleteValueW
RegCloseKey
RegOpenKeyExA
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW

rail_sdk_platform

GetPlatformInterface

version

GetFileVersionInfoW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeW

shlwapi

StrStrIW
StrCmpW
PathFileExistsW
StrStrIA
PathAppendW

lua51

lua_touserdata
lua_tocfunction
lua_iscfunction
lua_call
luaL_error
lua_setfield
lua_isnumber
lua_replace
lua_typename
lua_isstring
lua_concat
lua_gettable
lua_tolstring
lua_tonumber
lua_newuserdata
lua_remove
lua_toboolean
lua_pushnumber
luaL_loadbuffer
lua_pcall
lua_getfenv
lua_error
lua_setfenv
lua_isuserdata
lua_gc
lua_pushlightuserdata
lua_rawequal
lua_getmetatable
lua_pushlstring
lua_setmetatable
lua_getfield
lua_type
lua_createtable
lua_rawset
lua_pushboolean
lua_pushnil
lua_next
lua_insert
luaL_newmetatable
lua_pushvalue
lua_settable
lua_settop
lua_gettop
lua_pushcclosure
lua_pushstring
lua_rawget

railtr

RailTrW
RailTrP
RailTrPW
RailTrD
RailTrDW
RailTrDP
RailTrDPW
RailSetLanguage
RailBindDomain
RailDomain
RailTr

ws2_32

socket
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getnameinfo
setsockopt
WSAIoctl
__WSAFDIsSet
inet_addr
ntohs
accept
listen
recvfrom
sendto
gethostname
shutdown
select
ntohl
htonl
inet_ntoa
WSACleanup
ioctlsocket
getsockname
getsockopt
gethostbyname
WSAGetLastError
getaddrinfo
freeaddrinfo
htons
WSAStartup

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

crypt32

CertCloseStore
CryptMsgGetParam
CryptMsgClose
CertGetCertificateContextProperty
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringA
CertGetNameStringW
CryptQueryObject
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext

iphlpapi

GetAdaptersInfo

wldap32

ord301
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord143
ord200

normaliz

IdnToUnicode
IdnToAscii

comdlg32

GetOpenFileNameW

winmm

timeSetEvent
timeKillEvent
timeGetDevCaps
timeBeginPeriod

Sections

.text
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 127KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tvm0
Size: 720KB - Virtual size: 720KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cc207ca9f0a8662af134375e21d27b3b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

oleaut32

advapi32

rail_sdk_platform

version

shlwapi

lua51

railtr

ws2_32

psapi

crypt32

iphlpapi

wldap32

normaliz

comdlg32

winmm

Sections

.text Size: 8.0MB - Virtual size: 8.0MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 127KB - Virtual size: 211KB

.tls Size: 40KB - Virtual size: 40KB

.gfids Size: 5KB - Virtual size: 4KB

.rsrc Size: 147KB - Virtual size: 146KB

.tvm0 Size: 720KB - Virtual size: 720KB

.text
Size: 8.0MB - Virtual size: 8.0MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 127KB - Virtual size: 211KB

.tls
Size: 40KB - Virtual size: 40KB

.gfids
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 147KB - Virtual size: 146KB

.tvm0
Size: 720KB - Virtual size: 720KB