2024-05-27_d946c7218f704088824dd614003f0671_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-27_d946c7218f704088824dd614003f0671_magniber
Size

4.3MB
MD5

d946c7218f704088824dd614003f0671
SHA1

eaaec8de795d3e7cc7f29830978ce267204cca20
SHA256

c79c2a7b05c4bd9cbd7e4ecb4cae2cfe21a2e40558475b9dae585ae93c808223
SHA512

965226eedd30687c115a6bf8fe8176994c94ed5104130a6daa1921fed81d0695296c3d0452c30a9b18082143862a54934815cd03f123296cc686cfdcf76b44fe
SSDEEP

98304:NPFETgt2jmzZrEywhW+BGPDdIK9N1iS5I9:wTsPwhW+QPD19Ne

Score

1^/10

Malware Config

Signatures

Files

2024-05-27_d946c7218f704088824dd614003f0671_magniber
.exe windows:6 windows x86 arch:x86

69849108e06c84366bb0c2cd143f5151

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01-09-1998 12:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:f9:6b:56:ce:ec:ef:9b:be:ec:d0:db
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14-08-2023 01:21

Not After

14-08-2024 01:21

Subject

SERIALNUMBER=91440300MACNQ0M01Q,CN=深圳游迷世界网络有限公司,O=深圳游迷世界网络有限公司,STREET=宝安区新安街道海滨社区欢乐港湾12号海府生态大厦A栋301,L=深圳市,ST=广东省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13085368656e7a68656e,1.3.6.1.4.1.311.60.2.1.2=#13094775616e67646f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02-11-2023 10:30

Not After

04-12-2034 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

88:f7:77:8d:a3:44:f5:cb:b3:4e:16:e6:7d:d7:93:41:7c:22:e4:7c:8a:49:c7:92:84:cd:80:81:07:f8:cc:ae
Signer

Actual PE Digest

88:f7:77:8d:a3:44:f5:cb:b3:4e:16:e6:7d:d7:93:41:7c:22:e4:7c:8a:49:c7:92:84:cd:80:81:07:f8:cc:ae

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work\speedlink.win\Bin\YomiUpdate.pdb

Imports

kernel32

HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindClose
SetEndOfFile
HeapReAlloc
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFullPathNameW
SetFilePointerEx
GetFileSizeEx
HeapAlloc
HeapFree
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetStdHandle
GetTimeZoneInformation
lstrcpyW
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
MoveFileExW
DeleteFileW
GetModuleHandleExW
LoadLibraryExW
GetLocalTime
RtlUnwind
OutputDebugStringW
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
SwitchToThread
CreateEventW
SetLastError
EncodePointer
LeaveCriticalSection
EnterCriticalSection
WriteConsoleW
lstrcpynW
RaiseException
lstrcmpiW
GlobalAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DecodePointer
FormatMessageW
LocalFree
SystemTimeToFileTime
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
GetFileAttributesW
CreateDirectoryW
VerifyVersionInfoW
MulDiv
VerSetConditionMask
ExitProcess
GetACP
lstrlenW
GlobalLock
GlobalUnlock
LoadLibraryW
GetModuleHandleW
GetTickCount
GetFileSize
CreateFileW
InterlockedPushEntrySList
GetCurrentDirectoryW
WriteFile
VirtualFree
VirtualAlloc
ReleaseMutex
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetProcAddress
FreeLibrary
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetThreadPriority
GetCurrentThreadId
CreateThread
GetCurrentProcessId
Sleep
CreateEventA
WaitForSingleObject
ResetEvent
SetEvent
CreatePipe
ReadFile
FindNextFileW
FindFirstFileW
CreateProcessW
FindResourceW
LoadResource
CloseHandle
LockResource
GetLastError
OpenProcess
FreeResource
GetVersionExW
CreateMutexA
TerminateProcess
GetCurrentProcess
SizeofResource
CreateProcessA
GetModuleFileNameW
SetCurrentDirectoryW
FileTimeToSystemTime

user32

GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
ClientToScreen
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
GetWindowTextLengthW
IsWindowEnabled
UpdateWindow
EqualRect
SetWindowTextW
GetWindowTextW
CreateCaret
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
PostQuitMessage
KillTimer
SetTimer
PostMessageW
GetTopWindow
GetWindowTextA
SendMessageW
MessageBoxW
GetWindow
GetWindowThreadProcessId
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
CreatePopupMenu
SetRect
FillRect
DrawTextW
CharPrevW
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
IsWindow
DestroyWindow
SetWindowPos
IsWindowVisible
IsIconic
IsZoomed
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
LoadImageW
MonitorFromWindow
GetMonitorInfoW
SetCursor
LoadCursorW
InflateRect
wsprintfW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
GetWindowRgn
MoveWindow
UpdateLayeredWindow
ShowWindow
SetWindowRgn
EnableWindow
SetPropW
GetPropW
MonitorFromPoint

gdi32

GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
GetObjectW
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectA
MoveToEx
TextOutW
GdiFlush
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
CreateFontW
SetWindowOrgEx
CreateRoundRectRgn
CreateRectRgn
PtInRegion
CreateDIBSection
CombineRgn
CreateEllipticRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
SetStretchBltMode
DeleteDC
StretchBlt
SetTextColor

advapi32

DeleteService
OpenProcessToken
RegCloseKey
RegSetKeyValueW
CloseServiceHandle
RegQueryValueExA
OpenSCManagerW
RegDeleteKeyW
RegCreateKeyW
ControlService
RegSetValueExA
RegOpenKeyExA
OpenServiceW
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
DragQueryFileW

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoCreateInstance
CoInitialize
DoDragDrop

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

gdiplus

GdipRotateWorldTransform
GdiplusStartup
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipTranslateWorldTransform
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc
GdiplusShutdown
GdipSetStringFormatTrimming

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

ws2_32

listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket
WSAStartup
WSAGetLastError
WSAIoctl
gethostbyname
gethostname
freeaddrinfo
getsockname
ioctlsocket
getaddrinfo
__WSAFDIsSet
accept
bind
closesocket
connect

iphlpapi

GetAdaptersAddresses

dbghelp

SymCleanup
SymInitialize

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69849108e06c84366bb0c2cd143f5151

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94Certificate

Key Usages

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

65:f9:6b:56:ce:ec:ef:9b:be:ec:d0:dbCertificate

Extended Key Usages

Key Usages

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

88:f7:77:8d:a3:44:f5:cb:b3:4e:16:e6:7d:d7:93:41:7c:22:e4:7c:8a:49:c7:92:84:cd:80:81:07:f8:cc:aeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

imm32

ws2_32

iphlpapi

dbghelp

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 388KB - Virtual size: 388KB

.data Size: 26KB - Virtual size: 36KB

.msvcjmc Size: 2KB - Virtual size: 1KB

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 106KB - Virtual size: 106KB

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

65:f9:6b:56:ce:ec:ef:9b:be:ec:d0:db
Certificate

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

88:f7:77:8d:a3:44:f5:cb:b3:4e:16:e6:7d:d7:93:41:7c:22:e4:7c:8a:49:c7:92:84:cd:80:81:07:f8:cc:ae
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 388KB - Virtual size: 388KB

.data
Size: 26KB - Virtual size: 36KB

.msvcjmc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 106KB - Virtual size: 106KB