2024-05-28_ca80313172d44096a49bd060d1583aab_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-28_ca80313172d44096a49bd060d1583aab_magniber_revil
Size

8.2MB
MD5

ca80313172d44096a49bd060d1583aab
SHA1

277e61ec33eb3305bc0c5680176ffbd4e2cf7d7d
SHA256

b7863e417191e46541ea3885e36a5ce352379c31ae929dcfc61406b646d76f40
SHA512

56cacc85e52b6a0789b325e5bc34535b829df837c5df5046ff6e1f76d0e3c1bfed7785a85f2c66d848cdedf17a80064c3ef24e6f1ed957f7cb048a5e75d16993
SSDEEP

196608:hPQ//iZBFTSJ3Iq/CjH5hpbCZoPG/H5OgfH:hXRSJ3Iq/Cb5zooPMcgfH

Score

1^/10

Malware Config

Signatures

Files

2024-05-28_ca80313172d44096a49bd060d1583aab_magniber_revil
.exe windows:6 windows x86 arch:x86

cc3422cc1fbb10ec0fba9ade7e147882

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:18:90:d1:1c:1d:0a:1a:61:5f:0a:16:25:f1:a3:41
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

12/08/2021, 00:00

Not After

27/10/2022, 23:59

Subject

CN=杭州诸相网络科技有限公司,OU=产品部,O=杭州诸相网络科技有限公司,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:18:90:d1:1c:1d:0a:1a:61:5f:0a:16:25:f1:a3:41
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

12/08/2021, 00:00

Not After

27/10/2022, 23:59

Subject

CN=杭州诸相网络科技有限公司,OU=产品部,O=杭州诸相网络科技有限公司,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fc:56:df:35:ea:54:e0:34:78:90:1c:26:28:d8:dd:89:92:70:46:e0:57:06:3a:23:6f:05:03:52:85:2b:0a:f8
Signer

Actual PE Digest

fc:56:df:35:ea:54:e0:34:78:90:1c:26:28:d8:dd:89:92:70:46:e0:57:06:3a:23:6f:05:03:52:85:2b:0a:f8

Digest Algorithm

sha256

PE Digest Matches

true

a2:0b:1e:09:e8:e4:91:1a:1b:7a:a5:8d:bc:e8:38:9c:c9:a4:f2:64
Signer

Actual PE Digest

a2:0b:1e:09:e8:e4:91:1a:1b:7a:a5:8d:bc:e8:38:9c:c9:a4:f2:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\cpp\gogo\XubeiSteamBox\src\Win32\Release\Gogo.pdb

Imports

ws2_32

socket
WSACreateEvent
sendto
inet_addr
freeaddrinfo
getaddrinfo
WSAAddressToStringW
WSASocketW
WSASend
WSARecv
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
setsockopt
ntohs
ntohl
listen
htons
htonl
WSACloseEvent
WSAIoctl
select
__WSAFDIsSet
connect
accept
send
recv
getnameinfo
getsockname
inet_pton
gethostname
getsockopt
getpeername
ioctlsocket
closesocket
WSAEnumNetworkEvents
WSAEventSelect
WSAWaitForMultipleEvents
bind
recvfrom
shutdown

shlwapi

PathFileExistsA
PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathAppendW

libcef

cef_string_list_copy
cef_enable_highdpi_support
cef_shutdown
cef_initialize
cef_execute_process
cef_register_extension
cef_string_multimap_alloc
cef_command_line_create
cef_string_map_free
cef_string_map_alloc
cef_api_hash
cef_browser_host_create_browser
create_context_shared
cef_request_context_get_global_context
cef_string_list_free
cef_string_list_alloc
cef_process_message_create
cef_string_userfree_utf16_free
cef_log
cef_string_multimap_append
cef_string_multimap_value
cef_string_multimap_key
cef_string_multimap_size
cef_string_map_append
cef_string_multimap_free
cef_string_map_value
cef_string_map_key
cef_string_map_size
cef_string_list_append
cef_string_list_value
cef_string_list_size
cef_v8context_get_current_context
cef_v8value_create_array
cef_v8value_create_object
cef_v8value_create_string
cef_v8value_create_double
cef_v8value_create_int
cef_v8value_create_bool
cef_v8value_create_null
cef_value_create
cef_string_utf8_clear
cef_string_utf16_clear
cef_string_utf8_to_utf16
cef_string_utf16_to_utf8
cef_string_utf16_set
cef_string_utf16_cmp
cef_get_min_log_level

kernel32

MultiByteToWideChar
OutputDebugStringW
FreeLibrary
lstrlenW
GetSystemTime
CreateDirectoryW
SetFileAttributesW
GetPrivateProfileIntW
GetCurrentProcess
GetVersionExW
GetFileTime
GetUserDefaultLangID
GetSystemInfo
GetModuleHandleW
DecodePointer
RaiseException
InitializeCriticalSectionEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
FlushFileBuffers
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeA
WaitNamedPipeA
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThread
GetThreadTimes
LocalFileTimeToFileTime
SetFileTime
DosDateTimeToFileTime
SetFilePointer
GetCurrentDirectoryW
CreateDirectoryExW
InitializeCriticalSection
TryEnterCriticalSection
GetACP
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceW
MulDiv
lstrcpyW
GlobalAlloc
GlobalUnlock
GlobalLock
lstrcpynW
WriteConsoleW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindResourceExW
SetUnhandledExceptionFilter
CreateThread
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleHandleExW
LoadLibraryA
GetEnvironmentVariableW
GetFileType
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemDirectoryA
MoveFileExA
WaitForSingleObjectEx
CompareFileTime
GetEnvironmentVariableA
PeekNamedPipe
VerifyVersionInfoA
GetFileSizeEx
CreateMutexW
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
IsProcessorFeaturePresent
GetStringTypeW
InitOnceExecuteOnce
EncodePointer
LCMapStringEx
GetCPInfo
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcmpiW
TerminateProcess
GlobalFree
FreeLibraryAndExitThread
LoadLibraryExW
InitializeSListHead
InterlockedPushEntrySList
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
InterlockedExchange
InterlockedCompareExchange
SetEndOfFile
GetPrivateProfileIntA
GetPrivateProfileStringA
RtlUnwind
ExitThread
SetConsoleCtrlHandler
MoveFileExW
SetStdHandle
GetDriveTypeW
GetFileInformationByHandle
ExitProcess
SetFilePointerEx
GetConsoleCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetFullPathNameW
IsValidCodePage
GetOEMCP
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetStdHandle
WriteFile
GetLastError
GetCurrentProcessId
GetCurrentThreadId
GetDynamicTimeZoneInformation
GetConsoleMode
WriteConsoleA
SetHandleInformation
CopyFileW
GetExitCodeProcess
CreateEventA
OutputDebugStringA
GetFileAttributesA
GetCommandLineW
LoadLibraryW
OpenEventW
GetSystemDirectoryW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
ResetEvent
OpenProcess
SystemTimeToFileTime
GetTickCount
GetLocalTime
Sleep
ReadFile
GetFileSize
CreateFileA
GetPrivateProfileStringW
DeviceIoControl
RemoveDirectoryW
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
GetModuleFileNameW
GetWindowsDirectoryW
WideCharToMultiByte
VerifyVersionInfoW
FormatMessageW
FormatMessageA
LocalFree
GetProcAddress
GetModuleHandleA
GetSystemTimeAsFileTime
CreateProcessW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateThread
QueueUserAPC
CreateWaitableTimerW
CreatePipe
WaitForMultipleObjects
SetWaitableTimer
CreateEventW
SleepEx
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
SetLastError
CloseHandle
VerSetConditionMask
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
SwitchToThread

user32

ClientToScreen
SetCursor
RemovePropW
GetCapture
GetDoubleClickTime
GetMessageTime
TrackMouseEvent
SetWindowRgn
PtInRect
IsRectEmpty
IntersectRect
MapWindowPoints
ScreenToClient
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
wsprintfW
IsZoomed
IsIconic
IsWindowEnabled
SetWindowTextW
GetWindowTextW
SetForegroundWindow
SetWindowPos
IsWindowVisible
GetWindowRect
SetClassLongW
EnumChildWindows
MonitorFromPoint
GetWindowTextLengthW
EqualRect
wsprintfA
RegisterWindowMessageW
SetWindowLongW
ShowWindow
GetCursorPos
IsWindow
SystemParametersInfoW
SendMessageW
FindWindowW
PostQuitMessage
GetClientRect
LoadIconW
DrawTextW
GetDC
ReleaseDC
CharNextW
GetSystemMetrics
GetMonitorInfoW
EnumDisplayMonitors
wvsprintfW
InflateRect
UnionRect
OffsetRect
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
GetUserObjectInformationW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
MoveWindow
UpdateLayeredWindow
GetWindowRgn
CharPrevW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
WindowFromPoint
FindWindowExW
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
GetKeyboardLayout
GetKeyNameTextW
DestroyWindow
MonitorFromWindow
LoadImageW
LoadCursorW
MapVirtualKeyExW
GetProcessWindowStation
PostThreadMessageW
MessageBoxW
GetSysColor
GetWindowLongW
GetCaretPos
GetWindow
GetParent
GetPropW
SetPropW
EnableWindow
SetFocus
CreateWindowExW
GetActiveWindow

gdi32

SetBitmapBits
GetBitmapBits
FillRgn
GetTextExtentPointA
CreatePatternBrush
GdiFlush
TextOutW
MoveToEx
GetObjectA
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateRectRgnIndirect
CreatePenIndirect
CreateCompatibleBitmap
SwapBuffers
CreateDIBSection
SetRectRgn
SetPixelFormat
PtInRegion
CreateSolidBrush
CreateRectRgn
CombineRgn
ChoosePixelFormat
CreateRoundRectRgn
SetWindowOrgEx
GetTextMetricsW
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
CreatePen
BitBlt
GetDeviceCaps
GetObjectW
SelectObject
GetStockObject
DeleteObject
DeleteDC
CreateFontIndirectW
CreateCompatibleDC

advapi32

CryptGetHashParam
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyExW
RegDeleteValueW
RegEnumKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
RegQueryValueExA
RegOpenKeyExA
CryptHashData
CryptGenRandom
CryptAcquireContextA
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
RegCloseKey

shell32

SHGetFolderPathA
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteA
ShellExecuteW
ord165
SHGetSpecialFolderPathW
SHGetFolderPathW
SHChangeNotify

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoCreateGuid
CoCreateInstance

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocString

comctl32

_TrackMouseEvent
ord17

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipSetSmoothingMode
GdipGetPropertyItem
GdipSetInterpolationMode
GdipDrawRectangleI
GdipFillRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipSetTextRenderingHint
GdiplusStartup
GdiplusShutdown

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

mswsock

GetAcceptExSockaddrs
AcceptEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

rpcrt4

UuidToStringA
RpcStringFreeA

netapi32

Netbios

wldap32

ord143
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord79
ord30
ord200
ord301
ord35

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty
CryptStringToBinaryA
PFXImportCertStore
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertFreeCertificateContext
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptUnprotectMemory
CertVerifyCertificateChainPolicy
CertOpenSystemStoreA

iphlpapi

GetAdaptersInfo

bcrypt

BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptDestroyHash

winhttp

WinHttpQueryOption
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpQueryAuthSchemes
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpWriteData
WinHttpGetDefaultProxyConfiguration
WinHttpSetStatusCallback
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpSetCredentials
WinHttpOpen

opengl32

glHint
glEnd
glInterleavedArrays
glLoadIdentity
glEnable
glDrawArrays
glPixelStorei
glPopAttrib
glPushAttrib
glTexEnvf
glTexImage2D
glTexParameteri
glTexSubImage2D
glVertex2f
glViewport
glDisable
glDeleteTextures
glColor4f
glClearColor
glClear
glBlendFunc
glBindTexture
wglCreateContext
glGenTextures
glBegin
wglMakeCurrent
wglDeleteContext
glMatrixMode

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 199KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc3422cc1fbb10ec0fba9ade7e147882

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:18:90:d1:1c:1d:0a:1a:61:5f:0a:16:25:f1:a3:41Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:18:90:d1:1c:1d:0a:1a:61:5f:0a:16:25:f1:a3:41Certificate

Extended Key Usages

Key Usages

fc:56:df:35:ea:54:e0:34:78:90:1c:26:28:d8:dd:89:92:70:46:e0:57:06:3a:23:6f:05:03:52:85:2b:0a:f8Signer

a2:0b:1e:09:e8:e4:91:1a:1b:7a:a5:8d:bc:e8:38:9c:c9:a4:f2:64Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

shlwapi

libcef

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

imm32

mswsock

version

rpcrt4

netapi32

wldap32

crypt32

iphlpapi

bcrypt

winhttp

opengl32

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 199KB - Virtual size: 226KB

.rsrc Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 234KB - Virtual size: 234KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:18:90:d1:1c:1d:0a:1a:61:5f:0a:16:25:f1:a3:41
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:18:90:d1:1c:1d:0a:1a:61:5f:0a:16:25:f1:a3:41
Certificate

fc:56:df:35:ea:54:e0:34:78:90:1c:26:28:d8:dd:89:92:70:46:e0:57:06:3a:23:6f:05:03:52:85:2b:0a:f8
Signer

a2:0b:1e:09:e8:e4:91:1a:1b:7a:a5:8d:bc:e8:38:9c:c9:a4:f2:64
Signer

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 199KB - Virtual size: 226KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 234KB - Virtual size: 234KB