2024-05-28_4313bb844d6191e8ce5f0d1930351434_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-28_4313bb844d6191e8ce5f0d1930351434_magniber
Size

9.6MB
MD5

4313bb844d6191e8ce5f0d1930351434
SHA1

ddb5c5fdc30f4f13c93017514ff028c03eeecbf9
SHA256

66b4ab13de073e0a8534d28591ea68a297fe6f36b7eb00b0e172084c9b8cd12b
SHA512

4b2d0d39b7addbc821d992a442865c89ac6bbc61664a484d151bd0bcea881334756325058b98e8990a29d0924e49d2f4c694d326a5d05ec40150c65d46c52b20
SSDEEP

196608:bcmaZzNTG7kDJuDtl64mNFAdjafkslzS3D5GD1S15qq0:bvaZzoYl0n6P8djaaNz1U3

Score

1^/10

Malware Config

Signatures

Files

2024-05-28_4313bb844d6191e8ce5f0d1930351434_magniber
.exe windows:5 windows x86 arch:x86

d37a571c71d4298211b779bc167945a1

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:93:7d:07:65:8a:0c:29:b7:85:34:88:8d:ea:a7:6f:fd:89:51:ed
Signer

Actual PE Digest

41:93:7d:07:65:8a:0c:29:b7:85:34:88:8d:ea:a7:6f:fd:89:51:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\工具软件\保险箱打版本工具\BuildProjects\src\branches\360SafeBox_6.0\360Game\installer\bin\release\Safebox_chs.pdb

Imports

kernel32

GetCurrentProcessId
CreateThread
SuspendThread
TerminateThread
Process32NextW
GetFileType
DuplicateHandle
SetLastError
FlushInstructionCache
GetTickCount
SetFileAttributesW
WriteFile
SetEndOfFile
GetFileAttributesW
InterlockedIncrement
Process32FirstW
HeapDestroy
HeapAlloc
LoadLibraryExW
RaiseException
lstrcmpiW
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
CreateMutexW
GetVersionExW
GetFileSize
GetModuleFileNameW
MoveFileExW
MoveFileW
GetPrivateProfileIntW
GetVolumeInformationW
DeviceIoControl
GetCurrentProcess
CreateToolhelp32Snapshot
DeleteAtom
FindAtomW
ReleaseMutex
AddAtomW
OpenThread
InterlockedDecrement
GetLocalTime
FormatMessageW
OutputDebugStringW
GetFileSizeEx
ReleaseSemaphore
LocalFileTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
CreateFileA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetModuleHandleA
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
SetStdHandle
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
HeapCreate
FatalAppExitA
GetStartupInfoA
GetStdHandle
SetHandleCount
GetCurrentThread
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchange
CreateSemaphoreW
TryEnterCriticalSection
GlobalSize
TerminateProcess
GetSystemTime
GetVersion
SetEvent
CreateEventW
lstrcpyW
lstrcatW
GlobalFree
GlobalUnlock
FreeResource
GlobalLock
GlobalAlloc
lstrcmpW
SetCurrentDirectoryW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
GetTempFileNameW
GetTempPathW
GetLongPathNameW
CopyFileW
WaitForSingleObject
FindClose
FindNextFileW
FindFirstFileW
RemoveDirectoryW
GetSystemDirectoryW
SetFileTime
CreateDirectoryW
DosDateTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
SetFilePointerEx
SetFilePointer
DeleteCriticalSection
GetAtomNameW
InitializeCriticalSection
ReadFile
GetLastError
CreateFileW
lstrcpynW
LocalFree
DeleteFileW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
MultiByteToWideChar
lstrlenA
WritePrivateProfileStringW
GetPrivateProfileStringW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
lstrlenW
GetProcAddress
LoadLibraryW
Sleep
CloseHandle
CreateProcessW
FreeLibrary
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
SetProcessWorkingSetSize
ExitProcess
OpenProcess
VirtualQuery
CancelWaitableTimer
CreateWaitableTimerW
SetWaitableTimer
ResetEvent
IsBadReadPtr
IsBadWritePtr
TlsSetValue
TlsAlloc
TlsFree
lstrcmpiA
lstrcmpA
WaitForMultipleObjects
GetWindowsDirectoryW
GetShortPathNameW
FileTimeToLocalFileTime
GetFileTime
SetErrorMode
GetSystemInfo
GetProcessTimes
GetSystemTimeAsFileTime
LocalAlloc
SearchPathW
GetExitCodeProcess
ExpandEnvironmentStringsW

user32

SetWindowLongW
PeekMessageW
GetMessageW
LoadStringW
SetForegroundWindow
ShowWindow
TranslateMessage
DispatchMessageW
WaitForInputIdle
PostMessageW
FindWindowW
CharNextW
DestroyWindow
DefWindowProcW
SwitchToThisWindow
BringWindowToTop
GetDesktopWindow
GetWindowThreadProcessId
AttachThreadInput
GetForegroundWindow
GetWindowLongW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
SendMessageTimeoutW
MessageBoxW
SetTimer
SetWindowPos
IsWindow
KillTimer
GetShellWindow
GetDlgItemTextW
FindWindowExW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SetActiveWindow
GetDlgItem
TrackMouseEvent
IsIconic
IsWindowVisible
IsRectEmpty
EnumDisplaySettingsW
UpdateLayeredWindow
PtInRect
MsgWaitForMultipleObjects
MonitorFromPoint
EndPaint
BeginPaint
GetKeyState
GetFocus
MoveWindow
ClientToScreen
CopyRect
PrivateExtractIconsW
GetIconInfo
FillRect
DrawIconEx
DrawIcon
SetCapture
DrawTextW
ReleaseDC
GetDC
MapVirtualKeyW
SetClassLongW
OffsetRect
SetWindowRgn
AnimateWindow
RedrawWindow
GetMessagePos
SystemParametersInfoW
IsZoomed
ScreenToClient
EnableWindow
UpdateWindow
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
SetFocus
GetSystemMetrics
LoadImageW
PostQuitMessage
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
MapWindowPoints
SendMessageW
GetClientRect
UnregisterClassA
GetClipboardData
IsClipboardFormatAvailable
SetRect
SubtractRect
GetKeyNameTextW
InvalidateRect

gdi32

SetBitmapBits
GetBitmapBits
SetBrushOrgEx
SetBkColor
CreateFontIndirectW
GetCurrentObject
GetClipBox
StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
GetDIBits
CreateDCW
GetStockObject
CreateFontW
BitBlt
CreateDIBSection
RoundRect
ExcludeClipRect
GetObjectA
SetTextColor
LineTo
MoveToEx
CreatePen
CreateCompatibleDC
GetTextExtentPoint32W
SetBkMode
SelectObject
CombineRgn
CreateRoundRectRgn
CreateRectRgn
DeleteObject
CreateSolidBrush
GetObjectW
DeleteDC
SetViewportOrgEx
GetDeviceCaps
Rectangle

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetSidSubAuthorityCount
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
ChangeServiceConfig2W
ChangeServiceConfigW
CreateServiceW
RegQueryValueExW
DeleteService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyW
GetSidSubAuthority
GetSidIdentifierAuthority
RegGetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegEnumKeyW
RegSetKeySecurity
CopySid
GetTokenInformation
DuplicateTokenEx
RegQueryValueExA

shell32

SHChangeNotify
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ord165
SHAppBarMessage
SHFreeNameMappings
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationW
ShellExecuteW
SHGetFolderPathW
Shell_NotifyIconW
CommandLineToArgvW

ole32

CoMarshalInterface
GetHGlobalFromStream
CreateStreamOnHGlobal
CoCreateGuid
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
OleUninitialize
OleInitialize
CoSetProxyBlanket
CoInitializeSecurity
CoUnmarshalInterface
CoInitializeEx

oleaut32

SysAllocStringByteLen
SysAllocStringLen
SysStringByteLen
SysFreeString
SysAllocString
VariantInit
VariantClear
VariantChangeType
VarUI4FromStr
CreateErrorInfo
SetErrorInfo
GetErrorInfo

shlwapi

StrToIntExW
PathIsURLW
PathFileExistsW
SHGetValueW
PathIsDirectoryW
SHGetValueA
StrCatW
StrCmpNIW
StrStrIW
StrCmpIW
SHDeleteKeyW
PathIsRootW
PathCombineW
SHSetValueW
PathRemoveFileSpecW
PathAddBackslashW
PathBuildRootW
PathGetDriveNumberW
StrStrW
StrDupW
StrToIntW
StrRStrIW
UrlCanonicalizeW
UrlCompareW
PathMatchSpecW
PathFindExtensionW
PathRemoveExtensionW
PathCanonicalizeW
PathFindFileNameW
PathAppendW

comctl32

ImageList_Remove
ImageList_GetIcon
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetImageCount
ImageList_Draw
ImageList_Duplicate
ImageList_Destroy
ImageList_Create

msimg32

TransparentBlt
AlphaBlend

wininet

InternetConnectW
InternetSetStatusCallbackW
HttpSendRequestExW
HttpOpenRequestW
FtpOpenFileW
HttpEndRequestW
InternetSetOptionA
InternetWriteFile
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
InternetQueryOptionW
FindCloseUrlCache
InternetSetOptionW
InternetGetLastResponseInfoW
FtpCommandW
FtpGetFileSize
InternetReadFileExA
GetUrlCacheEntryInfoW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
InternetOpenW
InternetCrackUrlW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
WTHelperProvDataFromStateData
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash

netapi32

Netbios

winmm

timeKillEvent
timeBeginPeriod
timeSetEvent

setupapi

SetupIterateCabinetW

crypt32

CertGetNameStringW

psapi

GetModuleFileNameExW
GetModuleBaseNameW
EnumProcesses
EnumProcessModules
GetProcessMemoryInfo

urlmon

ObtainUserAgentString

Sections

.text
Size: 801KB - Virtual size: 801KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d37a571c71d4298211b779bc167945a1

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

41:93:7d:07:65:8a:0c:29:b7:85:34:88:8d:ea:a7:6f:fd:89:51:edSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

wininet

version

wintrust

netapi32

winmm

setupapi

crypt32

psapi

urlmon

Sections

.text Size: 801KB - Virtual size: 801KB

.rdata Size: 174KB - Virtual size: 173KB

.data Size: 105KB - Virtual size: 139KB

.rsrc Size: 8.5MB - Virtual size: 8.5MB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

41:93:7d:07:65:8a:0c:29:b7:85:34:88:8d:ea:a7:6f:fd:89:51:ed
Signer

.text
Size: 801KB - Virtual size: 801KB

.rdata
Size: 174KB - Virtual size: 173KB

.data
Size: 105KB - Virtual size: 139KB

.rsrc
Size: 8.5MB - Virtual size: 8.5MB