2024-05-31_ad9d776bc64af78010037a1fa0e1a053_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-31_ad9d776bc64af78010037a1fa0e1a053_magniber
Size

4.0MB
MD5

ad9d776bc64af78010037a1fa0e1a053
SHA1

fc7348466a77e3456129e11300633061d3911c65
SHA256

1d9f93838d9fe6988ba04500653d247fe1a1a3194bda6fb7d245f1350a58da50
SHA512

d31e40655fc360d05d06be2ea45680d2465db77ff280266f5f7479d1ad34c0e90a6ff59da88f1861fbb37e1b84d726ad7de594ac35402e9d1670cfb1dd037208
SSDEEP

98304:bGexzTM+dkIoN4Ir8lIaMsrLspcYPwY2srU:bt1wxN4IriQ7g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-31_ad9d776bc64af78010037a1fa0e1a053_magniber

Files

2024-05-31_ad9d776bc64af78010037a1fa0e1a053_magniber
.exe windows:5 windows x86 arch:x86

10919040d87c6370a110d1485c24a62d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

F:\Office\Target\x86\ship\click2run\en-us\bootstrapper.pdb

Imports

advapi32

RegCreateKeyExW
RegCloseKey
CryptReleaseContext
CryptAcquireContextW
EventRegister
EventUnregister
EventWriteTransfer
RegQueryValueExW
RegGetValueW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegDeleteTreeW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
AllocateAndInitializeSid
FreeSid
EqualSid
CreateWellKnownSid
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
RevertToSelf
OpenThreadToken
EventWrite
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenSCManagerW
CloseServiceHandle
OpenServiceW
QueryServiceStatusEx
QueryServiceConfigW
StartServiceW
ControlService
EnumDependentServicesW
DeleteService
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
SetServiceObjectSecurity
GetLengthSid
InitializeAcl
AddAccessAllowedAce
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertSidToStringSidA
CheckTokenMembership
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
CryptHashData
RegNotifyChangeKeyValue
RegSetKeySecurity

kernel32

SetFileAttributesW
GetFileAttributesExW
GetDiskFreeSpaceExW
DeleteFileW
CloseHandle
GetCurrentDirectoryW
GetProcAddress
SetFilePointerEx
MoveFileExW
CopyFileW
WideCharToMultiByte
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
Sleep
GetStringTypeExW
GetUserDefaultLCID
LoadLibraryA
LCMapStringW
FreeLibrary
LocalFree
FormatMessageA
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
LeaveCriticalSection
EnterCriticalSection
TlsAlloc
TlsFree
FlsGetValue
TlsGetValue
FlsSetValue
TlsSetValue
FileTimeToSystemTime
SetLastError
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetSystemTime
GetCPInfoExW
GetUserDefaultLocaleName
IsValidCodePage
GetCurrentProcessId
CreateEventExW
GetModuleHandleExW
GlobalMemoryStatusEx
RaiseException
GetModuleHandleW
GetVersionExW
GetStringTypeW
VerSetConditionMask
VerifyVersionInfoW
OpenProcess
GetTickCount64
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
CreateProcessW
LoadLibraryExW
FindResourceW
SizeofResource
LoadResource
SetErrorMode
GetComputerNameW
MulDiv
FormatMessageW
GetLogicalProcessorInformation
GetNativeSystemInfo
GetSystemDirectoryW
ReleaseMutex
WaitForSingleObjectEx
ExpandEnvironmentStringsW
GetCommandLineW
GlobalFree
ProcessIdToSessionId
GetCurrentThreadId
FindClose
WaitForMultipleObjects
SignalObjectAndWait
GetProcessAffinityMask
CreateWaitableTimerW
SetWaitableTimerEx
CancelWaitableTimer
WaitForMultipleObjectsEx
QueryDepthSList
TryEnterCriticalSection
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
HeapFree
GetProcessHeap
ReadFile
GetFileSizeEx
GetTempPathW
GetTempFileNameW
GetTickCount
GetThreadLocale
SetEvent
FindFirstFileExW
CreateMutexW
ReleaseSemaphore
lstrcmpW
OpenEventA
CreateEventA
OpenMutexA
CreateMutexA
OpenSemaphoreA
CreateSemaphoreA
OpenFileMappingA
LocalAlloc
HeapAlloc
GlobalAlloc
GetModuleHandleA
WriteFile
GetPriorityClass
GetExitCodeProcess
GetTimeZoneInformation
IsValidLocale
QueryUnbiasedInterruptTime
LCMapStringEx
CreateEventW
WaitForSingleObject
CreateThread
LoadLibraryW
OutputDebugStringA
SetThreadAffinityMask
IsProcessorFeaturePresent
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
QueryFullProcessImageNameW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetThreadIOPendingFlag
GetQueuedCompletionStatus
IsDebuggerPresent
ResetEvent
RtlCaptureStackBackTrace
CreateMemoryResourceNotification
GetSystemPowerStatus
IsSystemResumeAutomatic
VirtualFree
VirtualAlloc
GetLongPathNameW
K32GetProcessMemoryInfo
GetOverlappedResult
FlushFileBuffers
CancelIoEx
GetFileType
SetFileInformationByHandle
GetFileInformationByHandleEx
GetDriveTypeW
GetLocaleInfoEx
LockResource
LCIDToLocaleName
LocaleNameToLCID
GetSystemDefaultLCID
GetProductInfo
LoadLibraryExA
VirtualQuery
GetSystemInfo
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
EnumSystemLocalesW
GetTimeFormatW
GetDateFormatW
SetStdHandle
GetACP
ExitProcess
HeapReAlloc
HeapSize
GetConsoleCP
ReadConsoleW
GetConsoleMode
UnregisterWaitEx
VirtualProtect
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
SwitchToThread
CreateTimerQueue
RtlUnwind
InterlockedFlushSList
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
SetEndOfFile
RemoveDirectoryW
DeviceIoControl
CompareStringW
GetCPInfo
InitializeCriticalSectionAndSpinCount
DuplicateHandle
DecodePointer
EncodePointer
GetUserGeoID
OpenThread
lstrcmpA
FreeConsole
WriteConsoleW
GetStdHandle
AllocConsole
AttachConsole
FindNextFileW
CreateFileW
GetFullPathNameW
FindFirstFileW
CreateDirectoryW
GetThreadTimes
GetCurrentThread
GetProcessTimes
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
MultiByteToWideChar
GetModuleFileNameW
IsWow64Process
FlsAlloc
FlsFree
DeleteCriticalSection
CompareStringEx
GetLastError
InitializeCriticalSectionEx
GetCurrentProcess
GetExitCodeThread
GetLocalTime

ole32

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoRevokeInitializeSpy
CoRegisterInitializeSpy
CreateStreamOnHGlobal
IIDFromString
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CLSIDFromString
StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitializeEx

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

cabinet

ord13
ord14

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

setupapi

SetupIterateCabinetW

ws2_32

FreeAddrInfoW
GetAddrInfoW
WSAStartup

iphlpapi

CreateSortedAddressPairs
FreeMibTable

gdi32

SelectObject
CreateFontW
GetStockObject
SetBkColor
SetTextColor
CreateSolidBrush
GetTextMetricsW
GetDeviceCaps
SetDCBrushColor
CreatePen
SetDCPenColor
Rectangle
DeleteObject
GetTextExtentPoint32W

gdiplus

GdipFillRectangleI
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipLoadImageFromStream
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdipDrawImageRectI
GdiplusStartup
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC

rpcrt4

RpcStringFreeW
UuidToStringW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 984KB - Virtual size: 984KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 163KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 557KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10919040d87c6370a110d1485c24a62d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ole32

oleaut32

cabinet

wintrust

setupapi

ws2_32

iphlpapi

gdi32

gdiplus

rpcrt4

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 984KB - Virtual size: 984KB

.data Size: 163KB - Virtual size: 166KB

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 557KB - Virtual size: 560KB

.reloc Size: 204KB - Virtual size: 204KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 984KB - Virtual size: 984KB

.data
Size: 163KB - Virtual size: 166KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 557KB - Virtual size: 560KB

.reloc
Size: 204KB - Virtual size: 204KB