2024-05-31_2958f5c31af6c5bc2edd70f952539713_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-31_2958f5c31af6c5bc2edd70f952539713_magniber
Size

2.5MB
MD5

2958f5c31af6c5bc2edd70f952539713
SHA1

1777f34a3fa1f3feaa819cb7b4d80952758453df
SHA256

45de0198da2c0be128505d1fce77e03683d0976b06970a23ee52d1aa2581fd7d
SHA512

6e7b9ee8d04b61e4efbeef64c16e20bf27bfa7772e58e8f9e565957a68b512e4c166012c4b4802d5318c0b4c7a0487d92a197648373cc050341658dcfc5c9d4c
SSDEEP

49152:DQY9jCkTlwAdTrCoTG2oR2R22yd2w0nSW8jtT8mpBIWKzbe:DQgtnd/I2ykw0SW8jtjfIWt

Score

1^/10

Malware Config

Signatures

Files

2024-05-31_2958f5c31af6c5bc2edd70f952539713_magniber
.exe windows:6 windows x86 arch:x86

7e88062c714afaad9089cbfaed5229a2

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:31:c2:6a:9c:ed:0d:07:0f:61:27:e6:02:ae:32:bd
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

10/05/2023, 00:00

Not After

09/05/2024, 23:59

Subject

SERIALNUMBER=3213630,CN=KUD LIMITED,O=KUD LIMITED,ST=Hong Kong,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:31:c2:6a:9c:ed:0d:07:0f:61:27:e6:02:ae:32:bd
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

10/05/2023, 00:00

Not After

09/05/2024, 23:59

Subject

SERIALNUMBER=3213630,CN=KUD LIMITED,O=KUD LIMITED,ST=Hong Kong,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e9:b4:1c:e2:5d:d3:51:39:de:f1:df:21:d1:7d:24:12:54:5f:e7:e9:8b:67:31:07:bb:fc:99:b0:53:97:0e:81
Signer

Actual PE Digest

e9:b4:1c:e2:5d:d3:51:39:de:f1:df:21:d1:7d:24:12:54:5f:e7:e9:8b:67:31:07:bb:fc:99:b0:53:97:0e:81

Digest Algorithm

sha256

PE Digest Matches

true

f3:b6:10:36:a6:46:1b:08:11:0a:95:1e:80:51:b6:9a:86:2d:c0:78
Signer

Actual PE Digest

f3:b6:10:36:a6:46:1b:08:11:0a:95:1e:80:51:b6:9a:86:2d:c0:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_win\workspace\cpp-webuff\cpp\src\webuff\bin\Release\WeBuffCore.pdb

Imports

ntdll

NtResumeProcess
NtSuspendProcess
RtlUnwind

kernel32

GetCurrentProcess
GetFileSize
ReadFile
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
lstrcmpiW
Module32FirstW
Module32NextW
TerminateProcess
GetModuleFileNameW
GetModuleFileNameA
CreateEventW
CreateProcessW
K32GetProcessMemoryInfo
FindFirstFileW
FindNextFileW
FindClose
CreateFileA
WaitNamedPipeA
CreateNamedPipeA
ConnectNamedPipe
FlushFileBuffers
DisconnectNamedPipe
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesW
CreateDirectoryW
GetLogicalDriveStringsW
QueryDosDeviceW
lstrlenW
lstrcpyW
lstrcatW
K32GetProcessImageFileNameW
GetFullPathNameW
GetExitCodeProcess
CreateEventA
LoadLibraryW
DeleteFileA
SetFileAttributesA
SetFileAttributesW
lstrcpyA
lstrcatA
FindFirstFileA
lstrcmpiA
FindNextFileA
RemoveDirectoryA
GetFileAttributesA
InitializeCriticalSection
DeleteCriticalSection
LocalFree
LocalAlloc
CreateNamedPipeW
GetTickCount
ResetEvent
EnterCriticalSection
LeaveCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
CopyFileW
FreeResource
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFinalPathNameByHandleA
GetPrivateProfileIntA
CreateDirectoryA
SetUnhandledExceptionFilter
GetCurrentThread
GetCurrentThreadId
IsWow64Process
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
GetThreadTimes
FindFirstFileExW
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetFileType
EnumSystemLocalesW
SetLastError
GetModuleHandleW
WaitForSingleObject
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
Sleep
CloseHandle
WriteFile
CreateFileW
DeleteFileW
SetEvent
GetLastError
GetLocalTime
VirtualFree
VirtualAlloc
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetStdHandle
ExitProcess
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
GetModuleHandleExW
SetEndOfFile
WriteConsoleW
SetStdHandle
InitializeSListHead
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
ExitThread
GetTimeZoneInformation
GetFileAttributesExW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
FreeLibrary
OutputDebugStringW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
WaitForMultipleObjects
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
TryEnterCriticalSection
EncodePointer
DecodePointer
RaiseException
DuplicateHandle
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
IsProcessorFeaturePresent
QueueUserWorkItem
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
FindResourceExW

user32

CharNextW
GetIconInfo
GetParent
GetWindowLongW
GetWindowThreadProcessId
EnumWindows
MessageBoxW

gdi32

GetObjectW
DeleteObject

advapi32

InitializeSecurityDescriptor
OpenThreadToken
RegEnumKeyExA
RegOpenKeyExW
RegSetValueExA
RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
LookupPrivilegeValueW
RegEnumKeyExW
RegQueryInfoKeyW
AdjustTokenPrivileges
OpenProcessToken

shell32

SHGetSpecialFolderPathA
ShellExecuteA
ExtractIconExW

ole32

CoInitialize
CoInitializeEx
CoCreateInstance
CoUninitialize
OleRun

oleaut32

SysFreeString
SysAllocString
VariantClear
GetErrorInfo

shlwapi

PathAddBackslashA
PathRemoveFileSpecA
PathAddBackslashW
PathRemoveFileSpecW
StrCpyW
StrToIntW
PathFindFileNameW

gdiplus

GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipGetImageWidth
GdiplusStartup
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromHICON
GdipGetImageHeight
GdipAlloc
GdipCloneImage
GdiplusShutdown
GdipSaveImageToFile
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipFree

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpen
WinHttpCloseHandle

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 964KB - Virtual size: 963KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e88062c714afaad9089cbfaed5229a2

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

cf:31:c2:6a:9c:ed:0d:07:0f:61:27:e6:02:ae:32:bdCertificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

cf:31:c2:6a:9c:ed:0d:07:0f:61:27:e6:02:ae:32:bdCertificate

Extended Key Usages

Key Usages

e9:b4:1c:e2:5d:d3:51:39:de:f1:df:21:d1:7d:24:12:54:5f:e7:e9:8b:67:31:07:bb:fc:99:b0:53:97:0e:81Signer

f3:b6:10:36:a6:46:1b:08:11:0a:95:1e:80:51:b6:9a:86:2d:c0:78Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

winhttp

iphlpapi

Sections

.text Size: 964KB - Virtual size: 963KB

.rdata Size: 208KB - Virtual size: 207KB

.data Size: 23KB - Virtual size: 34KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 49KB - Virtual size: 48KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

cf:31:c2:6a:9c:ed:0d:07:0f:61:27:e6:02:ae:32:bd
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

cf:31:c2:6a:9c:ed:0d:07:0f:61:27:e6:02:ae:32:bd
Certificate

e9:b4:1c:e2:5d:d3:51:39:de:f1:df:21:d1:7d:24:12:54:5f:e7:e9:8b:67:31:07:bb:fc:99:b0:53:97:0e:81
Signer

f3:b6:10:36:a6:46:1b:08:11:0a:95:1e:80:51:b6:9a:86:2d:c0:78
Signer

.text
Size: 964KB - Virtual size: 963KB

.rdata
Size: 208KB - Virtual size: 207KB

.data
Size: 23KB - Virtual size: 34KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 49KB - Virtual size: 48KB