2024-06-01_fee5cd16d34176067c3e04e765a8eaf4_karagany_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-01_fee5cd16d34176067c3e04e765a8eaf4_karagany_magniber
Size

8.4MB
MD5

fee5cd16d34176067c3e04e765a8eaf4
SHA1

3f80d38c6075c448299b9acae7b00475f691f7fb
SHA256

c91b1c07edcdaff75e427795877e584b9a6ff39a4565ab981169e9a10a6374b8
SHA512

7b98326bef61c052a59fc4ffed644f312c42d1362fcd7a70ea16bd405fa2e5db1bcd3d8267a3119f93d6fe929ca7f56c46c9a64cec5554eac5d8dad0953acba7
SSDEEP

196608:PAfRBEQlTTT5Lm564Z39/v5oKRYo6rX/6Jto9nR4oSXgsPu:Po0QlTTFuZN/v5oKoXe04vwsm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-01_fee5cd16d34176067c3e04e765a8eaf4_karagany_magniber

Files

2024-06-01_fee5cd16d34176067c3e04e765a8eaf4_karagany_magniber
.exe windows:5 windows x86 arch:x86

c15e6fddf4d773dc94a15ba6b18ad66a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToFileTime
OutputDebugStringA
CreateFileW
FreeLibrary
LoadLibraryW
SetFileAttributesW
GetModuleFileNameW
CreateProcessW
GetCommandLineW
GetPrivateProfileStringW
ReleaseMutex
CreateMutexW
OpenMutexW
CreateSemaphoreA
ReleaseSemaphore
DuplicateHandle
GetCurrentProcess
GetFileTime
CompareFileTime
RemoveDirectoryW
DecodePointer
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
MulDiv
lstrcmpW
lstrcmpiW
CreateSemaphoreW
LoadLibraryExW
FindResourceW
InterlockedExchange
InterlockedExchangeAdd
PostQueuedCompletionStatus
TlsAlloc
TlsFree
GetVersion
GetFileType
GetStdHandle
QueryPerformanceCounter
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
GetSystemTime
SetEvent
CreateEventA
GetSystemTimeAsFileTime
WideCharToMultiByte
MultiByteToWideChar
GetACP
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
MapViewOfFile
MoveFileExW
UnlockFile
LockFile
UnlockFileEx
GetFileAttributesA
HeapCreate
HeapValidate
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingW
GetDiskFreeSpaceA
GetTempPathA
DeleteFileA
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
SetStdHandle
GetTimeZoneInformation
FlushFileBuffers
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleCP
WriteFile
ExitThread
CreateThread
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetConsoleMode
ReadConsoleInputA
SetFileTime
OutputDebugStringW
FindNextFileW
FindFirstFileW
ExpandEnvironmentStringsW
FindClose
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemInfo
SwitchToThread
GetTickCount
FlushConsoleInputBuffer
GetModuleHandleA
QueryDosDeviceW
CreateDirectoryW
GetModuleHandleW
CloseHandle
Sleep
WaitForSingleObject
SetLastError
GetLastError
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
OpenProcess
GetLongPathNameW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GlobalMemoryStatusEx
GetProcAddress
LocalFree
GetComputerNameW
GetVolumeInformationW
GetModuleHandleExW
ExitProcess
SetConsoleCtrlHandler
GetCPInfo
ReadConsoleW
GetConsoleMode
ReadFile
RtlUnwind
InitializeCriticalSection
VerifyVersionInfoW
CreateEventW
SleepEx
QueueUserAPC
GetQueuedCompletionStatus
CreateIoCompletionPort
TerminateThread
InterlockedCompareExchange
VerSetConditionMask
CreateMutexA
GetExitCodeProcess
GetVersionExW
GetBinaryTypeW
FindResourceExW
LockResource
FreeResource
FormatMessageW
CreateWaitableTimerA
TlsSetValue
TlsGetValue
ResumeThread
GetSystemDirectoryW
UnmapViewOfFile
SetWaitableTimer
ResetEvent
WaitForMultipleObjects
OpenEventA
AreFileApisANSI
CopyFileW
DeviceIoControl
GetTempPathW
SetFilePointerEx
SetEndOfFile
GetFullPathNameW
GetFileAttributesExW
GetFileAttributesW
DeleteFileW
GetStringTypeExA
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
GetStringTypeW
EncodePointer
FormatMessageA
GetStringTypeExW
LCMapStringW
LCMapStringA
GetUserDefaultLCID

user32

IsWindow
wsprintfA
wsprintfW
LoadStringA
GetClassNameW
RegisterWindowMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsChild
DestroyWindow
MoveWindow
SetWindowPos
GetWindowTextW
LoadStringW
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
LoadCursorW
GetWindow
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
MessageBoxW
GetClientRect
GetWindowTextLengthW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem

gdi32

GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

advapi32

ReportEventA
EqualSid
RegisterEventSourceA
DeregisterEventSource
RegQueryInfoKeyW
SetNamedSecurityInfoW
DuplicateTokenEx
CreateProcessAsUserW
SetEntriesInAclW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
ConvertSidToStringSidW
LookupAccountNameW
CreateWellKnownSid
OpenProcessToken
GetTokenInformation
LookupAccountSidW
CheckTokenMembership

shell32

CommandLineToArgvW
ShellExecuteW
FindExecutableW
ord680
ShellExecuteExW
SHGetFolderPathW

ole32

CoInitialize
CoCreateInstance
StringFromCLSID
CoCreateGuid
CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CoGetClassObject
CoInitializeEx
CoUninitialize
CLSIDFromString

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantInit
VariantClear
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect

shlwapi

wvnsprintfA
AssocQueryStringW

comctl32

InitCommonControlsEx

ws2_32

WSASetLastError
setsockopt
select
listen
htonl
getsockopt
getsockname
WSAGetLastError
connect
WSAStartup
WSACleanup
freeaddrinfo
WSAIoctl
WSARecv
closesocket
bind
accept
__WSAFDIsSet
WSASend
WSASocketW
ioctlsocket
getaddrinfo

psapi

GetModuleBaseNameW
EnumProcesses
GetProcessImageFileNameW
GetProcessMemoryInfo
GetModuleFileNameExW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

urlmon

CoInternetParseUrl

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c15e6fddf4d773dc94a15ba6b18ad66a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

psapi

userenv

wtsapi32

version

urlmon

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 449KB - Virtual size: 449KB

.data Size: 41KB - Virtual size: 62KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 114KB - Virtual size: 113KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 449KB - Virtual size: 449KB

.data
Size: 41KB - Virtual size: 62KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 114KB - Virtual size: 113KB