2024-06-02_0c20cff9b5d5fce0215e6408d852172d_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-02_0c20cff9b5d5fce0215e6408d852172d_magniber
Size

4.0MB
MD5

0c20cff9b5d5fce0215e6408d852172d
SHA1

827e83982e27e027112c0f25357e637f39701a44
SHA256

6fc00abc13eade0cc4eb3dae5ef6ae576a20095a2a2899cb70327c4f02a3be34
SHA512

08332eb6e9c598b30fa269510313904640616cd7417ebde5696056492ab0ccc15a48a4e138625315fe9c8d1e05cf9ec133a4ae1f14d2cc955f9cf8fa48ab418b
SSDEEP

98304:QhxqjzGXKkHktIB1yBw5D1Ex/CL+KO+wY2s63x:wCGX7Bj4/EO+76h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-02_0c20cff9b5d5fce0215e6408d852172d_magniber

Files

2024-06-02_0c20cff9b5d5fce0215e6408d852172d_magniber
.exe windows:5 windows x86 arch:x86

2d41b25429890c8dcb952bcb86f4a7cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

F:\Office\Target\x86\ship\click2run\en-us.pre\Bootstrapper.pdb

Imports

advapi32

RegCreateKeyExW
RegCloseKey
CryptReleaseContext
CryptAcquireContextW
EventWrite
EventWriteTransfer
EventRegister
EventUnregister
RegOpenKeyExW
RegQueryValueExW
RegDeleteTreeW
RegDeleteKeyW
RegGetValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegSetValueExW
RegDeleteValueW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
EqualSid
CreateWellKnownSid
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
RevertToSelf
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenSCManagerW
CloseServiceHandle
OpenServiceW
QueryServiceStatusEx
QueryServiceConfigW
StartServiceW
ControlService
EnumDependentServicesW
DeleteService
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
SetServiceObjectSecurity
GetLengthSid
CopySid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertSidToStringSidA
CheckTokenMembership
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
CryptHashData
RegNotifyChangeKeyValue
RegSetKeySecurity

kernel32

SetFileAttributesW
GetFileAttributesExW
GetDiskFreeSpaceExW
DeleteFileW
CloseHandle
GetCurrentDirectoryW
GetWindowsDirectoryW
GetProcAddress
SetFilePointerEx
MoveFileExW
CopyFileW
AreFileApisANSI
WideCharToMultiByte
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
Sleep
GetStringTypeExW
GetUserDefaultLCID
LoadLibraryA
LCMapStringW
FreeLibrary
LocalFree
FormatMessageA
GetCurrentThreadId
TlsAlloc
TlsFree
FlsGetValue
TlsGetValue
FlsSetValue
TlsSetValue
GetTickCount64
GetModuleHandleExW
K32GetProcessMemoryInfo
GlobalMemoryStatusEx
LeaveCriticalSection
EnterCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
GetCurrentProcessId
FileTimeToSystemTime
GetUserDefaultLocaleName
IsValidCodePage
SetLastError
GetSystemTime
SystemTimeToFileTime
GetCPInfoExW
CreateEventExW
GetStringTypeW
RaiseException
LoadLibraryExW
GetModuleHandleW
VerSetConditionMask
VerifyVersionInfoW
GetVersionExW
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
CreateProcessW
FindResourceW
SizeofResource
LoadResource
OpenProcess
SetErrorMode
GetComputerNameW
MulDiv
FormatMessageW
GetLogicalProcessorInformation
GetNativeSystemInfo
GetSystemDirectoryW
ReleaseMutex
WaitForSingleObjectEx
SystemTimeToTzSpecificLocalTime
ExpandEnvironmentStringsW
GetCommandLineW
GlobalFree
ProcessIdToSessionId
GetExitCodeThread
WaitForMultipleObjects
WaitForMultipleObjectsEx
SignalObjectAndWait
GetProcessAffinityMask
GetCurrentProcess
SetWaitableTimerEx
CancelWaitableTimer
QueryDepthSList
TryEnterCriticalSection
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
HeapFree
GetProcessHeap
ReadFile
GetFileSizeEx
GetTempPathW
GetTempFileNameW
GetTickCount
GetThreadLocale
SetEvent
FindFirstFileExW
lstrcmpW
GetDriveTypeW
CreateMutexW
ReleaseSemaphore
OpenEventA
CreateEventA
OpenMutexA
CreateMutexA
OpenSemaphoreA
FindClose
OpenFileMappingA
GlobalAlloc
LocalAlloc
HeapAlloc
GetModuleHandleA
WriteFile
GetPriorityClass
GetExitCodeProcess
GetTimeZoneInformation
IsValidLocale
QueryUnbiasedInterruptTime
LCMapStringEx
CreateThread
CreateEventW
LoadLibraryW
OutputDebugStringA
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForSingleObject
GetLongPathNameW
ResetEvent
LockResource
GetOverlappedResult
FlushFileBuffers
CancelIoEx
GetFileType
SetFileInformationByHandle
GetFileInformationByHandleEx
GetLocaleInfoEx
LCIDToLocaleName
LocaleNameToLCID
GetSystemDefaultLCID
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
QueryFullProcessImageNameW
SetThreadAffinityMask
IsProcessorFeaturePresent
CreateIoCompletionPort
PostQueuedCompletionStatus
GetThreadIOPendingFlag
GetQueuedCompletionStatus
RtlCaptureStackBackTrace
IsDebuggerPresent
CreateMemoryResourceNotification
GetSystemPowerStatus
IsSystemResumeAutomatic
OutputDebugStringW
VirtualFree
VirtualAlloc
GetProductInfo
SetEndOfFile
GetEnvironmentVariableW
RemoveDirectoryW
DeviceIoControl
FindNextFileW
GetFullPathNameW
FindFirstFileW
CreateDirectoryW
GetThreadTimes
GetCurrentThread
GetProcessTimes
LoadLibraryExA
VirtualQuery
GetSystemInfo
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
EnumSystemLocalesW
GetTimeFormatW
GetDateFormatW
SetStdHandle
ExitProcess
HeapReAlloc
GetACP
HeapSize
GetConsoleCP
ReadConsoleW
GetConsoleMode
UnregisterWaitEx
VirtualProtect
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
MultiByteToWideChar
GetModuleFileNameW
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
SwitchToThread
CreateTimerQueue
InterlockedFlushSList
RtlUnwind
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
CompareStringW
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetFileAttributesW
CreateFileW
IsWow64Process
FlsAlloc
FlsFree
DeleteCriticalSection
CompareStringEx
GetLastError
CreateSemaphoreA
InitializeCriticalSectionEx
EncodePointer
DuplicateHandle
GetSystemPreferredUILanguages
GetUserGeoID
OpenThread
lstrcmpA
FreeConsole
WriteConsoleW
GetStdHandle
AllocConsole
AttachConsole
DecodePointer
CreateWaitableTimerW
GetLocalTime

ole32

CoRevokeInitializeSpy
CoRegisterInitializeSpy
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
IIDFromString
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CLSIDFromString
StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitializeEx

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

cabinet

ord13
ord14

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

setupapi

SetupIterateCabinetW

ws2_32

WSAStartup
GetAddrInfoW
FreeAddrInfoW

iphlpapi

CreateSortedAddressPairs
FreeMibTable

gdi32

GetDeviceCaps
CreateSolidBrush
SetTextColor
SetBkColor
GetStockObject
CreateFontW
SelectObject
GetTextMetricsW
CreatePen
SetDCPenColor
Rectangle
GetTextExtentPoint32W
SetDCBrushColor
DeleteObject

gdiplus

GdipFree
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipDrawImageRectI
GdiplusStartup
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipLoadImageFromStream
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageGraphicsContext

rpcrt4

RpcStringFreeW
UuidToStringW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d41b25429890c8dcb952bcb86f4a7cc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ole32

oleaut32

cabinet

wintrust

setupapi

ws2_32

iphlpapi

gdi32

gdiplus

rpcrt4

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 69KB - Virtual size: 178KB

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 548KB - Virtual size: 548KB

.reloc Size: 213KB - Virtual size: 213KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 69KB - Virtual size: 178KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 548KB - Virtual size: 548KB

.reloc
Size: 213KB - Virtual size: 213KB