2024-06-03_e065485fb8c35762e23b46ee56bcbda8_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-03_e065485fb8c35762e23b46ee56bcbda8_magniber
Size

4.5MB
MD5

e065485fb8c35762e23b46ee56bcbda8
SHA1

0cd53fd75fd7b1dc77b000cb3e3a417b86f639ae
SHA256

4a05c6d52591cb5106b96aff310966d5270a8f2f853a9ccbbd7252380fbe089c
SHA512

73d4854d70614448d41d0fa99ea398fa6df1544d9b47ba1977d1cc538a83b6b86c5c5b4035d26b928152f516cc3c657af8ab7c40d507d3ac77b421dd921089de
SSDEEP

98304:9Ie+BI+8HIRcncM4v4P7+x7wzmULVXu0MnV3rLnyMv7xhk67wc:Se+B9I7P7AMzmyInV3nnv7wc

Score

10^/10

Malware Config

Signatures

Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxHookingDLL

Detects binaries and memory artifacts referencing sandbox product IDs 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxProductID

Detects executables referencing combination of virtualization drivers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_VM_Evasion_VirtDrvComb

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-03_e065485fb8c35762e23b46ee56bcbda8_magniber

Files

2024-06-03_e065485fb8c35762e23b46ee56bcbda8_magniber
.exe windows:6 windows x86 arch:x86

72b542aaf03f71124bd135cdd25fbecc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
WideCharToMultiByte
GetTickCount64
CreateMutexA
SetLastError
ExpandEnvironmentStringsW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetWindowsDirectoryW
lstrcmpiA
GetComputerNameExA
GetComputerNameA
lstrcmpiW
Sleep
FreeLibrary
LoadLibraryA
GetProcessHeap
IsWow64Process
GetSystemFirmwareTable
K32GetModuleBaseNameW
K32EnumProcesses
GlobalMemoryStatusEx
GetPhysicallyInstalledSystemMemory
GetDiskFreeSpaceExW
CloseHandle
GetCurrentProcess
GetLastError
GetFileAttributesA
LocalAlloc
LocalFree
GetCommandLineW
VerSetConditionMask
ResumeThread
CreateProcessW
GetCurrentProcessId
CreateFileW
GetTempFileNameW
GetTempPathW
CreateThread
MultiByteToWideChar
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW
WriteConsoleW
SetEndOfFile
DeleteFileW
GetFullPathNameW
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetStdHandle
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
VerifyVersionInfoW
CopyFileA
IsValidLocale
GetLocaleInfoW
WaitForSingleObject
VirtualAlloc
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetSystemInfo
GetModuleHandleA
GetProcAddress
InitializeCriticalSectionAndSpinCount
FindResourceW
LoadResource
FreeResource
SizeofResource
LockResource
ExitProcess
GetACP
LoadLibraryW
GetCurrentDirectoryW
GetTickCount
MulDiv
GetFileSize
ReadFile
WriteFile
SetFilePointer
DuplicateHandle
SystemTimeToFileTime
GetFileType
DosDateTimeToFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocalTime
GetTempPathA
CreateFileA
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
InitializeCriticalSection
DeleteCriticalSection
GetTempFileNameA
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
FormatMessageA
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
DecodePointer
InitializeCriticalSectionEx
LCMapStringEx
WakeAllConditionVariable
SleepConditionVariableSRW
CompareStringEx
GetCPInfo
InitOnceExecuteOnce
GetSystemTimeAsFileTime
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
SetFileCompletionNotificationModes
SetEvent
CreateEventW
GetSystemDirectoryW
FormatMessageW
MoveFileExW
GetEnvironmentVariableA
GetStdHandle
PeekNamedPipe
WaitForMultipleObjects
SleepEx
GetFileSizeEx
RtlUnwind
InterlockedPushEntrySList
RaiseException
LoadLibraryExW
GetModuleHandleExW
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
GetFileAttributesExW
SetFilePointerEx
HeapFree
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW

user32

DestroyWindow
ReleaseDC
GetDC
SetTimer
KillTimer
GetActiveWindow
GetWindow
SetFocus
BeginPaint
EndPaint
IsRectEmpty
GetUpdateRect
IsWindow
IsWindowVisible
IntersectRect
MapWindowPoints
CreateWindowExW
InvalidateRect
GetMessageW
TranslateMessage
DispatchMessageW
SetCapture
ReleaseCapture
PostMessageW
CharNextW
DefWindowProcW
EnableWindow
SetWindowRgn
RegisterClassW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetPropW
GetPropW
GetKeyState
FillRect
InvalidateRgn
CreateAcceleratorTableW
GetGUIThreadInfo
ClientToScreen
MoveWindow
DrawTextW
SetRect
CharPrevW
CreateCaret
ShowCaret
HideCaret
GetCaretPos
SetCaretPos
GetSysColor
GetCaretBlinkTime
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
SendMessageW
LoadCursorW
SetCursor
wvsprintfW
UnionRect
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
IsIconic
LoadIconW
GetClientRect
IsZoomed
PtInRect
ScreenToClient
GetParent
GetFocus
OffsetRect
SetWindowPos
SetWindowLongW
ShowWindow
PostQuitMessage
MessageBoxW
wsprintfW
GetWindowLongW
FindWindowW
GetCursorPos

advapi32

CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExW
RegQueryValueExW
GetUserNameW
RegCloseKey
RegOpenKeyExW
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW

shell32

SHCreateDirectoryExA
SHGetFolderPathW
ShellExecuteW
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CLSIDFromString
OleLockRunning
CoCreateInstance
CLSIDFromProgID
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdiplus

GdipDrawString
GdipGetFamily
GdipDeleteFontFamily
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateLineBrushI
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectI
GdipGraphicsClear
GdipDrawImage
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipGetImageWidth
GdipGetImageHeight
GdipImageSelectActiveFrame
GdipLoadImageFromStream
GdiplusStartup
GdiplusShutdown
GdipSetSmoothingMode
GdipCloneBrush

shlwapi

PathCombineW
PathFileExistsA
PathFindFileNameA

ws2_32

accept
gethostname
__WSAFDIsSet
WSASetLastError
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAIoctl
inet_ntop
inet_pton
freeaddrinfo
socket
getaddrinfo
WSACleanup
WSAStartup
select
ntohs
htons
htonl
sendto
recvfrom
recv
connect
getpeername
WSAGetLastError
getsockopt
bind
closesocket
listen
send
setsockopt
ioctlsocket
getsockname

iphlpapi

GetAdaptersInfo

mpr

WNetGetProviderNameW

comctl32

_TrackMouseEvent
ord17

imm32

ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext

gdi32

ExtSelectClipRgn
GetCharABCWidthsW
RestoreDC
TextOutW
GdiFlush
GetObjectA
CreatePatternBrush
SetTextColor
BitBlt
SetBkMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
Rectangle
RoundRect
LineTo
MoveToEx
CreatePenIndirect
CreateSolidBrush
ExtTextOutW
SetBkColor
SetStretchBltMode
StretchBlt
CreateDIBSection
CombineRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
GetDeviceCaps
DeleteDC
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
DeleteObject
CreateRoundRectRgn
GetTextMetricsW
SetWindowOrgEx
SaveDC
GetTextExtentPoint32W

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

secur32

DecryptMessage
EncryptMessage
FreeContextBuffer
QueryContextAttributesA
AcquireCredentialsHandleA
FreeCredentialsHandle
InitializeSecurityContextA
AcceptSecurityContext
CompleteAuthToken
DeleteSecurityContext

crypt32

CertCloseStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.config
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vlizer
Size: 1.6MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

72b542aaf03f71124bd135cdd25fbecc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

ws2_32

iphlpapi

mpr

comctl32

imm32

gdi32

bcrypt

secur32

crypt32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 262KB - Virtual size: 262KB

.data Size: 23KB - Virtual size: 40KB

.config Size: 512B - Virtual size: 4B

.rsrc Size: 123KB - Virtual size: 123KB

.reloc Size: 61KB - Virtual size: 64KB

.vlizer Size: 1.6MB - Virtual size: 5.8MB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 262KB - Virtual size: 262KB

.data
Size: 23KB - Virtual size: 40KB

.config
Size: 512B - Virtual size: 4B

.rsrc
Size: 123KB - Virtual size: 123KB

.reloc
Size: 61KB - Virtual size: 64KB

.vlizer
Size: 1.6MB - Virtual size: 5.8MB