2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber
Size

1.4MB
MD5

f339756a91e40ce34ff16d6805d8b379
SHA1

8a2ade7892c22b20be2b14aa88a076cf3e36335e
SHA256

be6d9cc93d0d7e63f8bca78f2a281bc5c13ce5512c07f77c3162df7aaed947b1
SHA512

937044bba490461ccb62ec326dde7fd9634ed6810bb0651716da42303801888a7d5c0649fc5fb4a1381945c820ce060703daef053a428fce4f729c6abc34387a
SSDEEP

24576:WKMWhY/yTEOrxbNDT0rFY7grQWP/f2lnBICL0yNdcYXPAcsdB:WdcwyTpbNDT0rF8k3Xm6CwyNCmPy

Score

1^/10

Malware Config

Signatures

Files

2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber
.exe windows:4 windows x86 arch:x86

a819a8412b50fe9abb285d001069c4ce

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c2:d2:c5:56:e6:47:ce:6f:dc:7d:df:5b:65:9c:bd:6a:1d:4e:40:e2
Signer

Actual PE Digest

c2:d2:c5:56:e6:47:ce:6f:dc:7d:df:5b:65:9c:bd:6a:1d:4e:40:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_Trunk\workspace\Mainline_SourceJob_2\qqpcmgr_proj\Basic\Output\BinFinal\Uninst.pdb

Imports

kernel32

DeviceIoControl
GetVersionExW
SetEvent
LocalFree
LocalAlloc
CreateFileA
GetWindowsDirectoryW
ExpandEnvironmentStringsW
IsBadReadPtr
GetCurrentDirectoryW
CreateDirectoryW
GetUserDefaultUILanguage
FindClose
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetDriveTypeA
GetCurrentDirectoryA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
FreeResource
TlsFree
GetExitCodeProcess
TlsAlloc
TlsGetValue
GetModuleFileNameA
HeapCreate
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
CreateThread
ExitThread
GetFullPathNameW
IsDebuggerPresent
UnhandledExceptionFilter
FindFirstFileW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GlobalAlloc
GlobalLock
DuplicateHandle
CreatePipe
GetStdHandle
LoadLibraryA
GetSystemDefaultLangID
VirtualQuery
GetLogicalDriveStringsW
IsDBCSLeadByte
GetCPInfo
MoveFileW
SetFileAttributesW
WriteFile
lstrcpynW
SetUnhandledExceptionFilter
SearchPathW
GetProcessHeap
SetErrorMode
VirtualAllocEx
HeapAlloc
HeapFree
CreateEventW
WriteProcessMemory
TerminateProcess
GetPrivateProfileStringW
GetEnvironmentVariableW
WaitForSingleObject
CreateProcessW
ReadFile
CreateFileW
GetFileSize
GetCommandLineW
GetTempFileNameW
GetTickCount
RemoveDirectoryW
GetFileAttributesW
CreateToolhelp32Snapshot
MoveFileExW
ExitProcess
GetSystemTimeAsFileTime
Process32NextW
CopyFileW
FindNextFileW
GetOEMCP
OpenProcess
FlushInstructionCache
InitializeCriticalSection
LockResource
GetVersion
GetModuleFileNameW
FreeLibrary
GetProcAddress
InterlockedIncrement
DeleteCriticalSection
CreateFileMappingW
MultiByteToWideChar
UnmapViewOfFile
SetLastError
FindResourceW
LeaveCriticalSection
lstrlenW
GetSystemDirectoryW
CloseHandle
lstrlenA
LoadLibraryExW
lstrcmpiW
LoadResource
GetCurrentThreadId
GetModuleHandleW
GetCurrentProcess
WideCharToMultiByte
LoadLibraryW
CreateMutexW
RaiseException
FindResourceExW
SizeofResource
EnterCriticalSection
GetLastError
MapViewOfFileEx
ReleaseMutex
GetLocalTime
QueryDosDeviceW
SetFilePointer
GetTempPathW
Sleep
GetSystemInfo
GetCurrentProcessId
DeleteFileW
GetProcessTimes
GetModuleHandleA
Process32FirstW
InterlockedDecrement
TlsSetValue
DebugBreak

user32

CopyImage
LoadImageW
MoveWindow
GetClientRect
LoadStringW
SetRect
SendMessageW
GetClassInfoExW
GetWindowThreadProcessId
PeekMessageW
RegisterClassExW
SetWindowPos
GetParent
CharNextW
MapWindowPoints
DestroyWindow
LoadCursorW
ReleaseDC
InflateRect
GetMessageW
DispatchMessageW
IsWindow
CopyRect
UnregisterClassA
TranslateMessage
EnableWindow
GetForegroundWindow
ShowWindow
SetTimer
SetCapture
GetUserObjectInformationW
ReleaseCapture
OffsetRect
GetSystemMenu
GetKeyState
SetCursor
TrackPopupMenu
PtInRect
GetSystemMetrics
IsWindowVisible
GetSysColor
CloseDesktop
MonitorFromWindow
EndPaint
DrawIconEx
GetMonitorInfoW
GetDlgItem
GetThreadDesktop
GetProcessWindowStation
CallWindowProcW
CloseWindowStation
LoadIconW
GetDlgCtrlID
DefWindowProcW
UpdateLayeredWindow
DestroyIcon
PostQuitMessage
PostThreadMessageW
EqualRect
mouse_event
DrawTextW
KillTimer
ClientToScreen
BeginPaint
DrawFrameControl
FindWindowW
SendMessageTimeoutW
MsgWaitForMultipleObjects
PostMessageW
FindWindowExW
GetWindowLongW
SetWindowLongW
SetForegroundWindow
IsWindowEnabled
CreateWindowExW
GetWindow
GetWindowRect
AttachThreadInput
GetDesktopWindow
InvalidateRect
GetDC
SystemParametersInfoW
GetActiveWindow
SetActiveWindow

gdi32

CreateRectRgn
MoveToEx
SaveDC
RectInRegion
CreateSolidBrush
TextOutW
CreateRectRgnIndirect
LineTo
SelectClipRgn
GetTextExtentPoint32W
RestoreDC
RoundRect
CombineRgn
SetBkMode
GetObjectW
CreatePen
DeleteObject
CreateDIBSection
CreateFontIndirectW
CreateCompatibleBitmap
GetStockObject
SetTextColor
BitBlt
CreateCompatibleDC
Rectangle
DeleteDC
SelectObject
StretchBlt
SetBkColor
CreateBitmap
ExtTextOutW
GetClipRgn

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
SetNamedSecurityInfoW
AllocateAndInitializeSid
FreeSid
SetEntriesInAclW
RegRestoreKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenSCManagerW
DeleteService
ControlService
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegUnLoadKeyW
AdjustTokenPrivileges
RegQueryValueExW
OpenProcessToken
RegOpenKeyW
LookupPrivilegeValueW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
IsTextUnicode

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHChangeNotify

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
OleInitialize
OleUninitialize
CoTaskMemFree

oleaut32

VariantClear
SysAllocString
VariantInit
OleLoadPicture
VarUI4FromStr
SysFreeString

shlwapi

SHDeleteValueW
wnsprintfW
SHDeleteKeyW
PathAddBackslashW
StrToIntA
PathAppendW
PathFileExistsW

comctl32

_TrackMouseEvent

ws2_32

htonl
WSCDeinstallProvider
WSCEnumProtocols
htons

psapi

GetModuleFileNameExW
GetProcessMemoryInfo
GetProcessImageFileNameW

gdiplus

GdipDrawImageI
GdipDeleteGraphics
GdipCreateHBITMAPFromBitmap
GdipCreateFromHDC
GdipDrawImageRectI
GdipFree
GdipAlloc
GdipLoadImageFromStream
GdipCreateBitmapFromStream
GdipCloneImage
GdipGetImageHeight
GdipDisposeImage
GdipCreateImageAttributes
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdiplusShutdown
GdipDrawImageRectRectI
GdiplusStartup
GdipGetImageWidth

wininet

InternetOpenW
InternetOpenUrlW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

fltlib

FilterUnload

crypt32

CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW

netapi32

Netbios

Sections

.text
Size: 664KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 620KB - Virtual size: 618KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a819a8412b50fe9abb285d001069c4ce

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

c2:d2:c5:56:e6:47:ce:6f:dc:7d:df:5b:65:9c:bd:6a:1d:4e:40:e2Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

psapi

gdiplus

wininet

version

fltlib

crypt32

netapi32

Sections

.text Size: 664KB - Virtual size: 661KB

.rdata Size: 124KB - Virtual size: 122KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 620KB - Virtual size: 618KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c2:d2:c5:56:e6:47:ce:6f:dc:7d:df:5b:65:9c:bd:6a:1d:4e:40:e2
Signer

.text
Size: 664KB - Virtual size: 661KB

.rdata
Size: 124KB - Virtual size: 122KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 620KB - Virtual size: 618KB