ffdroider | 2024-06-06_a6862c1c55bef4ad06628f98fd3433b3_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-06_a6862c1c55bef4ad06628f98fd3433b3_magniber
Size

4.6MB
MD5

a6862c1c55bef4ad06628f98fd3433b3
SHA1

dc0563b548b8c401e270d1ad3a8238f08baf5895
SHA256

c4f80c4e187c969405fd1e1c2bb21a8ada6827b304165e33e67a34834fc2c65c
SHA512

8ce96fcdc778579b45d755aadb23a327032c7f1dc5f7ab2e08712e344623725cad42d868ffcac9d56b6cfef5892cdc190682e8cf54ecc189b0c5fd14d3d94285
SSDEEP

98304:vW+aTx+d/Zr/JpoVK+q2RKabRw7spbA4OiZrq1DfPHNADtV6v+N:aGtETw7sp84O7NADtV6v+N

Score

10^/10

ffdroider

Malware Config

Signatures

FFDroider payload 1 IoCs

resource	yara_rule
sample	family_ffdroider

Ffdroider family
ffdroider

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-06_a6862c1c55bef4ad06628f98fd3433b3_magniber

Files

2024-06-06_a6862c1c55bef4ad06628f98fd3433b3_magniber
.exe windows:5 windows x86 arch:x86

aa92764c80056dc1c0006341659ba4d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
VirtualFree
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
InterlockedDecrement
DeleteFileA
AreFileApisANSI
GetSystemTime
LocalFree
GetTempPathA
GetVersionExA
GetCurrentThreadId
GetFileAttributesExW
SwitchToThread
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
GetTempPathW
FlushFileBuffers
GetFileAttributesW
HeapValidate
HeapCreate
GetFileAttributesA
GetVersionExW
FormatMessageW
InitializeCriticalSection
FormatMessageA
GetSystemTimeAsFileTime
UnlockFileEx
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
QueryPerformanceCounter
SystemTimeToFileTime
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
HeapCompact
GetFullPathNameA
GetFullPathNameW
GetTickCount
SignalObjectAndWait
GetSystemInfo
CreateTimerQueue
SetEndOfFile
GetExitCodeThread
LoadLibraryExA
SetLastError
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
GetCurrentThread
GlobalDeleteAtom
lstrcmpA
lstrcmpW
GetPrivateProfileIntW
WritePrivateProfileStringW
GlobalAddAtomW
GetModuleHandleA
FreeResource
SetEvent
CreateEventW
SetThreadPriority
ResumeThread
lstrcpyW
EncodePointer
GlobalFindAtomW
GlobalGetAtomNameW
FileTimeToSystemTime
GetThreadLocale
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalFlags
GetCurrentDirectoryW
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindClose
DuplicateHandle
lstrcmpiW
VerSetConditionMask
VerifyVersionInfoW
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
SearchPathW
GetProfileIntW
GetTempFileNameW
VirtualProtect
GetWindowsDirectoryW
FindResourceExW
GetUserDefaultLCID
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
ExitProcess
GetModuleHandleExW
ExitThread
GetTimeZoneInformation
GetCommandLineW
RtlUnwind
HeapQueryInformation
VirtualAlloc
SetStdHandle
GetFileType
IsValidCodePage
GetACP
GetOEMCP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
CreateSemaphoreW
GetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
GetConsoleCP
GetConsoleMode
GetStringTypeW
ReadConsoleW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
SetEnvironmentVariableW
WriteConsoleW
SetEnvironmentVariableA
lstrlenA
GetThreadTimes
Sleep
FindNextFileW
LoadLibraryExW
FindFirstFileW
CreateFileA
GetVolumeInformationW
GetCurrentProcessId
DeleteFileW
GetModuleFileNameA
GetModuleFileNameW
CopyFileW
WideCharToMultiByte
GetSystemDirectoryW
GetModuleHandleW
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
VirtualQuery
CreateMutexW
GetFileSize
OutputDebugStringA
WaitForDebugEvent
ContinueDebugEvent
TerminateProcess
ReadProcessMemory
TerminateThread
CreateProcessW
LoadLibraryW
FreeLibrary
CreateThread
CloseHandle
CreateFileW
ReadFile
WriteFile
OutputDebugStringW
SetFilePointer
LockResource
LoadLibraryA
GetProcAddress
MultiByteToWideChar
SizeofResource
GetPrivateProfileStringW
LoadResource
FindResourceW
DeleteCriticalSection
DecodePointer
EnterCriticalSection
HeapSize
GetLastError
RaiseException
LeaveCriticalSection
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc

user32

BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
TrackPopupMenu
GetForegroundWindow
SetForegroundWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
AdjustWindowRectEx
EqualRect
SetWindowLongW
GetClassLongW
GetTopWindow
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
ShowWindow
MoveWindow
CheckDlgButton
SetWindowTextW
IsDialogMessageW
LoadCursorW
RealChildWindowFromPoint
CopyImage
DeleteMenu
SetTimer
KillTimer
WaitMessage
SetCapture
ReleaseCapture
WindowFromPoint
DestroyIcon
CharUpperW
TrackMouseEvent
IsZoomed
GetAsyncKeyState
LoadMenuW
MessageBeep
SetRectEmpty
IntersectRect
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
SetLayeredWindowAttributes
EnumDisplayMonitors
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
LoadImageW
SetCursorPos
SetRect
BringWindowToTop
LockWindowUpdate
GetDoubleClickTime
GetIconInfo
CopyIcon
ModifyMenuW
DestroyAcceleratorTable
SetClassLongW
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
SendDlgItemMessageA
GetUpdateRect
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
SetWindowPlacement
ReuseDDElParam
RegisterClipboardFormatW
CharUpperBuffW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
MapVirtualKeyW
CreateAcceleratorTableW
FrameRect
PostThreadMessageW
GetKeyNameTextW
SubtractRect
IsClipboardFormatAvailable
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
DestroyCursor
CreateMenu
GetWindowRgn
HideCaret
InvertRect
GetActiveWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
MapDialogRect
GetWindow
SetWindowContextHelpId
SetWindowPos
DrawIconEx
IsRectEmpty
OffsetRect
InflateRect
FillRect
DrawFocusRect
GetSysColorBrush
GetSysColor
MapWindowPoints
RedrawWindow
SetWindowRgn
DrawStateW
IsWindowVisible
DrawFrameControl
DrawEdge
RegisterWindowMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
PtInRect
ScreenToClient
ClientToScreen
GetCursorPos
GetWindowRect
IsWindow
GetLastActivePopup
GetWindowThreadProcessId
GetWindowLongW
IsWindowEnabled
SetCursor
ShowOwnedPopups
PostQuitMessage
PostMessageW
LoadBitmapW
GetParent
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
wsprintfW
GetWindowPlacement
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
MessageBoxW
GetDesktopWindow
EnableWindow
SendMessageW
GetSystemMetrics
AppendMenuW
LoadIconW
GetClientRect
DrawIcon
IsIconic
GetSystemMenu
wsprintfA
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
SystemParametersInfoW
CopyRect
GetMenuItemInfoW
DestroyMenu
GetClassNameW
GetKeyState
UpdateWindow
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
SetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
UnpackDDElParam
ValidateRect
InvalidateRect

gdi32

BitBlt
CreateCompatibleDC
CreatePen
CreatePatternBrush
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
Polygon
MoveToEx
TextOutW
GetTextMetricsW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
CopyMetaFileW
CreateFontIndirectW
CreateRoundRectRgn
CreateCompatibleBitmap
CreateDIBSection
GetMapMode
SetRectRgn
DPtoLP
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
Rectangle
GetRgnBox
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExW
DeleteDC
CreatePolygonRgn
ExtTextOutW
PatBlt
GetTextExtentPoint32W
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
SetPixelV
GetTextColor
GetBkColor
Ellipse
CreateSolidBrush
CreateRectRgnIndirect
Polyline
CreateRectRgn
CreateHatchBrush
CreateEllipticRgn
CombineRgn
CreateBitmap
GetDeviceCaps
CreateDCW
GetObjectW
ScaleWindowExtEx
GetTextFaceW

advapi32

RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
SHGetFileInfoW
SHAppBarMessage
DragQueryFileW
DragFinish
ShellExecuteW
SHGetFolderPathA

ole32

CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CreateStreamOnHGlobal
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoRevokeClassObject
CoRegisterMessageFilter
OleRun
CoCreateInstance
CoInitialize
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx

msimg32

TransparentBlt
AlphaBlend

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
PathFileExistsW
StrFormatKBSizeW

uxtheme

GetCurrentThemeName
IsAppThemed
DrawThemeText
DrawThemeParentBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetWindowTheme
DrawThemeBackground
CloseThemeData
OpenThemeData
GetThemeColor

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipBitmapUnlockBits
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipBitmapLockBits

ws2_32

htonl
WSAStartup
recv
accept
listen
send
closesocket
htons
socket
bind

wininet

InternetQueryOptionW
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

winhttp

WinHttpSetCredentials
WinHttpReadData
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpConnect
WinHttpWriteData
WinHttpSendRequest
WinHttpSetOption
WinHttpReceiveResponse
WinHttpOpen
WinHttpCloseHandle
WinHttpCrackUrl
WinHttpQueryAuthSchemes
WinHttpAddRequestHeaders

quartz

AMGetErrorTextW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 485KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 159KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa92764c80056dc1c0006341659ba4d6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msimg32

comctl32

shlwapi

uxtheme

oledlg

gdiplus

ws2_32

wininet

winhttp

quartz

oleacc

imm32

winmm

winspool.drv

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 485KB - Virtual size: 488KB

.data Size: 68KB - Virtual size: 108KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 159KB - Virtual size: 160KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 485KB - Virtual size: 488KB

.data
Size: 68KB - Virtual size: 108KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 159KB - Virtual size: 160KB