2024-06-06_2daa363284d973e62b668d66b8c6475b_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-06_2daa363284d973e62b668d66b8c6475b_magniber
Size

2.4MB
MD5

2daa363284d973e62b668d66b8c6475b
SHA1

8a113acde72a30aec9491820586ea933bc85786c
SHA256

b650726d6cee41b5e3df463c5cbf1b0b129daf2bef5f3c32f640a6ab2979d50e
SHA512

deb5528a5e67a1c846063cc02d2bae94c79c12059ff26b97af4c65c8790824d9bc5cb7ccac54a83d251d04b2a2faded1d41a4135887c22727ad6181ac8cce2d9
SSDEEP

49152:8Z/AdHrznyrDF3U1Szzo0N9iRkF5FGtBDrw34K//ozPjwQ8b3QTX6L0hl:8mgxk0NCK3ozPjwQ8b3Zi

Score

1^/10

Malware Config

Signatures

Files

2024-06-06_2daa363284d973e62b668d66b8c6475b_magniber
.exe windows:5 windows x86 arch:x86

983cc4fbf3b61089ee96bdf1ae0b1b16

Code Sign

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:25

Not After

01-09-2022 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:33

Not After

01-09-2022 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:ef:a9:3b:2d:67:72:56:ad:28:cb:2f:7f:43:92:9b:87:ae:1f:a2:0b:44:90:df:79:f5:95:15:78:8c:80:d1
Signer

Actual PE Digest

28:ef:a9:3b:2d:67:72:56:ad:28:cb:2f:7f:43:92:9b:87:ae:1f:a2:0b:44:90:df:79:f5:95:15:78:8c:80:d1

Digest Algorithm

sha256

PE Digest Matches

false

28:ef:a9:3b:2d:67:72:56:ad:28:cb:2f:7f:43:92:9b:87:ae:1f:a2:0b:44:90:df:79:f5:95:15:78:8c:80:d1
Signer

Actual PE Digest

28:ef:a9:3b:2d:67:72:56:ad:28:cb:2f:7f:43:92:9b:87:ae:1f:a2:0b:44:90:df:79:f5:95:15:78:8c:80:d1

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\xunyou\xy3.0\XunYouNetHelper_GF3.0\output\XunYouNetHelper_GF3.0.pdb

Imports

psapi

GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW

kernel32

FindResourceW
GetFullPathNameW
FindFirstFileW
MulDiv
GetVersionExW
GetLocalTime
GetVersionExA
LoadLibraryA
GetModuleHandleA
IsBadReadPtr
DebugBreak
lstrcpyW
lstrlenA
lstrlenW
SetUnhandledExceptionFilter
CreateThread
CreateEventW
lstrcpynW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FormatMessageW
GetTempPathW
GetTempFileNameW
GetFileAttributesExW
GetSystemInfo
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateEventA
CreateFileMappingW
SetEvent
UnmapViewOfFile
OpenFileMappingW
OpenEventA
GetModuleFileNameA
FreeLibrary
GetExitCodeProcess
CreateProcessW
WaitForSingleObject
OpenMutexW
DeleteFileW
OutputDebugStringW
OpenProcess
CreateMutexW
TerminateProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
ResumeThread
SuspendThread
lstrcmpA
GetCurrentThreadId
OutputDebugStringA
Module32NextW
LocalFree
Module32FirstW
LoadLibraryW
LocalAlloc
GetCurrentProcess
GetTickCount
SetEndOfFile
WriteConsoleW
MoveFileExW
FlushFileBuffers
FindClose
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
SetStdHandle
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetCurrentThread
GetACP
ExitProcess
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
RtlUnwind
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
CreateDirectoryA
GetModuleHandleExA
CreateSemaphoreW
GetStdHandle
ReleaseSemaphore
GlobalUnlock
GlobalLock
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
InitializeCriticalSection
GetLastError
RaiseException
DecodePointer
SizeofResource
LoadResource
LockResource
FreeResource
HeapCreate
FlushInstructionCache
SetEnvironmentVariableW
GetFileAttributesW
DeleteCriticalSection
CreateDirectoryW
ReadFile
GetFileSizeEx
FindFirstFileA
SetLastError
WriteFile
MapViewOfFile
OpenFileMappingA
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateFileMappingA
GetProcAddress
GetModuleFileNameW
HeapDestroy
HeapAlloc
HeapReAlloc
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
HeapSize
DeviceIoControl
HeapFree
InterlockedIncrement
InterlockedDecrement
GlobalFree
GlobalAlloc
Sleep
GetFileTime
WideCharToMultiByte
SetFilePointerEx
FileTimeToLocalFileTime
SetFileAttributesA
CloseHandle
GetSystemDirectoryA
FileTimeToSystemTime
MultiByteToWideChar
CreateFileW

user32

MoveWindow
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
PostQuitMessage
SetForegroundWindow
GetFocus
IsWindowVisible
GetActiveWindow
GetParent
DeleteMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
SetPropW
EnumWindows
GetForegroundWindow
AttachThreadInput
OffsetRect
ShowWindow
SendMessageW
EnumChildWindows
GetPropW
SetWindowPos
DestroyWindow
GetWindowThreadProcessId
PtInRect
wsprintfW
TranslateMessage
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects
GetMessageW
ReleaseDC
DrawIconEx
GetIconInfo
GetDC
FindWindowW
GetTopWindow
InvertRect
FillRect
IsWindow
MessageBoxW
GetWindow
LoadStringA
LoadStringW
LoadIconW
LoadCursorW
DestroyCursor
SetTimer
KillTimer
SetRect
CopyRect
InflateRect
IntersectRect
UnionRect
IsRectEmpty
EqualRect
DefWindowProcW
SetFocus
CallWindowProcW
RegisterClassExW
CheckMenuItem
DestroyMenu
CreatePopupMenu
IsMenu
UpdateLayeredWindow
SystemParametersInfoA
DrawTextW
PostMessageW
UnregisterClassW
SetCursor
GetWindowPlacement
GetSystemMetrics
GetSysColor
EnableMenuItem
ClientToScreen
GetDesktopWindow
SetActiveWindow
IsWindowEnabled
EnableWindow
LoadImageW
CreateIconFromResource
LoadBitmapW
CharNextW
MapVirtualKeyA
CharLowerBuffW
DestroyIcon
GetClassNameW
ScreenToClient
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
GetCursorPos
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
IsZoomed
IsIconic
SetLayeredWindowAttributes
AnimateWindow
TrackMouseEvent
GetKeyState
GetMonitorInfoW
MonitorFromWindow
SetWindowLongW
GetWindowLongW
MapWindowPoints
GetWindowRect
GetClientRect
GetDlgItem
CreateWindowExW

gdi32

SelectObject
SetLayout
SetViewportOrgEx
CreateCompatibleBitmap
StretchBlt
GetDCOrgEx
SetBkMode
Rectangle
GetStockObject
GetClipBox
CreateSolidBrush
CreateFontIndirectW
SetGraphicsMode
GetDeviceCaps
CreateBitmap
CreateRoundRectRgn
EnumFontsW
BitBlt
CreateDIBSection
CreateCompatibleDC
CreateDCW
GetDIBits
DeleteDC
GetObjectW
DeleteObject
Arc
CombineRgn
CreateEllipticRgnIndirect
CreatePen
CreatePatternBrush
CreateRectRgn
CreateRectRgnIndirect
Ellipse
ExcludeClipRect
GetClipRgn
GetRgnBox
GetTextColor
GetTextExtentPoint32W
IntersectClipRect
OffsetRgn
Pie
PtInRegion
RectInRegion
RestoreDC
RoundRect
SaveDC
ExtSelectClipRgn
SetRectRgn
SetROP2
SetTextColor
GetWorldTransform
SetWorldTransform
ExtCreatePen
Polyline
GetCurrentObject
GetViewportOrgEx

advapi32

RegQueryValueExW
CloseServiceHandle
OpenSCManagerW
EnumServicesStatusW
SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExA
RegEnumKeyExW
InitializeSecurityDescriptor
RegOpenKeyExA
RegOpenKeyExW
CryptReleaseContext
CryptDestroyKey
CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptSetKeyParam
CryptImportKey

shell32

SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteW

ole32

CoCreateGuid
CreateBindCtx
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
OleLockRunning
OleInitialize
OleUninitialize
CreateStreamOnHGlobal

oleaut32

SysStringLen
VariantChangeType
SysAllocStringByteLen
VariantClear
SysStringByteLen
SysAllocStringLen
SystemTimeToVariantTime
VariantInit
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysAllocString
SysFreeString

shlwapi

PathFileExistsW
PathFileExistsA
PathRemoveFileSpecA
PathIsDirectoryA
StrToIntExW
StrCatW
StrStrIW

iphlpapi

GetIfTable
GetIpForwardTable
GetAdaptersInfo

wlanapi

WlanEnumInterfaces
WlanOpenHandle
WlanFreeMemory
WlanCloseHandle
WlanGetAvailableNetworkList

ws2_32

gethostbyname
inet_ntoa
sendto
htons
select
inet_addr
socket
closesocket
recvfrom

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdiplus

GdipBitmapUnlockBits
GdipAlloc
GdipDisposeImage
GdipFree
GdipCloneImage
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipCreateBitmapFromScan0
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipDeleteGraphics
GdipGraphicsClear
GdipDrawImageRectI
GdipBitmapLockBits

imm32

ImmAssociateContext
ImmReleaseContext
ImmGetContext

msimg32

AlphaBlend
GradientFill

rpcrt4

UuidToStringA
RpcStringFreeA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 637KB - Virtual size: 637KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

983cc4fbf3b61089ee96bdf1ae0b1b16

Code Sign

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

28:ef:a9:3b:2d:67:72:56:ad:28:cb:2f:7f:43:92:9b:87:ae:1f:a2:0b:44:90:df:79:f5:95:15:78:8c:80:d1Signer

28:ef:a9:3b:2d:67:72:56:ad:28:cb:2f:7f:43:92:9b:87:ae:1f:a2:0b:44:90:df:79:f5:95:15:78:8c:80:d1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

wlanapi

ws2_32

version

gdiplus

imm32

msimg32

rpcrt4

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 637KB - Virtual size: 637KB

.data Size: 32KB - Virtual size: 103KB

.gfids Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 101KB - Virtual size: 101KB

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

28:ef:a9:3b:2d:67:72:56:ad:28:cb:2f:7f:43:92:9b:87:ae:1f:a2:0b:44:90:df:79:f5:95:15:78:8c:80:d1
Signer

28:ef:a9:3b:2d:67:72:56:ad:28:cb:2f:7f:43:92:9b:87:ae:1f:a2:0b:44:90:df:79:f5:95:15:78:8c:80:d1
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 637KB - Virtual size: 637KB

.data
Size: 32KB - Virtual size: 103KB

.gfids
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 101KB - Virtual size: 101KB