2024-06-09_49a6dda60aeeb403165f5185412af77f_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-09_49a6dda60aeeb403165f5185412af77f_magniber
Size

5.0MB
MD5

49a6dda60aeeb403165f5185412af77f
SHA1

74bd15de3fd0c64a6dfa08c98fe5d94868654c91
SHA256

38cea7c849703481f29d2fcb4d37ff091f650634c4bbaa43055ef865c14dc11c
SHA512

962e7b6846bb426fddf6da312531ad22314aff72223b2fecdcd13ffa8dac2a83367391b6d9da8707bcf82083c4996e89ce3850ad5892b0f3dfb290c8a3689c11
SSDEEP

98304:Vf0BPFrnCKtt0tn1USwJqaJ4YCzDJTuUsBOs:VZ9jw7aDhTqOs

Score

1^/10

Malware Config

Signatures

Files

2024-06-09_49a6dda60aeeb403165f5185412af77f_magniber
.exe windows:5 windows x86 arch:x86

fb837e004a911b93c5af8184a76b4327

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:84:e6:63:07:59:ee:1e:92:d1:30:b2:b5:3b:b8:af:df:22:d9:91
Signer

Actual PE Digest

69:84:e6:63:07:59:ee:1e:92:d1:30:b2:b5:3b:b8:af:df:22:d9:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Devtrees\helpton\trunk\Binaries\release\Client\SosClient.pdb

Imports

kernel32

Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
RemoveDirectoryW
MoveFileExW
GetPrivateProfileIntW
GetCommandLineW
CreateMutexW
InterlockedCompareExchange
AreFileApisANSI
SetEndOfFile
FlushFileBuffers
UnlockFile
LockFile
LockFileEx
UnmapViewOfFile
UnlockFileEx
MapViewOfFile
CreateFileMappingW
GetTempPathA
GetFileAttributesA
DeleteFileA
GetFileAttributesExW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceW
LoadLibraryA
FormatMessageA
FormatMessageW
QueryPerformanceCounter
GetSystemTime
GetSystemTimeAsFileTime
CreateThread
GetStringTypeExW
GetStringTypeExA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
SetConsoleCtrlHandler
GetEnvironmentStringsW
OpenProcess
SetCurrentDirectoryA
GetCurrentDirectoryA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetStartupInfoA
SetHandleCount
GetModuleHandleA
FatalAppExitA
HeapCreate
GlobalMemoryStatusEx
GetStdHandle
ExitProcess
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
GetStartupInfoW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
MoveFileA
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetFileType
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSizeEx
SetFilePointerEx
SetEnvironmentVariableW
TlsFree
TlsAlloc
OpenThread
TlsSetValue
TlsGetValue
ReleaseMutex
HeapSize
HeapReAlloc
HeapDestroy
VirtualFree
IsProcessorFeaturePresent
DisableThreadLibraryCalls
ResumeThread
SuspendThread
VirtualProtect
VirtualAlloc
VirtualQuery
SetThreadContext
GetThreadContext
TerminateProcess
VerSetConditionMask
VerifyVersionInfoW
GetDiskFreeSpaceA
SetPriorityClass
InterlockedDecrement
SetThreadPriority
GetFileAttributesW
FindFirstFileW
FindNextFileW
InterlockedIncrement
Sleep
DeleteCriticalSection
ExpandEnvironmentStringsW
GetProcAddress
LoadLibraryW
CreateDirectoryW
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
LocalFree
FreeLibrary
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
FreeResource
LockResource
SizeofResource
FindResourceW
LoadResource
GetLastError
GetCurrentProcess
FlushInstructionCache
RaiseException
SetLastError
SetEvent
FindClose
ReadFile
SetFileValidData
WritePrivateProfileStringW
SetFileAttributesW
CopyFileW
DeleteFileW
GetCurrentThread
lstrcpynW
GetProcessHeap
HeapAlloc
HeapFree
GetVersionExW
GetSystemInfo
CreateFileA
DeviceIoControl
OutputDebugStringW
ResetEvent
CreateEventW
WaitForSingleObject
TerminateThread
GetFileSize
GetCurrentProcessId
SetFilePointer
GetTempPathW
GetLocalTime
InterlockedExchange
CreateProcessW
GetTickCount
MulDiv
lstrcmpW
CreateFileW
WriteFile
GetEnvironmentVariableW
OutputDebugStringA
lstrcmpiW
LoadLibraryExW
InitializeCriticalSection
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW
WideCharToMultiByte
lstrlenW
CloseHandle
MultiByteToWideChar
GetCurrentThreadId
lstrlenA
FreeEnvironmentStringsW

user32

LoadStringA
GetActiveWindow
UnregisterClassA
RemovePropW
SetPropW
GetScrollInfo
GetPropW
EnumClipboardFormats
SetScrollRange
SetScrollPos
LoadStringW
SetScrollInfo
MessageBoxW
IsCharAlphaNumericW
SetRect
GetWindowDC
GetClipboardData
CreateCaret
DestroyCaret
SetCaretPos
ScrollWindowEx
GetDlgCtrlID
HideCaret
ShowCaret
CopyRect
InvertRect
GetLastActivePopup
EqualRect
GetKeyState
TrackMouseEvent
RegisterWindowMessageW
IsWindowEnabled
EnableScrollBar
AnimateWindow
GetDlgItem
IsIconic
CreateAcceleratorTableW
EnumDisplayDevicesW
EnumDisplaySettingsExW
ShowWindowAsync
PostMessageW
GetWindowRect
UpdateLayeredWindow
IsWindow
FillRect
SetWindowPos
GetClientRect
ClientToScreen
UpdateWindow
InvalidateRect
ShowWindow
GetSystemMetrics
MonitorFromWindow
FindWindowW
IsDialogMessageW
LoadImageW
SendMessageW
MapWindowPoints
GetMonitorInfoW
GetWindowLongW
GetWindow
GetParent
ScreenToClient
KillTimer
DestroyIcon
LoadIconW
PostQuitMessage
MoveWindow
SetForegroundWindow
GetCursorPos
IsWindowVisible
SetTimer
SetFocus
PtInRect
DialogBoxIndirectParamW
CreateDialogIndirectParamW
EndDialog
DestroyWindow
GetDC
ReleaseDC
SetWindowRgn
IntersectRect
SetCapture
GetCapture
ReleaseCapture
OffsetRect
SetCursor
LoadCursorW
DrawTextW
DrawIconEx
BeginPaint
EndPaint
WindowFromPoint
GetClassLongW
SetWindowTextW
AdjustWindowRectEx
DefWindowProcW
RedrawWindow
CreateWindowExW
SetWindowLongW
CallWindowProcW
GetClassInfoExW
RegisterClassExW
GetDesktopWindow
GetClassNameW
ExitWindowsEx
wsprintfW
InvalidateRgn
IsChild
GetFocus
DestroyAcceleratorTable
GetSysColor
EnableWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
PostThreadMessageW
CharNextW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetAsyncKeyState
GetWindowTextW
GetWindowTextLengthW
SetLayeredWindowAttributes

gdi32

CombineRgn
CreateRectRgn
SetBkColor
ExtTextOutW
SelectClipRgn
Rectangle
GetBitmapBits
SetBitmapBits
GetDeviceCaps
CreateSolidBrush
CreatePen
MoveToEx
LineTo
CreateFontW
CreateFontIndirectW
SetStretchBltMode
StretchBlt
CreateCompatibleBitmap
GetTextMetricsW
GetTextColor
GetClipBox
GetObjectW
IntersectClipRect
SetViewportOrgEx
OffsetViewportOrgEx
BitBlt
ExcludeClipRect
ExtCreateRegion
GetStockObject
SetBkMode
SetTextColor
TextOutW
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
SetDIBColorTable
GetTextExtentPoint32W
GetCharWidth32W

advapi32

RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegRestoreKeyW
RegSaveKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyW
ImpersonateSelf
OpenThreadToken
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
CreateServiceW
DeleteService
ControlService
OpenServiceW
ChangeServiceConfigW
StartServiceCtrlDispatcherW
StartServiceW
SetServiceStatus
RegisterServiceCtrlHandlerExW
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
CommandLineToArgvW
ShellExecuteW
Shell_NotifyIconW

ole32

CoTaskMemRealloc
CoCreateGuid
OleInitialize
OleUninitialize
OleLockRunning
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
StgCreateDocfile
OleSetContainedObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoInitialize
CoCreateInstance

oleaut32

GetErrorInfo
VariantChangeType
CreateErrorInfo
SysFreeString
VarBstrCmp
DispCallFunc
LoadTypeLi
LoadRegTypeLi
SysAllocStringLen
OleCreateFontIndirect
SysStringLen
VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VarUI4FromStr
SetErrorInfo

shlwapi

PathAppendW
UrlUnescapeW
PathRemoveFileSpecW
PathFileExistsW
SHGetValueW
PathCombineW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

GradientFill
AlphaBlend

gdiplus

GdipDeleteBrush
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageBounds
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdiplusStartup
GdipLoadImageFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipDrawImageI
GdipGetImageGraphicsContext
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateFontFromLogfontW
GdipCreateFontFromDC
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipDrawImageRectI
GdipDrawString
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCloneBrush
GdipLoadImageFromFileICM
GdipCreateSolidFill
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipAlloc
GdipFree
GdiplusShutdown

wininet

HttpOpenRequestW
InternetConnectW
InternetQueryDataAvailable
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
InternetCanonicalizeUrlW
InternetSetFilePointer
InternetGetCookieA
InternetSetOptionW
InternetOpenW
InternetOpenUrlW
InternetCrackUrlW
InternetSetCookieA
InternetCloseHandle

iphlpapi

GetAdaptersInfo

rpcrt4

UuidToStringW
RpcStringFreeW

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
ImmGetCompositionStringW

urlmon

UrlMkGetSessionOption

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

connect
gethostbyname
recv
inet_addr
htons
ntohs
inet_ntoa
WSACleanup
ntohl
getpeername
gethostname
htonl
getsockname
shutdown
setsockopt
bind
socket
closesocket
listen
accept
WSAStartup
send

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 425KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb837e004a911b93c5af8184a76b4327

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

69:84:e6:63:07:59:ee:1e:92:d1:30:b2:b5:3b:b8:af:df:22:d9:91Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

wininet

iphlpapi

rpcrt4

imm32

urlmon

version

ws2_32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 425KB - Virtual size: 425KB

.data Size: 45KB - Virtual size: 64KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 110KB - Virtual size: 110KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

69:84:e6:63:07:59:ee:1e:92:d1:30:b2:b5:3b:b8:af:df:22:d9:91
Signer

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 425KB - Virtual size: 425KB

.data
Size: 45KB - Virtual size: 64KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 110KB - Virtual size: 110KB