2024-06-11_e8050f833e64d51b182009182233caf1_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-11_e8050f833e64d51b182009182233caf1_magniber
Size

30.8MB
MD5

e8050f833e64d51b182009182233caf1
SHA1

69a4f9f1b938fbea19899a8fd34791fcf382cc9f
SHA256

3927ddf3d317ceb51d3845505981f3c1597148045560424e76ff9ef230e9cdf8
SHA512

c3c5b29c30de7cb20b24597adc210ce2a17127f5299225da8f6d8c2af239d7b8a28f36a693acfa505e9e5b26b6ad833749c425fe0bd2157b1ae8e9e3a1dfd61d
SSDEEP

393216:yqICM9QWkFPS4KAzeR31BwiFvsiXUxew+fWhl1MUl2noOg9Wbkxy0MS/FT437T/8:yR6WdwG3M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-11_e8050f833e64d51b182009182233caf1_magniber

Files

2024-06-11_e8050f833e64d51b182009182233caf1_magniber
.exe windows:6 windows x86 arch:x86

9d1bf4bcc8841e70f0c958a892d4b6dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jenkins_slave\workspace\CCC_2.3.0\slave\tool-VisualStudio_2015_u2\app\project\win\Release\CoreSync.pdb

Imports

vulcanmessage5

?ReleaseInstance@IVulcanMessageDispatcher@api5@vulcan@adobe@@SAXXZ
?GetInstance@IVulcanMessageDispatcher@api5@vulcan@adobe@@SA?AW4VulcanMessageErrorCode@@PAPAV1234@@Z
?SetConfig@IVulcanMessageDispatcher@api5@vulcan@adobe@@SA?AW4VulcanMessageErrorCode@@PBD0@Z
?SetPayload@SuiteMessage@api5@vulcan@adobe@@QAEXPBD@Z
?SetDestinations@SuiteMessage@api5@vulcan@adobe@@QAEXPBVEndPoint@234@I@Z
?SetSource@SuiteMessage@api5@vulcan@adobe@@QAEXABVEndPoint@234@@Z
?GetSource@SuiteMessage@api5@vulcan@adobe@@QBE?AVEndPoint@234@XZ
??1SuiteMessage@api5@vulcan@adobe@@UAE@XZ
??0SuiteMessage@api5@vulcan@adobe@@QAE@PBD@Z
?SetAppVersion@EndPoint@api5@vulcan@adobe@@QAEXPBD@Z
?SetAppId@EndPoint@api5@vulcan@adobe@@QAEXPBD@Z
?SetId@EndPoint@api5@vulcan@adobe@@QAEXPBD@Z
??4EndPoint@api5@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
?TYPE_PREFIX@SuiteMessage@api5@vulcan@adobe@@2QBDB
??0EndPoint@api5@vulcan@adobe@@QAE@XZ
??1EndPoint@api5@vulcan@adobe@@UAE@XZ
?GetIdSize@EndPoint@api5@vulcan@adobe@@QBEIXZ
?GetId@EndPoint@api5@vulcan@adobe@@QBEXPAD@Z
?GetAppIdSize@EndPoint@api5@vulcan@adobe@@QBEIXZ
?GetAppId@EndPoint@api5@vulcan@adobe@@QBEXPAD@Z
?GetAppVersionSize@EndPoint@api5@vulcan@adobe@@QBEIXZ
?GetAppVersion@EndPoint@api5@vulcan@adobe@@QBEXPAD@Z
?GetPayloadSize@SuiteMessage@api5@vulcan@adobe@@QBEIXZ
?GetPayload@SuiteMessage@api5@vulcan@adobe@@QBEXPAD@Z
?GetTypeSize@VulcanMessage@api5@vulcan@adobe@@QBEIXZ
?GetAppVersionSize@VulcanMessage@api5@vulcan@adobe@@QBEIXZ
?GetAppVersion@VulcanMessage@api5@vulcan@adobe@@QBEXPAD@Z
??0EndPoint@api5@vulcan@adobe@@QAE@ABV0123@@Z
?TYPE@ErrorMessage@api5@vulcan@adobe@@2QBDB
?GetType@VulcanMessage@api5@vulcan@adobe@@QBEXPAD@Z
?GetAppIdSize@VulcanMessage@api5@vulcan@adobe@@QBEIXZ
?GetAppId@VulcanMessage@api5@vulcan@adobe@@QBEXPAD@Z
?GetFaultSize@ErrorMessage@api5@vulcan@adobe@@QBEIXZ
?GetError@ErrorMessage@api5@vulcan@adobe@@QBEXPAD@Z
??0IVulcanMessageListener@api5@vulcan@adobe@@QAE@XZ
?GetErrorSize@ErrorMessage@api5@vulcan@adobe@@QBEIXZ
?GetFault@ErrorMessage@api5@vulcan@adobe@@QBEXPAD@Z

fltlib

FilterGetMessage
FilterSendMessage
FilterConnectCommunicationPort
FilterReplyMessage

kernel32

GlobalUnlock
lstrcmpW
MulDiv
LoadLibraryExW
GetSystemTimeAsFileTime
OpenEventA
GetModuleHandleA
GetSystemInfo
GetTickCount
WaitForMultipleObjectsEx
GetCurrentProcessId
ResetEvent
HeapAlloc
SetWaitableTimer
ResumeThread
TlsSetValue
CreateWaitableTimerA
SystemTimeToFileTime
AreFileApisANSI
WideCharToMultiByte
LocalFree
FormatMessageA
QueryPerformanceCounter
GetVersionExW
CreateMutexW
PostQueuedCompletionStatus
CreateThread
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
TerminateThread
QueueUserAPC
VerSetConditionMask
VerifyVersionInfoW
CreateIoCompletionPort
CreateWaitableTimerW
SleepEx
InitializeCriticalSection
GetFileAttributesW
SetFileAttributesW
MoveFileExW
QueueUserWorkItem
lstrlenW
OpenProcess
GetWindowsDirectoryW
LoadLibraryW
CreateFileW
SetFilePointer
WriteFile
GetSystemTime
LocalAlloc
ExpandEnvironmentStringsW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFileSize
GetShortPathNameW
GetVolumeInformationW
ReadFile
RemoveDirectoryW
SetEndOfFile
GetTempPathW
DeviceIoControl
CopyFileExW
CreateSymbolicLinkW
SetThreadPriority
GetExitCodeThread
FormatMessageW
GetLocaleInfoW
GetNumberFormatW
GetLocalTime
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
GetDriveTypeW
GetLogicalDrives
GetLongPathNameW
SetErrorMode
QueryPerformanceFrequency
GetStringTypeW
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
lstrcmpiW
GetStartupInfoW
OutputDebugStringW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
GetEnvironmentVariableW
WriteConsoleW
OutputDebugStringA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetCurrentThread
GetACP
GetStdHandle
GetModuleFileNameA
HeapReAlloc
GetFileType
SetStdHandle
FreeLibraryAndExitThread
ExitThread
VirtualQuery
VirtualProtect
GetModuleHandleExW
ExitProcess
RtlUnwind
GetFullPathNameW
SetFileTime
LoadLibraryA
LCMapStringA
GetStringTypeExA
CancelIo
ReadDirectoryChangesW
TryEnterCriticalSection
HeapCreate
GetDiskFreeSpaceW
LockFile
GetFullPathNameA
UnlockFileEx
UnmapViewOfFile
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
DeleteFileA
HeapCompact
FreeLibrary
GetModuleHandleW
TlsFree
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
DeleteCriticalSection
DecodePointer
RaiseException
CloseHandle
SetEvent
GetLastError
DuplicateHandle
InitializeCriticalSectionEx
GetCurrentProcess
HeapFree
CreateEventA
CreateSemaphoreA
WaitForSingleObjectEx
ReleaseSemaphore
GlobalLock
GetProcAddress
FindResourceW
LoadResource
GlobalAlloc
Sleep
MultiByteToWideChar
CreateEventW
GetCurrentThreadId
WaitForSingleObject
GetModuleFileNameW
SetLastError
IsDebuggerPresent
SizeofResource
HeapDestroy
UnlockFile
CreateFileMappingA
LockFileEx
CreateFileMappingW
MapViewOfFile
GetThreadLocale
GetLocaleInfoA

user32

TranslateMessage
RegisterClassW
PostQuitMessage
PostMessageW
DispatchMessageW
CreateWindowExW
DefWindowProcW
GetMessageW
SetWindowLongW
LoadStringA
GetWindowTextW
EndPaint
BeginPaint
ReleaseDC
InvalidateRect
ReleaseCapture
RegisterWindowMessageW
GetParent
GetClassInfoExW
GetDesktopWindow
PostThreadMessageW
GetDlgItem
GetClientRect
SetCapture
GetClassNameW
GetSystemMetrics
LoadCursorW
CharNextW
SetFocus
CreateAcceleratorTableW
MoveWindow
GetSysColor
IsChild
DestroyAcceleratorTable
ClientToScreen
RedrawWindow
UnregisterClassW
InvalidateRgn
IsWindow
RegisterClassExW
SetWindowTextW
SendMessageW
GetProcessWindowStation
GetUserObjectInformationW
GetThreadDesktop
GetWindowThreadProcessId
GetShellWindow
ShowWindow
LoadIconW
FindWindowW
UpdateWindow
GetWindowLongW
GetWindowTextLengthW
CallWindowProcW
GetWindow
GetFocus
DestroyWindow
GetDC
SetWindowPos
FillRect
ScreenToClient

advapi32

RegCreateKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenThreadToken
SystemFunction036
GetSidSubAuthorityCount
GetSidSubAuthority
LookupAccountNameW
IsValidSid
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
CopySid
OpenProcessToken
ConvertSidToStringSidW
GetLengthSid
GetTokenInformation
RegQueryValueExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW

ole32

CreateItemMoniker
CoRevokeClassObject
OleLockRunning
CLSIDFromString
CoTaskMemRealloc
CoSuspendClassObjects
CoResumeClassObjects
OleInitialize
CreateStreamOnHGlobal
CoRegisterClassObject
CoTaskMemFree
CLSIDFromProgID
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoGetClassObject
CoInitializeEx
CoUninitialize
GetRunningObjectTable

shell32

SHGetDiskFreeSpaceExW
SHChangeNotify
ord709
SHGetKnownFolderPath
SHGetFolderPathW
SHFileOperationW
ord680

oleaut32

SysFreeString
LoadTypeLi
VariantInit
LoadRegTypeLi
OleCreateFontIndirect
SysAllocString
VariantClear
SysStringLen
SysAllocStringLen
VarUI4FromStr

shlwapi

StrFormatByteSizeW
PathMatchSpecW
StrCmpNW
PathMakeSystemFolderW
StrCmpNIW
StrToIntW

ws2_32

WSAStartup
WSACleanup

gdi32

GetStockObject
CreateCompatibleBitmap
GetDeviceCaps
DeleteDC
GetObjectW
SelectObject
CreateCompatibleDC
CreateSolidBrush
BitBlt
DeleteObject

gude

gudeDownload
gudeClearCache
gudeRegisterLoggingCallback
gudeRegisterRequestBodyCallback
gudeRegisterAddHeaderCallback
gudeRegisterSetServerTypeCallback
gudeRegisterMonitorCallback
gudeCancel
gudeRegisterSetTimeoutCallback
gudeRegisterStatusLineCallback
gudeRegisterResponseHeaderCallback
gudeSendRequest
gudeRegisterSSLCertificatePolicyCallback
gudeRegisterCancellationCallback
gudeSetSystemProxyCredentials
gudeUpload
gudeRegisterChunkErrorRetryCallback
gudeRegisterAddChunkHeaderCallback
gudeRegisterProgressCallback
gudeRegisterResponseBodyCallback
gudeRegisterErrorCallback
gudeSetTargetDataRates
gudeDestroy
gudeRegisterCompletionCallback
gudeRegisterAddParametersCallback
gudeSetLogLevel
gudeCreate
gudeErrorString

userenv

UnloadUserProfile

netapi32

NetApiBufferFree
NetShareEnum

mpr

WNetGetLastErrorW
WNetGetConnectionW

Exports

Exports

icudt56_dat

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24.8MB - Virtual size: 24.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1004KB - Virtual size: 1008KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9d1bf4bcc8841e70f0c958a892d4b6dc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vulcanmessage5

fltlib

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

ws2_32

gdi32

gude

userenv

netapi32

mpr

Exports

Exports

Sections

.text Size: 4.8MB - Virtual size: 4.8MB

.rdata Size: 24.8MB - Virtual size: 24.8MB

.data Size: 134KB - Virtual size: 315KB

.gfids Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 58KB - Virtual size: 57KB

.reloc Size: 1004KB - Virtual size: 1008KB

.text
Size: 4.8MB - Virtual size: 4.8MB

.rdata
Size: 24.8MB - Virtual size: 24.8MB

.data
Size: 134KB - Virtual size: 315KB

.gfids
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 58KB - Virtual size: 57KB

.reloc
Size: 1004KB - Virtual size: 1008KB