2024-06-14_5bed7db7ddfa06857b0567b9f2924ddf_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-14_5bed7db7ddfa06857b0567b9f2924ddf_magniber
Size

2.6MB
MD5

5bed7db7ddfa06857b0567b9f2924ddf
SHA1

c21c93d67e98a1ad2c4e47e8c06c5b6f29e97259
SHA256

5789fad726abaa21a02524f4341d117111c7fb16bb5859d22928b8bb3dc4fec5
SHA512

88e0e57771f9c1f734d5e733489223f544480f9751cbeba282c601add114d3e51c859802859fb198869b8900a0c44cb125db17d4cfd17de17ded9ef16371a623
SSDEEP

49152:oT4RQPEMyqOL95P7gfqOom0Mq51ZIwkNQ4MkJyI0cGPtIQ:o0dVHP7gyOWZtku4cl

Score

1^/10

Malware Config

Signatures

Files

2024-06-14_5bed7db7ddfa06857b0567b9f2924ddf_magniber
.exe windows:5 windows x86 arch:x86

84c8f1cd12d774bca79524dc81b455c1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:66:05:52:d4:65:b3:1f:42:9f:75:27:ea:6a:93:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/09/2010, 00:00

Not After

23/11/2013, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8b:c4:97:ad:8f:05:d9:44:a2:b7:87:d3:4e:85:a2:b6:3b:8f:bf:b2
Signer

Actual PE Digest

8b:c4:97:ad:8f:05:d9:44:a2:b7:87:d3:4e:85:a2:b6:3b:8f:bf:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bld_area\Norton_Update_Agent_trunk\Bin\BIN.IRU\NUA.pdb

Imports

winhttp

WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCrackUrl
WinHttpOpen
WinHttpSetOption
WinHttpConnect
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpSetStatusCallback
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpSetCredentials

gdiplus

GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateFromHDC
GdipDeleteGraphics
GdipLoadImageFromStreamICM
GdipFillRectangleI
GdipDrawString
GdipDrawImageI
GdipDrawImageRectI
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipGetImageWidth
GdipGetImageHeight
GdipDeleteFont
GdipLoadImageFromStream
GdipCloneImage
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipCreateLineBrushFromRectI
GdipCreatePen1
GdipDrawRectangleI
GdipDeletePen

crypt32

CryptMsgClose
CertCloseStore
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertGetEnhancedKeyUsage
CertNameToStrW
CertGetNameStringW
CertFreeCertificateContext

kernel32

lstrcmpW
lstrcmpA
QueryDosDeviceW
ReadProcessMemory
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileA
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetModuleHandleA
GetConsoleMode
GetConsoleCP
GetStringTypeA
QueryPerformanceCounter
GetLastError
LocalFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetCurrentProcess
CloseHandle
SetLastError
FindClose
GetCurrentThread
GetFileAttributesW
CreateProcessW
WaitForSingleObject
SetFileAttributesW
RemoveDirectoryW
MoveFileExW
DeleteFileW
FindFirstFileW
FindNextFileW
LoadLibraryExW
InterlockedExchange
FreeLibrary
GetTickCount
Sleep
CopyFileW
GetProcAddress
OpenProcess
lstrlenW
WideCharToMultiByte
GlobalFree
ExpandEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
SetCurrentDirectoryW
ProcessIdToSessionId
GetCurrentProcessId
WTSGetActiveConsoleSessionId
SetEvent
InterlockedCompareExchange
GetTempPathW
SystemTimeToFileTime
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
lstrlenA
MultiByteToWideChar
GetModuleHandleW
lstrcmpiW
RaiseException
GetModuleFileNameW
GetCurrentThreadId
LocalAlloc
FormatMessageW
GetSystemDefaultLangID
CompareStringW
GetSystemTimeAsFileTime
GlobalAlloc
GlobalLock
MulDiv
FlushInstructionCache
LoadLibraryW
CreateEventA
CreateSemaphoreA
DuplicateHandle
ReleaseSemaphore
HeapAlloc
GetProcessHeap
CreateMutexA
CreateDirectoryW
GetLocalTime
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
GetTempFileNameW
WaitForMultipleObjects
CreateFileW
ReadFile
GetFileSizeEx
CreateMutexW
ReleaseMutex
CreateEventW
MoveFileW
SetFilePointerEx
SetEndOfFile
WriteFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
LCMapStringW
LCMapStringA
GetStringTypeW
RtlUnwind
GetCPInfo
GetStartupInfoW
VirtualQuery
VirtualProtect
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
InterlockedExchangeAdd
CreateSemaphoreW
GlobalSize
RegisterWaitForSingleObject
UnregisterWaitEx
OutputDebugStringW
CreateThread
ExitThread
TerminateThread
ResumeThread
IsDebuggerPresent
WaitForMultipleObjectsEx
GetCommandLineW
ResetEvent
GetShortPathNameW
GetLongPathNameW
GetSystemDirectoryW
GetVersionExW
GetSystemInfo
GetProcessTimes
lstrcpyW
GetFileSize
FlushFileBuffers
SetFilePointer
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
LoadLibraryA
FormatMessageA
HeapFree
CreateWaitableTimerA
GlobalUnlock

user32

wsprintfW
UnregisterClassW
PostThreadMessageW
MsgWaitForMultipleObjectsEx
DispatchMessageA
IsWindowUnicode
GetMessageA
GetSystemMetrics
CharPrevW
GetClassNameW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DestroyWindow
FillRect
IsWindowEnabled
GetSysColor
GetFocus
DrawFocusRect
SetFocus
SetCapture
GetCapture
ReleaseCapture
GetDlgCtrlID
GetDlgItem
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
SetWindowLongW
SetRectEmpty
GetMonitorInfoW
MonitorFromRect
GetDesktopWindow
FindWindowW
GetWindowRect
CopyRect
InflateRect
EndPaint
BeginPaint
SetWindowPos
ShowWindow
ReleaseDC
GetClientRect
GetWindowLongW
DrawTextW
OffsetRect
IsWindow
GetParent
SendMessageW
LoadCursorW
GetDC
UpdateWindow
SetCursor
InvalidateRect
PtInRect
ScreenToClient
GetCursorPos
PostQuitMessage
PostMessageW
GetMessageW
GetLastInputInfo
SystemParametersInfoW
CharNextW
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterClassA

gdi32

SetBkMode
SetTextColor
CreateFontW
GetLayout
DeleteDC
SelectObject
GetDeviceCaps
DeleteObject
GetObjectW
GetStockObject
CreateFontIndirectW

ole32

CoUninitialize
CoInitializeEx
StringFromIID
StringFromCLSID
GetHGlobalFromStream
OleLoadFromStream
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleSaveToStream
CLSIDFromString
CoCreateInstance
CoCreateGuid
StringFromGUID2

oleaut32

VarUI4FromStr
VarDateFromStr
VariantTimeToSystemTime
SysAllocStringByteLen
VariantCopyInd
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysAllocString
SysFreeString
SafeArrayCreate
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayUnlock
VariantClear
VariantInit
SysStringByteLen

comctl32

_TrackMouseEvent

riched20

ord6
ord4

rpcrt4

UuidCreateSequential

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
WintrustGetRegPolicyFlags
CryptCATAdminReleaseContext

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84c8f1cd12d774bca79524dc81b455c1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

66:66:05:52:d4:65:b3:1f:42:9f:75:27:ea:6a:93:bfCertificate

Extended Key Usages

Key Usages

8b:c4:97:ad:8f:05:d9:44:a2:b7:87:d3:4e:85:a2:b6:3b:8f:bf:b2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

gdiplus

crypt32

kernel32

user32

gdi32

ole32

oleaut32

comctl32

riched20

rpcrt4

wintrust

iphlpapi

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 189KB - Virtual size: 189KB

.data Size: 14KB - Virtual size: 32KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 97KB - Virtual size: 97KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

66:66:05:52:d4:65:b3:1f:42:9f:75:27:ea:6a:93:bf
Certificate

8b:c4:97:ad:8f:05:d9:44:a2:b7:87:d3:4e:85:a2:b6:3b:8f:bf:b2
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 189KB - Virtual size: 189KB

.data
Size: 14KB - Virtual size: 32KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 97KB - Virtual size: 97KB