Magpie[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Magpie.exe
Size

469KB
MD5

fb497867432b374ce87d4a48fa08b1e4
SHA1

31ada7d1b906aa7ad86dfc53e807d8ed5fb0afcd
SHA256

2f133bb8775d3f2445728f5434315fb3f3bbfa36474f74788bdd2aa735f6c128
SHA512

a14b2badf36223352005ae406d5c5d547284f610a109260faca02241a4412394b23c8f806fa8014a7d623ca0debe51c578ed086948c8d10041e8d42466f1e445
SSDEEP

12288:kV81vAExwYrRRsPxKHxPI23kvi9Aj6HP:481vf5rRSPxKHYK9tH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Magpie.exe

Files

Magpie.exe
.exe windows:6 windows x64 arch:x64

Password: in123963

a77876cbf812116386a4bb0ed07a2c12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Magpie\Magpie\publish\x64\Magpie.pdb

Imports

kernel32

GetModuleHandleW
LocalFree
SetLastError
K32GetModuleFileNameExW
GetModuleFileNameW
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
HeapAlloc
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
DebugBreak
SetCurrentDirectoryW
HeapSetInformation
GetFileAttributesW
CreateFileW
CreateDirectoryW
FindStringOrdinal
CopyFileW
Sleep
DeleteFileW
RemoveDirectoryW
SetFileInformationByHandle
FindNextFileW
SetFileAttributesW
GetFileInformationByHandleEx
FindClose
FindFirstFileW
GetFullPathNameW
LocalAlloc
SetProcessInformation
GetCurrentProcess
GetDynamicTimeZoneInformation
GetStdHandle
WriteFile
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
ReleaseSRWLockExclusive
LoadLibraryExW
WakeConditionVariable
GetProcAddress
OpenProcess
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
QueryPerformanceFrequency
SwitchToThread
GetExitCodeThread
RtlPcToFileHeader
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
TrySubmitThreadpoolCallback
AcquireSRWLockExclusive
CloseHandle
FormatMessageW
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringW
IsDebuggerPresent
TryAcquireSRWLockExclusive
GetLastError

user32

DestroyWindow
DestroyIcon
CreatePopupMenu
AppendMenuW
RegisterWindowMessageW
IsZoomed
DestroyMenu
FindWindowW
GetMessageW
DispatchMessageW
TranslateMessage
GetAncestor
TrackPopupMenuEx
GetWindowThreadProcessId
GetWindowPlacement
GetClientRect
ClientToScreen
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
SetForegroundWindow
GetForegroundWindow
AttachThreadInput
BringWindowToTop
PostQuitMessage
ChangeWindowMessageFilter
AdjustWindowRectExForDpi
UpdateWindow
InvalidateRect
SetClassLongPtrW
GetKeyState
EndPaint
ShowWindow
FillRect
BeginPaint
IsWindowVisible
GetDpiForWindow
GetSystemMetricsForDpi
MoveWindow
ReleaseCapture
SetCapture
WindowFromPoint
GetCursorPos
TrackMouseEvent
SendMessageW
ScreenToClient
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
MonitorFromPoint
PostMessageW
TrackPopupMenu
SetMenuDefaultItem
GetSystemMenu
PtInRect
SetMenuItemInfoW
IsIconic
SetLayeredWindowAttributes
CreateWindowExW
SetWindowPlacement
SetWindowPos
RegisterClassExW
LoadCursorW
LoadIconW
GetWindowLongW

gdi32

GetStockObject
DeleteObject
CreateSolidBrush

advapi32

CreateWellKnownSid
CheckTokenMembership

shell32

SHGetKnownFolderPath
Shell_NotifyIconW
SHAppBarMessage
ShellExecuteExW

ole32

CoInitializeEx
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoGetApartmentType
CoGetObjectContext

oleaut32

SysFreeString
SetErrorInfo
GetErrorInfo
SysStringLen

api-ms-win-core-path-l1-1-0

PathAllocCanonicalize
PathCchSkipRoot
PathAllocCombine
PathCchRemoveFileSpec

api-ms-win-core-errorhandling-l1-1-0

RaiseException

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExA

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
abort
_set_app_type
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_c_exit
_invalid_parameter_noinfo_noreturn
_initterm_e
_register_onexit_function
_errno
_beginthreadex
terminate
_cexit
_crt_atexit
exit
_exit
_initialize_onexit_table

api-ms-win-crt-math-l1-1-0

ceilf
_dclass
_fdclass
__setusermatherr
_ldclass
_dsign
lroundf

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
_callnewh
malloc
calloc

api-ms-win-crt-string-l1-1-0

isdigit
strcpy_s
wcscpy_s
wcsncmp
iswspace

api-ms-win-crt-stdio-l1-1-0

_wfopen_s
__stdio_common_vswprintf
_fileno
fwrite
fclose
_set_fmode
__acrt_iob_func
_fsopen
__stdio_common_vfprintf
_filelengthi64
fflush
__p__commode

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_localtime64_s

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
rename
remove
_mkdir

api-ms-win-crt-locale-l1-1-0

setlocale
___lc_codepage_func
localeconv
_lock_locales
___lc_locale_name_func
__pctype_func
___mb_cur_max_func
_unlock_locales
_configthreadlocale

dwmapi

DwmExtendFrameIntoClientArea
DwmSetWindowAttribute
DwmGetWindowAttribute

comctl32

ord380

uxtheme

BufferedPaintInit
BeginBufferedPaint
EndBufferedPaint
BufferedPaintSetAlpha

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoFailFastWithErrorContext

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: in123963

a77876cbf812116386a4bb0ed07a2c12

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

api-ms-win-core-path-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

dwmapi

comctl32

uxtheme

api-ms-win-shcore-scaling-l1-1-1

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

Sections

.text Size: 266KB - Virtual size: 265KB

.rdata Size: 81KB - Virtual size: 81KB

.data Size: 12KB - Virtual size: 18KB

.pdata Size: 16KB - Virtual size: 16KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 89KB - Virtual size: 89KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 266KB - Virtual size: 265KB

.rdata
Size: 81KB - Virtual size: 81KB

.data
Size: 12KB - Virtual size: 18KB

.pdata
Size: 16KB - Virtual size: 16KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 89KB - Virtual size: 89KB

.reloc
Size: 2KB - Virtual size: 1KB