2024-06-15_ffb4f14067dd960808564e74048b60d6_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-15_ffb4f14067dd960808564e74048b60d6_magniber
Size

20.0MB
MD5

ffb4f14067dd960808564e74048b60d6
SHA1

2e9c3e034a6ccb6c17fda391b3ef595d430f47b4
SHA256

a37fb13c1c32c75c4057b1f8021df1792ae4d70852a24cc801e44c188d7c16de
SHA512

47e08232d48d24f27d4db49e780699934746cc7bd7fe48d2c4d68e525f09a0e8966bf060f20ecd4cf1bacb85cdc40dacffec43512bfa4d8a34ea12a6c71c2a99
SSDEEP

196608:h360wu5ITQDIxkadUy41fip9jQ/QB20MDpT7BmOz1alC8bWD9CjURYMLxBR4u5yI:/2ddaYB208T1m3I8bWDQiVvp5b

Score

1^/10

Malware Config

Signatures

Files

2024-06-15_ffb4f14067dd960808564e74048b60d6_magniber
.exe windows:6 windows x86 arch:x86

9fc7742c30cef2fdb6849899ca15f181

Code Sign

04:f7:d7:69:84:b3:00:5a:22:99:8f:a9:3a:50:b0:67
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

06/06/2024, 22:30

Not After

06/06/2027, 14:52

Subject

SERIALNUMBER=7Q-998,CN=Jriver\, Inc,O=Jriver\, Inc,L=Minneapolis,ST=Minnesota,C=US,1.3.6.1.4.1.311.60.2.1.3=#13025553,1.3.6.1.4.1.311.60.2.1.2=#13094d696e6e65736f7461,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/02/2024, 16:18

Not After

16/02/2034, 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ef:86:7c:f1:7f:d4:9e:e8:50:b6:1e:4c:6e:db:91:38:57:77:dd:34:0e:97:f4:76:b2:ef:ce:16:76:3a:30:ce
Signer

Actual PE Digest

ef:86:7c:f1:7f:d4:9e:e8:50:b6:1e:4c:6e:db:91:38:57:77:dd:34:0e:97:f4:76:b2:ef:ce:16:76:3a:30:ce

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Work\Development\Players\MediaCenter\Release\Media Center 32.pdb

Imports

oleaut32

OleCreatePropertyFrame
SysAllocString
VariantInit
VariantChangeType
VariantClear
LoadTypeLibEx
RegisterActiveObject
RevokeActiveObject
GetErrorInfo
CreateErrorInfo
SysFreeString

imm32

ImmGetContext
ImmGetCompositionStringW
ImmReleaseContext

gdi32

LineTo
DeleteObject
CreateRectRgn
Ellipse
CreateSolidBrush
DeleteDC
SaveDC
RestoreDC
SelectObject
MoveToEx
GetDeviceCaps
GetMapMode
SetMapMode
DPtoLP
LPtoDP
CreatePen
StartDocW
StartPage
EndPage
AbortDoc
EndDoc
CreateDCW
CreateEllipticRgn

kernel32

SetFilePointer
SetEndOfFile
GetFileSize
WriteFile
ReadFile
FlushFileBuffers
DeviceIoControl
lstrlenW
GetCurrentProcess
SetPriorityClass
CreatePipe
SetHandleInformation
GetStdHandle
CreateProcessW
WaitForMultipleObjects
GetExitCodeProcess
TerminateProcess
LocalFree
GetSystemInfo
GetModuleHandleW
CreateToolhelp32Snapshot
Process32First
Process32Next
LoadLibraryExW
FreeLibrary
GetProcAddress
GetTimeZoneInformation
GetLocalTime
GetDateFormatW
GetTimeFormatW
FindFirstFileW
FindClose
FindNextFileW
GetCurrentProcessId
GetCurrentThreadId
GetThreadPriority
GetCurrentThread
CreateEventW
TerminateThread
SetEvent
ResetEvent
WaitForSingleObject
SetThreadPriority
ResumeThread
RaiseException
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCommandLineW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
MulDiv
GlobalMemoryStatusEx
SetProcessWorkingSetSize
InitializeCriticalSectionEx
DecodePointer
K32GetProcessMemoryInfo
CreateMutexW
GetPrivateProfileStringW
WritePrivateProfileStringW
LocalAlloc
ReadDirectoryChangesW
GetOverlappedResult
IsDebuggerPresent
WritePrivateProfileSectionW
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
EncodePointer
WideCharToMultiByte
GetCPInfo
LCMapStringEx
GetSystemTimeAsFileTime
GetVersionExW
IsProcessorFeaturePresent
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetFullPathNameW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateThread
ExitThread
FreeLibraryAndExitThread
HeapFree
HeapAlloc
GetFileType
IsValidCodePage
GetACP
GetOEMCP
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CompareStringW
LCMapStringW
HeapReAlloc
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
GetFileSizeEx
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
HeapSize
WriteConsoleW
VirtualProtect
VirtualQuery
LoadLibraryExA
GlobalUnlock
GlobalFree
GetLogicalDriveStringsW
GetSystemDirectoryA
LoadLibraryA
GetVersion
GetThreadId
SetErrorMode
TryEnterCriticalSection
CancelIo
ConnectNamedPipe
lstrlenA
GetThreadLocale
SetNamedPipeHandleState
DisconnectNamedPipe
CreateNamedPipeW
GlobalLock
GlobalAlloc
GetLongPathNameW
Sleep
SetFileTime
GetFileTime
DeleteFileW
SetFileAttributesW
MoveFileW
GetLastError
GetVolumeInformationW
GetComputerNameW
CreateFileW
RemoveDirectoryW
GetFileAttributesW
GetLogicalDrives
GetDiskFreeSpaceExW
GetDriveTypeW
GetWindowsDirectoryW
GetSystemDirectoryW
GetModuleFileNameW
CloseHandle
CopyFileW
NormalizeString
MultiByteToWideChar
OutputDebugStringW
LeaveCriticalSection
EnterCriticalSection
GlobalSize
DeleteCriticalSection
InitializeCriticalSection
CompareStringEx
GetEnvironmentVariableA
GetEnvironmentVariableW

user32

SystemParametersInfoW
RegisterClipboardFormatW
SetClipboardData
EmptyClipboard
DrawIconEx
CopyIcon
DestroyCursor
DrawIcon
CreateIconFromResource
CreateCursor
GetSystemMenu
InsertMenuW
UnregisterHotKey
RegisterHotKey
GetCursor
PostThreadMessageW
GetMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetCursor
ShowCursor
MapVirtualKeyExW
GetKeyboardLayout
VkKeyScanExW
SendInput
GetKeyState
MapVirtualKeyW
SetWindowPlacement
GetWindowPlacement
GetMonitorInfoW
GetSystemMetrics
ChangeDisplaySettingsExW
EnumDisplaySettingsExW
DisplayConfigGetDeviceInfo
QueryDisplayConfig
GetDisplayConfigBufferSizes
MonitorFromRect
EnumDisplayMonitors
SetCursorPos
GetCursorPos
ScreenToClient
GetWindowTextW
GetWindowTextLengthW
LoadCursorW
WindowFromPoint
IsWindowVisible
GetWindow
GetClassNameW
FindWindowExW
WaitMessage
EnumChildWindows
EnumWindows
FindWindowW
GetDoubleClickTime
ValidateRect
LoadImageW
ChangeClipboardChain
SetClipboardViewer
CreateWindowExW
DestroyIcon
FlashWindowEx
PeekMessageW
DefWindowProcW
MessageBeep
EndPaint
BeginPaint
GetGUIThreadInfo
GetFocus
KillTimer
SetTimer
SetForegroundWindow
AttachThreadInput
GetForegroundWindow
LockSetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetDesktopWindow
GetLastActivePopup
SetParent
GetParent
SetWindowRgn
UpdateWindow
InvalidateRect
RedrawWindow
ClientToScreen
GetClientRect
GetWindowRect
PostMessageW
SetWindowLongW
GetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
IsWindowEnabled
EnableWindow
IsIconic
IsZoomed
DestroyWindow
IsWindow
RegisterClassW
GetClassInfoW
UnregisterClassW
MsgWaitForMultipleObjects
GetWindowThreadProcessId
RegisterWindowMessageW
SendMessageW
CloseClipboard
GetClipboardData
OpenClipboard
MessageBoxW
GetMessagePos
IsClipboardFormatAvailable
ExitWindowsEx
ReleaseDC
GetDC
TranslateMessage
DispatchMessageW

advapi32

RegEnumValueW
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegCreateKeyExW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExW
RegCloseKey

ole32

CoGetClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoInitializeEx
CreateBindCtx
MkParseDisplayName
CoGetMalloc
CoTaskMemAlloc
CoRegisterClassObject
GetRunningObjectTable
CreateClassMoniker
FreePropVariantArray
DoDragDrop
ReleaseStgMedium
RegisterDragDrop
RevokeDragDrop
CoFreeUnusedLibraries
CoCreateInstance
OleUninitialize
CoUninitialize
OleInitialize
CoInitialize
CLSIDFromString
CoCreateGuid
CoTaskMemFree

wintrust

WinVerifyTrust

Sections

.text
Size: 15.3MB - Virtual size: 15.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fc7742c30cef2fdb6849899ca15f181

Code Sign

04:f7:d7:69:84:b3:00:5a:22:99:8f:a9:3a:50:b0:67Certificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

ef:86:7c:f1:7f:d4:9e:e8:50:b6:1e:4c:6e:db:91:38:57:77:dd:34:0e:97:f4:76:b2:ef:ce:16:76:3a:30:ceSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleaut32

imm32

gdi32

kernel32

user32

advapi32

ole32

wintrust

Sections

.text Size: 15.3MB - Virtual size: 15.3MB

.rdata Size: 4.3MB - Virtual size: 4.3MB

.data Size: 252KB - Virtual size: 273KB

.rsrc Size: 90KB - Virtual size: 89KB

04:f7:d7:69:84:b3:00:5a:22:99:8f:a9:3a:50:b0:67
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

ef:86:7c:f1:7f:d4:9e:e8:50:b6:1e:4c:6e:db:91:38:57:77:dd:34:0e:97:f4:76:b2:ef:ce:16:76:3a:30:ce
Signer

.text
Size: 15.3MB - Virtual size: 15.3MB

.rdata
Size: 4.3MB - Virtual size: 4.3MB

.data
Size: 252KB - Virtual size: 273KB

.rsrc
Size: 90KB - Virtual size: 89KB