2024-06-15_5eb2794fdd293c5c5102e2dbb92d5ff2_magniber_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-15_5eb2794fdd293c5c5102e2dbb92d5ff2_magniber_revil
Size

4.3MB
MD5

5eb2794fdd293c5c5102e2dbb92d5ff2
SHA1

8d9a20eaac5a370d49e5e3db34dd6293cb7ec0e7
SHA256

623f9209a141ab8efe4aa2f508a7f8fe1c6994ed7f4292d749e27545833c1f0c
SHA512

efe98af067d4423566fc84f005ff6ba7a38488d027895da80fcd5cfdd00f4f33142f2a7eeac8606d2ead0edd3154fcd899d9636a2cc060856b3b6f7cdaa3dc8a
SSDEEP

98304:VStsQWrM83C5/fTCAAxK3NFwS6fcXHJjhcQ32:CsQWrM836fEq6fshcu2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-15_5eb2794fdd293c5c5102e2dbb92d5ff2_magniber_revil

Files

2024-06-15_5eb2794fdd293c5c5102e2dbb92d5ff2_magniber_revil
.exe windows:6 windows x86 arch:x86

42b469f69dd5f8cf85a356ec22929007

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dev\jenkins\workspace\monitor_win_build\bin\win32\Release\WargamingErrorMonitor.pdb

Imports

dbghelp

MiniDumpWriteDump
ImageNtHeader

powrprof

CallNtPowerInformation

ws2_32

listen
htonl
accept
select
__WSAFDIsSet
inet_ntop
inet_pton
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
getaddrinfo
bind
recv
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSAStartup
WSACleanup
WSAGetLastError
freeaddrinfo
ioctlsocket
connect

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
GetUserNameW
RegOpenKeyExW
RegQueryValueExA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
DeregisterEventSource

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

dxgi

CreateDXGIFactory1

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

kernel32

RemoveVectoredExceptionHandler
RtlCaptureContext
IsDebuggerPresent
RaiseException
WaitForSingleObject
FindFirstFileW
FindClose
K32GetModuleFileNameExW
DeleteFileW
FindNextFileW
RemoveDirectoryW
GetFileTime
GetFileSizeEx
WriteFile
FlushFileBuffers
GetFileSize
ReadFile
GetModuleHandleExW
GetProcAddress
VerSetConditionMask
SetLastError
GetModuleHandleA
GetComputerNameExW
K32GetProcessMemoryInfo
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
LoadLibraryW
SetEnvironmentVariableW
GetEnvironmentVariableW
CreateProcessW
CloseHandle
GetProcessId
ReadProcessMemory
K32EnumProcessModules
RtlCaptureStackBackTrace
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetProcessTimes
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
EnterCriticalSection
RegisterWaitForSingleObject
UnregisterWait
CreateNamedPipeW
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
ReleaseMutex
DuplicateHandle
DisconnectNamedPipe
CreateEventW
Sleep
ResetEvent
GetOverlappedResult
UnregisterWaitEx
ConnectNamedPipe
GetExitCodeProcess
SetNamedPipeHandleState
WaitForMultipleObjects
UnmapViewOfFile
CreateFileMappingA
TransactNamedPipe
MapViewOfFile
WaitNamedPipeW
TlsSetValue
InitializeCriticalSectionAndSpinCount
SleepEx
OpenFileMappingA
VerifyVersionInfoW
TlsGetValue
AddVectoredContinueHandler
GetVersion
GetSystemInfo
VirtualQueryEx
SuspendThread
ResumeThread
GetThreadContext
IsProcessorFeaturePresent
GetTimeZoneInformation
GetStdHandle
GetFileType
SetEndOfFile
SetFilePointerEx
GetThreadLocale
GetSystemDefaultLCID
GetUserDefaultLCID
GetFileInformationByHandle
FileTimeToSystemTime
CreateFileA
SetFilePointer
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
QueryPerformanceCounter
GetTickCount
MultiByteToWideChar
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
SetFileAttributesW
DeviceIoControl
GetWindowsDirectoryW
CreateDirectoryExW
CopyFileExW
MoveFileExW
AreFileApisANSI
DeleteFiber
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetExitCodeThread
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetStringTypeW
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeSRWLock
SetUnhandledExceptionFilter
TlsFree
TlsAlloc
WideCharToMultiByte
FormatMessageW
FormatMessageA
GetCurrentThreadId
LocalUnlock
LocalFree
LocalLock
LocalAlloc
MulDiv
GetModuleHandleW
GetLocalTime
GetLastError
OpenProcess
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
CreateFileW
GetCommandLineW
SetEvent
OpenEventW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
HeapSize
CompareStringEx
EncodePointer
LCMapStringEx
GetDateFormatW
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
OutputDebugStringW
CreateMutexA
GetCPInfo
GetLocaleInfoEx
InitializeSListHead
UnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
HeapAlloc
HeapFree
HeapReAlloc
GetConsoleOutputCP
GetModuleFileNameW
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitProcess

user32

EnumDisplayDevicesW
EnumWindows
GetWindowThreadProcessId
GetLastActivePopup
GetActiveWindow
DestroyWindow
WaitMessage
IsDialogMessageW
PeekMessageW
EnableWindow
CreateDialogIndirectParamW
KillTimer
SetTimer
GetParent
MoveWindow
EnumDisplaySettingsW
EnableMenuItem
SetFocus
SendMessageW
SetWindowLongW
GetProcessWindowStation
GetClientRect
LoadCursorW
SetCursor
InvalidateRect
PtInRect
ClientToScreen
SetWindowTextW
GetWindowTextW
GetDlgItem
DestroyIcon
LoadIconW
DrawTextW
SystemParametersInfoW
LoadStringW
GetDC
GetDialogBaseUnits
GetSysColor
EndPaint
GetWindowLongW
DrawIcon
BeginPaint
SetRect
SetForegroundWindow
IsWindow
IsWindowVisible
GetWindowRect
GetDesktopWindow
SetWindowPos
DispatchMessageW
TranslateMessage
GetMessageW
PostQuitMessage
GetSystemMetrics
LoadImageW
IsHungAppWindow
GetUserObjectInformationW
MessageBoxW
FillRect
GetSystemMenu

gdi32

GetDeviceCaps
CreateCompatibleDC
DeleteDC
CreateSolidBrush
GetTextExtentPoint32W
GetTextMetricsW
CreateDCW
CreateFontIndirectW
SelectObject
DeleteObject
SetTextColor
SetBkMode
GetStockObject
SetBkColor

shell32

SHGetSpecialFolderPathW
ShellExecuteW
CommandLineToArgvW
SHOpenFolderAndSelectItems
ord190
ord155
ShellExecuteExW

ole32

CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysStringLen
SysAllocString
VariantClear
VariantInit
SysFreeString

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

Exports

Exports

?$TSS0@?1??create@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@CAAAUVersions@34@XZ@4HA
?$TSS0@?1??lock@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@SA?AVLockGuard@234@XZ@4HA
??4?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@QAEAAV012@ABV012@@Z
?create@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@CAAAUVersions@23@XZ
?getInstance@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@SAAAUVersions@23@XZ
?instance@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@0AAUVersions@23@A
?instanceMutex@?1??lock@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@SA?AVLockGuard@234@XZ@4Vmutex@std@@A
?lock@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@SA?AVLockGuard@123@XZ
?t@?1??create@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@CAAAUVersions@34@XZ@4U534@A

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 769KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 91KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 466KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 199KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

42b469f69dd5f8cf85a356ec22929007

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

powrprof

ws2_32

advapi32

version

dxgi

bcrypt

kernel32

user32

gdi32

shell32

ole32

oleaut32

crypt32

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 769KB - Virtual size: 768KB

.data Size: 91KB - Virtual size: 111KB

.rsrc Size: 466KB - Virtual size: 466KB

.reloc Size: 199KB - Virtual size: 200KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 769KB - Virtual size: 768KB

.data
Size: 91KB - Virtual size: 111KB

.rsrc
Size: 466KB - Virtual size: 466KB

.reloc
Size: 199KB - Virtual size: 200KB