2024-06-15_f998b65e3316380324ca87d73b35be46_magniber_sliver

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-15_f998b65e3316380324ca87d73b35be46_magniber_sliver
Size

10.0MB
MD5

f998b65e3316380324ca87d73b35be46
SHA1

be43c68dcfece62d9b096b24756fd42d3d8e152c
SHA256

976e2bfc007d0e07aaae58e35af73fb5bc7ca05867dca0130c62bfd0a0b2a3b0
SHA512

91c8be8c2b2caa9549bc8582a19b11bb3c00ed362f5574a705e7c2652f200c4161cdb625d8b208755c567cc35fb4b6b3e381d67807942162a064be433ce66873
SSDEEP

196608:lXBlVs8Rq7HL3CtAkOjYMlVjXRX9076iXEZ+hD9gF9:diEq7HL3RkOd22KE9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-15_f998b65e3316380324ca87d73b35be46_magniber_sliver

Files

2024-06-15_f998b65e3316380324ca87d73b35be46_magniber_sliver
.exe windows:6 windows x64 arch:x64

fe220ca2bc748e6d2482a34ec8314207

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Jenkins\workspace\N_MB5_InstallerService\bin\x64\Release\MBAMIService.pdb

Imports

kernel32

CreateFileW
Sleep
CreateDirectoryW
LocalFree
FormatMessageW
LocalAlloc
HeapAlloc
GetProcessHeap
HeapFree
CallNamedPipeW
LeaveCriticalSection
EnterCriticalSection
SwitchToThread
GetExitCodeProcess
ReadFile
PeekNamedPipe
TerminateProcess
WaitForSingleObject
ResumeThread
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetProcessTimes
OpenProcess
CreateProcessW
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
GetTickCount64
SetEndOfFile
SetFilePointer
GetWindowsDirectoryW
GetEnvironmentVariableW
GetTempPathW
RemoveDirectoryW
DeleteFileW
GetModuleHandleW
GetModuleFileNameW
GetNamedPipeServerProcessId
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
CreateEventW
SetEvent
CreateThread
MoveFileExW
DeviceIoControl
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindClose
FindFirstFileExW
CreateHardLinkW
WriteFile
WaitForMultipleObjects
OpenEventW
DebugBreak
CreateRemoteThread
VerifyVersionInfoW
VerSetConditionMask
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
ResetEvent
ReleaseMutex
CreateMutexW
GetTimeZoneInformation
SetEnvironmentVariableW
GetSystemInfo
GetVersionExA
GetVersionExW
DeleteCriticalSection
GetCurrentDirectoryW
GetLogicalDriveStringsW
GetLongPathNameW
WideCharToMultiByte
GetFileAttributesW
GetFileAttributesExW
SetFileAttributesW
SetFileTime
CopyFileW
CreateFileA
FindResourceExW
SizeofResource
LoadResource
LockResource
CreateToolhelp32Snapshot
Module32FirstW
VirtualQueryEx
IsWow64Process
GetNativeSystemInfo
Process32FirstW
Process32NextW
QueryDosDeviceW
GetCurrentThread
FindResourceW
GetFileInformationByHandle
GetFileInformationByHandleEx
FlushFileBuffers
GetTickCount
GlobalAlloc
GlobalFree
GetFileSize
GetFileSizeEx
DuplicateHandle
SetThreadPriority
GetCurrentThreadId
SetFileInformationByHandle
SetSearchPathMode
FileTimeToSystemTime
lstrcmpA
GetLocalTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
SetLastError
GetStdHandle
GetModuleHandleA
GetDriveTypeW
GetSystemWindowsDirectoryW
OutputDebugStringW
QueryPerformanceFrequency
QueryPerformanceCounter
DecodePointer
InitializeCriticalSectionEx
CloseHandle
GetLastError
ExpandEnvironmentStringsW
GetCurrentProcess
RaiseException
VirtualProtect
VirtualQuery
LoadLibraryExA
FormatMessageA
GetStringTypeW
GetFullPathNameW
AreFileApisANSI
GetLocaleInfoEx
GetExitCodeThread
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
LoadLibraryExW
EncodePointer
LCMapStringEx
InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW
CompareStringEx
GetCPInfo
IsDebuggerPresent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
RtlUnwindEx
InterlockedPushEntrySList
RtlPcToFileHeader
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetCommandLineA
GetCommandLineW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
HeapReAlloc
SetConsoleCtrlHandler
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
GetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSection
SetFileCompletionNotificationModes
SystemTimeToFileTime
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
SetConsoleMode
ReadConsoleA
RtlUnwind

authz

AuthzFreeContext
AuthzAccessCheck
AuthzInitializeContextFromSid
AuthzInitializeResourceManager
AuthzFreeResourceManager

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 604KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fe220ca2bc748e6d2482a34ec8314207

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

authz

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 102KB - Virtual size: 140KB

.pdata Size: 163KB - Virtual size: 162KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 3.7MB - Virtual size: 3.7MB

.reloc Size: 604KB - Virtual size: 608KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 102KB - Virtual size: 140KB

.pdata
Size: 163KB - Virtual size: 162KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

.reloc
Size: 604KB - Virtual size: 608KB