2024-06-16_ef2a6e3cfb93de64881f7fd186d8ca6d_magniber_metamorfo_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-16_ef2a6e3cfb93de64881f7fd186d8ca6d_magniber_metamorfo_revil
Size

62.8MB
MD5

ef2a6e3cfb93de64881f7fd186d8ca6d
SHA1

29c80647a89583ffb16971cbf6fbf1b1eec5511b
SHA256

e0ee894cfd2261833558adfdec60137cdc62db037cb1104845b5ee2c8a00a0b3
SHA512

bf94f92c2e651b071440b3be70449610bb42b2e954125fd91daf3049235ab9b4fb39599e38707062cdc03bb39bd63c0aefc1631aef2bf955914d1a5bad1053a8
SSDEEP

1572864:wYSh80NRJYm88Ak7qu1FU2175J+XVFzdHt2qH8kuvcEbQHz:X480d8/TKU2klldH5HBwbQT

Score

1^/10

Malware Config

Signatures

Files

2024-06-16_ef2a6e3cfb93de64881f7fd186d8ca6d_magniber_metamorfo_revil
.exe windows:6 windows x86 arch:x86

fa5169c11408a3558c37b469fd70b983

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:f6:2f:c4:75:14:15:80:d1:17:c2:44:48:43:66:d5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28-11-2023 00:00

Not After

27-11-2026 23:59

Subject

SERIALNUMBER=91510100MAC13UF2XR,CN=成都霁悦科技有限公司,O=成都霁悦科技有限公司,L=成都市,ST=四川省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c21e68890e983bde9ab98e696b0e68a80e69cafe4baa7e4b89ae5bc80e58f91e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e59b9be5b79de79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:d9:f5:ba:42:46:b7:76:99:63:f3:2c:b1:8b:99:25:1c:51:76:bb:9f:15:78:8c:07:7c:a0:96:25:6f:e4:5e
Signer

Actual PE Digest

5d:d9:f5:ba:42:46:b7:76:99:63:f3:2c:b1:8b:99:25:1c:51:76:bb:9f:15:78:8c:07:7c:a0:96:25:6f:e4:5e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\MGame\Ultra Uninstaller\Uninstaller_inst_uninst\Inst\Install_exe.pdb

Imports

kernel32

FindFirstChangeNotificationW
CompareFileTime
GetFileInformationByHandle
RtlCaptureStackBackTrace
GetTimeZoneInformation
GetDriveTypeW
WritePrivateProfileStringW
lstrcmpiW
LoadLibraryExW
ExitThread
GetCommandLineW
VerifyVersionInfoW
VerSetConditionMask
CreateThread
GetCurrentThreadId
InitializeCriticalSectionEx
DecodePointer
lstrcpynW
GetLocalTime
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
SetEvent
K32GetProcessImageFileNameW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetTickCount
GetCurrentProcess
Sleep
DeleteCriticalSection
ReadFile
QueryDosDeviceW
GetLogicalDriveStringsW
GetFileSize
CreateFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetModuleFileNameExW
GetModuleFileNameW
OpenProcess
GetCurrentProcessId
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLongPathNameW
MoveFileExW
MoveFileW
lstrlenW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetWindowsDirectoryW
GetProcessHeap
FindCloseChangeNotification
HeapSize
HeapFree
CreateDirectoryW
HeapAlloc
HeapDestroy
SetLastError
GetLastError
RaiseException
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
WriteConsoleW
ReadConsoleW
SetFilePointerEx
GetStringTypeW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetModuleHandleExW
RtlUnwind
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
WaitForMultipleObjectsEx
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
FindClose
DeleteFileW
CloseHandle
ReleaseSemaphore
DuplicateHandle
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
HeapReAlloc
SearchPathW
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
GetTempFileNameA
GetTempPathA
WriteFile
DeleteFileA
CreateFileA
CopyFileW
GetShortPathNameW
GetFileSizeEx
ResetEvent
GetSystemInfo
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetTempFileNameW
LocalFree
FormatMessageW
GetEnvironmentVariableW
GetVersionExW
GetDiskFreeSpaceExW
GetSystemDirectoryW
TerminateProcess
GetExitCodeProcess
OutputDebugStringA
OutputDebugStringW
GetFileAttributesExW
SetFilePointer
LocalAlloc
GetPrivateProfileStringW
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
lstrcpyW
FlushFileBuffers
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WaitForSingleObjectEx
GetStartupInfoW
SetCurrentDirectoryW
GetCurrentDirectoryW
MulDiv
GetACP
ExitProcess
FreeResource
lstrcmpW
FileTimeToLocalFileTime
GetFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFileTime
GetSystemTime
FileTimeToDosDateTime
DosDateTimeToFileTime
SystemTimeToFileTime
GetVersion
ResumeThread
IsBadReadPtr
SignalObjectAndWait
SetThreadPriority

user32

OffsetRect
EqualRect
DestroyCursor
DrawFocusRect
MoveWindow
IsChild
IsZoomed
GetKeyState
GetUpdateRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
IntersectRect
IsRectEmpty
GetClassNameW
RegisterClassW
EnableWindow
GetMenu
SetPropW
GetPropW
AdjustWindowRectEx
wvsprintfW
InflateRect
SetWindowRgn
MonitorFromPoint
CopyImage
CopyRect
SetRect
DestroyIcon
DrawIconEx
GetIconInfo
GetMessagePos
GetDlgCtrlID
HideCaret
FindWindowW
ClientToScreen
GetSysColor
GetWindowDC
CreateAcceleratorTableW
InvalidateRgn
RemovePropW
IsWindowEnabled
SendNotifyMessageW
RegisterWindowMessageW
SystemParametersInfoW
GetForegroundWindow
AttachThreadInput
LoadImageW
SetForegroundWindow
GetSystemMetrics
GetActiveWindow
DialogBoxParamW
IsIconic
IsWindowVisible
PostQuitMessage
CharNextW
BringWindowToTop
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
FillRect
ScreenToClient
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DrawTextW
GetAsyncKeyState
GetFocus
UpdateLayeredWindow
ShowWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
DestroyWindow
GetMonitorInfoW
MonitorFromWindow
IsDialogMessageW
LoadCursorW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
MapWindowPoints
SetCursor
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
wsprintfW
MessageBoxW
SendMessageTimeoutW
SetFocus
EndDialog
SetWindowPos
SendMessageW
GetShellWindow
GetWindowThreadProcessId
FindWindowExW
UnionRect
ShowCaret
PostMessageW
KillTimer
SetTimer
CharPrevW

gdi32

SetStretchBltMode
SetDIBColorTable
TextOutW
ExtTextOutW
GdiFlush
GetTextColor
CreateDCW
GetDIBits
SetDIBitsToDevice
StretchBlt
ExtSelectClipRgn
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CombineRgn
CreateRoundRectRgn
SetWindowOrgEx
GetTextMetricsW
Rectangle
CreatePen
CreateFontIndirectW
OffsetViewportOrgEx
RectVisible
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject
SetViewportOrgEx
CreateFontW
CreateRectRgnIndirect
CreateSolidBrush
GetStockObject
RestoreDC
SaveDC
SelectClipRgn
SetBkColor
SetBkMode
SetTextColor
CreateDIBSection
GetObjectW
EnumFontFamiliesW
GetDeviceCaps

advapi32

CryptGenRandom
RegDeleteKeyValueW
RegDeleteTreeW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
DeleteAce
EqualSid
CryptImportKey
LookupAccountSidW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
LookupPrivilegeValueW
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken
CryptEncrypt
CryptDecrypt
CryptContextAddRef
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCreateKeyW
GetTokenInformation
LookupAccountNameW
SetEntriesInAclW
GetExplicitEntriesFromAclW
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
GetTrusteeNameW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetUserNameW

shell32

ord165
ShellExecuteW
SHCreateDirectoryExW
SHChangeNotify
SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoCreateGuid
CLSIDFromProgID
OleRun
CreateStreamOnHGlobal
StringFromGUID2
CLSIDFromString
OleLockRunning

oleaut32

SysStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SafeArrayCreate
SafeArrayPutElement
SysAllocStringLen
VariantInit
SysAllocString
VariantCopy
VarUI4FromStr
SysFreeString

shlwapi

wnsprintfW
PathFindFileNameA
PathRenameExtensionA
SHSetValueW
PathAppendW
StrCmpIW
StrStrIA
StrTrimA
StrCmpNIW
SHAutoComplete
PathIsDirectoryW
PathCombineW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathIsRelativeW
PathIsRootW
StrStrIW
SHGetValueW
SHSetValueA
PathCompactPathW
PathRemoveFileSpecW
PathIsPrefixW
AssocQueryStringW

comctl32

ord17
ImageList_DrawEx
_TrackMouseEvent
InitCommonControlsEx
ImageList_GetIconSize

gdiplus

GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipDrawImageRectI
GdipGetPropertyItemSize
GdipGetPropertyItem
GdiplusStartup
GdiplusShutdown
GdipGetImagePixelFormat
GdipAlloc
GdipFree
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipCloneImage
GdipLoadImageFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipSetPenMode
GdipSetPenDashStyle
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawPath
GdipFillEllipseI
GdipClosePathFigure
GdipCreateTexture
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipGraphicsClear
GdipFillPath
GdipDrawImagePointsI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipAddPathArc
GdipDrawEllipseI
GdipLoadImageFromFile
GdipDisposeImage

psapi

EnumProcesses
GetModuleFileNameExW
GetProcessImageFileNameW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

setupapi

SetupIterateCabinetW

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

crypt32

CryptStringToBinaryW
CryptBinaryToStringA
CryptBinaryToStringW
CryptStringToBinaryA

msimg32

AlphaBlend
GradientFill

Exports

Exports

BasicEntry
_BasicEntry@12
_CreateApp@0
_Uninst@4

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 409KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa5169c11408a3558c37b469fd70b983

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:f6:2f:c4:75:14:15:80:d1:17:c2:44:48:43:66:d5Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

5d:d9:f5:ba:42:46:b7:76:99:63:f3:2c:b1:8b:99:25:1c:51:76:bb:9f:15:78:8c:07:7c:a0:96:25:6f:e4:5eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

version

setupapi

wininet

iphlpapi

urlmon

crypt32

msimg32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 409KB - Virtual size: 409KB

.data Size: 33KB - Virtual size: 80KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 104KB - Virtual size: 104KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:f6:2f:c4:75:14:15:80:d1:17:c2:44:48:43:66:d5
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

5d:d9:f5:ba:42:46:b7:76:99:63:f3:2c:b1:8b:99:25:1c:51:76:bb:9f:15:78:8c:07:7c:a0:96:25:6f:e4:5e
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 409KB - Virtual size: 409KB

.data
Size: 33KB - Virtual size: 80KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 104KB - Virtual size: 104KB