2024-06-16_835f25e5458402b4d7e00795cf6b6e58_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-16_835f25e5458402b4d7e00795cf6b6e58_magniber
Size

3.0MB
MD5

835f25e5458402b4d7e00795cf6b6e58
SHA1

937640131229536d07e30f43d085ced747ca77d5
SHA256

1798ee4ddf4e2862defd2c1043abfd965aaaea575a1b5fd99a64dc8786499ba6
SHA512

8390ef0ca472a4af263a390d8e26b5e9bbcfea4619b6eeeb1bf4111bc5bdb35bd61acc890dfe7bac53541817efdb387512b1ea961de17a23586411880ca0539a
SSDEEP

49152:Ft6AAgKY65kU9sQpqqgxztFG4/ipNi6OEvbT5LXTqLn9KMDS8E8HcwosO+OQUKj4:fc3YVQpCRipNVOabsc4iwoKMK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-16_835f25e5458402b4d7e00795cf6b6e58_magniber

Files

2024-06-16_835f25e5458402b4d7e00795cf6b6e58_magniber
.exe windows:6 windows x86 arch:x86

73c80df4056f5dae8a68d5ea01ee939b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildServer\bna-2\work-git\bootstrapper-repository\src\Release\Uninstaller.pdb

Imports

uiautomationcore

UiaRaiseAutomationEvent
UiaReturnRawElementProvider
UiaHostProviderFromHwnd
UiaRaiseAutomationPropertyChangedEvent
UiaClientsAreListening

kernel32

SystemTimeToTzSpecificLocalTime
Sleep
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetTickCount
GetUserDefaultLangID
OpenEventA
AreFileApisANSI
GetFileTime
WaitForMultipleObjects
PeekNamedPipe
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
GetTickCount64
SleepEx
InitializeCriticalSectionEx
HeapSize
CreateProcessA
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
CreateDirectoryW
SetThreadAffinityMask
ReadFile
GetVolumeInformationW
SetNamedPipeHandleState
FindFirstFileW
GetFileSizeEx
Process32First
TlsSetValue
VirtualFree
FindNextFileW
GetCurrentProcess
ReleaseSemaphore
WriteFile
GetShortPathNameW
GetDiskFreeSpaceW
DeviceIoControl
VirtualAlloc
TerminateProcess
RemoveDirectoryW
GetProcessAffinityMask
SetFileTime
GetModuleFileNameW
GetProcessId
SetThreadPriority
SetFilePointer
GetCompressedFileSizeW
SetEndOfFile
FindClose
WaitForSingleObject
LocalAlloc
CreateFileW
GetFileAttributesW
GetCurrentThreadId
GetVersionExW
GetModuleHandleA
OpenProcess
SetFileAttributesW
CreateToolhelp32Snapshot
CreateEventW
MultiByteToWideChar
GetFileInformationByHandle
GetTempPathA
GetLastError
GetFileAttributesExW
OutputDebugStringW
CreateFileA
SetEvent
FileTimeToSystemTime
GetDiskFreeSpaceExW
GetCurrentThread
LoadLibraryA
WaitForSingleObjectEx
TlsAlloc
QueryPerformanceFrequency
GetThreadPriority
DeleteFileA
DeleteFileW
Process32Next
CloseHandle
RaiseException
GetSystemInfo
LoadLibraryW
CreateThread
GetCurrentDirectoryW
SetCurrentDirectoryW
GetProcAddress
SetFilePointerEx
LocalFree
GetFileSize
VerSetConditionMask
GetComputerNameW
GetCurrentProcessId
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
TlsGetValue
GetSystemTimeAsFileTime
TlsFree
FormatMessageA
SetFileValidData
QueryPerformanceCounter
WaitNamedPipeW
MoveFileW
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
FlushFileBuffers
GetExitCodeProcess
lstrlenW
GlobalFree
HeapFree
HeapAlloc
GetProcessHeap
CreateEventA
SizeofResource
LockResource
LoadResource
FindResourceW
TryEnterCriticalSection
EncodePointer
DecodePointer
DuplicateHandle
SwitchToThread
GetExitCodeThread
SetLastError
InitializeCriticalSectionAndSpinCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
VirtualProtect
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
ExitThread
GetCommandLineA
GetCommandLineW
GetFullPathNameW
ExitProcess
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
HeapReAlloc
GetDriveTypeW
ReadConsoleW
GetTimeZoneInformation

user32

GetShellWindow
GetWindowThreadProcessId
SetFocus
MoveWindow
ScreenToClient
ClientToScreen
AllowSetForegroundWindow
DrawTextW
GetDC
GetKeyState
GetActiveWindow
PostMessageW
KillTimer
GetCursorPos
SetWindowPos
PostQuitMessage
IsIconic
ShowWindow
BeginPaint
EndPaint
DestroyWindow
DefWindowProcW
LoadCursorW
LoadIconW
RegisterClassExW
SetCapture
ReleaseCapture
TrackMouseEvent
SetTimer
GetWindowDC
GetWindowRect
UpdateLayeredWindow
ReleaseDC
GetForegroundWindow
SetWindowLongW
GetWindowLongW
GetSystemMetrics
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW

gdi32

SetTextAlign
SetMapMode
SetBkMode
SetLayout
RoundRect
SelectObject
DeleteDC
GetLayout
CreateDIBSection
GetObjectW
DeleteObject
AddFontMemResourceEx
EnumFontFamiliesExW
CreateFontW
GetStockObject
SetTextColor
SetBkColor
CreateCompatibleDC

wintrust

WinVerifyTrust

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CryptMsgClose
CertFreeCertificateContext
CryptQueryObject
CertCloseStore
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertCreateCertificateChainEngine
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateChain
CertOpenStore

msimg32

AlphaBlend

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

ws2_32

getsockopt
recvfrom
htons
ioctlsocket
htonl
connect
recv
sendto
WSACleanup
__WSAFDIsSet
setsockopt
WSAGetLastError
getpeername
getsockname
ntohs
WSAIoctl
getaddrinfo
freeaddrinfo
gethostname
send
ntohl
socket
WSAStartup
WSASetLastError
listen
select
closesocket
bind
accept

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetSetStatusCallbackA
InternetOpenA
InternetReadFileExA
InternetSetCookieW
InternetSetOptionA
InternetCrackUrlA
HttpQueryInfoA

winhttp

WinHttpGetProxyForUrl
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle

advapi32

DuplicateTokenEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
GetTokenInformation

shell32

ShellExecuteExA
SHGetFolderPathW
ShellExecuteExW
FindExecutableA

oleaut32

SafeArrayPutElement
SafeArrayCreateVector
SysAllocString
VariantClear

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 383KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 652KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

73c80df4056f5dae8a68d5ea01ee939b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

uiautomationcore

kernel32

user32

gdi32

wintrust

crypt32

msimg32

rpcrt4

ws2_32

wininet

winhttp

advapi32

shell32

oleaut32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 385KB - Virtual size: 384KB

.data Size: 47KB - Virtual size: 69KB

.rsrc Size: 383KB - Virtual size: 382KB

.reloc Size: 652KB - Virtual size: 656KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 385KB - Virtual size: 384KB

.data
Size: 47KB - Virtual size: 69KB

.rsrc
Size: 383KB - Virtual size: 382KB

.reloc
Size: 652KB - Virtual size: 656KB