2024-06-19_e883b1e524fe85a94319befa32b2a821_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-19_e883b1e524fe85a94319befa32b2a821_magniber
Size

4.5MB
MD5

e883b1e524fe85a94319befa32b2a821
SHA1

73f09b2886a61465807c16d66c9a23cf2729b59e
SHA256

7a3a9222dc44ab95dd3d1b417b364f2852b8add802936bf4827dfc3473d39616
SHA512

f0df2abd73f1ca5278b0d62cd2b492e18ff1a590d84fed3c19a4e2589dc8ecd842aa71280325e847e0f3e5ac2e2c2043bfa14c26a0de1fee7df89ed17a854dfe
SSDEEP

98304:tJf3ofxjYIlUN8aFYzJ9AvuB6Gz0idEczN:D3of9I00idEc

Score

1^/10

Malware Config

Signatures

Files

2024-06-19_e883b1e524fe85a94319befa32b2a821_magniber
.exe windows:5 windows x86 arch:x86

da81fa97a984a2c972e5b8fdbdd689fb

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:d3:77:e1:e5:6e:dd:a3:c9:04:1b:0a:e9:a7:e5:e2:d3:c2:b8:cd
Signer

Actual PE Digest

8c:d3:77:e1:e5:6e:dd:a3:c9:04:1b:0a:e9:a7:e5:e2:d3:c2:b8:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\BuildProjects\src\branches\360SafeBox_6.0\360Game\build\release\SafeBox.pdb

Imports

kernel32

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
MulDiv
DisableThreadLibraryCalls
TlsFree
TlsAlloc
GetExitCodeThread
TlsSetValue
GlobalFree
GlobalAlloc
SetCurrentDirectoryW
TlsGetValue
MoveFileExW
VirtualQuery
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleA
SetProcessWorkingSetSize
ExitProcess
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
DuplicateHandle
GetWindowsDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetCurrentThread
GetThreadContext
OpenThread
GlobalMemoryStatusEx
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
QueryPerformanceCounter
SetThreadAffinityMask
CreateFileMappingW
SystemTimeToFileTime
GetSystemTime
GetFileType
DosDateTimeToFileTime
GetCurrentDirectoryW
SetFileTime
LocalFileTimeToFileTime
CreateFileA
GetModuleFileNameA
GetThreadPriority
GetPrivateProfileSectionNamesW
WaitForMultipleObjects
WriteProcessMemory
ReadProcessMemory
VirtualProtect
WritePrivateProfileStringA
DeleteFileA
GetPrivateProfileStringA
GetVolumeInformationW
GetSystemDirectoryA
CreateFileMappingA
LoadLibraryA
CreateProcessA
Module32NextW
Module32FirstW
GetFileAttributesW
GetTempFileNameW
LocalAlloc
SetThreadContext
DeleteAtom
FindAtomW
ReleaseMutex
AddAtomW
GetAtomNameW
FormatMessageW
OutputDebugStringW
GetFileSizeEx
SetFilePointerEx
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
FlushFileBuffers
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
SetHandleCount
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
HeapCreate
GetCPInfo
LCMapStringA
GetStartupInfoA
GetCommandLineA
ExitThread
IsDebuggerPresent
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ReleaseSemaphore
CreateSemaphoreW
GlobalLock
GlobalSize
GlobalUnlock
lstrlenA
WideCharToMultiByte
FreeResource
SetThreadPriority
ResumeThread
ResetEvent
Sleep
GetVersion
TerminateProcess
GetSystemDirectoryW
lstrcmpW
GetShortPathNameW
GetFileSize
ReadFile
LCMapStringW
GetTickCount
CreateThread
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
lstrcpynW
GetVersionExW
GetTempPathW
OpenProcess
CreateProcessW
CreateEventW
SetLastError
CreateMutexW
InterlockedExchange
SetEvent
RaiseException
WaitForSingleObject
SuspendThread
TerminateThread
GetCurrentProcess
FlushInstructionCache
GetLocalTime
GetCurrentProcessId
SetFilePointer
WriteFile
SetEndOfFile
LocalFree
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
DeviceIoControl
CreateFileW
CloseHandle
SetFileAttributesW
DeleteFileW
CreateDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CopyFileW
GetCommandLineW
LoadLibraryExW
MultiByteToWideChar
GetModuleFileNameW
LoadLibraryW
FreeLibrary
lstrcmpiW
GetModuleHandleW
GetProcAddress
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
GetCurrentThreadId
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CopyFileA

user32

KillTimer
SetTimer
SetWindowLongW
BringWindowToTop
ShowWindow
IsWindowVisible
IsWindow
GetClassInfoExW
LoadCursorW
GetWindowLongW
CallWindowProcW
FillRect
IsChild
TrackMouseEvent
UpdateLayeredWindow
FindWindowExW
GetIconInfo
GetDlgItem
UpdateWindow
RegisterClipboardFormatW
DestroyIcon
LockSetForegroundWindow
EnumThreadWindows
InflateRect
CharLowerW
SetRectEmpty
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
FindWindowW
PostMessageW
RegisterWindowMessageW
DefWindowProcW
DestroyWindow
UnregisterClassA
CharNextW
SetCapture
ReleaseCapture
EnableWindow
SetClassLongW
ReleaseDC
DrawTextW
GetDC
DrawIcon
DrawIconEx
GetWindowTextW
GetWindowTextLengthW
MoveWindow
ScreenToClient
RedrawWindow
PrivateExtractIconsW
GetKeyState
IsRectEmpty
SetRect
SubtractRect
UnionRect
IntersectRect
EnumDisplaySettingsW
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetFocus
SetCursor
GetSysColor
MonitorFromPoint
MessageBoxW
CopyRect
SystemParametersInfoW
SetWindowRgn
EndPaint
BeginPaint
SetPropW
EnumWindows
GetClassNameW
PrintWindow
LoadIconW
CallNextHookEx
SetForegroundWindow
RegisterClassExW
CreateWindowExW
SetWindowPos
GetClientRect
GetWindowThreadProcessId
GetAncestor
WindowFromPoint
GetSystemMetrics
GetDesktopWindow
GetForegroundWindow
IsIconic
OffsetRect
SendMessageW
GetActiveWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
GetWindow
GetParent
SetWindowTextW
SetFocus
AttachThreadInput
RegisterHotKey
UnregisterHotKey
SwitchToThisWindow
AnimateWindow
GetCursorPos
InvalidateRect
MsgWaitForMultipleObjects
SendMessageTimeoutW
ClientToScreen
IsZoomed
SetActiveWindow
LoadImageW
GetPropW
MonitorFromRect
PostQuitMessage
RemovePropW
UnhookWindowsHookEx
SetWindowsHookExW
PtInRect
GetAsyncKeyState
GetMessagePos
SetParent

gdi32

GetStockObject
SetStretchBltMode
SetBrushOrgEx
StretchBlt
GetDeviceCaps
SetBkColor
CreateDIBSection
RoundRect
Rectangle
CreatePen
MoveToEx
SetBitmapBits
SetBkMode
CreateDCW
CreateFontW
CreateSolidBrush
CreateFontIndirectW
CreateRectRgn
GetTextExtentPoint32W
GetObjectW
DeleteObject
CreateCompatibleDC
SelectObject
SetViewportOrgEx
CreateCompatibleBitmap
DeleteDC
BitBlt
SetTextColor
CombineRgn
SelectClipRgn
OffsetViewportOrgEx
GetPixel
ExtTextOutW
GetObjectA
LineTo
GetDIBits
CreateRoundRectRgn

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCreateKeyExW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExA

shell32

ShellExecuteA
SHGetFolderPathA
SHGetDiskFreeSpaceExW
SHGetFolderPathW
SHFileOperationW
SHGetFileInfoW
Shell_NotifyIconW
SHGetMalloc
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW
CommandLineToArgvW
ord165
SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleCreate
OleSetContainedObject
RevokeDragDrop
CoGetInterfaceAndReleaseStream
OleInitialize
OleUninitialize
CoCreateGuid
StringFromCLSID
CoUnmarshalInterface
CreateStreamOnHGlobal
CoMarshalInterface
GetHGlobalFromStream
CoMarshalInterThreadInterfaceInStream
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance

oleaut32

SystemTimeToVariantTime
LoadTypeLi
LoadRegTypeLi
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SysStringLen
VariantCopy
SysAllocStringLen
SysAllocString
VariantClear
VariantInit
VarUI4FromStr
SysFreeString
GetErrorInfo

shlwapi

StrRStrIW
UrlCanonicalizeW
StrToIntA
StrStrIW
PathIsURLW
UrlEscapeW
StrDupW
PathFindFileNameW
StrCmpIW
PathFindExtensionW
UrlCompareW
StrCmpW
SHRegGetPathW
SHDeleteValueW
PathMatchSpecW
PathCanonicalizeW
StrTrimW
PathFileExistsA
PathCombineA
StrStrW
SHGetValueW
PathGetDriveNumberW
PathBuildRootW
SHSetValueW
PathAddBackslashW
StrCmpNIW
PathIsRootW
PathCombineW
PathIsDirectoryW
StrToIntW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW

comctl32

ImageList_ReplaceIcon
ImageList_Remove
ImageList_Destroy
ImageList_Create
ImageList_Draw
ImageList_GetImageCount
InitCommonControlsEx

msimg32

TransparentBlt
AlphaBlend

winmm

timeSetEvent
timeBeginPeriod
timeGetDevCaps
PlaySoundW
timeKillEvent
waveOutWrite
timeGetTime

gdiplus

GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipClonePath
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectRectI
GdipGetDC
GdipMeasureString
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetImageAttributesColorKeys
GdipGetImageEncoders
GdipDrawString
GdipFillPath
GdipSetStringFormatTrimming
GdipReleaseDC
GdipCreateFromHDC
GdipAddPathArcI
GdipAddPathLineI
GdipCreateTexture2I
GdipDrawImageRectI
GdipCreateSolidFill
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageRawFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipTranslateTextureTransform
GdipDeleteBrush
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdipDrawPath
GdipDrawRectangleI
GdipDrawLineI
GdipFillRectangleI
GdipSetTextRenderingHint

psapi

GetProcessMemoryInfo
GetMappedFileNameW
GetModuleFileNameExW

ws2_32

select
recv
WSAStartup
getaddrinfo
freeaddrinfo
send
closesocket
inet_ntoa
socket
inet_addr
htons
connect

setupapi

SetupIterateCabinetW

riched20

ord4

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
VerQueryValueW

wininet

InternetCrackUrlW
InternetCloseHandle
DeleteUrlCacheEntryW
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetSetOptionA
InternetSetOptionExW
InternetOpenUrlW
InternetSetCookieExA
InternetSetCookieExW
InternetSetCookieA
InternetSetCookieW
HttpQueryInfoW
InternetReadFile
InternetSetOptionW
InternetOpenA
InternetSetOptionExA

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da81fa97a984a2c972e5b8fdbdd689fb

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

8c:d3:77:e1:e5:6e:dd:a3:c9:04:1b:0a:e9:a7:e5:e2:d3:c2:b8:cdSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

winmm

gdiplus

psapi

ws2_32

setupapi

riched20

version

wininet

urlmon

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 384KB - Virtual size: 383KB

.data Size: 101KB - Virtual size: 157KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 147KB - Virtual size: 146KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

8c:d3:77:e1:e5:6e:dd:a3:c9:04:1b:0a:e9:a7:e5:e2:d3:c2:b8:cd
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 384KB - Virtual size: 383KB

.data
Size: 101KB - Virtual size: 157KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 147KB - Virtual size: 146KB