2024-06-20_a5e32d48af0b76c9b9d9bcca2f787dc4_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-20_a5e32d48af0b76c9b9d9bcca2f787dc4_magniber
Size

26.2MB
MD5

a5e32d48af0b76c9b9d9bcca2f787dc4
SHA1

a981d589a779e7515b72861f19854f5139dc1e9b
SHA256

24da3f05cb9a6f6707c364170169743060beb10f8ced3648cb2ec97a29c01043
SHA512

d38009455753b9718664e496d6ee5011307548b93afb5718ad2bddba769e1a8531a66211e1769955df6fd1e2b308fd763fb0b3635908515bfa5e6651a6cec176
SSDEEP

786432:iXafnudNvhuZvZXYpm2WTngwdD7R6Kf2Bed/:l20ZvZj2WTn/D75O4J

Score

1^/10

Malware Config

Signatures

Files

2024-06-20_a5e32d48af0b76c9b9d9bcca2f787dc4_magniber
.exe windows:6 windows x86 arch:x86

a13ad792cba5306a95f73194fd79563e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:25:28:39:3f:41:46:cb:46:27:30:7d:8a:24:86:76
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16-08-2023 00:00

Not After

10-09-2025 23:59

Subject

CN=WIBU-SYSTEMS AG,O=WIBU-SYSTEMS AG,L=Karlsruhe,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07-11-2023 17:13

Not After

09-12-2034 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a8:9c:b9:61:23:67:73:e6:6e:dd:b0:0e:92:8b:05:63:20:a2:82:73:3c:05:f8:90:fc:56:70:8c:af:a1:9f:d3
Signer

Actual PE Digest

a8:9c:b9:61:23:67:73:e6:6e:dd:b0:0e:92:8b:05:63:20:a2:82:73:3c:05:f8:90:fc:56:70:8c:af:a1:9f:d3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

PDB Paths

B:\SuperBuild\CM_RELEASE_8_10\dev\lib\Release\winX86V1420Clang\codemeter.pdb

Imports

ws2_32

recvfrom
WSAStringToAddressW
WSASend
ntohl
WSAGetLastError
getsockname
htonl
sendto
WSAAddressToStringW
WSASendTo
listen
htons
socket
setsockopt
bind
select
closesocket
shutdown
accept
ioctlsocket
WSASetLastError
WSASocketW
getpeername
recv
send
WSARecv
connect
getsockopt
WSACreateEvent
WSAResetEvent
WSAEventSelect
WSASetEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSACloseEvent
inet_pton
WSAStartup
inet_ntop
ntohs
inet_ntoa
WSAIoctl
WSACleanup
getnameinfo
gethostname
getaddrinfo
__WSAFDIsSet
freeaddrinfo

secur32

GetUserNameExW

ntdll

RtlUnwind
RtlRemoveVectoredExceptionHandler
NtOpenSymbolicLinkObject
VerSetConditionMask
RtlAddVectoredExceptionHandler

crypt32

CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertEnumCertificatesInStore
CertCloseStore
CryptUnprotectMemory
CertOpenSystemStoreA
CertFreeCertificateContext
CryptProtectMemory

kernel32

IsWow64Process
VerifyVersionInfoW
GetCurrentProcess
GetTickCount
FormatMessageA
SetLastError
SetEvent
LocalFree
LocalAlloc
GetDriveTypeA
lstrcmpiA
WaitForSingleObjectEx
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
FormatMessageW
DuplicateHandle
DeleteFileW
SetFileAttributesW
CreateFileW
InitializeCriticalSectionAndSpinCount
CreateIoCompletionPort
VerifyVersionInfoA
SleepEx
PostQueuedCompletionStatus
TlsGetValue
TlsSetValue
GetQueuedCompletionStatus
SetWaitableTimer
WaitForMultipleObjects
QueueUserAPC
TlsFree
TlsAlloc
CreateEventW
ExitProcess
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeSRWLock
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetDriveTypeW
OutputDebugStringA
WTSGetActiveConsoleSessionId
GetEnvironmentVariableW
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
SetFilePointer
GetModuleHandleW
LoadLibraryExA
DeviceIoControl
GetSystemTimeAsFileTime
SetErrorMode
GetUserDefaultGeoName
GetFileSize
GetFileAttributesW
CreateDirectoryW
GetVolumeInformationW
GetDiskFreeSpaceW
GetLogicalDriveStringsW
QueryDosDeviceW
GetLogicalDriveStringsA
SetFilePointerEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceFrequency
GetSystemDirectoryA
InitializeCriticalSectionEx
QueryPerformanceCounter
MoveFileExA
CompareFileTime
InitOnceExecuteOnce
PulseEvent
GetFileSizeEx
FlushFileBuffers
WriteFile
ReadFile
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetTimeZoneInformation
Sleep
TerminateThread
GetExitCodeThread
GetCurrentThread
GetCurrentThreadId
ExitThread
GetModuleHandleA
CreateDirectoryA
SetFileTime
CopyFileA
DeleteFileA
CreateFileA
SetFileAttributesA
MoveFileA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetFileAttributesA
GetFullPathNameA
GetEnvironmentVariableA
GetCurrentDirectoryA
ExpandEnvironmentStringsA
SetCurrentDirectoryA
GetCurrentProcessId
GetComputerNameExA
GlobalFree
SetEndOfFile
GetFileInformationByHandle
TerminateProcess
OpenProcess
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
CloseHandle
OpenEventA
GetComputerNameA
GetProcAddress
GetLastError
FreeLibrary
WritePrivateProfileStringA
WritePrivateProfileSectionA
GetPrivateProfileIntA
GetPrivateProfileSectionA
GetPrivateProfileStringA
CreateWaitableTimerA
GetStartupInfoA
CancelIo
GetOverlappedResult
SetThreadContext
GetThreadContext
MultiByteToWideChar
WideCharToMultiByte
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
ReleaseMutex
GetConsoleMode
GetStdHandle
ReadConsoleInputA
GetNumberOfConsoleInputEvents
FlushConsoleInputBuffer
SetConsoleMode
GetUserDefaultUILanguage
AreFileApisANSI
GetModuleFileNameA
LoadLibraryA
GetFileTime
FindFirstFileA
FindNextFileA
OpenSemaphoreA
CreateToolhelp32Snapshot
Process32Next
Process32First
OpenMutexA
GetLogicalDrives
EnumSystemFirmwareTables
GetSystemFirmwareTable
WaitForMultipleObjectsEx
CreateDirectoryExW
CopyFileExW
RemoveDirectoryW
MoveFileExW
VirtualUnlock
VirtualLock
CreateMutexA
IsBadReadPtr
BackupSeek
BackupRead
FileTimeToLocalFileTime
VirtualAlloc
VirtualQuery
ResetEvent
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
TryEnterCriticalSection
SwitchToThread
GetStringTypeW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
InitOnceBeginInitialize
InitOnceComplete
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
InterlockedPushEntrySList
LoadLibraryExW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
CreateThread
ResumeThread
FreeLibraryAndExitThread
GetConsoleCP
ReadConsoleW
GetModuleFileNameW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
HeapReAlloc
HeapSize
GetFileAttributesExW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
CopyFileW
ReplaceFileA
GetWindowsDirectoryA
MapViewOfFileEx
FlushViewOfFile
VirtualFree

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFolderLocation
SHGetPathFromIDListA
SHGetFolderPathA

advapi32

IsValidSid
RegDeleteKeyA
CryptAcquireContextA
RegFlushKey
CryptReleaseContext
CryptGenRandom
ConvertStringSecurityDescriptorToSecurityDescriptorA
CloseEventLog
RegisterEventSourceA
DeregisterEventSource
RegConnectRegistryA
ReportEventA
OpenProcessToken
GetTokenInformation
ReadEventLogA
SetSecurityDescriptorSacl
CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceStatusEx
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
LsaFreeMemory
RegisterServiceCtrlHandlerExA
SetServiceStatus
StartServiceCtrlDispatcherA
QueryServiceStatus
LookupPrivilegeNameA
CreateServiceA
ChangeServiceConfig2A
QueryServiceConfigA
ConvertSidToStringSidA
OpenEventLogA
SystemFunction036
EnumDependentServicesA
GetSecurityDescriptorDacl
SetServiceObjectSecurity
QueryServiceObjectSecurity
DeleteService
ControlService
SetEntriesInAclA
StartServiceA
AdjustTokenPrivileges
ImpersonateSelf
LookupPrivilegeValueA
ConvertSidToStringSidW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyA
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
OpenThreadToken
FreeSid
AllocateAndInitializeSid
LookupAccountSidA
EqualSid
GetSecurityDescriptorSacl

iphlpapi

CancelMibChangeNotify2
NotifyIpInterfaceChange
GetIpAddrTable
GetAdaptersAddresses

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpOpen
WinHttpGetDefaultProxyConfiguration

wtsapi32

WTSWaitSystemEvent

activeds

ord9
ord13

netapi32

DsEnumerateDomainTrustsA
NetUserGetLocalGroups
DsEnumerateDomainTrustsW
NetUserEnum
NetApiBufferFree
NetGroupEnum
DsGetDcNameW

bcrypt

BCryptGenRandom

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

psapi

GetModuleFileNameExA

setupapi

SetupDiGetDeviceInterfaceDetailA
CM_Get_Device_ID_Size
SetupDiEnumDeviceInfo
CM_Get_Child
CM_Get_Sibling
CM_Get_DevNode_Registry_PropertyA
SetupDiGetClassDevsA
CM_Get_Parent
CM_Get_Device_IDA
SetupDiOpenDeviceInfoA
CMP_WaitNoPendingInstallEvents
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 16.2MB - Virtual size: 16.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a13ad792cba5306a95f73194fd79563e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:25:28:39:3f:41:46:cb:46:27:30:7d:8a:24:86:76Certificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

a8:9c:b9:61:23:67:73:e6:6e:dd:b0:0e:92:8b:05:63:20:a2:82:73:3c:05:f8:90:fc:56:70:8c:af:a1:9f:d3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

secur32

ntdll

crypt32

kernel32

shell32

advapi32

iphlpapi

winhttp

wtsapi32

activeds

netapi32

bcrypt

version

psapi

setupapi

Sections

.text Size: 16.2MB - Virtual size: 16.2MB

.rdata Size: 6.4MB - Virtual size: 6.4MB

.data Size: 1.7MB - Virtual size: 2.0MB

.rsrc Size: 210KB - Virtual size: 209KB

.reloc Size: 1.7MB - Virtual size: 1.7MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:25:28:39:3f:41:46:cb:46:27:30:7d:8a:24:86:76
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

a8:9c:b9:61:23:67:73:e6:6e:dd:b0:0e:92:8b:05:63:20:a2:82:73:3c:05:f8:90:fc:56:70:8c:af:a1:9f:d3
Signer

.text
Size: 16.2MB - Virtual size: 16.2MB

.rdata
Size: 6.4MB - Virtual size: 6.4MB

.data
Size: 1.7MB - Virtual size: 2.0MB

.rsrc
Size: 210KB - Virtual size: 209KB

.reloc
Size: 1.7MB - Virtual size: 1.7MB