2024-06-24_d85c2876fc8e6240471c9ebe1faf99af_mafia_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-24_d85c2876fc8e6240471c9ebe1faf99af_mafia_magniber
Size

9.6MB
MD5

d85c2876fc8e6240471c9ebe1faf99af
SHA1

010a5e03cf8b3611aecc6b5207bf445027d3de07
SHA256

477d99b8f64d3b91fb1ba169b1353fbc4f273ebec1ffe49b2783695516d1251b
SHA512

a73316187314071e4b33cc462323a9691391d5bfd68fe0d378923c87686592975b8fa5ec6868d4ce912a9030a6a2250392edd59e4df980908c5badf964da99f2
SSDEEP

196608:WNdplZb9aEeuG5+ewAmsrqNim5ESXCSzjyAbP4QcD:WjZbte1QAmsrqN2STz+

Score

1^/10

Malware Config

Signatures

Files

2024-06-24_d85c2876fc8e6240471c9ebe1faf99af_mafia_magniber
.exe windows:5 windows x86 arch:x86

46e81ea7c586a60913116af30e931e2c

Code Sign

07:68:20:0e:7f:5a:53:46:17:03:ae:57:7d:98:9c:30
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/10/2014, 00:00

Not After

18/01/2017, 23:59

Subject

CN=LULU SOFTWARE LIMITED,O=LULU SOFTWARE LIMITED,L=Ta'Xbiex,ST=XBX,C=MT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:90:ae:53:94:56:79:9c:f6:ca:ee:78:90:64:b5:ee:d6:95:05:cd
Signer

Actual PE Digest

9f:90:ae:53:94:56:79:9c:f6:ca:ee:78:90:64:b5:ee:d6:95:05:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

W:\TemporaryBuilds\5\175\src\Trunk\_bin\Win32\Release\GlamInstallerCom\GlamInstallerCom.pdb

Imports

ws2_32

accept
listen
__WSAFDIsSet
select
sendto
getservbyport
gethostbyaddr
getservbyname
htonl
inet_ntoa
gethostbyname
WSACleanup
inet_addr
WSASetLastError
socket
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
closesocket
WSAStartup
recvfrom
shutdown
gethostname
ioctlsocket

wldap32

ord79
ord35
ord32
ord41
ord26
ord50
ord46
ord22
ord200
ord33
ord301
ord30
ord27
ord60
ord143
ord211

wininet

InternetQueryOptionA
InternetOpenW
InternetSetOptionW
InternetConnectW
InternetReadFile
InternetErrorDlg
HttpOpenRequestW
InternetCombineUrlA
InternetOpenA
HttpQueryInfoA
InternetGetLastResponseInfoA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestW
HttpQueryInfoW
InternetCloseHandle
InternetSetOptionA
InternetConnectA

oleacc

AccessibleObjectFromWindow
LresultFromObject

winmm

timeSetEvent
timeKillEvent
timeGetTime
PlaySoundA
timeGetDevCaps

imm32

ImmAssociateContextEx
ImmGetCompositionStringW
ImmReleaseContext
ImmSetCandidateWindow
ImmNotifyIME
ImmIsIME
ImmGetContext

comctl32

ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetImageInfo

urlmon

FindMimeFromData

kernel32

EncodePointer
InterlockedCompareExchange
InterlockedDecrement
WideCharToMultiByte
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceW
MultiByteToWideChar
lstrlenA
lstrlenW
CloseHandle
LocalFree
LocalAlloc
GetCurrentProcess
GetDriveTypeW
ReadFile
GetFileSize
CreateFileW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCommandLineW
WaitForSingleObject
RaiseException
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetModuleHandleW
CreateThread
CreateEventW
GetCurrentThreadId
SetEvent
GetTickCount
InterlockedExchange
CreateEventA
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
GetVersionExW
GetFullPathNameW
DeleteFileW
SetFileAttributesW
WriteFile
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
RemoveDirectoryW
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentDirectoryW
Sleep
GetSystemTimeAsFileTime
ReleaseSemaphore
WaitForMultipleObjects
lstrcmpiW
InterlockedIncrement
FreeLibrary
LoadLibraryExW
DeleteFileA
CreateDirectoryW
GetUserDefaultLCID
Process32NextW
TerminateProcess
DecodePointer
Process32FirstW
CreateToolhelp32Snapshot
GetExitCodeProcess
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
GetCurrentProcessId
OutputDebugStringW
ReleaseMutex
CreateMutexA
GetModuleFileNameA
SetUnhandledExceptionFilter
GetSystemInfo
GetComputerNameA
SetConsoleTextAttribute
GetWindowsDirectoryA
GetStdHandle
GetConsoleScreenBufferInfo
OutputDebugStringA
GetTempPathA
QueryPerformanceCounter
lstrcpynW
SetLastError
FormatMessageA
DuplicateHandle
UnmapViewOfFile
CreateFileMappingA
MapViewOfFileEx
CreateFileA
GetFileSizeEx
SystemTimeToFileTime
GetLocalTime
GetSystemTime
GetTimeZoneInformation
GetDateFormatW
FileTimeToSystemTime
GetThreadLocale
GetLocaleInfoW
MulDiv
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
GetLocaleInfoA
LoadLibraryA
GetTempFileNameA
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalAlloc
ExitThread
GetVersionExA
FindResourceA
SetEndOfFile
SetFilePointer
FlushViewOfFile
MapViewOfFile
GetCPInfo
SetThreadLocale
CompareStringW
GetFileAttributesW
GetNumberFormatW
GetCurrencyFormatW
GetStringTypeW
GetStringTypeA
SleepEx
GetSystemDirectoryA
PeekNamedPipe
GetFileType
ExpandEnvironmentStringsA
GetModuleHandleA
GetVersion
GlobalMemoryStatus
FlushConsoleInputBuffer
HeapDestroy
HeapReAlloc
HeapSize
OpenEventA
ResetEvent
ResumeThread
SetWaitableTimer
CreateWaitableTimerA
GetFileAttributesA
GetFileAttributesExW
GetFullPathNameA
GetTempPathW
CreateMutexW
GetFileInformationByHandle
GetStringTypeExA
GetStringTypeExW
LCMapStringA
LCMapStringW
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
GetTimeFormatA
GetDateFormatA
ExitProcess
HeapSetInformation
GetStartupInfoW
CreateProcessA
WriteConsoleW
GetConsoleCP
GetConsoleMode
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
FlushFileBuffers
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
CreatePipe
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA
OpenProcess

user32

DrawIconEx
CreateIconFromResourceEx
SetScrollInfo
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
ScrollDC
ScrollWindowEx
IsChild
GetActiveWindow
CreateWindowExA
GetKeyboardLayout
DestroyCaret
SetCaretPos
CreateCaret
RegisterClipboardFormatW
CloseClipboard
EmptyClipboard
OpenClipboard
EnumClipboardFormats
CountClipboardFormats
SetClipboardData
GetClipboardData
IsClipboardFormatAvailable
SendMessageTimeoutA
AdjustWindowRectEx
MessageBeep
GetKeyState
GetCaretBlinkTime
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
LoadStringW
RegisterClassExA
RegisterClassA
SetWindowLongA
IsWindowUnicode
PeekMessageA
MoveWindow
ClientToScreen
IsWindowEnabled
SetWindowsHookExA
CallNextHookEx
GetSysColor
LoadCursorFromFileA
DestroyIcon
SetCursor
GetMessageA
DispatchMessageA
NotifyWinEvent
GetWindowPlacement
InvalidateRect
KillTimer
LoadStringA
GetFocus
GetIconInfo
SetTimer
GetScrollInfo
SetCapture
GetCapture
ReleaseCapture
LoadCursorA
CreateCursor
UnhookWindowsHookEx
SystemParametersInfoA
GetDoubleClickTime
GetWindowLongA
GetWindowDC
GetSystemMetrics
InflateRect
OffsetRect
GetClassLongA
FillRect
DefWindowProcA
ReleaseDC
GetAsyncKeyState
GetDlgCtrlID
EndPaint
BeginPaint
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
SetParent
EndDialog
DialogBoxIndirectParamW
DestroyMenu
GetCursorPos
AppendMenuW
CreatePopupMenu
RegisterWindowMessageW
SetWindowTextW
DestroyWindow
DefWindowProcW
GetWindowLongW
SetWindowLongW
RegisterClassExW
GetClassInfoExW
SystemParametersInfoW
CreateWindowExW
UpdateWindow
LoadIconW
CharUpperW
SendMessageA
EnumWindows
PostMessageA
DrawFrameControl
DrawEdge
GetSysColorBrush
InvertRect
DrawTextW
DrawTextA
SetWindowRgn
PtInRect
PostQuitMessage
GetDC
RegisterWindowMessageA
UnregisterClassW
IsIconic
ShowWindow
CharNextW
ExitWindowsEx
PostMessageW
GetWindowThreadProcessId
RegisterClassW
SetFocus
UnregisterClassA
FindWindowW
GetWindowRect
IsWindow
SetForegroundWindow
ScreenToClient
GetSystemMenu
TrackPopupMenu
PostThreadMessageW
GetMessageW
DispatchMessageW
TranslateMessage
SetWindowPos
GetParent
SendMessageW
GetDesktopWindow
MessageBoxW
EnableMenuItem
WindowFromPoint

gdi32

CreatePen
GetTextMetricsA
GetWindowOrgEx
TextOutA
TextOutW
SetTextAlign
GetTextAlign
SetBkMode
CreateBitmap
SetPixel
GetPixel
SetBrushOrgEx
CreateHatchBrush
Rectangle
GetTextExtentPoint32W
GetTextExtentPoint32A
RectVisible
PatBlt
CreatePatternBrush
CreateRoundRectRgn
GetTextExtentExPointW
GetCharacterPlacementW
GetFontLanguageInfo
CreateDIBPatternBrushPt
CreateDIBSection
StretchDIBits
SetStretchBltMode
StretchBlt
GetDIBits
GetClipBox
CreateFontA
AddFontMemResourceEx
GdiFlush
GetKerningPairsA
GetCurrentObject
GetGlyphOutlineW
CreateRectRgn
GetDeviceCaps
GetObjectA
SetTextColor
IntersectClipRect
SetBkColor
CreateRectRgnIndirect
CombineRgn
ExcludeClipRect
CreateSolidBrush
SetWindowOrgEx
BitBlt
DeleteDC
CreateCompatibleDC
LPtoDP
CreateCompatibleBitmap
SelectObject
GetStockObject
SetViewportOrgEx
DPtoLP
SetViewportExtEx
GetMapMode
SetMapMode
GetWindowExtEx
SetWindowExtEx
GetViewportExtEx
RestoreDC
SaveDC
SetLayout
EnumFontFamiliesExA
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

shell32

Shell_NotifyIconW
SHGetPathFromIDListW
SHGetFileInfoW
ord74
DragQueryFileW
SHChangeNotify
SHGetSpecialFolderPathW
ShellExecuteW
SHBrowseForFolderW

ole32

CoTaskMemAlloc
CoReleaseServerProcess
CoAddRefServerProcess
CoRegisterClassObject
CoInitialize
CoCreateInstance
OleRun
CoUninitialize
CoInitializeEx
DoDragDrop
CoTaskMemRealloc
CoTaskMemFree
CoRevokeClassObject
StringFromGUID2
CoCreateGuid
RevokeDragDrop
RegisterDragDrop
ReleaseStgMedium

oleaut32

GetErrorInfo
RegisterTypeLi
SysStringByteLen
UnRegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysAllocString
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
SysAllocStringByteLen
LoadRegTypeLi
SysStringLen

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msi

ord160
ord92
ord32
ord158
ord159
ord117
ord70
ord205
ord116
ord88
ord137
ord45
ord141
ord43
ord111
ord14
ord8

shlwapi

UrlEscapeA
PathFileExistsW

dbghelp

MiniDumpWriteDump

winhttp

WinHttpGetIEProxyConfigForCurrentUser

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

crypt32

CertGetNameStringW

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 880KB - Virtual size: 879KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 390KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46e81ea7c586a60913116af30e931e2c

Code Sign

07:68:20:0e:7f:5a:53:46:17:03:ae:57:7d:98:9c:30Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

9f:90:ae:53:94:56:79:9c:f6:ca:ee:78:90:64:b5:ee:d6:95:05:cdSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

wininet

oleacc

winmm

imm32

comctl32

urlmon

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

version

msi

shlwapi

dbghelp

winhttp

wintrust

crypt32

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 880KB - Virtual size: 879KB

.data Size: 189KB - Virtual size: 284KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 4.1MB - Virtual size: 4.1MB

.reloc Size: 390KB - Virtual size: 389KB

07:68:20:0e:7f:5a:53:46:17:03:ae:57:7d:98:9c:30
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

9f:90:ae:53:94:56:79:9c:f6:ca:ee:78:90:64:b5:ee:d6:95:05:cd
Signer

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 880KB - Virtual size: 879KB

.data
Size: 189KB - Virtual size: 284KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

.reloc
Size: 390KB - Virtual size: 389KB