2024-06-29_efa4e1db131c245c88b2149c54185bed_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-29_efa4e1db131c245c88b2149c54185bed_magniber
Size

1.6MB
MD5

efa4e1db131c245c88b2149c54185bed
SHA1

1bb1c03303cd6eded264dab64f7787a031950a35
SHA256

d98192ed51331571fa936323cd34519707a86a65cf725a43e17913575fe8ce6a
SHA512

a1eccdb57055bafddf1c597356e2a09ca7f4f28799940d5cd32ab1e165d5f35157ea1ee3b454bbed08098d21dfa96c993f9d02a5effc9f49bd7efe848feaeca4
SSDEEP

24576:Y4eY0/0FccXYhf9he8SaLarBaKTRcCY7grQWP/frm5J+7hMsJEq3:Y4RU0GTABaKTRcC8k3XTmCb

Score

1^/10

Malware Config

Signatures

Files

2024-06-29_efa4e1db131c245c88b2149c54185bed_magniber
.exe windows:4 windows x86 arch:x86

6f5d9561d9996f04add47f79f669724e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/02/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:bd:da:c0:aa:01:25:8e:01:21:c3:3b:bd:35:1f:8d:bd:25:35:3b:20:4a:ca:d4:ed:28:9f:2f:b2:f3:ea:b8
Signer

Actual PE Digest

3c:bd:da:c0:aa:01:25:8e:01:21:c3:3b:bd:35:1f:8d:bd:25:35:3b:20:4a:ca:d4:ed:28:9f:2f:b2:f3:ea:b8

Digest Algorithm

sha256

PE Digest Matches

true

15:f7:0f:f8:99:ec:e8:da:a7:a6:59:f7:c5:c3:d4:1c:d9:54:22:76
Signer

Actual PE Digest

15:f7:0f:f8:99:ec:e8:da:a7:a6:59:f7:c5:c3:d4:1c:d9:54:22:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_Trunk\workspace\12.9Patch_SourceJob\qqpcmgr_proj\Basic\Output\BinFinal\Uninst.pdb

Imports

kernel32

SystemTimeToFileTime
WriteProcessMemory
HeapFree
VirtualAllocEx
TerminateProcess
GetProcessHeap
HeapAlloc
lstrcpynW
SetErrorMode
SetUnhandledExceptionFilter
SearchPathW
FreeResource
WriteFile
SetEvent
GetWindowsDirectoryW
CreateFileA
GetCurrentDirectoryW
ExpandEnvironmentStringsW
IsBadReadPtr
CreateDirectoryW
GetPrivateProfileStringW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetDriveTypeA
GetCurrentDirectoryA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
GetEnvironmentVariableW
IsValidCodePage
GetOEMCP
HeapCreate
GetModuleFileNameA
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
RtlUnwind
GetStartupInfoW
CreateThread
ExitThread
GetModuleHandleA
GetFullPathNameW
IsDebuggerPresent
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetLocaleInfoW
GetUserDefaultUILanguage
SetFilePointer
MoveFileW
DuplicateHandle
CreatePipe
GetStdHandle
IsDBCSLeadByte
GetCPInfo
LoadLibraryA
GetSystemDefaultLangID
VirtualQuery
ReleaseMutex
QueryDosDeviceW
GetLogicalDriveStringsW
GetLocalTime
LocalFree
SetFileAttributesW
LocalAlloc
WaitForSingleObject
DeviceIoControl
GetTempFileNameW
CreateEventW
CreateFileW
CopyFileW
GetExitCodeProcess
MoveFileExW
CreateToolhelp32Snapshot
Sleep
FindFirstFileW
GetTempPathW
GetProcessTimes
GetSystemTimeAsFileTime
WaitForMultipleObjects
OpenProcess
FindNextFileW
CreateProcessW
RemoveDirectoryW
GetFileAttributesW
FindClose
GetCommandLineW
Process32FirstW
GetSystemInfo
Process32NextW
GetFileSize
ReadFile
GetCurrentProcessId
GetTickCount
ExitProcess
DeleteFileW
GlobalLock
lstrcmpW
OutputDebugStringW
GlobalUnlock
MulDiv
GlobalAlloc
WideCharToMultiByte
FlushInstructionCache
CreateFileMappingW
LeaveCriticalSection
lstrcmpiW
LoadLibraryExW
CreateMutexW
EnterCriticalSection
lstrlenW
FreeLibrary
UnmapViewOfFile
GetVersion
MapViewOfFileEx
MultiByteToWideChar
lstrlenA
InterlockedDecrement
SetLastError
RaiseException
InterlockedIncrement
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
GetVersionExW
GetSystemDirectoryW
LoadResource
LockResource
FindResourceExW
GetCurrentProcess
FindResourceW
SizeofResource
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
SetHandleCount
DebugBreak

user32

InvalidateRect
SetForegroundWindow
LoadStringW
LoadImageW
CopyImage
LoadIconW
UnregisterClassA
RegisterWindowMessageW
CloseWindowStation
GetProcessWindowStation
MoveWindow
SetWindowLongW
AttachThreadInput
GetWindowThreadProcessId
MapWindowPoints
CopyRect
CloseDesktop
GetThreadDesktop
GetUserObjectInformationW
mouse_event
ReleaseDC
SetRect
GetDesktopWindow
GetWindowLongW
RegisterClassExW
SystemParametersInfoW
InflateRect
IsWindowEnabled
IsWindow
GetActiveWindow
GetParent
SetActiveWindow
CharNextW
DispatchMessageW
GetMessageW
GetDlgItem
GetClientRect
GetWindowRect
SendMessageW
TranslateMessage
LoadCursorW
GetDC
ShowWindow
SetWindowPos
GetWindow
PeekMessageW
DestroyWindow
GetForegroundWindow
EnableWindow
PostQuitMessage
ShowCursor
SetCursor
GetSystemMenu
DrawTextW
GetKeyState
DestroyIcon
GetSystemMetrics
MonitorFromWindow
TrackPopupMenu
DrawFrameControl
OffsetRect
DrawIconEx
GetDlgCtrlID
PostThreadMessageW
SetTimer
EqualRect
UpdateLayeredWindow
PtInRect
GetMonitorInfoW
FindWindowW
MsgWaitForMultipleObjects
SendMessageTimeoutW
FillRect
InvalidateRgn
BeginPaint
EndPaint
SetFocus
FindWindowExW
DestroyAcceleratorTable
IsWindowVisible
ClientToScreen
KillTimer
RedrawWindow
SetCapture
GetClassNameW
ScreenToClient
IsChild
CreateAcceleratorTableW
ReleaseCapture
CallWindowProcW
DefWindowProcW
GetFocus
PostMessageW
GetWindowTextW
SetWindowTextW
GetSysColor
FrameRect
GetWindowTextLengthW
GetClassInfoExW
CreateWindowExW

gdi32

CreateFontIndirectW
CreateBitmap
CreateCompatibleBitmap
GetObjectW
DeleteObject
SetBkColor
Rectangle
StretchBlt
SetTextColor
DeleteDC
GetStockObject
GetCurrentObject
CreateDIBSection
SelectObject
CreatePen
BitBlt
CreateRectRgnIndirect
SelectClipRgn
RestoreDC
SetBkMode
GetTextExtentPoint32W
SaveDC
CreateRectRgn
GetDeviceCaps
MoveToEx
CreateCompatibleDC
CreateSolidBrush
CombineRgn
TextOutW
LineTo
ExtTextOutW
RoundRect
GetClipRgn
RectInRegion

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
QueryServiceConfig2W
DeleteService
ChangeServiceConfig2W
OpenSCManagerW
CloseServiceHandle
RegEnumValueW
ControlService
QueryServiceStatus
OpenServiceW
RegLoadKeyW
OpenProcessToken
AdjustTokenPrivileges
RegUnLoadKeyW
LookupPrivilegeValueW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
AllocateAndInitializeSid
RegRestoreKeyW
IsTextUnicode

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHChangeNotify

ole32

CoUninitialize
CoInitialize
CoGetClassObject
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
StringFromGUID2
CLSIDFromProgID
PropVariantClear
CoInitializeEx
OleLockRunning
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

DispCallFunc
VariantClear
LoadRegTypeLi
SysStringByteLen
VarBstrCmp
VariantInit
SysStringLen
OleCreateFontIndirect
LoadTypeLi
VarUI4FromStr
OleLoadPicture
SysAllocString
SysFreeString
SysAllocStringLen

shlwapi

PathAddBackslashW
PathAppendW
StrToIntA
SHDeleteKeyW
PathRemoveFileSpecW
PathFindFileNameW
wnsprintfW
SHDeleteValueW
SHStrDupW
PathUnquoteSpacesW
PathFileExistsW

comctl32

_TrackMouseEvent

ws2_32

ntohl
htons
htonl
WSCDeinstallProvider
WSCEnumProtocols

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
GetProcessMemoryInfo

gdiplus

GdipCloneImage
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageI
GdipGetImageWidth
GdipDrawImageRectRectI
GdiplusStartup
GdipGetImageHeight
GdipDrawImageRectI
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdiplusShutdown
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdipDisposeImage
GdipDeleteGraphics

wininet

InternetOpenW
InternetOpenUrlW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

fltlib

FilterUnload

crypt32

CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW

netapi32

Netbios

Sections

.text
Size: 836KB - Virtual size: 835KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f5d9561d9996f04add47f79f669724e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

3c:bd:da:c0:aa:01:25:8e:01:21:c3:3b:bd:35:1f:8d:bd:25:35:3b:20:4a:ca:d4:ed:28:9f:2f:b2:f3:ea:b8Signer

15:f7:0f:f8:99:ec:e8:da:a7:a6:59:f7:c5:c3:d4:1c:d9:54:22:76Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

psapi

gdiplus

wininet

version

fltlib

crypt32

netapi32

Sections

.text Size: 836KB - Virtual size: 835KB

.rdata Size: 156KB - Virtual size: 153KB

.data Size: 20KB - Virtual size: 28KB

.rsrc Size: 584KB - Virtual size: 583KB

.reloc Size: 44KB - Virtual size: 43KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

3c:bd:da:c0:aa:01:25:8e:01:21:c3:3b:bd:35:1f:8d:bd:25:35:3b:20:4a:ca:d4:ed:28:9f:2f:b2:f3:ea:b8
Signer

15:f7:0f:f8:99:ec:e8:da:a7:a6:59:f7:c5:c3:d4:1c:d9:54:22:76
Signer

.text
Size: 836KB - Virtual size: 835KB

.rdata
Size: 156KB - Virtual size: 153KB

.data
Size: 20KB - Virtual size: 28KB

.rsrc
Size: 584KB - Virtual size: 583KB

.reloc
Size: 44KB - Virtual size: 43KB