2024-06-29_087296ec69439d74f30c74f19bb69f17_magniber_ngrbot

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-29_087296ec69439d74f30c74f19bb69f17_magniber_ngrbot
Size

2.7MB
MD5

087296ec69439d74f30c74f19bb69f17
SHA1

e3b13979e9049616fc86c78c03e61f4a91eb9ba9
SHA256

efe5c99f62b85668923bef1e3fc22f0630b2913502ce743426f012a71c9997d2
SHA512

88099c9534138a627e3e900fbe92a8a131435169314f1b2b8ffa4a93a6a03f4b598de0fa976c224fa53dcbbd4c2144c770788dafd188580a541f1b5ca8236cc5
SSDEEP

49152:1BLlFxydAUYJSLB5r2ZUoQ00HUvWXbb58ysg2+kb9Tuw7z3PUh5RWbYSX/CmIEL:1BBFoqUQSLTy2oiHUvWXbV8NQw7z3PUU

Score

1^/10

Malware Config

Signatures

Files

2024-06-29_087296ec69439d74f30c74f19bb69f17_magniber_ngrbot
.exe windows:5 windows x86 arch:x86

f70d59bec1bdd46ff6b8034a73bbafae

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e2:70:58:92:aa:0e:8e:6b:94:5d:5e:a2:5e:da:74
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2011, 00:00

Not After

05/05/2014, 23:59

Subject

CN=Check Point Software Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Check Point Software Technologies Ltd.,L=Ramat-Gan,ST=Ramat-Gan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d5:f2:5a:3a:eb:19:4b:df:d0:6a:68:ae:1f:f9:b2:8f:d6:1c:b0:9b
Signer

Actual PE Digest

d5:f2:5a:3a:eb:19:4b:df:d0:6a:68:ae:1f:f9:b2:8f:d6:1c:b0:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\ckp\src\consumer_main\gough_hfa1_client\CMpub\release\Win32\ReleaseU\Install.pdb

Imports

dbghelp

MiniDumpWriteDump
ImageNtHeader

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW

wsock32

ord1110
WSACleanup
WSAStartup
inet_addr

shell32

SHBrowseForFolderW
CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHCreateDirectoryExW
SHChangeNotify
SHGetSpecialFolderPathW
ord680
SHGetPathFromIDListW

shlwapi

PathFileExistsW
SHCopyKeyW
PathIsNetworkPathW
PathFindFileNameA
PathFileExistsA
PathFindOnPathW
PathFindFileNameW
PathIsRelativeW
PathIsDirectoryW
SHDeleteKeyW

kernel32

CloseHandle
ReleaseMutex
SetEvent
ResetEvent
WaitForSingleObject
GetLastError
CreateEventW
Sleep
DeleteFileW
GetEnvironmentVariableW
FindNextFileW
FindFirstFileW
MoveFileExW
CreateThread
GetDiskFreeSpaceExW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
InterlockedIncrement
InterlockedDecrement
VirtualProtect
LoadLibraryW
GetModuleHandleW
CopyFileW
SetCurrentDirectoryW
GetModuleFileNameW
CreateMutexW
CreateDirectoryW
ExpandEnvironmentStringsW
GetCommandLineW
GlobalUnlock
GlobalLock
SetLastError
lstrlenW
lstrcmpW
MulDiv
GlobalAlloc
GlobalFree
GlobalHandle
RemoveDirectoryW
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
FindClose
GetSystemDirectoryW
GetFullPathNameW
GetCurrentDirectoryW
GetFileAttributesW
SetUnhandledExceptionFilter
GetProcAddress
WriteFile
GetCurrentProcessId
CreateFileW
GetLocalTime
GetTickCount
ExitProcess
FileTimeToLocalFileTime
GetFileAttributesExW
DeleteFileA
SetFileAttributesA
CreateDirectoryA
ReadFile
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
GetVersionExW
GetFileSize
SetThreadUILanguage
SetThreadLocale
GetUserDefaultLangID
GetSystemDefaultLangID
GetExitCodeProcess
CreateProcessW
CopyFileA
ExpandEnvironmentStringsA
FileTimeToDosDateTime
SetFilePointer
HeapFree
GetProcessHeap
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameA
GetStringTypeA
HeapCreate
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleHandleA
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetEnvironmentVariableA
SetEnvironmentVariableW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEndOfFile
HeapAlloc
CompareStringA
CompareStringW
FreeLibrary
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetStringTypeW
GetStartupInfoW
ExitThread
GetSystemTimeAsFileTime
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
InterlockedExchange
GetUserDefaultLCID
GetStringTypeExA
GetStringTypeExW
LCMapStringA
GetWindowsDirectoryW
GetSystemWow64DirectoryW
LCMapStringW
LoadLibraryA

user32

OpenClipboard
DestroyWindow
GetActiveWindow
GetSystemMetrics
CheckDlgButton
SetForegroundWindow
SetFocus
SetCaretPos
DestroyCaret
ShowCaret
ValidateRect
MessageBoxW
IsDlgButtonChecked
CheckRadioButton
IsWindowVisible
KillTimer
SetTimer
PtInRect
SetRectEmpty
RedrawWindow
GetWindowTextLengthW
GetWindowTextW
DrawTextW
CallWindowProcW
DestroyAcceleratorTable
GetFocus
CreateDialogParamW
IsWindow
GetClassInfoExW
RegisterClassExW
CreateAcceleratorTableW
RegisterWindowMessageW
CloseClipboard
DialogBoxParamW
BringWindowToTop
CloseDesktop
CreateDesktopW
ExitWindowsEx
LoadStringW
EnableWindow
IsWindowEnabled
UpdateWindow
EndPaint
BeginPaint
ScreenToClient
GetWindowRect
LoadCursorW
SetCursor
DefWindowProcW
PostMessageW
AdjustWindowRectEx
GetDlgItem
GetParent
SetDlgItemTextW
ShowWindow
InvalidateRect
GetClientRect
SetWindowPos
MoveWindow
GetMenu
SendMessageW
SetWindowTextW
GetWindowLongW
SetWindowLongW
GetClipboardData
IsClipboardFormatAvailable
EndDialog
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetDlgCtrlID
MapDialogRect
SetWindowContextHelpId
CreateWindowExW
GetSysColor
CharNextW
ClientToScreen
GetDC
ReleaseDC
InvalidateRgn
SetCapture
IsChild
GetClassNameW
ReleaseCapture
FillRect
DialogBoxIndirectParamW
GetDesktopWindow
LoadStringA
UnregisterClassA
CreateCaret

gdi32

GetStockObject
CreateFontIndirectW
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetObjectW
MoveToEx
SetTextColor
SetBkMode
DeleteDC
DeleteObject
CreateSolidBrush

advapi32

CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptGetHashParam
OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle
RegDeleteKeyW
GetTokenInformation
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW

ole32

OleLockRunning
CoInitializeEx
CoUninitialize
CoCreateInstance
OleRun
CoTaskMemFree
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoSetProxyBlanket
CoInitializeSecurity
StringFromGUID2

oleaut32

VariantClear
SysStringByteLen
SysAllocStringByteLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
SysStringLen
VariantChangeType
SysFreeString
SysAllocString
VariantInit
VariantCopy

gdiplus

GdipDrawImage
GdipCreateFromHDC
GdipGetImageBounds
GdipDeleteGraphics
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCreateHBITMAPFromBitmap
GdipDrawImageRect

winhttp

WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetCredentials
WinHttpWriteData
WinHttpQueryHeaders
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest

wininet

InternetCheckConnectionW
InternetGetConnectedState

powrprof

GetPwrCapabilities

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 658KB - Virtual size: 658KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f70d59bec1bdd46ff6b8034a73bbafae

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

1f:e2:70:58:92:aa:0e:8e:6b:94:5d:5e:a2:5e:da:74Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

d5:f2:5a:3a:eb:19:4b:df:d0:6a:68:ae:1f:f9:b2:8f:d6:1c:b0:9bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

version

comctl32

wsock32

shell32

shlwapi

kernel32

user32

gdi32

advapi32

ole32

oleaut32

gdiplus

winhttp

wininet

powrprof

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 325KB - Virtual size: 325KB

.data Size: 29KB - Virtual size: 39KB

.rsrc Size: 658KB - Virtual size: 658KB

.reloc Size: 115KB - Virtual size: 114KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

1f:e2:70:58:92:aa:0e:8e:6b:94:5d:5e:a2:5e:da:74
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

d5:f2:5a:3a:eb:19:4b:df:d0:6a:68:ae:1f:f9:b2:8f:d6:1c:b0:9b
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 325KB - Virtual size: 325KB

.data
Size: 29KB - Virtual size: 39KB

.rsrc
Size: 658KB - Virtual size: 658KB

.reloc
Size: 115KB - Virtual size: 114KB