2024-06-30_a929042a85c0ebe291a1b2b55f948567_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-30_a929042a85c0ebe291a1b2b55f948567_magniber
Size

2.9MB
MD5

a929042a85c0ebe291a1b2b55f948567
SHA1

1211f45dc01988f0ba2f63b13e197af6e27603be
SHA256

e77d8392c09e6c1a42337f0079967c879bbf933358436a38791e4014f3ebfd7b
SHA512

1e9d36cb684d9d4b6be8efb02a30bf020d3661b6718ab3bcfbb62d9a2c0cedc9d37197443aad00a7a6db340a6cdebe268f1b5341282777ee2a2790d0f1417a2a
SSDEEP

49152:VpAJ4K/kZCRW6JIAYtBRVXJT8IE+eDvkX6uPh0OR8/dJ388mS5vbv+fH2rJnLs5V:gdkyIAYt3VXNeTkquPhO881Vv5LndS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-30_a929042a85c0ebe291a1b2b55f948567_magniber

Files

2024-06-30_a929042a85c0ebe291a1b2b55f948567_magniber
.exe windows:5 windows x86 arch:x86

a81994a8e54b90ebc57ddfe905d7f15e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\607790\out\Release\360AblumViewer.pdb

Imports

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipCloneImage
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateFromHDC
GdipFree
GdipDisposeImage
GdipCreateBitmapFromGdiDib
GdipDeleteGraphics
GdipCreateHBITMAPFromBitmap
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI
GdipFillRectangleI
GdipCreateBitmapFromScan0
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipDrawImageRectRect
GdipReleaseDC
GdipAlloc

kernel32

VirtualFree
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
SetThreadAffinityMask
GetDateFormatW
GetTimeFormatW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoW
GetNumberFormatW
GetCurrencyFormatW
EnumCalendarInfoExW
EnumDateFormatsExW
GetSystemDefaultLCID
GetUserDefaultLCID
GetModuleHandleW
LockResource
HeapDestroy
HeapSize
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
LoadResource
SizeofResource
FindResourceW
FindResourceExW
GetPrivateProfileIntW
GlobalAlloc
GlobalLock
GlobalUnlock
FileTimeToSystemTime
InitializeCriticalSection
WaitForMultipleObjects
GetFileTime
FindFirstChangeNotificationW
FindNextChangeNotification
FindCloseChangeNotification
FreeResource
FindClose
SetFileTime
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation
SystemTimeToFileTime
lstrlenW
FindFirstFileW
FindNextFileW
GetVersion
GetShortPathNameW
GetLongPathNameW
GetFileSizeEx
GetTempPathW
RemoveDirectoryW
GetFileAttributesExW
DeleteFileW
QueryPerformanceCounter
QueryPerformanceFrequency
GetVersionExW
InterlockedExchange
InterlockedCompareExchange
LocalFree
GetCurrentProcess
GetCurrentThreadId
GetSystemTime
GetWindowsDirectoryW
VirtualAlloc
GlobalFree
GetFileSize
ReadFile
GetFileAttributesA
DeleteFileA
MulDiv
WriteFile
MoveFileW
OutputDebugStringW
InterlockedDecrement
lstrcmpiW
GetSystemWindowsDirectoryW
lstrcmpA
lstrcmpiA
SetEndOfFile
SetFilePointer
GetLocalTime
GetThreadLocale
FormatMessageW
CreateDirectoryW
CopyFileW
GetCommandLineW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
CreateProcessW
SystemTimeToTzSpecificLocalTime
MoveFileExW
TlsAlloc
SwitchToThread
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
VirtualQuery
GetNativeSystemInfo
GetSystemDirectoryW
TlsSetValue
TlsFree
LCMapStringW
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
LocalFileTimeToFileTime
CreateFileA
SetFilePointerEx
HeapLock
HeapUnlock
HeapWalk
OpenThread
ReleaseMutex
RtlUnwind
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetACP
GetCommandLineA
GetSystemInfo
GetThreadTimes
TerminateProcess
GetProcessTimes
CreateWaitableTimerW
CreateSemaphoreW
Sleep
CreateEventW
CreateEventA
CreateMutexW
CreateMutexA
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CancelIo
DeviceIoControl
TlsGetValue
HeapFree
HeapReAlloc
HeapAlloc
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
AreFileApisANSI
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
GetFullPathNameW
GetFileAttributesW
CreateFileW
GetStdHandle
GetCurrentThread
GetConsoleCP
GetConsoleMode
VirtualProtect
GetFileType
IsValidLocale
EnumSystemLocalesW
ReadConsoleW
FlushFileBuffers
IsValidCodePage
GetOEMCP
SetStdHandle
WriteConsoleW
SetConsoleCtrlHandler
FindFirstFileExA
FindFirstFileExW
FindNextFileA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
OutputDebugStringA
ReleaseSemaphore
SignalObjectAndWait
CreateSemaphoreA
GetModuleFileNameA
TryEnterCriticalSection
HeapQueryInformation
SetThreadPriority
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetProcessAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetModuleHandleA
SetProcessAffinityMask
DuplicateHandle
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
WaitForMultipleObjectsEx
InterlockedIncrement
RtlCaptureStackBackTrace

user32

MapWindowPoints
GetWindowRect
SetWindowTextW
TrackPopupMenu
GetParent
SetWindowPos
LoadCursorW
SetWindowLongW
GetWindowLongW
PtInRect
CopyRect
FillRect
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
InflateRect
GetMenuStringW
GetSubMenu
GetMenuItemID
GetMenuItemCount
AppendMenuW
DeleteMenu
SetMenuItemInfoW
OffsetRect
CharLowerBuffW
EqualRect
SendMessageTimeoutW
UnregisterClassW
DestroyWindow
CharNextW
ShowCursor
EnumWindows
SetFocus
EnableWindow
EnumDisplayMonitors
SetCapture
ScreenToClient
GetCursorPos
SetCursor
GetClientRect
GetWindowTextW
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetSystemMetrics
GetDlgItem
CallWindowProcW
ReleaseCapture
BeginPaint
EndPaint
IsWindowVisible
CreateWindowExW
ShowWindow
SetPropW
GetPropW
RemovePropW
GetSysColor
MonitorFromPoint
SetTimer
KillTimer
SetCursorPos
ClientToScreen
UpdateWindow
LoadMenuW
DestroyMenu
CheckMenuItem
MoveWindow
PeekMessageW
AttachThreadInput
GetWindowPlacement
SetWindowPlacement
IsZoomed
IsClipboardFormatAvailable
IsWindowEnabled
DefWindowProcW
TrackMouseEvent
GetForegroundWindow
SetForegroundWindow
EndDialog
EnableMenuItem
SetClassLongW
GetKeyState
PostMessageW
SystemParametersInfoW
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
IsWindow
SendMessageW
MessageBoxW
GetActiveWindow
IsRectEmpty
IntersectRect
GetWindowThreadProcessId
DialogBoxParamW

gdi32

SelectClipRgn
ExtCreatePen
SetROP2
ExtSelectClipRgn
ExcludeClipRect
CreateRectRgn
BitBlt
TextOutW
GetTextExtentPoint32W
CreateCompatibleDC
CreateCompatibleBitmap
MoveToEx
LineTo
GetObjectW
EndPage
StartPage
EndDoc
StartDocW
StretchDIBits
ExtTextOutW
SetMapMode
CreateSolidBrush
DeleteDC
DeleteObject
SelectObject
SetBkMode
SetTextColor
GetTextMetricsW
CreateFontW
CreateFontIndirectW
GetDeviceCaps
GetStockObject
Rectangle
SetDIBitsToDevice
GetTextFaceW
DPtoLP
CreateDCW
CreatePen
SetBkColor
IntersectClipRect

winspool.drv

DeviceCapabilitiesW

comdlg32

PrintDlgExW
GetOpenFileNameW
GetSaveFileNameW

advapi32

FreeSid
RevertToSelf
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ConvertSidToStringSidW
LookupAccountNameW
RegSetKeySecurity
RegGetKeySecurity
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
GetAce
AddAce
GetAclInformation
InitializeAcl
RegDeleteKeyA
AllocateAndInitializeSid
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
ImpersonateSelf

shell32

ShellExecuteW
ord102
SHCreateDirectoryExW
SHGetDesktopFolder
ord232
SHFileOperationW
SHGetFolderPathW
ord17
ord16
ord155
ord18
DragQueryFileW
ord165
SHChangeNotify
SHGetSpecialFolderPathW
DragFinish
SHGetFolderLocation
DragAcceptFiles

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

oleaut32

VariantInit
VariantClear
VarUI4FromStr
SysAllocString
SysFreeString

shlwapi

SHQueryValueExA
SHDeleteKeyW
SHDeleteKeyA
SHQueryValueExW
SHCopyKeyA
SHCopyKeyW
PathAppendW
PathCombineW
PathFileExistsW
PathRemoveFileSpecW
SHGetValueW
StrCmpLogicalW
PathAddBackslashW
PathFindExtensionW
StrToIntExW
SHGetValueA
PathIsDirectoryW
PathFindFileNameW

ws2_32

WSASetLastError
select
htonl
ntohs
__WSAFDIsSet

version

GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW

psapi

EnumProcessModules
EnumPageFilesA
EnumPageFilesW
GetPerformanceInfo
GetDeviceDriverFileNameW
GetDeviceDriverFileNameA
GetDeviceDriverBaseNameW
GetDeviceDriverBaseNameA
EnumDeviceDrivers
GetMappedFileNameA
GetMappedFileNameW
InitializeProcessForWsWatch
QueryWorkingSet
EmptyWorkingSet
GetModuleBaseNameW
GetModuleBaseNameA
GetProcessImageFileNameW
GetProcessImageFileNameA
GetWsChanges
GetModuleFileNameExW
GetModuleFileNameExA

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupDiGetClassRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiSetClassRegistryPropertyW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

secur32

GetUserNameExW

netapi32

Netbios

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

Exports

Exports

de265_alloc_image_plane
de265_change_framerate
de265_decode
de265_decode_data
de265_disable_logging
de265_flush_data
de265_free
de265_free_decoder
de265_free_image_plane
de265_get_bits_per_pixel
de265_get_chroma_format
de265_get_current_TID
de265_get_default_image_allocation_functions
de265_get_error_text
de265_get_highest_TID
de265_get_image_NAL_header
de265_get_image_PTS
de265_get_image_colour_primaries
de265_get_image_full_range_flag
de265_get_image_height
de265_get_image_matrix_coefficients
de265_get_image_plane
de265_get_image_plane_user_data
de265_get_image_transfer_characteristics
de265_get_image_user_data
de265_get_image_width
de265_get_next_picture
de265_get_number_of_NAL_units_pending
de265_get_number_of_input_bytes_pending
de265_get_parameter_bool
de265_get_version
de265_get_version_number
de265_get_version_number_maintenance
de265_get_version_number_major
de265_get_version_number_minor
de265_get_warning
de265_init
de265_isOK
de265_new_decoder
de265_peek_next_picture
de265_push_NAL
de265_push_data
de265_push_end_of_NAL
de265_push_end_of_frame
de265_release_next_picture
de265_reset
de265_set_framerate_ratio
de265_set_image_allocation_functions
de265_set_image_plane
de265_set_image_user_data
de265_set_limit_TID
de265_set_parameter_bool
de265_set_parameter_int
de265_set_verbosity
de265_start_worker_threads

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 425KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 33KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 167KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a81994a8e54b90ebc57ddfe905d7f15e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

version

psapi

setupapi

comctl32

msimg32

secur32

netapi32

wintrust

crypt32

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 425KB - Virtual size: 425KB

.data Size: 33KB - Virtual size: 157KB

.rsrc Size: 127KB - Virtual size: 126KB

.reloc Size: 167KB - Virtual size: 168KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 425KB - Virtual size: 425KB

.data
Size: 33KB - Virtual size: 157KB

.rsrc
Size: 127KB - Virtual size: 126KB

.reloc
Size: 167KB - Virtual size: 168KB