2024-07-04_3619e2f02a954e04ed1267b2c9ce77e5_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-04_3619e2f02a954e04ed1267b2c9ce77e5_magniber
Size

1.2MB
MD5

3619e2f02a954e04ed1267b2c9ce77e5
SHA1

81e71e1c4ffebbd83bdd78977187a5c442308d43
SHA256

f3aaf5e79e5a2a36cb17f7bdebfe7a53dc4d7ac16f4ec38d3d06dfac4921b2e8
SHA512

da9ca730777060d07b73eaf471973fb883a5226ccb918a465c280d43cfc690fa97418b610120b719b70d55f1328b68bf6b5534980e7cdb4c33ea96346d655b0b
SSDEEP

24576:XwM1y7WbleNWPNxSmcdjsmHEyP4KfUupQaeTmy2L8Jsv6pVlY:PtjNxSm2jsenvrNeTh48JRpVlY

Score

1^/10

Malware Config

Signatures

Files

2024-07-04_3619e2f02a954e04ed1267b2c9ce77e5_magniber
.exe windows:5 windows x86 arch:x86

81978fa0025c127218a15925688a4b68

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:ae:a3:8e:98:58:5e:99:ee:e4:44:65:79:14:89:3a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/12/2022, 00:00

Not After

26/08/2025, 23:59

Subject

SERIALNUMBER=91510100MABTJENYXY,CN=成都赤侠信息科技有限公司,O=成都赤侠信息科技有限公司,L=Chengdu,ST=Sichuan,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074368656e676475,1.3.6.1.4.1.311.60.2.1.2=#13075369636875616e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:ae:a3:8e:98:58:5e:99:ee:e4:44:65:79:14:89:3a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/12/2022, 00:00

Not After

26/08/2025, 23:59

Subject

SERIALNUMBER=91510100MABTJENYXY,CN=成都赤侠信息科技有限公司,O=成都赤侠信息科技有限公司,L=Chengdu,ST=Sichuan,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074368656e676475,1.3.6.1.4.1.311.60.2.1.2=#13075369636875616e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e8:99:af:30:8a:87:ca:6e:5e:95:10:b8:09:bb:1d:e6:76:d9:3e:5b:aa:d6:1a:81:c1:73:94:af:57:69:f6:ea
Signer

Actual PE Digest

e8:99:af:30:8a:87:ca:6e:5e:95:10:b8:09:bb:1d:e6:76:d9:3e:5b:aa:d6:1a:81:c1:73:94:af:57:69:f6:ea

Digest Algorithm

sha256

PE Digest Matches

true

eb:28:7b:45:93:e7:7d:a8:91:fa:e8:03:0a:6f:49:1d:cf:c9:26:07
Signer

Actual PE Digest

eb:28:7b:45:93:e7:7d:a8:91:fa:e8:03:0a:6f:49:1d:cf:c9:26:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\Pets-dumpuper\DumpUpper\Release\DumpUper.pdb

Imports

kernel32

FormatMessageW
GetStringTypeW
SetFilePointer
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
CreateToolhelp32Snapshot
GetVersionExW
CreateFileW
CreateDirectoryW
GetTempPathW
OutputDebugStringW
CloseHandle
ReadProcessMemory
TerminateProcess
OpenProcess
MultiByteToWideChar
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
DecodePointer
LocalFree
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetCurrentThreadId
RaiseException
WideCharToMultiByte
WritePrivateProfileStringW
GetPrivateProfileStringW
SwitchToThread
FindResourceW
GlobalUnlock
GetModuleHandleW
LoadLibraryW
LoadLibraryA
SizeofResource
LoadResource
OutputDebugStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTempFileNameW
FlushFileBuffers
ReadFile
WriteFile
GetFileSize
GetCurrentProcessId
FindNextFileW
FindFirstFileW
DeleteFileW
GetCommandLineW
FindClose
GetFileSizeEx
MulDiv
Sleep
GetLastError
GetCurrentProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
WriteConsoleW
SetEndOfFile
SetStdHandle
SetConsoleCtrlHandler
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
IsDebuggerPresent
CreateEventW
FindResourceExW
GetTickCount
CompareStringW
LCMapStringW
GlobalFree
GlobalLock
GlobalAlloc
Process32NextW
GetModuleHandleExW
Process32FirstW
GetTimeFormatW
GetProcAddress
FreeLibrary
LockResource
GetDateFormatW
GetCurrentThread
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
GetACP
GetLocaleInfoW
GetStdHandle
GetModuleFileNameA
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
InterlockedFlushSList
RtlUnwind
CreateProcessW
lstrlenW
GetExitCodeProcess
LocalAlloc
GetLocalTime
QueryPerformanceCounter
GetStartupInfoW
WaitForSingleObjectEx
ResetEvent
SetEvent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemWindowsDirectoryW
FreeResource
InterlockedCompareExchange
CreateFileA
GetSystemDirectoryW
lstrcmpiA
lstrcmpA
DeviceIoControl
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetCPInfo
GetSystemTimeAsFileTime

user32

GetMonitorInfoW
GetForegroundWindow
SendMessageW
PostMessageW
WindowFromPoint
GetDesktopWindow
WaitForInputIdle
UnregisterClassA
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetWindowLongW
SetWindowLongW
LoadCursorW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
DestroyWindow
CharNextW
InvalidateRect
wsprintfW
SetTimer
KillTimer
GetDC
ReleaseDC
IsWindow
SetRect
OffsetRect
PtInRect
CopyRect
SetCursor
DrawFocusRect
BeginPaint
EndPaint
IsRectEmpty
PostQuitMessage
ShowWindow
MoveWindow
SetWindowPos
SetFocus
MonitorFromPoint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
GetWindowRect
MapWindowPoints
GetParent
GetWindow
GetShellWindow
SystemParametersInfoW
SetWindowRgn
IsWindowVisible
UpdateLayeredWindow
GetAncestor
GetWindowInfo
GetWindowThreadProcessId
EnumDisplaySettingsW
MonitorFromWindow

gdi32

DeleteObject
CreateRectRgn
CombineRgn
SetViewportOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
ExtTextOutW
SetBkColor
DeleteDC
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
CreateFontIndirectW
EnumFontFamiliesW
CreateFontW

advapi32

LockServiceDatabase
StartServiceW
QueryServiceStatusEx
QueryServiceStatus
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptContextAddRef
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
GetTokenInformation
RegQueryValueExW
SetTokenInformation
AdjustTokenPrivileges
CreateWellKnownSid
GetLengthSid
LookupPrivilegeValueW
DuplicateTokenEx
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
QueryServiceLockStatusW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceConfig2W
UnlockServiceDatabase

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
CommandLineToArgvW
ord165

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString
VarUI4FromStr

shlwapi

wnsprintfW
PathCombineW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
StrCmpW
PathRenameExtensionW
StrCmpIW
StrStrIA
StrStrIW
StrToIntExW
SHGetValueA
SHSetValueA
StrCmpNIW
StrTrimA
SHGetValueW
AssocQueryStringW
PathAppendW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipCreateSolidFill
GdipDrawImagePointRectI
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCloneBrush
GdipDeleteBrush
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleFileNameExW

dbghelp

MakeSureDirectoryPathExists

crypt32

CertGetNameStringW
CryptStringToBinaryW
CryptBinaryToStringA
CryptBinaryToStringW
CryptStringToBinaryA

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 883KB - Virtual size: 882KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81978fa0025c127218a15925688a4b68

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:ae:a3:8e:98:58:5e:99:ee:e4:44:65:79:14:89:3aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:ae:a3:8e:98:58:5e:99:ee:e4:44:65:79:14:89:3aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

e8:99:af:30:8a:87:ca:6e:5e:95:10:b8:09:bb:1d:e6:76:d9:3e:5b:aa:d6:1a:81:c1:73:94:af:57:69:f6:eaSigner

eb:28:7b:45:93:e7:7d:a8:91:fa:e8:03:0a:6f:49:1d:cf:c9:26:07Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

psapi

dbghelp

crypt32

wintrust

iphlpapi

Sections

.text Size: 883KB - Virtual size: 882KB

.rdata Size: 180KB - Virtual size: 180KB

.data Size: 52KB - Virtual size: 61KB

.rsrc Size: 65KB - Virtual size: 65KB

.reloc Size: 41KB - Virtual size: 41KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:ae:a3:8e:98:58:5e:99:ee:e4:44:65:79:14:89:3a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:ae:a3:8e:98:58:5e:99:ee:e4:44:65:79:14:89:3a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e8:99:af:30:8a:87:ca:6e:5e:95:10:b8:09:bb:1d:e6:76:d9:3e:5b:aa:d6:1a:81:c1:73:94:af:57:69:f6:ea
Signer

eb:28:7b:45:93:e7:7d:a8:91:fa:e8:03:0a:6f:49:1d:cf:c9:26:07
Signer

.text
Size: 883KB - Virtual size: 882KB

.rdata
Size: 180KB - Virtual size: 180KB

.data
Size: 52KB - Virtual size: 61KB

.rsrc
Size: 65KB - Virtual size: 65KB

.reloc
Size: 41KB - Virtual size: 41KB