2024-07-22_e3ce3f2e7b3443e6c67495d756918572_magniber_ngrbot

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-22_e3ce3f2e7b3443e6c67495d756918572_magniber_ngrbot
Size

2.7MB
MD5

e3ce3f2e7b3443e6c67495d756918572
SHA1

b5f393fd9f8c3546dd45bdb41abc313c59a53e95
SHA256

dc93b2976a129c3e4e19c94ec59c6a7726c16e246271ce8f356ae3e74d0bc8b5
SHA512

3035ed1c04e3ae0c84bcb663ae3f1719f1e706406f3f5c077f657169728e8b10ae371154bd3eba46a41b31f3bf8b47e13ffaf3a9e647d336c129123f2f1a4d5f
SSDEEP

49152:VxJeDC/H0DKeHr+3FnDnblk+Xbw/NiaNTRnv/tf5qfbYSXXFzm1cCQZa5:pb/H0D/C3FXlk+XbOtf5qfbs

Score

1^/10

Malware Config

Signatures

Files

2024-07-22_e3ce3f2e7b3443e6c67495d756918572_magniber_ngrbot
.exe windows:5 windows x86 arch:x86

87168137db0793a1371bbb34fce0e3a6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:e8:1c:30:f2:ca:23:04:e8:f8:bc:30:4e:44:ab:6f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/05/2014, 00:00

Not After

10/07/2017, 23:59

Subject

CN=Check Point Software Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Check Point Software Technologies Ltd.,L=Ramat-Gan,ST=Ramat-Gan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:b1:f0:5c:9d:23:55:3d:b3:af:d4:ce:21:80:27:7d:dc:72:56:d7
Signer

Actual PE Digest

37:b1:f0:5c:9d:23:55:3d:b3:af:d4:ce:21:80:27:7d:dc:72:56:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\ckp\src\consumer_main\gough\CMpub\release\Win32\ReleaseU\Install.pdb

Imports

dbghelp

MiniDumpWriteDump
ImageNtHeader

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW

wsock32

ord1110
WSACleanup
WSAStartup
inet_addr

shell32

SHChangeNotify
ShellExecuteW
SHGetSpecialFolderPathW
ord680
CommandLineToArgvW
SHBrowseForFolderW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHCreateDirectoryExW

shlwapi

PathFileExistsW
SHCopyKeyW
PathIsNetworkPathW
PathFindFileNameA
PathFileExistsA
PathFindOnPathW
PathFindFileNameW
PathIsRelativeW
PathIsDirectoryW
SHDeleteKeyW

kernel32

CloseHandle
ReleaseMutex
SetEvent
ResetEvent
WaitForSingleObject
GetLastError
CreateEventW
Sleep
DeleteFileW
GetEnvironmentVariableW
FindNextFileW
FindFirstFileW
MoveFileExW
CreateThread
GetDiskFreeSpaceExW
InterlockedDecrement
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
VirtualProtect
LoadLibraryW
GetModuleHandleW
CopyFileW
SetCurrentDirectoryW
GetModuleFileNameW
CreateMutexW
CreateDirectoryW
ExpandEnvironmentStringsW
GetCommandLineW
GlobalUnlock
GlobalLock
SetLastError
lstrlenW
lstrcmpW
MulDiv
InterlockedIncrement
GlobalAlloc
GetTempFileNameW
GetTickCount
GlobalFree
GlobalHandle
RemoveDirectoryW
FindClose
GetSystemDirectoryW
GetFullPathNameW
GetCurrentDirectoryW
GetFileAttributesW
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
SetUnhandledExceptionFilter
GetProcAddress
WriteFile
GetCurrentProcessId
CreateFileW
GetLocalTime
ExitProcess
FileTimeToLocalFileTime
GetFileAttributesExW
DeleteFileA
SetFileAttributesA
CreateDirectoryA
ReadFile
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetVersionExW
TerminateProcess
OpenProcess
GetFileSize
SetThreadUILanguage
SetThreadLocale
GetUserDefaultLangID
GetSystemDefaultLangID
GetExitCodeProcess
CreateProcessW
CopyFileA
ExpandEnvironmentStringsA
FileTimeToDosDateTime
SetFilePointer
HeapFree
GetProcessHeap
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameA
HeapCreate
GetModuleHandleA
GetStringTypeA
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetEnvironmentVariableA
SetEnvironmentVariableW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
LoadLibraryA
SetEndOfFile
CompareStringA
CompareStringW
FreeLibrary
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetStringTypeW
GetStartupInfoW
ExitThread
GetCPInfo
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
InterlockedCompareExchange
InterlockedExchange
GetUserDefaultLCID
GetStringTypeExA
GetStringTypeExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
LCMapStringA
LCMapStringW

user32

DestroyWindow
GetDC
GetActiveWindow
GetSystemMetrics
CheckDlgButton
SetForegroundWindow
SetFocus
SetCaretPos
DestroyCaret
ShowCaret
CreateCaret
MessageBoxW
IsDlgButtonChecked
CheckRadioButton
IsWindowVisible
KillTimer
SetTimer
PtInRect
SetRectEmpty
RedrawWindow
GetWindowTextLengthW
GetWindowTextW
DrawTextW
CallWindowProcW
CreateWindowExW
SetWindowContextHelpId
DialogBoxParamW
GetSysColor
CharNextW
ClientToScreen
ReleaseDC
InvalidateRgn
OpenClipboard
IsChild
GetClassNameW
ReleaseCapture
FillRect
GetDesktopWindow
DestroyAcceleratorTable
GetFocus
IsWindow
GetClassInfoExW
IsWindowEnabled
UpdateWindow
EndPaint
BeginPaint
ScreenToClient
GetWindowRect
LoadCursorW
SetCursor
DefWindowProcW
PostMessageW
AdjustWindowRectEx
GetDlgItem
GetParent
SetDlgItemTextW
ShowWindow
InvalidateRect
GetClientRect
SetWindowPos
MoveWindow
GetMenu
SendMessageW
SetWindowTextW
GetWindowLongW
SetWindowLongW
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
EndDialog
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetDlgCtrlID
SetCapture
MapDialogRect
RegisterClassExW
CreateAcceleratorTableW
RegisterWindowMessageW
DialogBoxIndirectParamW
BringWindowToTop
CloseDesktop
CreateDesktopW
ExitWindowsEx
LoadStringW
CreateDialogParamW
EnableWindow
LoadStringA
UnregisterClassA
ValidateRect

gdi32

CreateCompatibleDC
SelectObject
CreateFontIndirectW
GetStockObject
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
GetObjectW
MoveToEx
SetTextColor
SetBkMode
DeleteDC
DeleteObject
CreateSolidBrush

advapi32

CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptGetHashParam
OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle
RegDeleteKeyW
GetTokenInformation
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW

ole32

OleLockRunning
CoInitializeEx
CoUninitialize
CoCreateInstance
OleRun
CoTaskMemFree
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoSetProxyBlanket
CoInitializeSecurity
StringFromGUID2

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString
VariantChangeType
SysStringLen
SysAllocStringLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysAllocStringByteLen
SysStringByteLen
VariantCopy

gdiplus

GdipDrawImage
GdipCreateFromHDC
GdipGetImageBounds
GdipDeleteGraphics
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCreateHBITMAPFromBitmap
GdipDrawImageRect

winhttp

WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetCredentials
WinHttpWriteData
WinHttpQueryHeaders
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest

wininet

InternetCheckConnectionW
InternetGetConnectedState

powrprof

GetPwrCapabilities

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 659KB - Virtual size: 658KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87168137db0793a1371bbb34fce0e3a6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

47:e8:1c:30:f2:ca:23:04:e8:f8:bc:30:4e:44:ab:6fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

37:b1:f0:5c:9d:23:55:3d:b3:af:d4:ce:21:80:27:7d:dc:72:56:d7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

version

comctl32

wsock32

shell32

shlwapi

kernel32

user32

gdi32

advapi32

ole32

oleaut32

gdiplus

winhttp

wininet

powrprof

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 331KB - Virtual size: 330KB

.data Size: 29KB - Virtual size: 40KB

.rsrc Size: 659KB - Virtual size: 658KB

.reloc Size: 117KB - Virtual size: 116KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

47:e8:1c:30:f2:ca:23:04:e8:f8:bc:30:4e:44:ab:6f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

37:b1:f0:5c:9d:23:55:3d:b3:af:d4:ce:21:80:27:7d:dc:72:56:d7
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 331KB - Virtual size: 330KB

.data
Size: 29KB - Virtual size: 40KB

.rsrc
Size: 659KB - Virtual size: 658KB

.reloc
Size: 117KB - Virtual size: 116KB