2024-08-07_9c180ea7cd969fc4a6b26a1733df01c9_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-07_9c180ea7cd969fc4a6b26a1733df01c9_magniber
Size

9.4MB
MD5

9c180ea7cd969fc4a6b26a1733df01c9
SHA1

162ec3c4ca2ac172bc971815e348a29649d0ea70
SHA256

45b0c2aab55e8bfca98f86212a48ea4adb7c03efbd0af8f8162890f0109fedcd
SHA512

bbe57a8a21d561113974096b4583ebc8adf6c65669708593201e87a592a90637fb05243581ebceac073ebca7f7a3592f998d559cf8ae975f60563bd72b8d138e
SSDEEP

196608:dFN3fjy5d1+HS/nxH0RW/jLWtQWwh16j8se1zEgWz:dbPjy5dcy/nWRW/eQWMfEgW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-07_9c180ea7cd969fc4a6b26a1733df01c9_magniber

Files

2024-08-07_9c180ea7cd969fc4a6b26a1733df01c9_magniber
.exe windows:5 windows x86 arch:x86

3a1aa39799194ad6c661dfcde371c212

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

D:\a\1\s\build\x86\MinSizeRel\DFIR-Orc_x86.pdb

Imports

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

psapi

GetDeviceDriverFileNameW
EnumDeviceDrivers
EnumProcesses
GetModuleFileNameExW
GetProcessImageFileNameW

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext

crypt32

CryptBinaryToStringA
CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CertOpenStore
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptMsgGetAndVerifySigner
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CryptBinaryToStringW
CertAddEncodedCertificateToStore
CryptStringToBinaryA
CryptMsgOpenToEncode
CryptMsgUpdate
CryptStringToBinaryW

ws2_32

freeaddrinfo
getaddrinfo
socket
send
connect
closesocket
WSAAddressToStringW
WSAGetLastError
WSACleanup
WSAStartup

iphlpapi

GetAdaptersAddresses

kernel32

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlCaptureStackBackTrace
GetCurrentProcessId
ExitProcess
GetCurrentThreadId
IsDebuggerPresent
DebugBreak
WaitForSingleObject
GetStdHandle
WriteFile
CloseHandle
GetSystemTime
GetTickCount
CreateProcessW
CopyFileW
MoveFileExW
WideCharToMultiByte
FreeLibrary
OpenProcess
GetCurrentProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
SetEnvironmentVariableW
DeleteFileW
GetProcAddress
SetLastError
GetModuleHandleW
ExpandEnvironmentStringsW
GetFullPathNameW
GetCurrentThread
SetThreadPriority
SetPriorityClass
SetThreadExecutionState
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetCommandLineW
GetFileAttributesExW
GetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleA
SystemTimeToFileTime
DeviceIoControl
GetWindowsDirectoryW
CreateFileW
QueryPerformanceCounter
LocalFree
FlushFileBuffers
FileTimeToSystemTime
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFileAttributesA
GetProcessTimes
MultiByteToWideChar
GlobalMemoryStatusEx
SetUnhandledExceptionFilter
SetErrorMode
SetEvent
ResetEvent
CreateEventW
GetModuleHandleA
OutputDebugStringW
CreateFileA
SetConsoleCtrlHandler
VirtualAlloc
VirtualFree
HeapCreate
GetFileSizeEx
ReadFile
lstrcmpA
GetOverlappedResult
GetEnvironmentVariableW
QueryDosDeviceW
GetFileAttributesW
CancelIo
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemInfo
lstrlenW
GetModuleFileNameW
GetDriveTypeW
GetComputerNameW
GetComputerNameExW
GetVersionExW
GetVolumePathNameW
GetCPInfoExW
GetLocaleInfoW
GetUserDefaultUILanguage
GetLastError
GetUserDefaultLCID
GetConsoleOutputCP
GetTempPathW
GetTempFileNameW
LockResource
LoadResource
SizeofResource
LoadLibraryExW
FindResourceW
GetBinaryTypeW
HeapSize
CreateToolhelp32Snapshot
Process32FirstW
RaiseException
InterlockedDecrement
DuplicateHandle
CreateJobObjectW
QueryInformationJobObject
SetInformationJobObject
IsProcessInJob
GetLongPathNameW
FindClose
FindFirstFileW
FindNextFileW
SetEndOfFile
SetFilePointerEx
Module32FirstW
Module32NextW
GetLogicalDrives
CreateNamedPipeW
BindIoCompletionCallback
TerminateProcess
GetExitCodeProcess
ResumeThread
WaitForSingleObjectEx
RemoveDirectoryW
AssignProcessToJobObject
GetFileSize
GetFileInformationByHandle
GetVolumeInformationW
BeginUpdateResourceW
GetStringTypeW
EndUpdateResourceW
DosDateTimeToFileTime
InterlockedIncrement
CreateIoCompletionPort
GetQueuedCompletionStatus
RegisterWaitForSingleObject
QueueUserWorkItem
TerminateJobObject
WriteConsoleW
VirtualQuery
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
FreeResource
InterlockedCompareExchange
GetThreadLocale
CopyFileExW
LocalAlloc
CreatePipe
PeekNamedPipe
OpenThread
GetThreadContext
WaitForDebugEvent
ContinueDebugEvent
DebugActiveProcess
SetFilePointer
GetProcessIoCounters
LocalFileTimeToFileTime
IsProcessorFeaturePresent
GlobalMemoryStatus
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetOEMCP
LoadLibraryW
ReleaseMutex
CreateMutexA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceFrequency
GetModuleFileNameA
LoadLibraryA
GetFileType
SetConsoleMode
FormatMessageW
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
FreeLibraryAndExitThread
GetThreadTimes
LCMapStringW
TryEnterCriticalSection
FindFirstFileExW
AreFileApisANSI
SwitchToThread
CompareStringW
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
Process32NextW
GetProcessHeap
SetThreadAffinityMask
UnregisterWait
VirtualProtect
RtlUnwind
GetCommandLineA
ReadConsoleInputA
GetModuleHandleExW
SetStdHandle
GetACP
CreateDirectoryW
ReadConsoleW
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
SetEnvironmentVariableA
GetStartupInfoW
InitializeSListHead
UpdateResourceW
GetCPInfo
EncodePointer
GetNativeSystemInfo
GetExitCodeThread
UnhandledExceptionFilter

user32

MessageBeep
CharUpperW
CharPrevExA
WaitForInputIdle
GetSystemMetrics

shell32

SHGetFolderPathW

ole32

CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
StringFromGUID2
CoCreateGuid
CoInitializeEx

oleaut32

SysAllocStringByteLen
VariantCopy
VariantClear
VariantInit
SysStringLen
SysFreeString
SysAllocString
VariantChangeType
SysAllocStringLen

advapi32

CryptGenRandom
SetSecurityInfo
SetEntriesInAclW
LookupPrivilegeValueW
CopySid
EqualSid
IsValidSid
AdjustTokenPrivileges
ConvertStringSidToSidW
RegOpenKeyExW
RegEnumKeyExW
GetLengthSid
CryptReleaseContext
GetSecurityInfo
ConvertSidToStringSidW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegOpenKeyExA
RegCloseKey
LookupAccountSidW
GetTokenInformation
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorLength
RegFlushKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyW

shlwapi

PathIsNetworkPathW
PathMatchSpecA
PathMatchSpecW

dbgeng

DebugCreate

mpr

WNetCancelConnection2W
WNetAddConnection2W

winhttp

WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpOpen
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpCloseHandle

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a1aa39799194ad6c661dfcde371c212

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

psapi

wintrust

crypt32

ws2_32

iphlpapi

kernel32

user32

shell32

ole32

oleaut32

advapi32

shlwapi

dbgeng

mpr

winhttp

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 125KB - Virtual size: 166KB

.rsrc Size: 4.3MB - Virtual size: 4.3MB

.reloc Size: 233KB - Virtual size: 233KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 125KB - Virtual size: 166KB

.rsrc
Size: 4.3MB - Virtual size: 4.3MB

.reloc
Size: 233KB - Virtual size: 233KB