2024-08-08_6ba7a5ece3c40cbc04e884f3c47fcff2_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-08_6ba7a5ece3c40cbc04e884f3c47fcff2_magniber
Size

3.3MB
MD5

6ba7a5ece3c40cbc04e884f3c47fcff2
SHA1

205e947efe6c49e4749cffd4d4d4de4435ef5f7e
SHA256

a5378afe00ee03582176a379aa05450634a2e732417454eff91b6a7ddaf5175b
SHA512

8c31a486469d295745e41ef6a3a45f46ac6010185ccd325493d1124650c760022b733d3d294ba5087a7e8be80622d884aa1944d8067d493bf865683382b05613
SSDEEP

98304:G5+Vx1EsG/QE24GTbCqxtXkKMB/MhMqxsXndnE:f7E2DeqxtXkKMB/MhM4cE

Score

1^/10

Malware Config

Signatures

Files

2024-08-08_6ba7a5ece3c40cbc04e884f3c47fcff2_magniber
.exe windows:5 windows x86 arch:x86

f14f5938aa6f08373e18cdd51fb08260

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

70:e5:a2:1b:a6:f3:57:7b:bc:42:0f:d2:36:5c:de:15
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/09/2014, 00:00

Not After

29/09/2017, 23:59

Subject

CN=Techinline Limited,O=Techinline Limited,POSTALCODE=RG7 8NN,STREET=5 Jupiter House,L=Aldermaston Reading,ST=Berkshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:2a:74:ca:ba:af:6f:f3:60:53:57:38:b5:3b:98:71:2e:e0:14:d2
Signer

Actual PE Digest

59:2a:74:ca:ba:af:6f:f3:60:53:57:38:b5:3b:98:71:2e:e0:14:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\CCNET\4.1.0\TIRD_Client\Core\Expert\Win32\Release\TiExpertCore.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleBaseNameW
GetModuleBaseNameA
EnumProcessModules

iphlpapi

GetAdaptersInfo

wininet

DetectAutoProxyUrl
InternetOpenUrlA
InternetSetOptionA
InternetCloseHandle
InternetQueryOptionA
HttpOpenRequestA
InternetReadFile
HttpQueryInfoA
InternetConnectA
InternetOpenA
HttpSendRequestA

ws2_32

htons
getnameinfo
freeaddrinfo
getaddrinfo
gethostname
inet_addr
connect
gethostbyname
WSASocketA

msacm32

acmStreamUnprepareHeader
acmStreamConvert
acmStreamPrepareHeader
acmStreamSize

kernel32

GlobalLock
GlobalUnlock
SetEvent
ResetEvent
CreateEventA
MoveFileExW
SetCurrentDirectoryA
GlobalFree
FindResourceA
GlobalHandle
IsBadStringPtrW
IsBadStringPtrA
GetModuleHandleW
InterlockedCompareExchange
WaitForSingleObject
InterlockedExchange
ResumeThread
TlsGetValue
TlsAlloc
TlsSetValue
GetVersionExA
FormatMessageA
LocalFree
FreeLibrary
GetTempPathW
GetLocalTime
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetCommandLineW
OpenProcess
GetWindowsDirectoryW
TerminateThread
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
OpenEventA
CreateFileMappingA
ProcessIdToSessionId
LocalAlloc
FormatMessageW
ReadFile
FindNextFileW
FindClose
FindFirstFileW
ExpandEnvironmentStringsW
GlobalFindAtomA
GlobalSize
CreateProcessA
GetVolumeInformationA
GetDriveTypeA
GetCurrentProcess
GetTempPathA
DeleteFileA
GetExitCodeThread
GetSystemInfo
lstrcpyW
GetFileAttributesExW
OutputDebugStringA
SetEndOfFile
GetFileInformationByHandle
CreateProcessW
Process32First
GetPrivateProfileStringW
Thread32First
TerminateProcess
Thread32Next
Process32FirstW
Process32Next
Process32NextW
OpenMutexA
ReleaseMutex
LoadLibraryW
SetThreadPriority
CreateSemaphoreA
ReleaseSemaphore
CreateEventW
VirtualFree
MulDiv
VirtualAlloc
CreateThread
HeapCreate
HeapSize
ExitProcess
TlsFree
FlushInstructionCache
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
lstrlenA
InitializeCriticalSectionAndSpinCount
RaiseException
GlobalAlloc
FindResourceW
SizeofResource
LockResource
LoadResource
lstrlenW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetConsoleCP
GetConsoleMode
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateDirectoryW
RemoveDirectoryW
IsBadWritePtr
IsBadReadPtr
Sleep
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
WriteFile
MultiByteToWideChar
GetTickCount
QueryPerformanceFrequency
GetCurrentProcessId
QueryPerformanceCounter
SetFilePointer
GetFileSize
CreateFileW
GetModuleFileNameW
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
GetLastError
CreateToolhelp32Snapshot
SetLastError
GetCurrentThreadId
MoveFileW
CopyFileW
GetFileTime
FileTimeToSystemTime
GetFileSizeEx
SetFilePointerEx
CreateMutexA
GetStdHandle
IsProcessorFeaturePresent
lstrcmpA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
VirtualProtect
VirtualQuery
GetTempFileNameA
ExitThread

user32

DrawTextW
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
LoadBitmapA
ShowCursor
GetDlgItemTextA
SetDlgItemTextW
EnumDisplayDevicesA
GetClipboardFormatNameA
RegisterClipboardFormatA
mouse_event
GetAsyncKeyState
DrawTextExW
SetLayeredWindowAttributes
GetKeyState
CreateDialogIndirectParamA
GetWindowDC
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
DestroyCursor
SetCursorPos
SetCursor
TrackMouseEvent
ScrollWindowEx
IsIconic
SetRect
UnionRect
GetSystemMenu
DeleteMenu
EnableMenuItem
TrackPopupMenu
UpdateWindow
GetClassInfoA
SetWindowRgn
GetCursorPos
PeekMessageA
LoadAcceleratorsA
TranslateAcceleratorA
MessageBoxA
PostQuitMessage
RegisterClassA
UnregisterClassA
LoadImageA
KillTimer
SetTimer
IsWindowVisible
GetCursorInfo
SendInput
ShowWindow
GetWindowRect
GetUserObjectInformationW
SystemParametersInfoA
OpenDesktopA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetThreadDesktop
GetUpdateRgn
LoadStringW
DialogBoxIndirectParamA
PostThreadMessageA
DispatchMessageA
TranslateMessage
GetMessageA
MapDialogRect
EndDialog
CallWindowProcA
RegisterWindowMessageA
CreateAcceleratorTableA
GetDesktopWindow
FillRect
EnumDisplayMonitors
SendMessageW
GetSysColorBrush
MessageBoxW
EnableWindow
GetFocus
DestroyAcceleratorTable
GetSysColor
RegisterClassExA
LoadCursorA
GetClassInfoExA
GetClassNameA
SetWindowContextHelpId
GetDlgItem
IsChild
GetWindow
SetDlgItemTextA
SendDlgItemMessageA
SetFocus
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
EndPaint
BeginPaint
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
PostMessageA
DestroyWindow
CreateWindowExA
GetWindowLongA
SetWindowLongA
IsWindow
ReleaseCapture
SetCapture
DefWindowProcA
RegisterClipboardFormatW
GetClassNameW
BringWindowToTop
SetRectEmpty
CreateWindowExW
GetIconInfo
GetClipboardOwner
ChangeClipboardChain
SendMessageA
CharNextA
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetWindowPos
GetParent
EnumDesktopWindows
SetClipboardViewer
MapVirtualKeyA
GetCapture
WindowFromPoint
GetPropA
FindWindowA
EnumThreadWindows
FindWindowExA
GetSystemMetrics
GetDlgItemTextW
GetUserObjectInformationA

gdi32

SetDIBColorTable
DeleteDC
GetStockObject
GetTextExtentPoint32A
CreateRoundRectRgn
SetTextColor
RectVisible
CreateEllipticRgn
CreateDCA
SetRectRgn
GetRgnBox
RectInRegion
DPtoLP
LPtoDP
SetPixel
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
GetPixel
GetEnhMetaFileBits
SetEnhMetaFileBits
CreateFontIndirectA
GetDIBits
Ellipse
GetClipBox
GetRegionData
DeleteObject
SelectObject
GetDeviceCaps
GetObjectA
StretchBlt
LineTo
MoveToEx
Rectangle
SetTextAlign
TextOutW
CreatePen
CreateDIBSection
OffsetRgn
PtInRegion
GetTextExtentPoint32W
CreateRectRgn
CombineRgn
SetBkMode

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegSetValueExW
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
RegDeleteValueW
LookupAccountSidW
RegQueryValueExW
EqualSid
RegCreateKeyExW
GetTokenInformation
SetNamedSecurityInfoW
SetEntriesInAclA
RegDeleteValueA
ConvertSidToStringSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetKernelObjectSecurity
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetFolderPathW
CommandLineToArgvW
SHGetSpecialFolderPathW
Shell_NotifyIconA
Shell_NotifyIconW
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteW
SHGetPathFromIDListW
DragQueryFileW
SHGetMalloc
SHBrowseForFolderW

ole32

CreateBindCtx
OleFlushClipboard
CoTaskMemFree
DoDragDrop
RegisterDragDrop
CoTaskMemAlloc
ReleaseStgMedium
OleGetClipboard
OleSetClipboard
CoInitializeEx
StringFromGUID2
CoCreateInstance
CLSIDFromString
CreateStreamOnHGlobal
CLSIDFromProgID
OleIsCurrentClipboard
OleLockRunning
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoInitialize
RevokeDragDrop
CoUninitialize
CoGetClassObject

oleaut32

LoadTypeLi
VariantClear
VariantInit
LoadRegTypeLi
SysAllocString
SysAllocStringLen
SysFreeString
VarBstrCat
SysStringLen
OleCreateFontIndirect

shlwapi

SHGetValueA
PathFileExistsW
ord219
PathRemoveFileSpecW
UrlUnescapeW
PathIsDirectoryW

msimg32

AlphaBlend
TransparentBlt

gdiplus

GdiplusStartup
GdipBitmapGetPixel
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipAlloc
GdipFree
GdipCloneImage

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 553KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 15.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 675KB - Virtual size: 674KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f14f5938aa6f08373e18cdd51fb08260

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

70:e5:a2:1b:a6:f3:57:7b:bc:42:0f:d2:36:5c:de:15Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

59:2a:74:ca:ba:af:6f:f3:60:53:57:38:b5:3b:98:71:2e:e0:14:d2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

psapi

iphlpapi

wininet

ws2_32

msacm32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

msimg32

gdiplus

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 553KB - Virtual size: 553KB

.data Size: 70KB - Virtual size: 15.1MB

.rsrc Size: 675KB - Virtual size: 674KB

.reloc Size: 237KB - Virtual size: 237KB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

70:e5:a2:1b:a6:f3:57:7b:bc:42:0f:d2:36:5c:de:15
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

59:2a:74:ca:ba:af:6f:f3:60:53:57:38:b5:3b:98:71:2e:e0:14:d2
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 553KB - Virtual size: 553KB

.data
Size: 70KB - Virtual size: 15.1MB

.rsrc
Size: 675KB - Virtual size: 674KB

.reloc
Size: 237KB - Virtual size: 237KB