2024-08-10_575178335cfca9625cf7a323fc6de51f_mafia_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-10_575178335cfca9625cf7a323fc6de51f_mafia_magniber
Size

11.0MB
MD5

575178335cfca9625cf7a323fc6de51f
SHA1

8e2ff7e02c07ba459a644ef9e52ddfb67d1329ad
SHA256

6bf8cb1b3352277ba5ce33205c7fad440cd9001b843817f6036460cba1d34016
SHA512

740ce3290cd80c1402299b92d2af0e20c9ba1ebd8e8fcb3f1e199c65f1318051c0ad95625763659420132c2cde91ae1b134dbba7d9eba15fa2897c45edf8bbb4
SSDEEP

196608:6oyBwXh+H0O2hX0Uy7XuN1uv/pvFlIu1obkhRSJTkKz1T5a:6JwR+sX09jU1uHxFau1mkSJTTzra

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-10_575178335cfca9625cf7a323fc6de51f_mafia_magniber

Files

2024-08-10_575178335cfca9625cf7a323fc6de51f_mafia_magniber
.exe windows:5 windows x86 arch:x86

fdd9ff70a0bacb68ccbeb68387ab5957

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\autobuild\installer\output\Release\kometabrowsercmd.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

SizeofResource
FormatMessageW
GetExitCodeProcess
GetFileAttributesW
TerminateProcess
GetTempPathW
VerifyVersionInfoW
GetLastError
FindClose
Process32FirstW
LockResource
Process32NextW
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
GetShortPathNameW
CloseHandle
HeapAlloc
HeapFree
GetModuleHandleW
GetProcessHeap
SetLastError
GetCurrentProcessId
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetComputerNameW
GetSystemDirectoryW
LocalFree
GetVolumeInformationW
CreateFileW
CreateMutexW
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetProcessId
ReleaseMutex
FormatMessageA
CreateFileA
GetSystemInfo
GetModuleHandleA
UnmapViewOfFile
OpenProcess
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetStdHandle
WriteFile
GetTickCount
WaitForSingleObject
VerSetConditionMask
CreateProcessW
LoadResource
FindResourceW
FindFirstFileW
InterlockedDecrement
GetProcAddress
InterlockedCompareExchange
IsWow64Process
GetVersionExW
GetCurrentProcess
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
DeleteFileW
CreateDirectoryW
GetModuleFileNameW
MoveFileW
Sleep
CopyFileW
LCMapStringW
IsValidCodePage
GetOEMCP
GetFullPathNameA
CreateThread
ExitThread
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
GetACP
GetCPInfo
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedIncrement
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
RtlUnwind
GetDateFormatA
GetTimeFormatA
RemoveDirectoryW
HeapReAlloc
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
GetConsoleCP
GetCommandLineW
GetStringTypeW
ReadFile
GetDriveTypeW
ExpandEnvironmentStringsA
WaitForMultipleObjects
LoadLibraryA
PeekNamedPipe
GetVersionExA
SleepEx
GetFileInformationByHandle
GetCurrentDirectoryW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LoadLibraryW
InterlockedExchange
FreeLibrary
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
SetFilePointer

user32

PostMessageW
FindWindowW
EnumWindows
GetWindowLongW
GetClassNameW
ShowWindow

advapi32

CryptGetHashParam
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptHashData
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertSidToStringSidW
LookupAccountNameW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateTokenEx
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
RegSetValueExW
RegCloseKey
RegFlushKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyW
CryptReleaseContext

shell32

SHGetFolderPathW
ShellExecuteExW

ole32

CoTaskMemFree
CoInitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
VariantClear
SysFreeString

shlwapi

PathAppendW
AssocQueryStringW

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

ws2_32

recvfrom
accept
listen
ioctlsocket
freeaddrinfo
getaddrinfo
gethostname
sendto
send
select
__WSAFDIsSet
getpeername
WSAIoctl
connect
WSAGetLastError
htons
ntohs
getsockname
setsockopt
recv
bind
socket
WSASetLastError
closesocket
getsockopt
WSAStartup
WSACleanup

wldap32

ord32
ord35
ord22
ord50
ord143
ord41
ord26
ord60
ord30
ord46
ord211
ord301
ord27
ord33
ord79
ord200

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
logging_get_program_version

Sections

.text
Size: 714KB - Virtual size: 714KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42.7MB - Virtual size: 42.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdd9ff70a0bacb68ccbeb68387ab5957

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 714KB - Virtual size: 714KB

.rdata Size: 143KB - Virtual size: 142KB

.data Size: 20KB - Virtual size: 29KB

.rsrc Size: 42.7MB - Virtual size: 42.7MB

.reloc Size: 164KB - Virtual size: 163KB

.text
Size: 714KB - Virtual size: 714KB

.rdata
Size: 143KB - Virtual size: 142KB

.data
Size: 20KB - Virtual size: 29KB

.rsrc
Size: 42.7MB - Virtual size: 42.7MB

.reloc
Size: 164KB - Virtual size: 163KB