2024-08-17_b1296a8f301fe81a554cb1598958bac2_magniber_rhadamanthys

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-17_b1296a8f301fe81a554cb1598958bac2_magniber_rhadamanthys
Size

49.6MB
MD5

b1296a8f301fe81a554cb1598958bac2
SHA1

7e90f0e99f6df7b45b83b315f31db4ae27b1e2d6
SHA256

2b98a3b4eede34d96cc2df8c0243d3213f5beabde2f7376eda91f0865a112823
SHA512

8e1efed9dc532ce8ea25568d39778cffbf04ebdb45a5e54d3b6c39082569b1fbc90669dcba45997b6512baf49d26ab7ae0688e0c2a6f4e12952541c2441876e6
SSDEEP

786432:z+mJjOA/RuKu0sA48+vY6O0o0mOJQuUrJl0yPWF536VPLMDVRu4kHJK:z+mBO0R60s3PvY6FaOJQfBPXl8MNHJK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-17_b1296a8f301fe81a554cb1598958bac2_magniber_rhadamanthys

Files

2024-08-17_b1296a8f301fe81a554cb1598958bac2_magniber_rhadamanthys
.exe windows:5 windows x86 arch:x86

7b5999512ce347e9170ef462cb503993

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\buildslave\unity\build\artifacts\win32_release_StandalonePlayer_mono_0\player_win_x86.pdb

Imports

kernel32

SetFileTime
SystemTimeToFileTime
GetSystemTime
CreateFileW
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
FindFirstFileExW
SetFilePointer
ReplaceFileW
GetTempFileNameW
GetModuleFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetCurrentProcess
GetModuleHandleW
GetVersionExW
GetSystemPowerStatus
GetSystemInfo
GlobalMemoryStatusEx
GetUserDefaultUILanguage
GetModuleHandleA
GetTickCount
LoadLibraryW
LocalAlloc
GetCurrentProcessId
SetUnhandledExceptionFilter
CreateThread
InterlockedDecrement
OpenEventW
DebugBreak
GetCurrentDirectoryW
GetComputerNameW
GetCommandLineW
GetTempPathW
CreateSemaphoreA
ResetEvent
GetOverlappedResult
SetEvent
CreateEventA
CreateEventW
CancelIo
WaitForMultipleObjects
GetStartupInfoA
IsDebuggerPresent
InterlockedCompareExchange
SetDllDirectoryW
GetFullPathNameW
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateIoCompletionPort
GetQueuedCompletionStatus
GetWindowsDirectoryW
SleepEx
RaiseException
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
SetThreadPriority
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
InterlockedIncrement
SetHandleInformation
GetLocalTime
GetTimeZoneInformation
InitializeCriticalSection
LoadLibraryExW
GetFileSize
FileTimeToDosDateTime
FileTimeToLocalFileTime
lstrlenA
GetFileTime
lstrcpynW
GlobalMemoryStatus
SetErrorMode
GetProcessAffinityMask
InterlockedExchangeAdd
InterlockedExchange
VirtualProtect
GetFileAttributesExW
RemoveDirectoryW
FlushConsoleInputBuffer
GetStdHandle
SwitchToThread
SetThreadAffinityMask
ExitThread
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedFlushSList
CreateFileA
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
GetSystemDirectoryA
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetProcessHeap
GetDriveTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetACP
SetStdHandle
GetConsoleCP
SetHandleCount
HeapCreate
TerminateProcess
UnhandledExceptionFilter
IsProcessorFeaturePresent
CompareStringW
GetCPInfo
LCMapStringW
PeekNamedPipe
GetFileInformationByHandle
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
GetFullPathNameA
GetDateFormatA
GetTimeFormatA
FindFirstFileExA
GetDriveTypeA
FileTimeToSystemTime
GetStartupInfoW
HeapSetInformation
GetCommandLineA
SetConsoleCtrlHandler
DuplicateHandle
HeapSize
HeapQueryInformation
ExitProcess
RtlUnwind
HeapAlloc
HeapReAlloc
HeapFree
GetStringTypeW
GetLocaleInfoW
DecodePointer
EncodePointer
CreateMutexW
FlushInstructionCache
CreateSemaphoreW
SignalObjectAndWait
GetModuleHandleExA
LoadLibraryExA
GetThreadLocale
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetFileType
GetVersion
GlobalAlloc
GlobalLock
GlobalUnlock
GetVersionExA
GetModuleFileNameA
MoveFileExW
VirtualAlloc
DeleteFileW
GetFileAttributesA
GetEnvironmentVariableA
LoadLibraryA
CreateDirectoryW
WaitForSingleObject
GetCurrentThreadId
CreateMutexA
ExpandEnvironmentStringsW
GetDiskFreeSpaceExA
FormatMessageW
VirtualFree
GetCurrentDirectoryA
GetProcAddress
SetEndOfFile
WriteFile
CloseHandle
SetFilePointerEx
SetEnvironmentVariableA
ReadFile
OutputDebugStringA
GetCurrentThread
SuspendThread
GetThreadContext
ResumeThread
SetLastError
FreeLibrary
lstrcpyA
lstrcpynA
GetFileAttributesW
SetFileAttributesW
LocalFree
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
WideCharToMultiByte
MultiByteToWideChar
GetLastError
ReleaseSemaphore
WaitForSingleObjectEx
Sleep
FormatMessageA
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualQuery

user32

UpdateWindow
LoadImageW
DialogBoxParamA
CheckDlgButton
WindowFromPoint
PeekMessageW
GetCaretBlinkTime
DispatchMessageW
MsgWaitForMultipleObjects
ValidateRect
SetTimer
EnableWindow
EnumDisplayDevicesA
EnumDisplaySettingsA
CreateWindowExW
RegisterClassW
GetMessageA
KillTimer
MonitorFromPoint
ClipCursor
SetCursorPos
wvsprintfA
MessageBoxW
CopyImage
IsDlgButtonChecked
SetWindowTextW
ShowCursor
SetFocus
IsDialogMessageW
EmptyClipboard
CloseClipboard
CreateDialogParamW
SetClipboardData
OpenClipboard
GetSystemMetrics
GetClipboardData
IsClipboardFormatAvailable
SendMessageA
EnumWindows
GetUserObjectInformationA
GetThreadDesktop
SetCursor
LoadCursorA
DestroyCursor
DestroyIcon
ScreenToClient
GetParent
GetWindowRect
GetWindowLongA
SetWindowPos
GetClientRect
DefWindowProcW
DestroyWindow
CreateDialogParamA
SetWindowLongA
GetDlgItem
ChangeDisplaySettingsW
MonitorFromWindow
EnumDisplaySettingsW
GetMonitorInfoW
UnregisterClassW
GetAncestor
OffsetRect
CopyRect
GetDesktopWindow
MessageBoxA
GetWindowPlacement
AdjustWindowRectEx
SetDlgItemTextW
SetDlgItemTextA
SendDlgItemMessageW
LoadIconA
EndDialog
DialogBoxParamW
RegisterClassExW
EnumDisplayMonitors
SetCapture
ReleaseCapture
UnregisterDeviceNotification
DispatchMessageA
TranslateMessage
PtInRect
GetMessageExtraInfo
MonitorFromRect
GetAsyncKeyState
GetKeyState
RegisterRawInputDevices
GetMessageTime
GetMessagePos
RegisterDeviceNotificationW
SystemParametersInfoW
GetRawInputData
GetFocus
IsWindowVisible
GetProcessWindowStation
GetUserObjectInformationW
GetCursorPos
ClientToScreen
GetKeyNameTextW
GetRawInputDeviceInfoW
GetRawInputDeviceList
GetWindowLongW
SetWindowLongW
PostQuitMessage
SendMessageTimeoutA
IsIconic
ShowWindow
SetForegroundWindow
wsprintfA
GetDC
ReleaseDC
CreateIconIndirect
RegisterWindowMessageA
PeekMessageA
GetMonitorInfoA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ole32

PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

gdi32

GetDeviceCaps
SwapBuffers
SetPixelFormat
ChoosePixelFormat
GetObjectA
DeleteObject
CreateBitmap
CreateDIBSection

shell32

ShellExecuteW
ShellExecuteExA
CommandLineToArgvW
SHGetFolderPathW
SHFileOperationW

opengl32

wglGetCurrentContext
wglCreateContext
wglMakeCurrent
wglDeleteContext
wglGetProcAddress
wglGetCurrentDC

winmm

waveOutGetNumDevs
timeBeginPeriod
waveOutGetDevCapsW
waveOutClose
waveOutOpen
waveOutGetDevCapsA
waveInGetNumDevs
timeGetTime
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveOutGetPosition
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInGetDevCapsA
waveInGetDevCapsW
waveInStart
waveInOpen
waveInClose
waveInReset
waveOutPrepareHeader
timeEndPeriod

ws2_32

getpeername
WSAStartup
WSAGetLastError
accept
getprotobyname
setsockopt
listen
connect
closesocket
socket
recvfrom
inet_addr
__WSAFDIsSet
recv
send
select
getsockname
gethostname
gethostbyname
ntohl
htonl
ntohs
htons
WSACleanup
shutdown
inet_ntoa
WSARecvFrom
ioctlsocket
WSASetLastError
WSASocketA
freeaddrinfo
sendto
getaddrinfo
getnameinfo
WSASetEvent
WSAEnumNetworkEvents
WSAResetEvent
WSAWaitForMultipleEvents
WSACloseEvent
WSAEventSelect
WSACreateEvent
getsockopt
WSACancelAsyncRequest
WSAAsyncGetHostByName
bind
WSAIoctl

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

imm32

ImmReleaseContext
ImmSetOpenStatus
ImmGetConversionStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmGetContext
ImmSetCompositionStringW

iphlpapi

GetIpAddrTable

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 14.5MB - Virtual size: 14.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 319KB - Virtual size: 880KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 551KB - Virtual size: 551KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b5999512ce347e9170ef462cb503993

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

version

ole32

setupapi

gdi32

shell32

opengl32

winmm

ws2_32

oleaut32

imm32

iphlpapi

Exports

Exports

Sections

.text Size: 14.5MB - Virtual size: 14.5MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 319KB - Virtual size: 880KB

.rodata Size: 3KB - Virtual size: 4KB

.trace Size: 27KB - Virtual size: 28KB

_RDATA Size: 1KB - Virtual size: 4KB

.data1 Size: 512B - Virtual size: 4KB

.rsrc Size: 551KB - Virtual size: 551KB

.text
Size: 14.5MB - Virtual size: 14.5MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 319KB - Virtual size: 880KB

.rodata
Size: 3KB - Virtual size: 4KB

.trace
Size: 27KB - Virtual size: 28KB

_RDATA
Size: 1KB - Virtual size: 4KB

.data1
Size: 512B - Virtual size: 4KB

.rsrc
Size: 551KB - Virtual size: 551KB