2024-08-24_9605a026bae092d35b392400ff39e3a4_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-08-24_9605a026bae092d35b392400ff39e3a4_magniber
Size

3.1MB
MD5

9605a026bae092d35b392400ff39e3a4
SHA1

458835310ddcc5bd0850f77691817c8f574e8798
SHA256

c892917650014711341e1be3445274a61fe9133122c9246373867ccf014a312c
SHA512

1bbb11e05e7a8599fc4dc514d4cf53e6d719a4ffaa3c1d9391d56eeab016e2859ad2c623ce27d835215e96ff97b5564eeb5a214eea875efc8227706cd192e407
SSDEEP

49152:myecIdZosHspMV7KuOsFulvjfrgAPSwdSaG29AJThsMMUgKF7FgWXnIuF9lv3+ux:myeldJMpMdK0QlrfF6wdAsMMUBXnR

Score

1^/10

Malware Config

Signatures

Files

2024-08-24_9605a026bae092d35b392400ff39e3a4_magniber
.exe windows:5 windows x86 arch:x86

92334bb8f9cb3bb7bfb7f03f77b72dd2

Code Sign

3a:89:a0:36:75:72:ad:1f:33:d7:52:33:69:df:bd:0c
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-09-2020 00:00

Not After

11-09-2023 23:59

Subject

CN=Techinline Limited,O=Techinline Limited,POSTALCODE=RG7 8NN,STREET=Unit 5\, Jupiter House Calleva Park,L=Aldermaston Reading,ST=Berkshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

20:b0:9f:cc:7e:31:e6:50:a7:fc:15:b9:7d:7b:6b:18:b5:c7:66:1b
Signer

Actual PE Digest

20:b0:9f:cc:7e:31:e6:50:a7:fc:15:b9:7d:7b:6b:18:b5:c7:66:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Techinline\CCNET\4.5.0.0_Refactoring\TIRD_Client\Core\Client\Win32\Release\TiClientCore.pdb

Imports

msi

ord204

iphlpapi

GetAdaptersInfo

msimg32

AlphaBlend

wininet

HttpOpenRequestA
InternetReadFile
HttpQueryInfoA
InternetQueryOptionA
InternetCloseHandle
InternetSetOptionA
InternetOpenUrlA
DetectAutoProxyUrl
HttpSendRequestA
InternetOpenA
InternetConnectA

ws2_32

getnameinfo
WSASocketA
gethostbyname
htons
connect
inet_addr
gethostname
getaddrinfo
freeaddrinfo

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

EnumProcessModules
GetModuleBaseNameA
GetProcessMemoryInfo
GetProcessImageFileNameW
GetModuleFileNameExW

netapi32

NetApiBufferFree
NetUserEnum

secur32

GetUserNameExW

kernel32

FindClose
FindFirstFileW
ExpandEnvironmentStringsW
GetWindowsDirectoryW
lstrlenA
InitializeCriticalSectionAndSpinCount
FlushInstructionCache
GetCurrentProcess
lstrcmpA
MulDiv
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GlobalLock
GlobalAlloc
RaiseException
FindResourceA
GetSystemTimeAsFileTime
GlobalHandle
LocalFree
CreateProcessW
GetCommandLineW
CreateFileMappingA
FormatMessageA
GetTempPathW
GetModuleHandleW
GetTempFileNameA
GetTempPathA
DeleteFileA
GetExitCodeThread
TerminateProcess
Process32NextW
GetProcessTimes
Process32FirstW
FormatMessageW
LocalAlloc
GlobalFindAtomA
GlobalSize
GetVolumeInformationA
GetDriveTypeA
GetSystemInfo
lstrcpyW
GetFileAttributesExW
OutputDebugStringA
SetEndOfFile
GetFileInformationByHandle
IsBadStringPtrW
IsBadStringPtrA
ResumeThread
TlsGetValue
GlobalFree
TlsSetValue
CreateMutexA
OpenMutexA
CreateDirectoryW
RemoveDirectoryW
MoveFileW
CopyFileW
GetFileTime
FileTimeToSystemTime
GetFileSizeEx
SetFilePointerEx
InterlockedCompareExchange
InterlockedExchange
ReleaseMutex
OpenFileMappingW
CreateFileA
CreateNamedPipeA
SetNamedPipeHandleState
Process32First
GetCurrentThread
Thread32First
Thread32Next
Process32Next
QueryDosDeviceW
GetExitCodeProcess
GetCurrentDirectoryW
SetThreadPriority
CreateSemaphoreA
ReleaseSemaphore
CreateEventW
VirtualFree
VirtualAlloc
LoadLibraryW
FindNextFileW
TerminateThread
GetVersionExA
VerifyVersionInfoA
VerSetConditionMask
VerifyVersionInfoW
GetComputerNameW
OpenEventA
OpenFileMappingA
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
OpenProcess
GetLocalTime
GetModuleHandleA
FindResourceW
SizeofResource
LockResource
LoadResource
lstrlenW
WideCharToMultiByte
MoveFileExW
EncodePointer
DecodePointer
ExitThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RtlUnwind
VirtualProtect
VirtualQuery
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
ExitProcess
GetStdHandle
HeapCreate
TlsFree
CreateEventA
ResetEvent
SetEvent
IsBadWritePtr
IsBadReadPtr
ProcessIdToSessionId
Sleep
SetThreadExecutionState
SetCurrentDirectoryA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
GetProcAddress
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
WriteFile
MultiByteToWideChar
QueryPerformanceFrequency
GetCurrentProcessId
QueryPerformanceCounter
SetFilePointer
SetLastError
GetFileSize
CreateFileW
GetLastError
GetModuleFileNameW
GetFileAttributesW
CloseHandle
CreateToolhelp32Snapshot
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetConsoleCP
GetConsoleMode
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateThread
ReadFile
TlsAlloc

user32

keybd_event
SetProcessWindowStation
CloseWindowStation
OpenWindowStationA
ExitWindowsEx
EnumDesktopWindows
OpenInputDesktop
LoadStringW
GetUserObjectInformationA
GetProcessWindowStation
EnumDesktopsA
RegisterClipboardFormatW
GetClassNameW
SetRectEmpty
CreateWindowExW
BringWindowToTop
GetCursorInfo
GetIconInfo
MonitorFromPoint
EnumDisplayMonitors
ChangeClipboardChain
SetClipboardViewer
MapVirtualKeyA
SendInput
GetCapture
WindowFromPoint
GetPropA
FindWindowA
EnumThreadWindows
FindWindowExA
SendMessageW
EnumDisplayDevicesA
GetUpdateRgn
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
DrawTextW
ShowCursor
LoadStringA
DrawTextExW
GetSysColorBrush
GetClipboardFormatNameA
RegisterClipboardFormatA
mouse_event
GetAsyncKeyState
GetKeyState
CreateDialogIndirectParamA
GetWindowDC
UpdateWindow
DestroyCursor
SetCursorPos
SetRect
UnionRect
SetCursor
TrackMouseEvent
ScrollWindowEx
IsIconic
GetSystemMenu
DeleteMenu
EnableMenuItem
TrackPopupMenu
SetWindowRgn
GetClassInfoA
SetDlgItemTextA
EnableWindow
GetDlgItemTextW
SetDlgItemTextW
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
LoadImageA
RegisterClassA
PeekMessageA
LoadAcceleratorsA
TranslateAcceleratorA
PostQuitMessage
GetActiveWindow
DialogBoxIndirectParamA
GetLastInputInfo
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
RegisterClassExA
LoadCursorA
GetClassInfoExA
GetDesktopWindow
SetFocus
GetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
DestroyWindow
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
CharNextA
GetSysColor
MapDialogRect
EndDialog
SetWindowContextHelpId
GetWindow
SendDlgItemMessageA
GetDlgItemTextA
CreateWindowExA
SetWindowLongA
GetCursorPos
IsWindowVisible
GetWindowLongA
ShowWindow
GetWindowRect
PostMessageA
GetSystemMetrics
SetThreadDesktop
SendMessageA
CloseDesktop
OpenDesktopA
PostThreadMessageA
TranslateMessage
DispatchMessageA
GetMessageA
MessageBoxA
KillTimer
SetTimer
DefWindowProcA
SystemParametersInfoA
GetThreadDesktop
GetUserObjectInformationW
IsWindow
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetWindowPos
UnregisterClassA
FillRect

gdi32

PtInRegion
DPtoLP
LPtoDP
SetTextColor
SetBkMode
GetClipBox
CreateDIBSection
CreateFontIndirectA
GetStockObject
GetObjectA
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
GetTextExtentPoint32A
RectInRegion
GetRgnBox
SetRectRgn
CreatePen
CreateDCA
SetDIBColorTable
RectVisible
CreateEllipticRgn
Ellipse
GetPixel
GetEnhMetaFileBits
SetEnhMetaFileBits
GetTextExtentPoint32W
GetDIBits
GetRegionData
Rectangle
LineTo
MoveToEx
SetTextAlign
TextOutW
CreateRectRgn
CombineRgn
OffsetRgn
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

OpenSCManagerA
SetTokenInformation
GetLengthSid
RegCloseKey
RegQueryValueExA
ConvertStringSidToSidW
OpenProcessToken
SetKernelObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW
LogonUserW
CreateProcessWithLogonW
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueA
GetTokenInformation
ConvertSidToStringSidA
AllocateAndInitializeSid
SetEntriesInAclA
SetNamedSecurityInfoW
RegOpenKeyExA
LookupAccountSidW
LookupAccountNameW
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
EnumServicesStatusExW
FreeSid
EqualSid
CloseServiceHandle
DeleteService
OpenServiceW
ControlService

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetPathFromIDListA
CommandLineToArgvW
SHBrowseForFolderW
SHGetFolderPathW
DragQueryFileW
SHGetMalloc
ShellExecuteW

ole32

StringFromGUID2
OleLockRunning
CoTaskMemAlloc
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoInitialize
CreateBindCtx
DoDragDrop
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
CoFreeUnusedLibraries
OleUninitialize

oleaut32

OleCreateFontIndirect
VarBstrCat
LoadTypeLi
LoadRegTypeLi
VariantClear
VariantInit
SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString

shlwapi

UrlUnescapeW
ord219
PathFileExistsW
SHGetValueA
PathRemoveFileSpecW
SHSetValueW
SHDeleteValueW
PathIsDirectoryW

gdiplus

GdipGetImageWidth
GdipDisposeImage
GdipGetImageHeight
GdipAlloc
GdipCreateHBITMAPFromBitmap
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdiplusShutdown
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipCloneImage
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipFree
GdiplusStartup

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 547KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 16.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92334bb8f9cb3bb7bfb7f03f77b72dd2

Code Sign

3a:89:a0:36:75:72:ad:1f:33:d7:52:33:69:df:bd:0cCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

20:b0:9f:cc:7e:31:e6:50:a7:fc:15:b9:7d:7b:6b:18:b5:c7:66:1bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

iphlpapi

msimg32

wininet

ws2_32

version

psapi

netapi32

secur32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

IPPCODE Size: 161KB - Virtual size: 161KB

.rdata Size: 547KB - Virtual size: 546KB

.data Size: 49KB - Virtual size: 16.1MB

.rsrc Size: 269KB - Virtual size: 269KB

.reloc Size: 224KB - Virtual size: 224KB

3a:89:a0:36:75:72:ad:1f:33:d7:52:33:69:df:bd:0c
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

20:b0:9f:cc:7e:31:e6:50:a7:fc:15:b9:7d:7b:6b:18:b5:c7:66:1b
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

IPPCODE
Size: 161KB - Virtual size: 161KB

.rdata
Size: 547KB - Virtual size: 546KB

.data
Size: 49KB - Virtual size: 16.1MB

.rsrc
Size: 269KB - Virtual size: 269KB

.reloc
Size: 224KB - Virtual size: 224KB