2024-08-29_37d8a9b435d80d2cfea50c05eb14dee9_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-29_37d8a9b435d80d2cfea50c05eb14dee9_magniber
Size

55.7MB
MD5

37d8a9b435d80d2cfea50c05eb14dee9
SHA1

c0a107b8ce49d0df7e636e219e20334daef4aab7
SHA256

c9eae83c9ebdd0d4f6aa23670154edcf734a8e9245fa0ebea223cacf6d116a94
SHA512

425d888827352e45dfccf149e8c79a913e94aae1ccfac20ddf10ec29af20cc26cbbb68f47eb845a4d9ea6b1833689b6eed20a247ea07d4c0fd0c0459693f367a
SSDEEP

1572864:vSOHCOAmGx6DnP6JnvjNip52pesJnro/0a/xjSTyQzk:vSOHPAmG8DnSJhaIMWrKH/dS5o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-29_37d8a9b435d80d2cfea50c05eb14dee9_magniber

Files

2024-08-29_37d8a9b435d80d2cfea50c05eb14dee9_magniber
.exe windows:5 windows x86 arch:x86

df8464949f4bf6810aee8d34cd0fc0fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\317321\out\Release\Install.pdb

Imports

kernel32

GetVersion
GetCurrentProcess
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
CreateProcessW
GetStartupInfoW
GetPrivateProfileStringW
GetTempFileNameW
GetPrivateProfileIntW
WritePrivateProfileStringW
DecodePointer
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
GetCommandLineW
CopyFileW
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
GlobalAddAtomW
GetDriveTypeW
OutputDebugStringA
OutputDebugStringW
WideCharToMultiByte
GetFileInformationByHandle
CompareFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
SearchPathW
GetCurrentDirectoryW
SetFileTime
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
GetFileAttributesExW
TerminateProcess
GetExitCodeProcess
GetFileSizeEx
GetLocalTime
RaiseException
LoadLibraryW
CreateEventW
WaitForMultipleObjects
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FreeLibrary
MoveFileExW
MoveFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetFullPathNameW
WriteConsoleW
ReadConsoleW
SetStdHandle
WaitForSingleObjectEx
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetCurrentThread
MultiByteToWideChar
ReadFile
GetFileSize
UnlockFile
LockFile
MulDiv
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalFindAtomW
CreateMutexW
GlobalDeleteAtom
GetCurrentProcessId
OpenProcess
GetLongPathNameW
GlobalFree
GlobalUnlock
GlobalLock
ResetEvent
RemoveDirectoryW
GetWindowsDirectoryW
GetTempPathW
lstrlenW
FindClose
SetLastError
GetTickCount
Sleep
GetLastError
LocalFree
LocalAlloc
GetVersionExW
CreateFileW
FindResourceExW
FindResourceW
GetModuleHandleW
GetModuleFileNameW
DeviceIoControl
SizeofResource
LoadResource
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
LockResource
DeleteFileA
CreateFileA
GetTempFileNameA
GetACP
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
InterlockedFlushSList
RtlUnwind
lstrcmpiA
lstrcmpA
GetSystemWindowsDirectoryW
FreeResource
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetSystemInfo
GetShortPathNameW
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ReleaseMutex
OpenThread
HeapWalk
HeapUnlock
HeapLock
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetTempPathA
CloseHandle
GlobalAlloc
InitializeSListHead
EncodePointer
IsDebuggerPresent
InterlockedCompareExchange
InterlockedExchange
GetDiskFreeSpaceExW
GetSystemDirectoryW
GetLogicalDriveStringsW
GetEnvironmentVariableW
CreateDirectoryW
FormatMessageW
WriteFile

user32

SetCursor
LoadCursorW
DrawFocusRect
BeginPaint
SetRect
IsRectEmpty
CopyRect
CallWindowProcW
PtInRect
IsWindow
PostMessageW
GetWindowThreadProcessId
FindWindowExW
SetForegroundWindow
IsIconic
DefWindowProcW
OffsetRect
IsWindowVisible
ShowWindow
SendMessageW
SetWindowPos
UpdateLayeredWindow
DialogBoxParamW
EndDialog
GetMonitorInfoW
ReleaseDC
GetDC
KillTimer
SetTimer
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
InvalidateRect
GetClientRect
GetWindowRect
GetWindowLongW
SetWindowLongW
GetParent
EndPaint
UnregisterClassA
SendNotifyMessageW
SendMessageTimeoutW
RegisterWindowMessageW
wsprintfW
MessageBoxW
IsDialogMessageW
LoadStringW
SetWindowRgn
GetWindowTextW
SetFocus
FindWindowW
RedrawWindow
SystemParametersInfoW
MonitorFromWindow
LoadImageW
GetWindow
MapWindowPoints
ScreenToClient
SetWindowTextW
GetSystemMetrics
MoveWindow
PostQuitMessage
ExitWindowsEx
CharNextW
BringWindowToTop
DestroyWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetShellWindow
WaitForInputIdle
GetActiveWindow

gdi32

RestoreDC
CreateRectRgn
CombineRgn
SetViewportOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
ExtTextOutW
SaveDC
DeleteDC
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
CreateFontIndirectW
EnumFontFamiliesW
DeleteObject
CreateFontW
SetBkColor

advapi32

LookupAccountSidW
RegEnumKeyExA
GetTokenInformation
RegQueryValueExA
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
UnlockServiceDatabase
StartServiceW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
GetUserNameW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
EqualSid
DeleteAce
GetTrusteeNameW
LookupAccountNameW
SetEntriesInAclW
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
RegOpenKeyExA

shell32

SHCreateDirectoryExW
ord165
SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationW
CommandLineToArgvW
ShellExecuteExW
SHChangeNotify
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateGuid
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
OleRun

oleaut32

SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantClear
VarUI4FromStr
VariantInit
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
SysStringLen
SysFreeString
VariantCopy

shlwapi

PathFindFileNameA
PathRenameExtensionA
PathAppendW
PathCombineW
PathRemoveFileSpecW
PathFindExtensionW
StrCmpW
PathFindFileNameW
SHGetValueW
PathIsRelativeW
PathIsRootW
SHGetValueA
StrToIntExW
StrCmpIW
StrStrIW
SHSetValueA
AssocQueryStringW
StrStrIA
StrTrimA
StrCmpNIW
SHSetValueW
PathIsDirectoryW
SHDeleteKeyW
SHDeleteValueW
PathIsPrefixW
wnsprintfW
PathFileExistsW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDrawImagePointRectI
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipMeasureString
GdipSetTextRenderingHint
GdipSetImageAttributesColorMatrix
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRect
GdipDrawImageRectRectI

psapi

GetModuleFileNameExW
EnumProcesses

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

setupapi

SetupIterateCabinetW

secur32

GetUserNameExW

Exports

Exports

_Start@12

Sections

.text
Size: 832KB - Virtual size: 831KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df8464949f4bf6810aee8d34cd0fc0fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

iphlpapi

wininet

urlmon

version

wintrust

crypt32

setupapi

secur32

Exports

Exports

Sections

.text Size: 832KB - Virtual size: 831KB

.rdata Size: 165KB - Virtual size: 164KB

.data Size: 27KB - Virtual size: 38KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 832KB - Virtual size: 831KB

.rdata
Size: 165KB - Virtual size: 164KB

.data
Size: 27KB - Virtual size: 38KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 40KB - Virtual size: 39KB