2024-09-02_a41e4f0a3bf93beef45e5837d7bf3b87_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-02_a41e4f0a3bf93beef45e5837d7bf3b87_magniber
Size

3.8MB
MD5

a41e4f0a3bf93beef45e5837d7bf3b87
SHA1

3b6025bd2733bdbde826847e9eb85d03eb196a23
SHA256

75389d042d56e611b6bf47a851e9d55a3a899221e5eece3bfbfe774c6a853b3f
SHA512

0d80ea59041c85c584b454741a27cf479c8d874cad953e7e1aad373f594549019d1eaa9e0d04c5d04c9fe8546127a265a6ad10a2c0741135683e7785500e2dab
SSDEEP

49152:v7Idf70vsomJNLUhLaV+fYmKMuSGOp09B/pwJrN6GFVfoPpNf9CXOnMh61RpvPNT:DIdfiKLegiKBVPG5o28N15nMApR7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-02_a41e4f0a3bf93beef45e5837d7bf3b87_magniber

Files

2024-09-02_a41e4f0a3bf93beef45e5837d7bf3b87_magniber
.exe windows:5 windows x86 arch:x86

c8321dce5845ea433aa1e8fc6ac5cc3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\master_lu\lds_install_and_uninstall\install_and_uninstall\Release\Install.pdb

Imports

kernel32

CreateProcessW
GetStartupInfoW
GetPrivateProfileStringW
GetTempFileNameW
GetPrivateProfileIntW
OpenEventW
GlobalAddAtomW
GetFileSizeEx
DecodePointer
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
GetCommandLineW
CopyFileW
VirtualAllocEx
GetVersion
ReadProcessMemory
WriteProcessMemory
OutputDebugStringA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CreateEventW
WaitForMultipleObjects
ResetEvent
GetSystemInfo
GetShortPathNameW
FormatMessageW
CreateDirectoryW
GetEnvironmentVariableW
InterlockedExchange
VirtualFreeEx
WideCharToMultiByte
InterlockedCompareExchange
IsDebuggerPresent
EncodePointer
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetDiskFreeSpaceExW
GetSystemDirectoryW
GetCurrentDirectoryW
GetLogicalDriveStringsW
MoveFileExW
MoveFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetFullPathNameW
RemoveDirectoryW
GetWindowsDirectoryW
GetTempPathW
WaitForSingleObject
FindClose
SetLastError
GetTickCount
Sleep
GetLastError
LocalFree
LocalAlloc
GetVersionExW
WriteConsoleW
ReadConsoleW
SetStdHandle
WaitForSingleObjectEx
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCurrentThread
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetACP
SetCurrentDirectoryW
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
RaiseException
MultiByteToWideChar
GetFileSize
UnlockFile
LockFile
MulDiv
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalFindAtomW
CreateMutexW
GlobalDeleteAtom
GetCurrentProcessId
OpenProcess
GetDriveTypeW
WritePrivateProfileStringW
FindResourceExW
FindResourceW
GetModuleHandleW
GetModuleFileNameW
DeviceIoControl
SizeofResource
LoadResource
FreeLibrary
LockResource
GetFileAttributesExW
CreateFileW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
OutputDebugStringW
LoadLibraryW
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFilePointer
ReadFile
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
DeleteFileA
CreateFileA
GetTempFileNameA
InitializeSListHead
GetLongPathNameW
SetEvent
lstrlenW
DeleteCriticalSection
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess
LoadLibraryExA
GetTimeZoneInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
InterlockedFlushSList
RtlUnwind
GetStringTypeW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
OpenFileMappingW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
FlushFileBuffers
SetFileTime
SearchPathW
FindFirstChangeNotificationW
FindCloseChangeNotification
CompareFileTime
GetFileInformationByHandle
SetEndOfFile
GetStdHandle
FreeResource
GetSystemWindowsDirectoryW
ReleaseMutex
GetTempPathA
CloseHandle
WriteFile
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcmpA
GetLocalTime

user32

DialogBoxParamW
wsprintfW
SetTimer
KillTimer
GetDC
UnhookWinEvent
DrawTextW
GetWindowTextLengthW
GetMessageW
TranslateMessage
DispatchMessageW
ReleaseDC
SendMessageW
ShowWindow
IsWindowVisible
IsIconic
SetForegroundWindow
FindWindowExW
GetWindowThreadProcessId
PostMessageW
IsWindow
SetCursor
SetRect
OffsetRect
LoadCursorW
PtInRect
CopyRect
DrawFocusRect
BeginPaint
EndPaint
IsRectEmpty
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
InvalidateRect
GetClientRect
GetWindowRect
GetWindowLongW
SetWindowLongW
GetParent
UpdateLayeredWindow
SetWindowPos
SetWindowRgn
SystemParametersInfoW
WaitForInputIdle
SetWindowTextW
GetShellWindow
GetWindowTextW
SetWinEventHook
UnregisterClassA
SendNotifyMessageW
SendMessageTimeoutW
RegisterWindowMessageW
MessageBoxW
IsDialogMessageW
LoadStringW
PeekMessageW
EnableWindow
FindWindowW
RedrawWindow
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
MapWindowPoints
ScreenToClient
DestroyWindow
GetSystemMetrics
MoveWindow
PostQuitMessage
ExitWindowsEx
CharNextW
BringWindowToTop
EndDialog

gdi32

SaveDC
RestoreDC
SetTextColor
SetBkMode
CreateRectRgn
CombineRgn
SetViewportOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
ExtTextOutW
SetBkColor
DeleteDC
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
CreateFontIndirectW
EnumFontFamiliesW
DeleteObject
CreateFontW

advapi32

CryptAcquireContextW
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegEnumValueW
DuplicateTokenEx
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
UnlockServiceDatabase
StartServiceW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
GetUserNameW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
EqualSid
DeleteAce
LookupAccountSidW
LookupAccountNameW
SetEntriesInAclW
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetTrusteeNameW
CryptContextAddRef
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptDecrypt
RegQueryValueExA

shell32

ord165
SHChangeNotify
CommandLineToArgvW
SHFileOperationW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHLoadInProc
ShellExecuteW

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateGuid
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitialize
StringFromGUID2
CreateStreamOnHGlobal
CoCreateInstance
CoSetProxyBlanket
OleRun

oleaut32

VariantCopy
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
VariantInit
SysStringLen
VariantClear
SysFreeString
VarUI4FromStr
SysStringByteLen
SysAllocString
SysAllocStringByteLen

shlwapi

PathAppendA
PathFindFileNameA
PathRenameExtensionA
PathAppendW
PathCombineW
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW
wnsprintfW
StrCmpW
PathFindFileNameW
SHGetValueW
PathUnquoteSpacesW
SHSetValueW
PathIsPrefixW
PathIsRelativeW
PathIsRootW
SHSetValueA
AssocQueryStringW
StrStrIW
SHDeleteValueW
StrStrIA
StrCmpNIW
StrTrimA
StrCmpIW
StrToIntExW
SHGetValueA
PathIsDirectoryW
SHDeleteKeyW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipDrawImagePointRectI
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDeleteBrush
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCloneBrush
GdipDrawString
GdipCreateSolidFill
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDeleteFont
GdipCreateFont

cabinet

ord23
ord20
ord22

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
EnumProcesses

setupapi

SetupIterateCabinetW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

secur32

GetUserNameExW

crypt32

CryptBinaryToStringW
CryptBinaryToStringA
CertGetNameStringW
CryptStringToBinaryW
CryptStringToBinaryA

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

Exports

Exports

StartEast
_Start@12

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8321dce5845ea433aa1e8fc6ac5cc3c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

cabinet

version

psapi

setupapi

iphlpapi

wininet

urlmon

secur32

crypt32

wintrust

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 265KB - Virtual size: 264KB

.data Size: 29KB - Virtual size: 43KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 67KB - Virtual size: 67KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 265KB - Virtual size: 264KB

.data
Size: 29KB - Virtual size: 43KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 67KB - Virtual size: 67KB