G:\autobuild\release\browser-installer\output\Release\kometabrowsercmd.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2024-09-08_0279c091f42cb960767eeff1ecb0440c_mafia_magniber.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-09-08_0279c091f42cb960767eeff1ecb0440c_mafia_magniber.exe
Resource
win10v2004-20240802-en
General
-
Target
2024-09-08_0279c091f42cb960767eeff1ecb0440c_mafia_magniber
-
Size
11.2MB
-
MD5
0279c091f42cb960767eeff1ecb0440c
-
SHA1
68192a9109745de24293e5ae9d77c6a407fc9421
-
SHA256
3f4f2e5410f795f6b6c59ddb6a9f318feb9ffc6a837069a253cc5eb2e93d7384
-
SHA512
f1b044b5d3a62bc5eb40041ff9d649a95789ecfb8c3286d36a5d932282089c59698b2c46a8429e946cec7476079d6dcfed45a0db9b23885b27aecd3b629bc7b0
-
SSDEEP
196608:4nGGqRAdM1tsHPrWlpe6ujANCvgWom/jz7XuN1uv/XsHPwkQ9hG8RIy3HQco:4nGGqRH1tsHjH6PNYomLzjU1uHXsH4la
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-09-08_0279c091f42cb960767eeff1ecb0440c_mafia_magniber
Files
-
2024-09-08_0279c091f42cb960767eeff1ecb0440c_mafia_magniber.exe windows:5 windows x86 arch:x86
3f80d8b1b28cd65589cecbb14b16b9ac
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
kernel32
FormatMessageW
IsWow64Process
LocalFree
InterlockedDecrement
GetModuleHandleW
GetLocaleInfoW
CreateFileW
GetProcAddress
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CreateProcessW
HeapAlloc
HeapFree
GetProcessHeap
GetExitCodeProcess
SetLastError
GetModuleFileNameA
CreateMutexA
GetCurrentProcessId
GetFileSize
FindFirstFileW
SetFilePointer
FindResourceW
LoadResource
VerSetConditionMask
GetTickCount
SizeofResource
GetFileAttributesA
GetFileAttributesW
TerminateProcess
ReadFile
GetTempPathW
VerifyVersionInfoW
FindClose
LockResource
GetSystemInfo
OutputDebugStringW
GetFileAttributesExW
GetShortPathNameW
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
FileTimeToSystemTime
FormatMessageA
CreateFileA
GetModuleHandleA
UnmapViewOfFile
CreateFileMappingA
UnregisterWait
SetThreadPriority
OpenThread
RegisterWaitForSingleObject
ResumeThread
CreateThread
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
HeapCompact
MapViewOfFile
InterlockedCompareExchange
GetCurrentProcess
GetLocalTime
GetVersionExW
GetCurrentThreadId
MultiByteToWideChar
ExpandEnvironmentStringsA
PeekNamedPipe
SleepEx
GetFileInformationByHandle
WideCharToMultiByte
DeleteFileW
OpenEventW
WaitForMultipleObjects
OpenProcess
SetEvent
CreateDirectoryW
CloseHandle
ReleaseMutex
GetModuleFileNameW
IsProcessorFeaturePresent
WaitForSingleObject
CreateMutexW
MoveFileW
GetLastError
Sleep
CopyFileW
GetCommandLineW
HeapReAlloc
GetFullPathNameW
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
ExitThread
FindNextFileW
GetDriveTypeW
GetCurrentDirectoryW
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
SetEndOfFile
FreeLibrary
SystemTimeToFileTime
QueryPerformanceCounter
UnlockFile
GetUserDefaultLCID
InterlockedExchange
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
InterlockedIncrement
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
RtlUnwind
GetDateFormatA
GetTimeFormatA
RemoveDirectoryW
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
DeleteFileA
AreFileApisANSI
GetSystemTime
GetTempPathA
GetVersionExA
OutputDebugStringA
GetDiskFreeSpaceA
CreateFileMappingW
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapSize
FlushFileBuffers
HeapValidate
HeapCreate
HeapDestroy
LoadLibraryW
WriteFile
UnlockFileEx
LockFile
GetFullPathNameA
user32
GetShellWindow
GetWindowThreadProcessId
PostMessageW
SendMessageTimeoutW
FindWindowW
EnumWindows
GetWindowLongW
GetClassNameW
ShowWindow
advapi32
InitializeSecurityDescriptor
ConvertSidToStringSidW
LookupAccountNameW
CheckTokenMembership
DuplicateTokenEx
GetSidSubAuthorityCount
GetSidSubAuthority
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegFlushKey
RegQueryValueExW
RegCreateKeyW
RegCloseKey
RegOpenKeyExW
GetUserNameW
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptHashData
SetSecurityDescriptorDacl
shell32
SHGetFolderPathW
ShellExecuteExW
ole32
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoInitialize
CoTaskMemFree
CoUninitialize
oleaut32
SysFreeString
VariantInit
VariantClear
SysAllocString
shlwapi
AssocQueryStringW
PathAppendW
rpcrt4
RpcStringFreeW
UuidCreate
UuidToStringW
ws2_32
gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
__WSAFDIsSet
accept
recvfrom
sendto
getpeername
select
send
WSAIoctl
connect
WSAGetLastError
htons
ntohs
getsockname
setsockopt
recv
bind
socket
WSASetLastError
closesocket
getsockopt
WSAStartup
listen
WSACleanup
wldap32
ord301
ord27
ord33
ord79
ord30
ord60
ord26
ord41
ord143
ord50
ord22
ord35
ord32
ord200
ord46
ord211
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 201KB - Virtual size: 201KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 28KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 60.1MB - Virtual size: 60.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 226KB - Virtual size: 225KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ