2024-09-13_1cf28c4ff90f08a56a0401683abd70ae_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-13_1cf28c4ff90f08a56a0401683abd70ae_magniber
Size

637KB
MD5

1cf28c4ff90f08a56a0401683abd70ae
SHA1

1ac0b2fcf234a07f54bf02b633ebe90d0a81ee35
SHA256

f08c9193e2c68a17d71a63f4d5e839a4bd8b54fe369bac542ae943584439862a
SHA512

76cc0e8692e440ceed3c90e1074bfea88b58451f0e164125e7aef77fd66c0a55b9d6028924d36eaab0f1ca5288dbca4ed878d192d54cf672c22172e3ab5f2aab
SSDEEP

12288:WVn7Vsfh/tfAobtxZ57IC27cKMAyxU/5L91rXABnAMR:WVn7VsfT3btl7IC27cKMAyxU/5L/QBHR

Score

1^/10

Malware Config

Signatures

Files

2024-09-13_1cf28c4ff90f08a56a0401683abd70ae_magniber
.exe windows:5 windows x86 arch:x86

1ab8081063f59152c23cba014b0fb07e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:e5:3e:5a:58:61:08:97:fc:da:0d:c2:27:e2:a4:4d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/09/2007, 00:00

Not After

17/09/2009, 23:59

Subject

CN=Stardock Systems Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=Stardock Systems Inc,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b4:7e:87:fc:69:f7:1c:29:d7:bc:ac:93:25:43:66:6f:18:23:54:60
Signer

Actual PE Digest

b4:7e:87:fc:69:f7:1c:29:d7:bc:ac:93:25:43:66:6f:18:23:54:60

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\CursorFx\CursorFX.pdb

Imports

winmm

timeKillEvent
timeSetEvent

shlwapi

PathGetArgsW
ColorRGBToHLS
ColorHLSToRGB
PathRemoveBlanksW
PathIsDirectoryW
PathRemoveFileSpecW
PathStripPathW
PathRemoveExtensionW
PathFileExistsW

comctl32

_TrackMouseEvent

zlib1

inflate
inflateInit_
inflateReset
crc32
inflateEnd
compressBound
compress2
uncompress

kernel32

GetLongPathNameW
lstrcmpW
lstrlenW
GetCommandLineW
CreateMutexW
Sleep
OpenMutexW
GetProcAddress
LoadLibraryW
GetConsoleDisplayMode
UnmapViewOfFile
GetLastError
SetPriorityClass
GetPriorityClass
GetCurrentProcess
SetThreadPriority
GetThreadPriority
GetCurrentThread
SetProcessWorkingSetSize
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
IsBadReadPtr
ReleaseMutex
GetCurrentThreadId
OutputDebugStringW
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExW
lstrcpyA
WideCharToMultiByte
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
lstrcpynW
GetPrivateProfileSectionW
RemoveDirectoryW
GetTempFileNameW
GetTempPathW
WriteFile
MultiByteToWideChar
lstrcmpiW
GetPrivateProfileStringW
GetOEMCP
GetACP
GetTickCount
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
VirtualAlloc
VirtualFree
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
HeapReAlloc
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
RtlUnwind
HeapAlloc
HeapFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleHandleW
GetModuleFileNameW
lstrcatW
CreateDirectoryW
CopyFileW
DeleteFileW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CloseHandle
CreateFileW
GetFileSize
ReadFile
lstrcpyW
GetComputerNameA
SetLastError
lstrlenA
lstrcmpA
lstrcatA
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoA
SetEndOfFile
GetProcessHeap
GetUserDefaultLangID
CreateFileA

user32

CopyRect
BeginPaint
EndPaint
GetClientRect
ReleaseCapture
GetKeyState
SetRect
EnumDisplayMonitors
SetCapture
RemovePropW
GetPropW
DestroyWindow
CallWindowProcW
BeginDeferWindowPos
EndDeferWindowPos
ReleaseDC
GetDC
SetWindowRgn
EqualRect
IsRectEmpty
IntersectRect
UnionRect
DeferWindowPos
OffsetRect
SetRectEmpty
GetMonitorInfoW
SetCursor
SendNotifyMessageW
GetCursorInfo
GetIconInfo
GetWindow
IsWindowVisible
SetWindowPos
UnregisterHotKey
GetParent
GetSystemMetrics
OpenInputDesktop
CloseDesktop
KillTimer
DefWindowProcW
RegisterClassExW
CreateWindowExW
RegisterHotKey
ScreenToClient
ChildWindowFromPointEx
GetClassNameW
WindowFromPoint
GetWindowRect
GetCursorPos
LoadCursorW
CopyIcon
DestroyCursor
SystemParametersInfoW
SetWindowTextW
SetWindowLongW
SetSystemCursor
SetTimer
ShowWindow
SendMessageW
EnumWindows
RegisterWindowMessageW
LoadStringW
GetMessageW
TranslateMessage
DispatchMessageW
GetWindowLongW
PostMessageW
FindWindowW
wsprintfW
MessageBoxW
wsprintfA
InflateRect
LoadImageW
MessageBoxA
GetActiveWindow
PostQuitMessage
RedrawWindow

gdi32

SetTextColor
SetBkColor
CreateBitmap
CreateCompatibleBitmap
ExtCreateRegion
GetObjectW
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC
BitBlt
CombineRgn
CreateRectRgn
CreateDIBSection

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
LookupAccountNameA

shell32

SHGetFolderPathW
ShellExecuteExW

Sections

.text
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ab8081063f59152c23cba014b0fb07e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

47:e5:3e:5a:58:61:08:97:fc:da:0d:c2:27:e2:a4:4dCertificate

Extended Key Usages

Key Usages

b4:7e:87:fc:69:f7:1c:29:d7:bc:ac:93:25:43:66:6f:18:23:54:60Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

shlwapi

comctl32

zlib1

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 451KB - Virtual size: 451KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 15KB - Virtual size: 30KB

.rsrc Size: 60KB - Virtual size: 60KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

47:e5:3e:5a:58:61:08:97:fc:da:0d:c2:27:e2:a4:4d
Certificate

b4:7e:87:fc:69:f7:1c:29:d7:bc:ac:93:25:43:66:6f:18:23:54:60
Signer

.text
Size: 451KB - Virtual size: 451KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 15KB - Virtual size: 30KB

.rsrc
Size: 60KB - Virtual size: 60KB