2024-09-13_164f063ea937f5d315e932cc1d1762c5_mafia_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-13_164f063ea937f5d315e932cc1d1762c5_mafia_magniber
Size

10.1MB
MD5

164f063ea937f5d315e932cc1d1762c5
SHA1

7fb9ac3fc112ac0c2c04e90d09aed3a068c6c0b4
SHA256

452e69eebecd641279770c6fbd058421b1f0db490252e46fb68d9a561ae98373
SHA512

c59c3748d0cc97e1ba1ce51766d12562db3d2d7f6db1852b1249c0fa46e8c1d36e30225634df1ee620a8c3f532371878418a8e7a08e4fbc0967684d69cbb0e9d
SSDEEP

196608:xDThQMff0J3lniFoDHcFYTHcJh+EfFLOyomFHKnP20yQIry/9C:xDTqMH0JtAo7cFYTHcJh+EfF4rIry/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-13_164f063ea937f5d315e932cc1d1762c5_mafia_magniber

Files

2024-09-13_164f063ea937f5d315e932cc1d1762c5_mafia_magniber
.exe windows:6 windows x86 arch:x86

be0d2e263721e910970f20e4b1cafb36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

freeaddrinfo
getaddrinfo
send
gethostbyname
gethostbyaddr
sendto
recvfrom
inet_addr
bind
getpeername
WSAGetLastError
socket
shutdown
setsockopt
gethostname
select
recv
getsockopt
ioctlsocket
connect
closesocket
accept
__WSAFDIsSet
inet_ntoa
htons
WSACleanup
WSAStartup

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringA
CertGetNameStringW
CryptMsgGetParam
CryptMsgClose
CryptQueryObject

kernel32

GetUserDefaultUILanguage
GetDiskFreeSpaceA
GetTempPathA
GetLocalTime
SystemTimeToFileTime
GetACP
SetConsoleCtrlHandler
GetCurrentDirectoryA
HeapFree
TerminateProcess
GetCurrentThread
SetThreadPriority
SetPriorityClass
GetVersionExA
VirtualProtect
VirtualQuery
GetModuleFileNameA
GetModuleHandleA
SetLastError
GetSystemInfo
GetSystemDirectoryA
GetWindowsDirectoryA
GetSystemWindowsDirectoryA
GetNativeSystemInfo
GetComputerNameA
IsBadReadPtr
GetModuleHandleExA
Process32First
Process32Next
GetTickCount64
CreateDirectoryA
CreateFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileSizeEx
RemoveDirectoryA
SetEndOfFile
SetFilePointer
WriteFile
CloseHandle
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetProcessTimes
SwitchToThread
GetTickCount
MapViewOfFileEx
UnmapViewOfFile
GetProcAddress
LocalFree
FormatMessageA
CreateSemaphoreA
CreateFileMappingA
OpenProcess
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableA
SetCurrentDirectoryA
GetFileAttributesA
GetFullPathNameA
GetSystemTime
FileTimeToSystemTime
GetTimeZoneInformation
AreFileApisANSI
GetExitCodeProcess
CreateProcessA
GetStdHandle
GetConsoleMode
ExitThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
DeleteFileA
SetFileTime
IsWow64Process
DuplicateHandle
GetProfileStringA
SetThreadContext
GetExitCodeThread
ReadFile
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetCPInfo
CreateThread
FreeLibraryAndExitThread
CreateFileW
GetFileType
RaiseException
GetStringTypeW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
SetFilePointerEx
SetStdHandle
HeapReAlloc
HeapSize
IsValidCodePage
GetOEMCP
GetCommandLineW
GetModuleFileNameW
WriteConsoleW
EncodePointer
DecodePointer
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
LocalAlloc
MapViewOfFile
OpenFileMappingA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
CreateToolhelp32Snapshot
Thread32First
Thread32Next
SetEvent
ResetEvent
CreateEventA
OpenEventA
WaitForMultipleObjects
ProcessIdToSessionId
IsBadWritePtr
OpenSemaphoreA
FlushInstructionCache
GetVersion
DeviceIoControl
LockFile
UnlockFile
IsBadStringPtrA
IsBadStringPtrW
GetDriveTypeA
GetThreadContext
GetLogicalDrives
GetOverlappedResult
CreateEventW
EnumSystemFirmwareTables
GetSystemFirmwareTable
OpenMutexA
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitializeSListHead
WaitForSingleObjectEx
GetFileTime
GetCurrentThreadId
GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess
Sleep
GetProcessHeap
HeapAlloc
HeapCreate
FlushFileBuffers
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
FindFirstFileExW
FindNextFileW
GetCommandLineA
GlobalFree

user32

TranslateMessage
DispatchMessageA
PeekMessageA
CallMsgFilterA
EnumDisplayDevicesA
MessageBoxA
MessageBoxW
DrawMenuBar
GetSystemMenu
wsprintfA
AppendMenuA
LoadStringA
GetSystemMetrics
CharUpperBuffA
CharLowerBuffA

shell32

ShellExecuteExA

advapi32

SetSecurityDescriptorSacl
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetUserNameA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegSetValueExA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegDeleteKeyA
RegFlushKey
CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
QueryServiceStatus
StartServiceA
QueryServiceStatusEx
GetSecurityDescriptorSacl

psapi

GetModuleFileNameExA

powrprof

PowerReadFriendlyName

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpCloseHandle
WinHttpOpen
WinHttpGetProxyForUrl

wintrust

WinVerifyTrust

ntdll

RtlRemoveVectoredExceptionHandler
RtlAddVectoredExceptionHandler

Sections

__wibu00
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu01
Size: 485KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu02
Size: 26KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu03
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

__wibu04
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu05
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu06
Size: 94KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu07
Size: 180KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

be0d2e263721e910970f20e4b1cafb36

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

kernel32

user32

shell32

advapi32

psapi

powrprof

version

winhttp

wintrust

ntdll

Sections

__wibu00 Size: 1.8MB - Virtual size: 1.8MB

__wibu01 Size: 485KB - Virtual size: 485KB

__wibu02 Size: 26KB - Virtual size: 2.1MB

.rsrc Size: 5.3MB - Virtual size: 5.3MB

__wibu03 Size: 145KB - Virtual size: 145KB

__wibu04 Size: 2.0MB - Virtual size: 2.0MB

__wibu05 Size: 8KB - Virtual size: 8KB

__wibu06 Size: 94KB - Virtual size: 108KB

__wibu07 Size: 180KB - Virtual size: 184KB

__wibu00
Size: 1.8MB - Virtual size: 1.8MB

__wibu01
Size: 485KB - Virtual size: 485KB

__wibu02
Size: 26KB - Virtual size: 2.1MB

.rsrc
Size: 5.3MB - Virtual size: 5.3MB

__wibu03
Size: 145KB - Virtual size: 145KB

__wibu04
Size: 2.0MB - Virtual size: 2.0MB

__wibu05
Size: 8KB - Virtual size: 8KB

__wibu06
Size: 94KB - Virtual size: 108KB

__wibu07
Size: 180KB - Virtual size: 184KB