2024-09-17_76461d7809e92acd89417e8c62b81581_magniber_rhadamanthys_skypams

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-17_76461d7809e92acd89417e8c62b81581_magniber_rhadamanthys_skypams
Size

2.6MB
MD5

76461d7809e92acd89417e8c62b81581
SHA1

6cb99819e7c0c920787c862e1217ad9a66319e9e
SHA256

8514b4c12eae05b8d24d3de89eb671e35dc9dd3363f7be8c8cc892f70cc70cec
SHA512

b2ce8195fe4a458b28d54c33321130807a6109ba327dd4b879db983f02e57ddf0a3cda09d7b142669489710baec2582eedd79c430308229fad1139551ab1c227
SSDEEP

49152:c2kyrl22WkSBLr64a8hIfNjhtDY5JmD+u88nHq5HS1h3F:DkAav69MIfN9WQ7F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-17_76461d7809e92acd89417e8c62b81581_magniber_rhadamanthys_skypams

Files

2024-09-17_76461d7809e92acd89417e8c62b81581_magniber_rhadamanthys_skypams
.exe windows:6 windows x86 arch:x86

7226423597f223261b8532ae50964cc0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\webex-productivitytools\output\maps\release\pt\ptWbxONI.pdb

Imports

shlwapi

StrRChrW
SHDeleteKeyW
StrCatW
StrStrW
StrCmpIW
StrCmpW
StrCmpNW
wnsprintfW
PathFindFileNameW
PathQuoteSpacesW
StrChrW
StrCpyW
PathFileExistsW
PathCombineW
PathRemoveBackslashW
PathIsDirectoryW
PathAddBackslashW
PathRemoveFileSpecW
PathAppendW

kernel32

GetFileSize
lstrcpyW
lstrlenW
GetCurrentProcess
LocalAlloc
lstrcpynW
DeleteFileW
RemoveDirectoryW
CopyFileW
ReadFile
WriteFile
LoadResource
LockResource
SizeofResource
FindResourceW
SetLastError
Sleep
ExpandEnvironmentStringsW
SetEvent
CreateEventW
OpenEventW
GetTickCount
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
lstrcmpiW
MoveFileW
MoveFileExW
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
DecodePointer
InitializeCriticalSectionEx
DeleteCriticalSection
CompareFileTime
GetFileTime
GetTempPathW
GetCurrentProcessId
GetCurrentThreadId
LoadLibraryA
GetPrivateProfileStringW
SetThreadUILanguage
GetLogicalDriveStringsW
QueryDosDeviceW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
ResetEvent
CreateThread
GetLocalTime
GetTickCount64
FindResourceExW
lstrcmpW
K32GetMappedFileNameW
SetUnhandledExceptionFilter
SetErrorMode
GlobalMemoryStatusEx
GetSystemInfo
InitializeCriticalSection
ReleaseMutex
CreateMutexW
CreateFileMappingW
OpenMutexW
GetCurrentThread
IsBadStringPtrA
FileTimeToSystemTime
FindNextFileW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
GetStdHandle
ExitProcess
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
DuplicateHandle
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
GetSystemTime
K32GetModuleFileNameExW
K32EnumProcesses
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalFree
GlobalAlloc
LoadLibraryW
OpenProcess
ProcessIdToSessionId
CreateProcessW
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
GetShortPathNameW
GetVersionExW
GetWindowsDirectoryW
GetSystemDirectoryW
CloseHandle
FindFirstFileW
RtlCaptureStackBackTrace
FindClose
CreateFileW
CreateDirectoryW
RaiseException
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
LocalFree
GetLastError
IsBadReadPtr
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
FreeLibrary
VirtualQuery
OutputDebugStringW
OutputDebugStringA
GetEnvironmentVariableW
ReadConsoleW
SetFilePointerEx
GetConsoleCP
SetConsoleCtrlHandler
FlushFileBuffers
FindFirstFileExA
FindFirstFileExW
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
CreateTimerQueue
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetNativeSystemInfo
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
QueryPerformanceFrequency
QueryPerformanceCounter
TryEnterCriticalSection
FormatMessageA
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetFileAttributesW
SetStdHandle
SetEndOfFile
WriteConsoleW
GetConsoleMode

user32

SendMessageTimeoutW
MessageBoxW
TranslateMessage
DispatchMessageW
PeekMessageW
PostQuitMessage
MsgWaitForMultipleObjects
SendMessageW
IsWindow
LoadStringW
wvsprintfW
LoadCursorW
GetWindowThreadProcessId
GetDesktopWindow
SetWindowLongW
GetWindowLongW
DestroyWindow
GetClassInfoExW
RegisterClassExW
CallWindowProcW
FindWindowW
PostThreadMessageW
UnregisterClassW
GetParent
WindowFromPoint
GetCursorPos
KillTimer
SetTimer
GetActiveWindow
CharNextW
CreateWindowExW
RegisterClassW
DefWindowProcW
PostMessageW
wsprintfW
GetMessageW

advapi32

GetSecurityDescriptorDacl
OpenProcessToken
DuplicateTokenEx
GetTokenInformation
LookupAccountSidW
GetSecurityDescriptorSacl
RegUnLoadKeyW
RegOpenKeyW
RegLoadKeyW
StartServiceW
QueryServiceStatusEx
ReportEventW
RegisterEventSourceW
DeregisterEventSource
BuildExplicitAccessWithNameW
SetServiceObjectSecurity
QueryServiceStatus
QueryServiceObjectSecurity
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateWellKnownSid
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
LookupPrivilegeValueW
MapGenericMask
FreeSid
EqualSid
DuplicateToken
AllocateAndInitializeSid
AdjustTokenPrivileges
AccessCheck
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
CreateProcessWithTokenW
GetUserNameW
CreateProcessAsUserW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
SHFileOperationW
SHGetFolderPathW
SHChangeNotify

ole32

CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoCreateInstance
OleRun

oleaut32

SetErrorInfo
GetErrorInfo
LoadRegTypeLi
DispCallFunc
VarUI4FromStr
CreateErrorInfo
SysAllocStringLen
VarBstrCmp
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysAllocString
SysFreeString
LoadTypeLi
SysStringLen
SysStringByteLen
SysAllocStringByteLen

crypt32

CertFreeCertificateContext
CryptUnprotectData
CryptProtectData
CryptVerifyMessageSignature

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW

rpcrt4

UuidCreateSequential

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW

imagehlp

ImageGetCertificateHeader
ImageEnumerateCertificates
ImageGetCertificateData

wininet

HttpOpenRequestW
InternetCrackUrlW
InternetOpenW
InternetSetOptionW
InternetConnectW
InternetCloseHandle
HttpSendRequestW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 315KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7226423597f223261b8532ae50964cc0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

crypt32

wtsapi32

rpcrt4

version

imagehlp

wininet

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 315KB - Virtual size: 316KB

.data Size: 76KB - Virtual size: 100KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 315KB - Virtual size: 316KB

.data
Size: 76KB - Virtual size: 100KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB