2024-09-19_6eac54b80ccf7b5f1ab2c821fec13df4_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-19_6eac54b80ccf7b5f1ab2c821fec13df4_magniber_revil
Size

19.0MB
MD5

6eac54b80ccf7b5f1ab2c821fec13df4
SHA1

b5744a48f0a0c04a162a7bc32dcd083648b7149c
SHA256

86f36f1a2e570b50ee24d40bc950dbcf7d832328e06e63413d15f523e97f6201
SHA512

1bdd1be7bf72a2269a0fc56d212a5bf9a4b7aed45fbbf3712d841278d0e65f9bb76d874f8b9434bbac1490b628166df5cdbc23e3df572c6996ba4622e98d8197
SSDEEP

196608:8k8msThgal3J0WM3adSwo0gr1j95Fwa8UTJwVFV2SgVQBWG:8COhgS3iWM3Jwo0gr1j95FwapTWznB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-19_6eac54b80ccf7b5f1ab2c821fec13df4_magniber_revil

Files

2024-09-19_6eac54b80ccf7b5f1ab2c821fec13df4_magniber_revil
.exe windows:6 windows x86 arch:x86

4d6ff852e6dc363c043872587e5d7f6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WS\tv_prel_dcr\build_cmake_win\HOST\Release\TeamViewer_Service.pdb

Imports

kernel32

GetCurrentThreadId
GetModuleFileNameW
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
GetSystemDirectoryA
GetLastError
lstrcmpiW
DeleteCriticalSection
RaiseException
DecodePointer
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
InitializeCriticalSectionEx
WaitForMultipleObjects
WaitForSingleObject
PostQueuedCompletionStatus
FormatMessageW
SetEvent
TerminateThread
CloseHandle
QueueUserAPC
LocalFree
WideCharToMultiByte
FormatMessageA
CreateEventA
CreateDirectoryW
CreateThread
GetCurrentThread
SetLastError
GetCurrentProcess
MoveFileExW
GetTempPathW
ExpandEnvironmentStringsW
CreateEventW
GetUserGeoID
GetGeoInfoW
GetLocaleInfoW
GlobalMemoryStatusEx
GetComputerNameW
DeleteFileW
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
LoadLibraryA
SetUnhandledExceptionFilter
GetCurrentProcessId
FindFirstFileW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
LoadLibraryW
CreateFileW
CreateProcessW
GetSystemDirectoryW
WriteFile
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
GetTempFileNameW
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
SetWaitableTimer
SleepEx
CreateIoCompletionPort
CreateWaitableTimerW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
LCIDToLocaleName
GetProcessId
ProcessIdToSessionId
OpenEventW
GetNativeSystemInfo
GetSystemPowerStatus
ReleaseSemaphore
WaitForSingleObjectEx
DuplicateHandle
CreateSemaphoreA
ResetEvent
IsWow64Process
OpenProcess
K32GetModuleBaseNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
UnregisterWaitEx
WaitNamedPipeW
ReadFile
ResumeThread
TerminateProcess
QueryFullProcessImageNameW
K32GetModuleFileNameExW
K32EnumProcesses
RegisterWaitForSingleObject
GetExitCodeProcess
GetSystemInfo
VerSetConditionMask
VerifyVersionInfoW
GlobalFree
GlobalAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
SetSearchPathMode
SetDllDirectoryW
HeapSetInformation
SetProcessDEPPolicy
GetFileAttributesW
GetPrivateProfileStringW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
Sleep
VirtualProtect
VirtualFree
GetStdHandle
GetFileType
GetModuleHandleExW
InitializeCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
GetExitCodeThread
GetEnvironmentVariableW
GetACP
GetSystemTime
SystemTimeToFileTime
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
CreateFileA
DeviceIoControl
OpenThread
GetTickCount
GetComputerNameExA
GetComputerNameExW
GetVersionExW
OpenMutexW
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
ReleaseMutex
SwitchToThread
MapViewOfFileEx
CreateMutexW
CancelIoEx
GetOverlappedResult
SetFileAttributesW
GetLocaleInfoEx
GetSystemDefaultLCID
K32EnumProcessModules
GetSystemFirmwareTable
GetEnvironmentVariableA
GetFileSizeEx
GetVolumeInformationW
WTSGetActiveConsoleSessionId
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
GetPrivateProfileIntW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetCurrentDirectoryW
GetDynamicTimeZoneInformation
GetTimeZoneInformation
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetTickCount64
GetThreadTimes
Wow64DisableWow64FsRedirection
VirtualQuery
IsDebuggerPresent
OutputDebugStringW
GetStringTypeW
TryAcquireSRWLockExclusive
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileTime
AreFileApisANSI
GetFileInformationByHandleEx
InitOnceBeginInitialize
InitOnceComplete
TryAcquireSRWLockShared
SleepConditionVariableSRW
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
FlushFileBuffers
GetFileTime
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
GetWindowsDirectoryW
CopyFileExW
WaitForMultipleObjectsEx
OpenEventA
CreateWaitableTimerA
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
ExitProcess
PeekNamedPipe
SetEnvironmentVariableW
GetConsoleOutputCP
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
SetStdHandle
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetFileSize
SetFilePointer
LocalFileTimeToFileTime
LocalAlloc
Wow64RevertWow64FsRedirection

Sections

.text
Size: 12.5MB - Virtual size: 12.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 632KB - Virtual size: 880KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4d6ff852e6dc363c043872587e5d7f6b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 12.5MB - Virtual size: 12.5MB

IPPCODE Size: 261KB - Virtual size: 261KB

.rdata Size: 4.4MB - Virtual size: 4.4MB

.data Size: 632KB - Virtual size: 880KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 12.5MB - Virtual size: 12.5MB

IPPCODE
Size: 261KB - Virtual size: 261KB

.rdata
Size: 4.4MB - Virtual size: 4.4MB

.data
Size: 632KB - Virtual size: 880KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 1.2MB - Virtual size: 1.2MB