2024-09-21_8ee06b32f191ad6870fc7b6e151a118b_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-21_8ee06b32f191ad6870fc7b6e151a118b_magniber
Size

1.9MB
MD5

8ee06b32f191ad6870fc7b6e151a118b
SHA1

a184d1431a061d53f46e219d7a7f353f7e200d56
SHA256

de1d74586303c41f920c00e9a19b31c5077f405aab47215a2e0ad8713a50c302
SHA512

840ed06e31825762a5a2f437b1304027314eeda2e5fd3314a843f9895443aad012e44d1a34d9d4fa0632a77cb5f954744d91ee10801af8e065430f0ce48e6316
SSDEEP

49152:RkASohwedvlLJeYls/AE5+IZEdKKAhPf0+:RAMq7+IS8hPs+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-21_8ee06b32f191ad6870fc7b6e151a118b_magniber

Files

2024-09-21_8ee06b32f191ad6870fc7b6e151a118b_magniber
.exe windows:6 windows x86 arch:x86

5664e20f6b4c790c97162f44236cb3cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Admin\VideoFusion-win\install\VideofusionInstaller\build\Release\JianyingLauncher.pdb

Imports

powrprof

PowerDeterminePlatformRole

setupapi

CM_Get_Device_IDW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

kernel32

DeleteCriticalSection
GetFileInformationByHandle
GetLocalTime
GetTickCount
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FileTimeToSystemTime
ProcessIdToSessionId
GetCommandLineW
GetDiskFreeSpaceExW
GetVolumeInformationW
QueryDosDeviceW
GetTempPathW
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetVersion
GetSystemDirectoryW
LocalAlloc
lstrcmpW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CopyFileW
MoveFileExW
WTSGetActiveConsoleSessionId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
CreateEventW
CreateThread
MoveFileW
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableW
lstrlenW
GetProcessId
GetModuleHandleA
GetNativeSystemInfo
GetCurrentThreadId
CreateMutexW
FormatMessageA
OutputDebugStringA
ReleaseMutex
RegisterWaitForSingleObject
UnregisterWaitEx
Sleep
SetThreadPriority
GetThreadPriority
IsDebuggerPresent
DuplicateHandle
GetUserDefaultLangID
TryEnterCriticalSection
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
InitializeCriticalSectionEx
TzSpecificLocalTimeToSystemTime
QueryPerformanceFrequency
GetModuleHandleExW
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
SetInformationJobObject
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
WaitForMultipleObjects
GlobalMemoryStatusEx
RtlCaptureStackBackTrace
QueueUserWorkItem
GetModuleHandleExA
GetProcessHeaps
HeapSetInformation
HeapUnlock
HeapLock
HeapWalk
GetProcessIoCounters
VirtualQueryEx
GetProcessTimes
GetSystemInfo
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
LoadLibraryExW
WriteConsoleW
SetStdHandle
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
FatalAppExitA
FlushFileBuffers
SetFilePointerEx
ReadConsoleW
GetFileType
CreateSemaphoreW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
GetStringTypeW
GetCPInfo
EncodePointer
GetOEMCP
GetACP
IsValidCodePage
AreFileApisANSI
ExitProcess
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
DecodePointer
SetFileTime
SystemTimeToFileTime
SetFilePointer
LocalFileTimeToFileTime
GetCurrentDirectoryW
GetCurrentThread
GetCurrentProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryW
FreeLibrary
GetWindowsDirectoryW
OpenProcess
WaitForSingleObject
LocalFree
GetProcAddress
GetModuleHandleW
GetVersionExW
DeviceIoControl
SetLastError
SetFileAttributesW
GetLongPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
WriteFile
ReadFile
GetFileSize
CreateFileW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
RemoveDirectoryW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
GetUserDefaultLCID
EnumSystemLocalesW
SetEndOfFile
SetEnvironmentVariableA
OutputDebugStringW
GetSystemTimeAsFileTime
LoadLibraryExA
GetFileAttributesExW
IsProcessorFeaturePresent
VirtualQuery
VirtualProtect
VirtualAlloc
RtlUnwind

user32

DispatchMessageW
GetDC
GetDesktopWindow
UnregisterClassW
ExitWindowsEx
PostMessageW
GetWindowTextW
GetWindowTextLengthW
GetWindowLongW
EnumWindows
DestroyWindow
SetTimer
PostQuitMessage
KillTimer
WaitMessage
GetQueueStatus
TranslateMessage
CallMsgFilterW
PeekMessageW
MsgWaitForMultipleObjectsEx
CreateWindowExW
DefWindowProcW
RegisterClassExW
CharUpperW
GetKeyState
IsWindowEnabled
FindWindowW
SystemParametersInfoW
IsWindow
GetSystemMetrics
GetWindowThreadProcessId
GetClassNameW

gdi32

DeleteObject
GetDeviceCaps

advapi32

GetTraceEnableLevel
UnregisterTraceGuids
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
RegNotifyChangeKeyValue
RegEnumValueW
RegDeleteValueW
ConvertSidToStringSidW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegOpenCurrentUser
RegCloseKey
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
FreeSid
EqualSid
DuplicateToken
AllocateAndInitializeSid
AddAccessAllowedAce
AccessCheck
LookupPrivilegeValueW
RevertToSelf
ImpersonateSelf
AdjustTokenPrivileges
OpenThreadToken
SetThreadToken
ConvertStringSidToSidW
LookupAccountSidW
SetTokenInformation
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
IsValidSid
InitializeSid
InitializeAcl
GetSidSubAuthority
GetSidLengthRequired
GetLengthSid
GetAclInformation
GetAce
CopySid
AddAce
RegisterTraceGuidsW

shell32

SHGetFolderPathA
SHGetSpecialFolderPathW
SHGetKnownFolderPath
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW
ShellExecuteW

ole32

PropVariantClear
CoTaskMemFree
CoInitialize
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
SysAllocString

shlwapi

SHStrDupW
StrToIntW
SHSetValueW
SHGetValueW
PathRemoveFileSpecW
PathIsDirectoryW
PathGetDriveNumberW
PathFindExtensionW
PathAddBackslashW
PathFileExistsW
PathAppendW
StrCpyNW
StrCmpIW
StrRChrW
StrChrW
StrCmpNIW
StrCmpNW

userenv

LoadUserProfileW
UnloadUserProfile
CreateEnvironmentBlock
DestroyEnvironmentBlock

mpr

WNetGetResourceInformationW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
QueryWorkingSet
EnumProcesses
GetProcessMemoryInfo
EnumProcessModules

netapi32

NetGetJoinInformation
NetApiBufferFree

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 486KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5664e20f6b4c790c97162f44236cb3cd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

powrprof

setupapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

mpr

psapi

netapi32

winmm

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 161KB - Virtual size: 160KB

.data Size: 11KB - Virtual size: 25KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 486KB - Virtual size: 486KB

.reloc Size: 106KB - Virtual size: 108KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 161KB - Virtual size: 160KB

.data
Size: 11KB - Virtual size: 25KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 486KB - Virtual size: 486KB

.reloc
Size: 106KB - Virtual size: 108KB