2024-09-29_0571b158f055866f459267bb3e8267bf_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-29_0571b158f055866f459267bb3e8267bf_magniber
Size

25.9MB
MD5

0571b158f055866f459267bb3e8267bf
SHA1

825c91b6d602af93f5321e8a3a9ec5172805ecbe
SHA256

6e25b642f954464e6824016b3e2ba35e12b0752ae97e0b44a8cf1997e7715546
SHA512

63f6e067ae96cc5cf6296f86bd87f76ec347cbb38d53252d81c500acf1a2d5267c45b340b85093979d4648f589b3224785de692790fc2bac211734d7c63b739f
SSDEEP

393216:JwXMQvp81zxDFFCllehkA5XpreJ4CFn8Fc8NQJiWnfUNgSnjG4bb2DWGKy97p2DJ:JR1zxCfPEWQYEhbb0vS0g0NQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-29_0571b158f055866f459267bb3e8267bf_magniber

Files

2024-09-29_0571b158f055866f459267bb3e8267bf_magniber
.exe windows:5 windows x86 arch:x86

d31c24dc8428bbf48dd8f9113027a219

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup.exe.pdb

Imports

dbghelp

SymCleanup
SymFromAddr
SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymSetOptions
SymSetSearchPathW

gdi32

AddFontMemResourceEx
BitBlt
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateFontIndirectW
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteObject
EnumFontFamiliesExW
EqualRgn
ExtTextOutW
GdiAlphaBlend
GdiFlush
GetCharABCWidthsW
GetCurrentObject
GetDIBits
GetDeviceCaps
GetFontData
GetFontUnicodeRanges
GetGlyphIndicesW
GetGlyphOutlineW
GetICMProfileW
GetObjectW
GetOutlineTextMetricsW
GetRgnBox
GetStockObject
GetTextExtentPointI
GetTextFaceW
GetTextMetricsW
GetWorldTransform
ModifyWorldTransform
PtInRegion
RemoveFontMemResourceEx
SelectClipRgn
SelectObject
SetArcDirection
SetBkColor
SetBkMode
SetBrushOrgEx
SetDCBrushColor
SetDCPenColor
SetDIBitsToDevice
SetGraphicsMode
SetPixelFormat
SetROP2
SetRectRgn
SetStretchBltMode
SetTextAlign
SetTextColor
SetWorldTransform
StretchBlt
SwapBuffers

oleaut32

LoadRegTypeLi
LoadTypeLi
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayPutElement
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VarBstrCmp
VarUI4FromStr
VariantClear
VariantCopy
VariantInit

shell32

CommandLineToArgvW
DragQueryFileW
ord680
SHBrowseForFolderW
SHChangeNotify
SHGetDesktopFolder
SHGetFolderPathW
SHGetKnownFolderPath
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHOpenWithDialog
SHQueryUserNotificationState
ShellExecuteExW
ShellExecuteW

user32

AdjustWindowRectEx
AllowSetForegroundWindow
BeginPaint
CallNextHookEx
CharNextW
CharUpperW
ClientToScreen
CloseClipboard
CloseTouchInputHandle
CopyRect
CountClipboardFormats
CreateCaret
CreateIconIndirect
CreateWindowExW
DefRawInputProc
DefWindowProcW
DestroyCaret
DestroyIcon
DestroyWindow
DialogBoxParamW
DispatchMessageW
DisplayConfigGetDeviceInfo
DrawEdge
DrawFocusRect
DrawFrameControl
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EnumChildWindows
EnumClipboardFormats
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsW
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowW
FlashWindowEx
FrameRect
GetActiveWindow
GetAncestor
GetCapture
GetCaretBlinkTime
GetClassInfoExW
GetClassNameW
GetClientRect
GetClipboardData
GetClipboardFormatNameW
GetClipboardSequenceNumber
GetCursorInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDisplayConfigBufferSizes
GetDlgItem
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetGuiResources
GetIconInfo
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLayeredWindowAttributes
GetMessageExtraInfo
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoW
GetParent
GetPropW
GetQueueStatus
GetRawInputData
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetThreadDesktop
GetUserObjectInformationW
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowRgn
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
InflateRect
IntersectRect
InvalidateRect
InvertRect
IsChild
IsClipboardFormatAvailable
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorW
LoadIconW
LoadImageW
MapVirtualKeyExW
MapVirtualKeyW
MapWindowPoints
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjectsEx
NotifyWinEvent
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
PtInRect
QueryDisplayConfig
RedrawWindow
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterPowerSettingNotification
RegisterRawInputDevices
RegisterTouchWindow
ReleaseCapture
ReleaseDC
RemovePropW
ScreenToClient
SendInput
SendMessageW
SetCapture
SetCaretPos
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetKeyboardState
SetMenuDefaultItem
SetParent
SetPropW
SetRectEmpty
SetTimer
SetWinEventHook
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCursor
ShowWindow
SystemParametersInfoW
ToUnicodeEx
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnhookWinEvent
UnhookWindowsHookEx
UnregisterClassW
UnregisterDeviceNotification
UnregisterPowerSettingNotification
UpdateLayeredWindow
WindowFromPoint

ws2_32

WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSALookupServiceBeginW
WSALookupServiceEnd
WSALookupServiceNextW
WSARecvFrom
WSAResetEvent
WSASend
WSASendTo
WSASetServiceW
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_ntop
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
sendto
setsockopt
shutdown
socket

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AreFileApisANSI
AssignProcessToJobObject
AttachConsole
CallbackMayRunLong
CancelIo
ClearCommError
CloseHandle
CloseThreadpool
CloseThreadpoolWork
CompareStringW
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateJobObjectW
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateThread
CreateThreadpool
CreateThreadpoolWork
CreateToolhelp32Snapshot
DebugBreak
DecodePointer
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
EscapeCommFunction
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileExW
FindNextFileW
FindResourceW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommModemStatus
GetCommState
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetConsoleDisplayMode
GetConsoleMode
GetConsoleOutputCP
GetCurrencyFormatEx
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatEx
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetDynamicTimeZoneInformation
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetGeoInfoW
GetLastError
GetLocalTime
GetLocaleInfoEx
GetLocaleInfoW
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetNumberFormatEx
GetOEMCP
GetOverlappedResult
GetPriorityClass
GetPrivateProfileStringW
GetProcAddress
GetProcessHandleCount
GetProcessHeap
GetProcessId
GetProcessIoCounters
GetProcessTimes
GetProductInfo
GetQueuedCompletionStatus
GetShortPathNameW
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDefaultLCID
GetSystemDirectoryW
GetSystemInfo
GetSystemPowerStatus
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadId
GetThreadLocale
GetThreadPreferredUILanguages
GetThreadPriority
GetTickCount
GetTimeFormatEx
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetUserGeoID
GetVersion
GetVersionExW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatusEx
GlobalSize
GlobalUnlock
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSetInformation
HeapSize
HeapValidate
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessInJob
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32GetPerformanceInfo
K32GetProcessMemoryInfo
K32QueryWorkingSetEx
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocaleNameToLCID
LockFile
LockFileEx
LockResource
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
PostQueuedCompletionStatus
PowerClearRequest
PowerCreateRequest
PowerSetRequest
Process32FirstW
Process32NextW
ProcessIdToSessionId
PurgeComm
QueryFullProcessImageNameW
QueryInformationJobObject
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
QueueUserAPC
RaiseException
ReadConsoleW
ReadFile
ReadProcessMemory
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
ReplaceFileW
ResetEvent
ResolveLocaleName
ResumeThread
RtlCaptureStackBackTrace
RtlUnwind
SetCommState
SetCommTimeouts
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetInformationJobObject
SetLastError
SetNamedPipeHandleState
SetPriorityClass
SetProcessShutdownParameters
SetStdHandle
SetThreadAffinityMask
SetThreadPriority
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepConditionVariableSRW
SleepEx
SubmitThreadpoolWork
SuspendThread
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransactNamedPipe
TryAcquireSRWLockExclusive
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
UnregisterWaitEx
UpdateProcThreadAttribute
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitForThreadpoolWorkCallbacks
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteProcessMemory
lstrcmpiW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSQueryUserToken
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

iphlpapi

CancelIPChangeNotify
GetAdaptersAddresses
NotifyAddrChange

oleacc

AccessibleObjectFromWindow
LresultFromObject

uiautomationcore

UiaGetReservedMixedAttributeValue
UiaGetReservedNotSupportedValue
UiaHostProviderFromHwnd
UiaRaiseAutomationEvent
UiaRaiseAutomationPropertyChangedEvent
UiaReturnRawElementProvider

dxgi

CreateDXGIFactory1

comctl32

ord17
InitCommonControlsEx

hid

HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetPreparsedData
HidD_GetProductString
HidD_GetSerialNumberString
HidP_GetButtonCaps
HidP_GetCaps
HidP_GetValueCaps

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

propsys

InitPropVariantFromCLSID
VariantCompare

shlwapi

ord437
PathFindExtensionW
PathFindFileNameW
PathMatchSpecW
PathRemoveExtensionW
ord12
UrlCanonicalizeW

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

urlmon

CoInternetCreateSecurityManager
CreateURLMonikerEx

dwrite

DWriteCreateFactory

dwmapi

DwmDefWindowProc
DwmExtendFrameIntoClientArea
DwmGetCompositionTimingInfo
DwmGetWindowAttribute
DwmIsCompositionEnabled
DwmSetWindowAttribute

uxtheme

CloseThemeData
DrawThemeBackground
ord47
GetThemeBackgroundContentRect
GetThemePartSize
OpenThemeData

usp10

ScriptFreeCache
ScriptItemize
ScriptShape

crypt32

CertAddEncodedCertificateToStore
CertCloseStore
CertCompareCertificateName
CertCreateCertificateChainEngine
CertDuplicateCertificateContext
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetIssuerCertificateFromStore
CertOpenStore
CertSetCertificateContextProperty
CertVerifyCertificateChainPolicy
CryptDecodeObjectEx
CryptInstallOIDFunctionAddress
CryptProtectData
CryptUnprotectData
CryptVerifyCertificateSignatureEx

winhttp

WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpWriteData

secur32

AcquireCredentialsHandleW
DeleteSecurityContext
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextW
QueryContextAttributesW
QuerySecurityPackageInfoW

imm32

ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetContext
ImmGetConversionStatus
ImmGetIMEFileNameW
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmSetOpenStatus

dhcpcsvc

DhcpCApiInitialize
DhcpRequestParams

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 20.4MB - Virtual size: 20.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 186KB - Virtual size: 864KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 358B

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 381KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d31c24dc8428bbf48dd8f9113027a219

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

gdi32

oleaut32

shell32

user32

ws2_32

kernel32

wtsapi32

iphlpapi

oleacc

uiautomationcore

dxgi

comctl32

hid

version

userenv

propsys

shlwapi

winmm

urlmon

dwrite

dwmapi

uxtheme

usp10

crypt32

winhttp

secur32

imm32

dhcpcsvc

Exports

Exports

Sections

.text Size: 20.4MB - Virtual size: 20.4MB

.rdata Size: 3.8MB - Virtual size: 3.8MB

.data Size: 186KB - Virtual size: 864KB

.00cfg Size: 512B - Virtual size: 4B

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rodata Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 177B

.voltbl Size: 512B - Virtual size: 358B

CPADinfo Size: 512B - Virtual size: 40B

.rsrc Size: 381KB - Virtual size: 381KB

.reloc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 20.4MB - Virtual size: 20.4MB

.rdata
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 186KB - Virtual size: 864KB

.00cfg
Size: 512B - Virtual size: 4B

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rodata
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 177B

.voltbl
Size: 512B - Virtual size: 358B

CPADinfo
Size: 512B - Virtual size: 40B

.rsrc
Size: 381KB - Virtual size: 381KB

.reloc
Size: 1.2MB - Virtual size: 1.2MB