2024-10-01_2e4185ced5dc1d91e2f6d5911f43fce5_magniber_metamorfo

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-01_2e4185ced5dc1d91e2f6d5911f43fce5_magniber_metamorfo
Size

6.0MB
MD5

2e4185ced5dc1d91e2f6d5911f43fce5
SHA1

4c23c8e442ad97a06c95f28da99b7678be876761
SHA256

56e153c46a21131423a5c12405912e0bcee974e98ef26a16e2be60269b7b66ad
SHA512

78d8cf433248ab0f107d036f0dcd4bc68cebf2c3d3fc2fa02ad478d75d399413e3e3b7eddca044171642b1473ccc4dc15534e01c5453d5dbb08a2253535caf62
SSDEEP

196608:xISvPXSud3cV6G33ZOTaPTN0tsIfbyYAaD3y:xIqPXS8sV683MTayttre

Score

1^/10

Malware Config

Signatures

Files

2024-10-01_2e4185ced5dc1d91e2f6d5911f43fce5_magniber_metamorfo
.exe windows:6 windows x86 arch:x86

4cba9b11fe9de8630da13335c87eca4c

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7d:89:b5:10:fd:31:ce:d0:88:6c:12:8d
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

22/11/2022, 14:31

Not After

23/11/2023, 14:31

Subject

CN=IP Panichev Igor Valentinovich,O=IP Panichev Igor Valentinovich,L=Vologda,ST=Vologodskaya oblast,C=RU,1.2.840.113549.1.9.1=#0c13696e666f4033706c616e65736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:89:b5:10:fd:31:ce:d0:88:6c:12:8d
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

22/11/2022, 14:31

Not After

23/11/2023, 14:31

Subject

CN=IP Panichev Igor Valentinovich,O=IP Panichev Igor Valentinovich,L=Vologda,ST=Vologodskaya oblast,C=RU,1.2.840.113549.1.9.1=#0c13696e666f4033706c616e65736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:6c:d5:6d:5b:80:df:a0:13:9a:d4:29:77:88:67:d8:27:f1:d9:84:54:7f:0a:9b:94:d8:51:74:d3:d9:85:e8
Signer

Actual PE Digest

53:6c:d5:6d:5b:80:df:a0:13:9a:d4:29:77:88:67:d8:27:f1:d9:84:54:7f:0a:9b:94:d8:51:74:d3:d9:85:e8

Digest Algorithm

sha256

PE Digest Matches

false

c8:0b:c9:7a:e1:b0:28:4d:4b:1e:af:c4:97:86:7e:3a:0d:17:35:62
Signer

Actual PE Digest

c8:0b:c9:7a:e1:b0:28:4d:4b:1e:af:c4:97:86:7e:3a:0d:17:35:62

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Sources\The Lost Watch\The Lost Watch 3D Settings\Release\The Lost Watch 3D Screensaver.pdb

Imports

d3d9

Direct3DCreate9

kernel32

IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileSizeEx
GetConsoleOutputCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
VirtualQuery
VirtualProtect
GetSystemInfo
ReadFile
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
InterlockedFlushSList
GetCurrentProcessId
GetStartupInfoW
TerminateProcess
GetUserDefaultLCID
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
Sleep
CreateDirectoryA
HeapSize
MoveFileA
DeleteFileA
EnumResourceTypesA
GetProcAddress
FindClose
FindNextFileA
FindFirstFileA
GetFullPathNameA
GetLocalTime
LoadLibraryW
lstrcmpA
GetLocaleInfoA
GetSystemDirectoryA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
CompareStringEx
EnumSystemLocalesW
HeapQueryInformation
SetConsoleCtrlHandler
GetThreadTimes
GetCurrentThread
QueryPerformanceFrequency
QueryPerformanceCounter
IsDBCSLeadByte
WideCharToMultiByte
MultiByteToWideChar
VerifyVersionInfoW
FindResourceA
lstrlenA
lstrcpyA
lstrcmpiA
GlobalLock
GlobalAlloc
LoadLibraryA
SizeofResource
LockResource
LoadResource
SetUnhandledExceptionFilter
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
FreeResource
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
RaiseException
CloseHandle
FreeLibrary
GetStringTypeW
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateProcessW
GetExitCodeProcess
DeleteFileW
GetModuleHandleW
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
DecodePointer
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
GetTimeZoneInformation
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
CreateProcessA
GetCurrentThreadId
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
EnumResourceNamesA
GetProcessHeap
GetFileAttributesA
GetCurrentDirectoryA
GetCommandLineA
VerSetConditionMask
GetFileAttributesExW
OutputDebugStringA
MoveFileExW
CreateSemaphoreExW
CreateEventExW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitOnceExecuteOnce
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
DebugBreak
InitializeCriticalSection
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
FlushFileBuffers
GetTempPathW
SetFileInformationByHandle
LCMapStringEx
EncodePointer
GetLocaleInfoEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
FormatMessageA
LocalFree

user32

GetMessageA
ShowCursor
DispatchMessageA
PeekMessageA
DrawEdge
SetCursorPos
GetCursorPos
GetKeyState
EnumWindows
FindWindowA
EnumChildWindows
GetClassNameA
GetWindow
GetTopWindow
TrackMouseEvent
RegisterWindowMessageA
GetForegroundWindow
wsprintfA
TranslateMessage
SendMessageA
GetMonitorInfoA
MonitorFromRect
SystemParametersInfoA
EnumDisplayDevicesA
EnumDisplaySettingsA
DestroyIcon
LoadIconA
LoadCursorA
LoadBitmapA
GetParent
SetWindowLongA
GetWindowLongA
PtInRect
InflateRect
SetRect
DrawFocusRect
GetSysColor
ScreenToClient
ClientToScreen
SetCursor
MessageBoxA
AdjustWindowRectEx
AdjustWindowRect
GetWindowRect
GetClientRect
GetWindowTextA
SetWindowTextA
RedrawWindow
ValidateRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
DrawStateA
GetMenu
GetSystemMetrics
IsWindowEnabled
EnableWindow
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture
GetActiveWindow
CharNextA
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
OpenClipboard
GetDlgCtrlID
GetDlgItem
EndDialog
DialogBoxParamA
SetWindowPos
ShowWindow
DestroyWindow
IsWindow
CreateWindowExA
GetClassInfoExA
RegisterClassExA
UnregisterClassA
CallWindowProcA
PostQuitMessage
DefWindowProcA
PostMessageA

gdi32

SetViewportOrgEx
ExtTextOutA
GetObjectA
SetWorldTransform
SetTextColor
SetStretchBltMode
StretchBlt
SetGraphicsMode
SetBkMode
SetBkColor
SelectObject
PatBlt
GetTextExtentPoint32A
GetDIBits
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

comdlg32

GetOpenFileNameA
CommDlgExtendedError

advapi32

RegFlushKey
RegEnumKeyA
RegEnumValueA
RegQueryValueExA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegSetValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegQueryInfoKeyA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CoInitialize

oleaut32

OleLoadPicture
OleLoadPicturePath
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
VariantInit
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
VarUI4FromStr

comctl32

InitCommonControlsEx
ImageList_GetIconSize
ImageList_GetIcon
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

dinput8

DirectInput8Create

d3dx9_43

D3DXPlaneFromPoints
D3DXOptimizeVertices
D3DXOptimizeFaces
D3DXVec3TransformNormal
D3DXAssembleShader
D3DXCompileShader
D3DXMatrixRotationZ
D3DXLoadSurfaceFromFileInMemory
D3DXMatrixTransformation
D3DXGetFVFVertexSize
D3DXMatrixRotationY
D3DXMatrixRotationAxis
D3DXMatrixTranslation
D3DXMatrixRotationX
D3DXVec3TransformCoord
D3DXMatrixOrthoLH
D3DXMatrixReflect
D3DXMatrixLookAtLH
D3DXMatrixScaling
D3DXSaveSurfaceToFileA
D3DXPlaneTransform
D3DXCreateTextureFromResourceA
D3DXCreateTextureFromResourceExA
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileExA
D3DXCreateTextureFromFileInMemory
D3DXCreateCubeTexture
D3DXCreateTexture
D3DXMatrixPerspectiveFovLH
D3DXVec3Normalize
D3DXMatrixInverse
D3DXMatrixTranspose
D3DXVec3Transform
D3DXMatrixMultiply
D3DXCreateCubeTextureFromFileInMemory
D3DXCreateTextureFromFileA

winmm

timeBeginPeriod
timeGetDevCaps
timeGetTime
timeEndPeriod

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 906KB - Virtual size: 906KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cba9b11fe9de8630da13335c87eca4c

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

7d:89:b5:10:fd:31:ce:d0:88:6c:12:8dCertificate

Extended Key Usages

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

7d:89:b5:10:fd:31:ce:d0:88:6c:12:8dCertificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

53:6c:d5:6d:5b:80:df:a0:13:9a:d4:29:77:88:67:d8:27:f1:d9:84:54:7f:0a:9b:94:d8:51:74:d3:d9:85:e8Signer

c8:0b:c9:7a:e1:b0:28:4d:4b:1e:af:c4:97:86:7e:3a:0d:17:35:62Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

bcrypt

dinput8

d3dx9_43

winmm

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 906KB - Virtual size: 906KB

.data Size: 76KB - Virtual size: 548KB

_RDATA Size: 10KB - Virtual size: 9KB

.rsrc Size: 363KB - Virtual size: 363KB

.reloc Size: 220KB - Virtual size: 220KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

7d:89:b5:10:fd:31:ce:d0:88:6c:12:8d
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

7d:89:b5:10:fd:31:ce:d0:88:6c:12:8d
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

53:6c:d5:6d:5b:80:df:a0:13:9a:d4:29:77:88:67:d8:27:f1:d9:84:54:7f:0a:9b:94:d8:51:74:d3:d9:85:e8
Signer

c8:0b:c9:7a:e1:b0:28:4d:4b:1e:af:c4:97:86:7e:3a:0d:17:35:62
Signer

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 906KB - Virtual size: 906KB

.data
Size: 76KB - Virtual size: 548KB

_RDATA
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 363KB - Virtual size: 363KB

.reloc
Size: 220KB - Virtual size: 220KB