2024-10-01_91805f18a3dc7607fa5edd29dcecbac3_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-01_91805f18a3dc7607fa5edd29dcecbac3_magniber
Size

4.0MB
MD5

91805f18a3dc7607fa5edd29dcecbac3
SHA1

b6f5d8ccef5d31316f0e4fe16e837516c0c63745
SHA256

dedeef60bdfeb67cfd0cee1137072a4fc952acdcb249715b8112dfb5ddafe361
SHA512

50ce62e81ad5483cbe88504fd00d5f2c62da2713f9fd1050914a8438ef80dd6f41ea847093444743665ff4992c354105ca353eff669604157e387c30bac83161
SSDEEP

98304:ZdGNd+I7E4lwUVtEVN7APG7VxaX3KtsjRKgWx:b3MnwwoLHOKgWx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-01_91805f18a3dc7607fa5edd29dcecbac3_magniber

Files

2024-10-01_91805f18a3dc7607fa5edd29dcecbac3_magniber
.exe windows:5 windows x86 arch:x86

d3567f5d0b0d7191375374e4d564024b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\master_lu\lds_install_and_uninstall_download\install_and_uninstall\Release\ludashiinstaller.pdb

Imports

kernel32

GetStartupInfoW
GetPrivateProfileStringW
GetTempFileNameW
GetPrivateProfileIntW
OpenEventW
GlobalAddAtomW
GetFileSizeEx
DecodePointer
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
LoadLibraryA
LoadLibraryExW
GetCommandLineW
GetLocalTime
CopyFileW
SystemTimeToFileTime
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
OutputDebugStringA
CreateMutexW
GlobalDeleteAtom
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentProcessId
OpenProcess
GetLongPathNameW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetDiskFreeSpaceExW
GetSystemDirectoryW
GetDriveTypeW
GetLogicalDriveStringsW
MoveFileExW
MoveFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetFullPathNameW
RemoveDirectoryW
GetWindowsDirectoryW
GetTempPathW
WriteConsoleW
ReadConsoleW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
lstrlenW
GetConsoleCP
SetFilePointerEx
GetFileType
GetACP
GetModuleFileNameA
ExitProcess
GetTimeZoneInformation
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
SetEvent
WideCharToMultiByte
GetCurrentDirectoryW
SetCurrentDirectoryW
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
GlobalFindAtomW
RaiseException
MultiByteToWideChar
GetFileSize
UnlockFile
LockFile
MulDiv
Process32NextW
GetVersion
CreateToolhelp32Snapshot
CreateEventW
FindClose
SetLastError
GetTickCount
Sleep
GetLastError
LocalFree
LocalAlloc
GetVersionExW
WritePrivateProfileStringW
FindResourceExW
FindResourceW
GetModuleHandleW
GetModuleFileNameW
DeviceIoControl
SizeofResource
LoadResource
FreeLibrary
LockResource
GetFileAttributesExW
CreateFileW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
OutputDebugStringW
LoadLibraryW
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFilePointer
ReadFile
GetProcessHeap
HeapSize
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetSystemTime
GetFileTime
ReleaseMutex
FindNextFileA
FindFirstFileA
lstrlenA
lstrcmpiA
lstrcmpA
GetSystemWindowsDirectoryW
FreeResource
GetStdHandle
SetEndOfFile
GetFileInformationByHandle
CompareFileTime
FindCloseChangeNotification
RtlCaptureStackBackTrace
FindFirstChangeNotificationW
SearchPathW
SetFileTime
FlushFileBuffers
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OpenFileMappingW
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
TryEnterCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
HeapFree
HeapReAlloc
HeapAlloc
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
InterlockedCompareExchange
InterlockedExchange
GetEnvironmentVariableW
CreateDirectoryW
FormatMessageW
GetShortPathNameW
GetSystemInfo
ResetEvent
HeapDestroy
GetProcAddress
DeleteFileA
CreateFileA
GetTempFileNameA
GetTempPathA
CreateProcessW
Process32FirstW
WaitForMultipleObjects
CloseHandle
GetConsoleMode
WriteFile

user32

EndPaint
BeginPaint
DrawFocusRect
CopyRect
PtInRect
ScreenToClient
LoadCursorW
OffsetRect
SetRect
SetCursor
IsWindow
PostMessageW
GetWindowThreadProcessId
FindWindowExW
SetForegroundWindow
IsIconic
DefWindowProcW
CallWindowProcW
UnregisterClassA
IsWindowVisible
ShowWindow
SendMessageW
ReleaseDC
GetDC
KillTimer
SendNotifyMessageW
SendMessageTimeoutW
MessageBoxW
IsDialogMessageW
EndDialog
SetTimer
IsRectEmpty
PostQuitMessage
DialogBoxParamW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
InvalidateRect
GetClientRect
GetWindowRect
GetWindowLongW
SetWindowLongW
GetParent
wsprintfW
EnableWindow
RedrawWindow
GetMonitorInfoW
LoadImageW
GetWindow
FindWindowW
MapWindowPoints
SetWindowTextW
GetSystemMetrics
MoveWindow
UpdateLayeredWindow
ExitWindowsEx
RegisterWindowMessageW
SetProcessDPIAware
CharNextW
BringWindowToTop
DestroyWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowTextLengthW
DrawTextW
UnhookWinEvent
SetWinEventHook
GetWindowTextW
MonitorFromWindow
GetShellWindow
WaitForInputIdle
SystemParametersInfoW
SetWindowRgn
SetWindowPos

gdi32

SaveDC
RestoreDC
SetTextColor
SetBkMode
CreateRectRgn
CombineRgn
SetViewportOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
ExtTextOutW
SetBkColor
DeleteDC
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
CreateFontIndirectW
EnumFontFamiliesW
DeleteObject
CreateFontW
BitBlt

advapi32

LockServiceDatabase
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
CryptContextAddRef
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegEnumValueW
DuplicateTokenEx
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
UnlockServiceDatabase
StartServiceW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
RegGetValueW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
CryptReleaseContext
GetUserNameW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
EqualSid
DeleteAce
LookupAccountSidW
LookupAccountNameW
SetEntriesInAclW
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetTrusteeNameW
CryptAcquireContextW

shell32

ord165
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHChangeNotify
ShellExecuteExW
ShellExecuteW
SHLoadInProc
SHBrowseForFolderW
CommandLineToArgvW
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoCreateGuid
CoCreateInstance
CoTaskMemFree
OleRun
CreateStreamOnHGlobal
StringFromGUID2
CoInitialize
CoInitializeEx

oleaut32

VariantCopy
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
VariantInit
SysStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
SysFreeString
SysAllocString

shlwapi

PathIsRootW
StrStrIA
StrCmpNIW
StrTrimA
StrToIntExW
SHGetValueA
PathAppendA
PathFindFileNameA
PathRenameExtensionA
PathAppendW
PathCombineW
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW
wnsprintfW
StrCmpW
PathFindFileNameW
SHGetValueW
PathUnquoteSpacesW
SHSetValueW
PathIsPrefixW
PathIsRelativeW
StrStrIW
SHSetValueA
SHDeleteValueW
StrCmpIW
SHDeleteKeyW
PathIsDirectoryW
AssocQueryStringW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipDeleteStringFormat
GdipFillRectangleI
GdipGraphicsClear
GdipDrawImagePointRectI
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipSetTextRenderingHint
GdiplusStartup
GdipCreateFont
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateStringFormat
GdipDeleteFont
GdiplusShutdown
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawString
GdipMeasureString
GdipSetStringFormatFlags

cabinet

ord22
ord23
ord20

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

EnumProcesses
GetModuleFileNameExW

setupapi

SetupIterateCabinetW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

secur32

GetUserNameExW

crypt32

CryptBinaryToStringW
CertGetNameStringW
CryptStringToBinaryA
CryptBinaryToStringA
CryptStringToBinaryW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

Exports

Exports

StartEast
_Start@12

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3567f5d0b0d7191375374e4d564024b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

cabinet

version

psapi

setupapi

iphlpapi

wininet

urlmon

secur32

crypt32

wintrust

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 326KB - Virtual size: 326KB

.data Size: 36KB - Virtual size: 51KB

.rsrc Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 83KB - Virtual size: 82KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 326KB - Virtual size: 326KB

.data
Size: 36KB - Virtual size: 51KB

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 83KB - Virtual size: 82KB