2024-10-04_2d92ae9909310fd111b72ccdcb967810_eternalromance_magniber_qakbot_revil_sliver

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-04_2d92ae9909310fd111b72ccdcb967810_eternalromance_magniber_qakbot_revil_sliver
Size

43.5MB
MD5

2d92ae9909310fd111b72ccdcb967810
SHA1

4dffec955b9659351e3dc2a5ab26e623d236a864
SHA256

f758c82117323caa927c8f307db678a72f55c31b976bf00e98ddba1a03f36574
SHA512

eb48ffddebc81796ffe581e61f3ce691f5a3018e6d4c1b1d35dd87671a0f07f5c135adec9bc6fba52567d4680335ef2b667115d614be39f73702067970e3d4c2
SSDEEP

786432:L8olWI6Jx30Lw4HlcDQ0Lwhraq4fkGe7MwMD6u6P95C9OaoO9DQFg5:L8olWI6JR0LHSxLkaqAegw46Z3a5Q2

Score

1^/10

Malware Config

Signatures

Files

2024-10-04_2d92ae9909310fd111b72ccdcb967810_eternalromance_magniber_qakbot_revil_sliver
.exe windows:6 windows x86 arch:x86

430361e1044bfd523543c509b3ae8142

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:d6:93:2f:72:12:c9:9e:a6:02:87:0e:63:e3:8e:32
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/04/2023, 00:00

Not After

14/05/2026, 23:59

Subject

CN=Veriato\, Inc.,O=Veriato\, Inc.,L=West Palm Beach,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c4:e6:7a:07:fc:9c:63:d8:8f:54:41:28:a8:68:f8:5d:07:26:68:4f
Signer

Actual PE Digest

c4:e6:7a:07:fc:9c:63:d8:8f:54:41:28:a8:68:f8:5d:07:26:68:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

EntSetup32.pdb

Imports

advapi32

DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
CryptEnumProvidersA
CryptSignHashA
GetUserNameA
CloseServiceHandle
DeleteService
OpenSCManagerA
OpenServiceA
CryptDestroyHash
CryptCreateHash
SetFileSecurityA
ConvertStringSecurityDescriptorToSecurityDescriptorA
AllocateAndInitializeSid
FreeSid
SetEntriesInAclA
SetNamedSecurityInfoA
StartServiceA
CryptDecrypt
RegQueryValueExW
RegEnumValueW
RegDeleteValueW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegSetKeySecurity
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegGetKeySecurity
SetEntriesInAclW
SetSecurityDescriptorGroup
MakeSelfRelativeSD
GetSecurityDescriptorLength
InitializeSecurityDescriptor
IsValidSecurityDescriptor
SetSecurityDescriptorSacl
GetSecurityDescriptorControl
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
CryptExportKey
CryptGetUserKey
CryptGenRandom
CryptAcquireContextW
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
GetSecurityInfo
GetTokenInformation
InitiateSystemShutdownA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegConnectRegistryA
RegDeleteKeyA

shlwapi

PathAddExtensionA
PathFileExistsA
PathRemoveFileSpecA
PathAppendA

msi

ord141
ord112
ord15
ord204

comctl32

PropertySheetA
ImageList_Create
ImageList_Add
InitCommonControlsEx
ord17

ws2_32

shutdown
send
recv
closesocket
inet_ntoa
WSAGetLastError
WSAAddressToStringA
WSAStringToAddressA
getaddrinfo
freeaddrinfo
WSASetLastError

psapi

GetModuleFileNameExA

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore

kernel32

VerifyVersionInfoW
SystemTimeToFileTime
MultiByteToWideChar
GlobalAlloc
GlobalUnlock
GlobalLock
GetPrivateProfileStringA
DecodePointer
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
DeviceIoControl
InitializeCriticalSection
SetEvent
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
MulDiv
GetLocaleInfoA
OutputDebugStringA
FindClose
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetFileTime
SetEndOfFile
SetFileAttributesA
EnterCriticalSection
LeaveCriticalSection
TerminateThread
ResumeThread
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
MoveFileA
VirtualAlloc
VirtualFree
GetCurrentProcessId
GetCurrentProcess
Sleep
IsWow64Process
LocalFree
SetErrorMode
GlobalFree
RemoveDirectoryA
TerminateProcess
OpenProcess
GetWindowsDirectoryA
WinExec
MoveFileExA
GetCurrentThreadId
EndUpdateResourceA
GetCommandLineW
ExpandEnvironmentStringsA
CreateDirectoryA
ExitProcess
GetSystemWow64DirectoryA
CreateSemaphoreA
OpenSemaphoreA
WideCharToMultiByte
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
MoveFileExW
CreateFileW
SetFilePointerEx
GetModuleFileNameW
GetModuleHandleW
ProcessIdToSessionId
CreateProcessW
GetExitCodeProcess
FlushFileBuffers
CreateMutexW
ReleaseMutex
LocalAlloc
GetLocalTime
CreateDirectoryW
CreateToolhelp32Snapshot
DuplicateHandle
GetComputerNameA
CreateEventW
ResetEvent
QueryPerformanceCounter
CreateFileMappingW
FormatMessageA
GetSystemTimeAsFileTime
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
GetSystemInfo
HeapReAlloc
WaitForSingleObjectEx
FlushViewOfFile
OutputDebugStringW
GetDiskFreeSpaceA
FormatMessageW
HeapSize
HeapValidate
GetTempPathW
UnlockFileEx
GetFullPathNameA
LockFile
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
LocalReAlloc
GetACP
CreateMutexA
VirtualProtect
Process32First
Process32Next
GetThreadPriority
LoadResource
LockResource
SizeofResource
FindResourceA
GetComputerNameW
GetDateFormatA
GetTimeFormatA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
SetLastError
LoadLibraryExA
GlobalSize
lstrcmpA
lstrcmpiA
IsDBCSLeadByte
FindFirstFileW
FindNextFileW
GetStdHandle
GetFileType
FlushConsoleInputBuffer
GlobalMemoryStatus
GetConsoleWindow
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetCPInfo
EncodePointer
CopyFileA
RtlUnwind
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
UpdateResourceA
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
VirtualQuery
TzSpecificLocalTimeToSystemTime
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetConsoleCtrlHandler
WriteConsoleW
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
ReadConsoleInputA
BeginUpdateResourceA
lstrlenA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
GetSystemDirectoryA
GetSystemTime
CreateProcessA
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
CloseHandle
GetTempFileNameA
GetTempPathA
WriteFile
SetFileTime
SetFilePointer
ReadFile
GetFileSize
GetDriveTypeA
DeleteFileA
CreateFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
VerSetConditionMask
CreatePipe
SetConsoleMode
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetCurrentDirectoryW
GetCommandLineA

user32

EnumDisplaySettingsA
GetUserObjectInformationW
LoadStringA
LoadIconA
DrawFocusRect
RegisterClassA
PostQuitMessage
GetMessageA
KillTimer
SetTimer
GetKeyState
UpdateWindow
IsDialogMessageA
SetForegroundWindow
IsWindow
PeekMessageA
DispatchMessageA
TranslateMessage
LoadImageA
LoadBitmapA
GetClassNameA
SetParent
GetSysColorBrush
ScreenToClient
GetWindowRect
ReleaseDC
CreateDialogParamA
SetWindowPos
MoveWindow
MessageBeep
GetClipboardData
EnumWindows
IsWindowVisible
GetCursor
SetCursor
MapVirtualKeyExA
GetKeyNameTextA
GetKeyboardLayout
IsWindowEnabled
GetDlgItemInt
SetDlgItemInt
GetWindowTextLengthA
GetClassInfoExA
RegisterWindowMessageA
wsprintfW
GetProcessWindowStation
GetWindowTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
GetWindowThreadProcessId
MapVirtualKeyA
VkKeyScanW
GetClassLongA
GetParent
LoadCursorA
FillRect
GetSysColor
RemovePropA
GetPropA
SetPropA
RedrawWindow
InvalidateRect
EndPaint
BeginPaint
GetDC
EndDeferWindowPos
BeginDeferWindowPos
PtInRect
SetRect
ReleaseCapture
SetCapture
GetCapture
GetFocus
DeferWindowPos
ClientToScreen
EnableMenuItem
DestroyWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
UnregisterClassA
wsprintfA
CheckRadioButton
SetWindowLongA
GetWindowLongA
GetCursorPos
SetWindowTextA
TrackPopupMenu
AppendMenuA
WinHelpA
GetTopWindow
GetDesktopWindow
DestroyMenu
CreatePopupMenu
SetFocus
EmptyClipboard
RegisterClipboardFormatA
SetClipboardData
CloseClipboard
OpenClipboard
CallWindowProcA
PostMessageA
GetAsyncKeyState
GetDlgItemTextA
SendMessageA
SetDlgItemTextA
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetDlgItem
ShowWindow
OffsetRect
MessageBoxA
GetClientRect
GetForegroundWindow
DrawTextA
GetSystemMenu
CloseWindow
EnumDisplayMonitors
GetWindow
CharPrevA
AdjustWindowRectEx
InvalidateRgn
DestroyAcceleratorTable
CreateAcceleratorTableA
GetSystemMetrics
IsChild
CharNextA

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
CreatePatternBrush
CreateDCA
SetMapMode
StretchBlt
GetObjectA
DPtoLP
GetTextExtentPointA
TranslateCharsetInfo
CreateBitmap
GetStockObject
GetMapMode
MoveToEx
LineTo
GetTextExtentPoint32A
GetDeviceCaps
CreateSolidBrush
CreatePen
CreateFontA
SetTextColor
SetBkMode
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

shell32

SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
SHCreateDirectoryExA
CommandLineToArgvW
ShellExecuteA

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CLSIDFromString
CoInitializeSecurity
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
OleInitialize
OleUninitialize
CoSetProxyBlanket
CoCreateGuid
CoGetClassObject
CoTaskMemFree
CoInitializeEx
CLSIDFromProgID
CreateStreamOnHGlobal
OleLockRunning
StringFromCLSID

oleaut32

SysStringLen
SysAllocString
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringLen
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysFreeString

urlmon

URLDownloadToFileA

wininet

InternetGetConnectedState
InternetAttemptConnect
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetConnectA
InternetCloseHandle
InternetOpenA

Exports

Exports

GetSetupVersion
OPENSSL_Applink
VerifySetupInfo

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 861KB - Virtual size: 861KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39.2MB - Virtual size: 39.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

430361e1044bfd523543c509b3ae8142

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:d6:93:2f:72:12:c9:9e:a6:02:87:0e:63:e3:8e:32Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

c4:e6:7a:07:fc:9c:63:d8:8f:54:41:28:a8:68:f8:5d:07:26:68:4fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

shlwapi

msi

comctl32

ws2_32

psapi

crypt32

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

urlmon

wininet

Exports

Exports

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 861KB - Virtual size: 861KB

.data Size: 64KB - Virtual size: 102KB

.gfids Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 39.2MB - Virtual size: 39.2MB

.reloc Size: 163KB - Virtual size: 162KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:d6:93:2f:72:12:c9:9e:a6:02:87:0e:63:e3:8e:32
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

c4:e6:7a:07:fc:9c:63:d8:8f:54:41:28:a8:68:f8:5d:07:26:68:4f
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 861KB - Virtual size: 861KB

.data
Size: 64KB - Virtual size: 102KB

.gfids
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 39.2MB - Virtual size: 39.2MB

.reloc
Size: 163KB - Virtual size: 162KB