2024-10-10_032ddd3a870b1efd5c9089868dc45a80_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-10_032ddd3a870b1efd5c9089868dc45a80_magniber
Size

7.3MB
MD5

032ddd3a870b1efd5c9089868dc45a80
SHA1

3563cb4e6c9e62edb10ae287eff40a5d04e91408
SHA256

6c7a9ea1386507441b425a81caf449100d95d9df0de7cb7e4380496e9bd52ff7
SHA512

8db62bcfdcd07f411f67f4a100ea13f41ecef201450936c0afcc74a3bfcfc064de64e287c72d9a5b268c43343fc4880b4d24cd8867721087091713d49393f43b
SSDEEP

196608:4tRe+XtQT5F8+xrZoigkSwDdYgFknVQBWG:4t9XtQTX95SAYiB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-10_032ddd3a870b1efd5c9089868dc45a80_magniber

Files

2024-10-10_032ddd3a870b1efd5c9089868dc45a80_magniber
.exe windows:5 windows x86 arch:x86

919105eb197fb1668cac7b7675055fdf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\buildAgent\work\ci_deploy_nbsninja_boot-x86_git\build.ninja\common\vs2019\x86\release\Installer\BootstrapperClient\BootstrapperClient.pdb

Imports

iphlpapi

GetAdaptersAddresses

shell32

SHGetFolderPathAndSubDirW
ord165
SHGetKnownFolderPath
ShellExecuteW
ShellExecuteExW
CommandLineToArgvW
Shell_NotifyIconA

bcrypt

BCryptGenRandom

advapi32

RegDeleteTreeW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SystemFunction036
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
OpenProcessToken
GetUserNameW
RegDeleteKeyW
RegDeleteKeyExW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegOpenKeyExA
RegQueryInfoKeyW
RegQueryValueExA
RegGetValueW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
GetTokenInformation
RegCreateKeyExA
RegSetValueExA
CryptDestroyKey
RevertToSelf
BuildSecurityDescriptorW
BuildExplicitAccessWithNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ImpersonateNamedPipeClient
CryptEnumProvidersW

powrprof

CallNtPowerInformation

winhttp

WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpSetTimeouts
WinHttpSetOption
WinHttpWriteData
WinHttpReadData
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest

ws2_32

htons
getaddrinfo
freeaddrinfo
ioctlsocket
recv
listen
getsockname
connect
bind
accept
inet_ntop
__WSAFDIsSet
WSAIoctl
setsockopt
WSACleanup
WSAStartup
inet_pton
WSAGetLastError
WSASetLastError
closesocket
WSACreateEvent
WSACloseEvent
send
getsockopt
select
getnameinfo
gethostname
htonl
socket
ntohs
ntohl

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenStore

kernel32

InitOnceBeginInitialize
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeSRWLock
GetStartupInfoW
UnhandledExceptionFilter
GetFinalPathNameByHandleW
EncodePointer
LCMapStringEx
InitializeSListHead
DecodePointer
RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DeleteFileW
CloseHandle
SetLastError
SetEvent
ResetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
OpenEventW
GetCurrentProcessId
GetModuleHandleW
GetProcAddress
lstrcmpW
MultiByteToWideChar
WideCharToMultiByte
MulDiv
CreateDirectoryW
CreateFileW
GetFileAttributesW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
VerSetConditionMask
GetFileSize
ReadFile
GetTempPathW
InitializeCriticalSectionEx
LocalAlloc
LocalFree
FormatMessageW
CopyFileW
MoveFileW
VerifyVersionInfoW
GetSystemTimeAsFileTime
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFileAttributesW
DebugBreak
Sleep
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
GetCurrentThread
GetCurrentThreadId
CreateProcessW
OpenProcess
GetSystemTime
GetLocalTime
GetTickCount
GetVersionExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryW
lstrlenW
SystemTimeToFileTime
GetGeoInfoW
GetUserGeoID
GetUserDefaultLCID
CreateEventA
K32EnumProcesses
K32GetProcessImageFileNameW
GetCommandLineW
IsDebuggerPresent
OutputDebugStringW
GetShortPathNameW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
FlushFileBuffers
SetFileTime
WriteFile
lstrcpyW
LoadLibraryA
ReleaseSemaphore
CreateSemaphoreW
GetFileTime
SetFilePointer
CreateSemaphoreA
WaitForSingleObjectEx
DuplicateHandle
GetModuleHandleA
WaitForMultipleObjectsEx
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateFileA
CreateMutexA
GetProcessTimes
GetCurrentProcessorNumber
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExA
IsWow64Process
K32GetProcessMemoryInfo
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
SwitchToThread
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
FormatMessageA
LockFileEx
CreateFileMappingA
UnlockFile
HeapCompact
DeleteFileA
FlushViewOfFile
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
EnterCriticalSection
LeaveCriticalSection
GetSystemDirectoryA
MoveFileExA
CompareFileTime
GetEnvironmentVariableA
SleepEx
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
CreateThread
GetExitCodeThread
GetVersion
SetProcessShutdownParameters
SetConsoleCtrlHandler
SuspendThread
ResumeThread
GetProcessId
GetThreadContext
IsProcessorFeaturePresent
GetTimeZoneInformation
GetThreadLocale
GetSystemDefaultLCID
RemoveVectoredExceptionHandler
InitializeCriticalSection
VirtualQueryEx
ReadProcessMemory
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetFileSizeEx
SetFilePointerEx
FindFirstFileExW
MoveFileExW
ConnectNamedPipe
DisconnectNamedPipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
UnregisterWaitEx
RegisterWaitForSingleObject
GetFileInformationByHandleEx
FileTimeToSystemTime
GetNativeSystemInfo
LoadLibraryExW
VirtualQuery
SetWaitableTimer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateWaitableTimerA
GetCurrentDirectoryW
GetFileInformationByHandle
DeviceIoControl
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
CompareStringEx
GetCPInfo
GetLocaleInfoEx
GetStringTypeW
RtlUnwind
InterlockedPushEntrySList
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetConsoleOutputCP
SetStdHandle
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitProcess
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
InitOnceComplete
GetModuleFileNameA
WriteConsoleW

user32

DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
LoadAcceleratorsW
TranslateAcceleratorW
SetWindowTextW
MessageBoxA
PostQuitMessage
RegisterClassW
DestroyWindow
GetDlgItem
GetDlgCtrlID
GetUserObjectInformationW
GetProcessWindowStation
EnumDisplayDevicesA
GetWindowTextW
SetForegroundWindow
IsWindowVisible
PostMessageW
LoadBitmapW
LoadIconW
FillRect
EndPaint
BeginPaint
ReleaseDC
DrawTextW
GetSystemMetrics
EnableWindow
UnregisterClassW
RegisterWindowMessageW
SendMessageTimeoutW
CharUpperW
KillTimer
GetParent
CharNextW
AllowSetForegroundWindow
SetWindowLongW
GetWindowLongW
MessageBoxW
GetWindowRect
MessageBoxExW
FindWindowW
EnumWindows
GetWindowThreadProcessId
SendMessageW
DefWindowProcW
CallWindowProcW
CreateWindowExW
ShowWindow
GetDC
InvalidateRect
SetTimer

gdi32

SetTextColor
SetBkMode
CreateSolidBrush
RoundRect
SetDCPenColor
SetDCBrushColor
SelectObject
CreateFontW
Rectangle
GetStockObject
CreatePen
GetDeviceCaps
DeleteObject

ole32

CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateGuid
CoCreateInstance
StringFromGUID2

shlwapi

PathAddBackslashW
PathFileExistsW
SHDeleteKeyW
StrCmpNW
StrStrW
PathRemoveFileSpecW
StrCmpW
SHCopyKeyW
PathAppendW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

sensapi

IsNetworkAlive

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord345

gdiplus

GdipCreateHBITMAPFromBitmap
GdipAlloc
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdipFree
GdiplusStartup

wininet

HttpQueryInfoW
HttpQueryInfoA
InternetCloseHandle
HttpSendRequestExW
HttpSendRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
HttpOpenRequestW
InternetOpenW
InternetSetOptionW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetReadFile
InternetConnectW
HttpEndRequestW

winmm

timeGetTime
timeSetEvent
timeGetDevCaps
timeBeginPeriod

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 794KB - Virtual size: 8.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 764KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

919105eb197fb1668cac7b7675055fdf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

shell32

bcrypt

advapi32

powrprof

winhttp

ws2_32

crypt32

kernel32

user32

gdi32

ole32

shlwapi

version

sensapi

comctl32

gdiplus

wininet

winmm

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 794KB - Virtual size: 8.0MB

CPADinfo Size: 512B - Virtual size: 40B

.rsrc Size: 141KB - Virtual size: 141KB

.reloc Size: 764KB - Virtual size: 768KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 794KB - Virtual size: 8.0MB

CPADinfo
Size: 512B - Virtual size: 40B

.rsrc
Size: 141KB - Virtual size: 141KB

.reloc
Size: 764KB - Virtual size: 768KB