C:\Users\calva\source\repos\saveinstance\x64\Release\saveinstance.pdb
Static task
static1
Behavioral task
behavioral1
Sample
Magnus Night V3.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Magnus Night V3.exe
Resource
win11-20241007-en
General
-
Target
Magnus Night V3.exe
-
Size
2.8MB
-
MD5
ced2a2b65c17ea7446fc38db55c136f2
-
SHA1
37a09e0adfd6c694837fd3818dd649877c6763c1
-
SHA256
3d77ce08aae982d05bbf4bda58be1fb848225e8ff499e82ee5f8219bc06f6797
-
SHA512
85554a59fb0b67bc57dbea1fe53416cfd49584c2d516fd299db03503053baf3a44e280592a4d30cc963386c1399362dc5891bb0ff15e325eb3525cc3f896eefe
-
SSDEEP
49152:BeI/nFaNjfSVzHKsRXmPOpFasLsIt89QC7wlf6C/Zu4E3k:wsIlu56+E3
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Magnus Night V3.exe
Files
-
Magnus Night V3.exe.exe windows:6 windows x64 arch:x64
fd63bea46a49f552449d130fbfca715a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
urlmon
URLDownloadToFileA
crypt32
CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore
ws2_32
getaddrinfo
freeaddrinfo
recvfrom
sendto
listen
ioctlsocket
gethostname
recv
htons
getpeername
inet_ntop
htonl
getsockname
bind
connect
accept
select
__WSAFDIsSet
WSAIoctl
socket
setsockopt
send
WSASetLastError
ntohs
WSAStartup
inet_pton
WSAGetLastError
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
closesocket
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
getsockopt
WSACleanup
kernel32
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
FormatMessageA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
LocalAlloc
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
LocalFree
FreeLibrary
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
SetConsoleTitleA
SetConsoleMode
InitializeCriticalSectionEx
Sleep
GetConsoleMode
GetLastError
DeleteCriticalSection
GetCurrentProcessId
SetUnhandledExceptionFilter
WideCharToMultiByte
ReadProcessMemory
CreateProcessA
VirtualQueryEx
GetCurrentProcess
CreateFileW
GetCurrentThreadId
LoadLibraryW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
GetTickCount
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceFrequency
GetSystemDirectoryW
GetModuleHandleW
MultiByteToWideChar
SetLastError
FormatMessageW
MoveFileExW
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
GetFileSizeEx
OutputDebugStringW
InitializeSListHead
IsDebuggerPresent
GetFileInformationByHandle
FindNextFileW
FindFirstFileExW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
SetFilePointerEx
GetFileTime
WriteFile
GetFileAttributesW
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
GetStdHandle
GetSystemTimeAsFileTime
advapi32
GetSecurityInfo
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
SetSecurityDescriptorDacl
AllocateAndInitializeSid
AddAccessDeniedAce
FreeSid
InitializeSecurityDescriptor
InitializeAcl
SetKernelObjectSecurity
GetLengthSid
shell32
ShellExecuteW
SHGetKnownFolderPath
ole32
CoTaskMemFree
msvcp140
?_Random_device@std@@YAIXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Query_perf_counter
_Thrd_detach
_Xtime_get_ticks
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
bcrypt
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptEncrypt
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptGenerateSymmetricKey
BCryptDeriveKeyPBKDF2
BCryptDestroyHash
vcruntime140_1
__CxxFrameHandler4
vcruntime140
_CxxThrowException
__std_exception_copy
__current_exception_context
__current_exception
__C_specific_handler
wcschr
memcmp
strstr
memmove
memchr
strrchr
__std_exception_destroy
memset
__std_terminate
__std_type_info_compare
__std_type_info_name
memcpy
strchr
api-ms-win-crt-runtime-l1-1-0
_errno
terminate
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_invalid_parameter_noinfo
_exit
exit
_initterm_e
_initterm
__sys_nerr
__sys_errlist
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_get_initial_narrow_environment
_beginthreadex
api-ms-win-crt-string-l1-1-0
strncmp
wcsncmp
strpbrk
strncpy
strcspn
_wcsdup
_wcsicmp
wcspbrk
strspn
strcmp
isalnum
_strdup
wcsncpy
tolower
toupper
_stricmp
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vfprintf
fgetc
fclose
_set_fmode
fflush
__acrt_iob_func
fputc
_lseeki64
__stdio_common_vsnwprintf_s
putchar
__p__commode
__stdio_common_vsscanf
_read
_write
fwrite
_fileno
__stdio_common_vsprintf
_wopen
fgetpos
setvbuf
ftell
ungetc
feof
fsetpos
fread
_fseeki64
fputs
_get_stream_buffer_pointers
fgets
fseek
_wfopen
_close
__stdio_common_vsprintf_s
api-ms-win-crt-heap-l1-1-0
_callnewh
calloc
free
malloc
realloc
_set_new_mode
api-ms-win-crt-conio-l1-1-0
_getch
api-ms-win-crt-filesystem-l1-1-0
_wstat64
_fstat64
_unlock_file
_lock_file
_waccess
_unlink
_stat64i32
api-ms-win-crt-convert-l1-1-0
wcstombs
strtoul
strtol
atoi
strtoll
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-time-l1-1-0
_mktime64
_localtime64_s
_time64
_gmtime64
strftime
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
___lc_codepage_func
api-ms-win-crt-math-l1-1-0
_fdopen
__setusermatherr
pow
cosf
sinf
Sections
.text Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 457KB - Virtual size: 457KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 230KB - Virtual size: 230KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ