2024-10-17_595cdbdb2f2e5d28f3fad88acece17dc_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-17_595cdbdb2f2e5d28f3fad88acece17dc_magniber
Size

7.0MB
MD5

595cdbdb2f2e5d28f3fad88acece17dc
SHA1

3e6331cd8af6bb461f06a733793cd8a529db506c
SHA256

84ff6bfa8e4fdac5e78de10ee67a992bf16e2ee529335e13f4ab9109108df8e9
SHA512

c49f15688214321addec0758607f60225f24ed2c134bf9a6c6cf0d125de71424f17a059ccf994507bcd545ba5c193c6e0308c9cc5c91490c519b67841a44743a
SSDEEP

98304:vY/LI21zqMG3cKp+Wo1zJ//GdKw3mqhdAGpstCTTON6A25sEc0Mk8UsEc0Mk8Us8:vY/LIGqMWcKp+Woz9OdPmcFGz

Score

1^/10

Malware Config

Signatures

Files

2024-10-17_595cdbdb2f2e5d28f3fad88acece17dc_magniber
.exe windows:6 windows x86 arch:x86

5c7f44b0e6152cc98808ca997f921986

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:35:60:3f:7a:88:8a:e1:6c:05:b0:0f:15:3c:c6:fc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=AVG Technologies USA\, LLC,O=AVG Technologies USA\, LLC,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fa:b2:00:bb:38:1e:60:0f:37:e0:cc:dd:33:1a:d6:92:a0:8f:ac:14:e9:61:38:4f:91:39:30:f3:ef:4a:a1:25
Signer

Actual PE Digest

fa:b2:00:bb:38:1e:60:0f:37:e0:cc:dd:33:1a:d6:92:a0:8f:ac:14:e9:61:38:4f:91:39:30:f3:ef:4a:a1:25

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus.pdb

Imports

rpcrt4

RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingFree
RpcStringFreeW
NdrClientCall2
UuidCreate
RpcStringBindingParseW
UuidFromStringW
UuidToStringW
NdrAsyncServerCall
NdrServerCall2
NdrAsyncClientCall
RpcAsyncCancelCall
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
RpcBindingToStringBindingW
RpcEpUnregister
RpcEpRegisterW
RpcServerUseProtseqEpW
RpcObjectSetType
RpcServerRegisterIf2
RpcServerUnregisterIfEx
RpcImpersonateClient
RpcRevertToSelf
I_RpcBindingInqLocalClientPID
RpcMgmtEpEltInqNextW
RpcMgmtEpEltInqBegin
RpcIfInqId
RpcMgmtEpEltInqDone

winhttp

WinHttpWriteData
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpSetCredentials
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpAddRequestHeaders
WinHttpSetTimeouts
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpSendRequest
WinHttpGetProxyForUrl

shell32

ShellExecuteW
SHGetFolderPathW
ord165
SHGetSpecialFolderPathW
SHChangeNotify

ntdll

VerSetConditionMask
RtlUnwind
NtSystemDebugControl
RtlDllShutdownInProgress
NtClose
NtCreateWorkerFactory
NtQueryInformationProcess
NtQuerySystemInformation
NtQueryInformationWorkerFactory
NtSetInformationThread
NtOpenKey
NtQueryKey
NtDeleteKey
RtlCaptureContext
RtlNtStatusToDosError

advapi32

LsaQueryInformationPolicy
LsaOpenPolicy
LookupAccountSidW
ConvertSidToStringSidW
LsaClose
RegLoadKeyW
GetSecurityInfo
GetEffectiveRightsFromAclW
LookupPrivilegeValueW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
SystemFunction036
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegDeleteKeyExW
RegEnumKeyW
RegQueryMultipleValuesW
RegFlushKey
RegDeleteTreeW
RegNotifyChangeKeyValue
AdjustTokenPrivileges
ImpersonateSelf
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
QueryServiceConfig2W
ChangeServiceConfig2W
RegQueryInfoKeyW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
InitiateSystemShutdownExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
LsaFreeMemory
ConvertStringSidToSidW
FreeSid
CloseServiceHandle
CreateServiceW
ChangeServiceConfigW
RevertToSelf
QueryServiceStatusEx
StartServiceW
ControlService
QueryServiceStatus
OpenServiceW
OpenThreadToken
OpenSCManagerW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
TreeResetNamedSecurityInfoW
AddAce
InitializeAcl
CopySid
GetTokenInformation
OpenProcessToken
EqualSid
GetLengthSid
AllocateAndInitializeSid
DuplicateToken
CheckTokenMembership
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
TreeSetNamedSecurityInfoW
SetNamedSecurityInfoW
GetSecurityDescriptorControl
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetFileSecurityW

user32

DispatchMessageW
TranslateMessage
GetMessageW
IsWindow
AllowSetForegroundWindow
GetSystemMetrics
MessageBoxW
SetForegroundWindow
FindWindowExW
UnregisterClassW
PeekMessageW
IsHungAppWindow
SendMessageCallbackW
GetGUIThreadInfo
LoadStringW
SetTimer
KillTimer
DestroyWindow
ShutdownBlockReasonDestroy
PostQuitMessage
RegisterClassExW
GetClassNameW
GetWindowLongW
CreateWindowExW
DefWindowProcW
SetWindowTextW
ShutdownBlockReasonCreate
EnumWindows
GetWindowThreadProcessId
SetWindowLongW
GetClassInfoExW
SendMessageW
CharLowerW
wsprintfW
RegisterWindowMessageW
PostMessageW

ole32

CoCreateInstance
CLSIDFromString
CoUninitialize
CoCreateGuid
CoInitializeEx

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

kernel32

SetDllDirectoryW
OutputDebugStringW
IsDebuggerPresent
CreateSymbolicLinkW
GetLogicalDriveStringsW
AreFileApisANSI
GetStringTypeW
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
SleepConditionVariableSRW
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
ExitProcess
InitOnceBeginInitialize
LoadLibraryExA
ReleaseSRWLockShared
AcquireSRWLockShared
GetLocaleInfoEx
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
InitializeSListHead
UnhandledExceptionFilter
GetStartupInfoW
SystemTimeToFileTime
LocalFileTimeToFileTime
GlobalFree
RegisterWaitForSingleObject
lstrcpyW
InitOnceComplete
InterlockedPushEntrySList
ExitThread
FreeLibraryAndExitThread
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetCommandLineA
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetStdHandle
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetTickCount64
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetActiveProcessorCount
GetSystemInfo
GetCurrentProcess
CloseHandle
GetProcessId
GetExitCodeProcess
GetLastError
CreateEventW
SetEvent
WaitForSingleObject
TerminateProcess
WaitForMultipleObjects
GetFileAttributesW
SetLastError
CreateFileW
GetFileSizeEx
ReadFile
GetOEMCP
LocalFree
GetWindowsDirectoryW
HeapAlloc
GetProcessHeap
HeapFree
CreateProcessW
LoadLibraryExW
FreeLibrary
GetCommandLineW
GetModuleHandleW
GetProcAddress
GetCurrentThread
Sleep
OpenProcess
GetModuleFileNameW
MoveFileW
SetThreadExecutionState
UnlockFileEx
LockFileEx
ResetEvent
GetUserDefaultUILanguage
GetModuleFileNameA
GetModuleHandleExW
GetCurrentThreadId
FormatMessageW
DebugBreak
GetTimeZoneInformation
GetDriveTypeW
RemoveDirectoryW
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
DecodePointer
HeapDestroy
SetFilePointer
SetEndOfFile
DuplicateHandle
SetFileInformationByHandle
GetFinalPathNameByHandleW
SetFileTime
GetFileInformationByHandleEx
GetFileInformationByHandle
SetFilePointerEx
WriteFile
GetModuleHandleA
FormatMessageA
LoadLibraryW
GetCurrentProcessId
VerifyVersionInfoW
FindFirstFileW
DeleteFileW
ReadProcessMemory
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
GetSystemTimeAsFileTime
FindClose
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateThread
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
SetErrorMode
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
VirtualQuery
VirtualProtect
DeviceIoControl
CheckRemoteDebuggerPresent
FlushInstructionCache
RaiseException
GetTickCount
QueryFullProcessImageNameW
GetPriorityClass
OpenThread
GetThreadPriority
K32EnumProcesses
GetThreadTimes
K32GetProcessMemoryInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetProcessHandleCount
CreateIoCompletionPort
GetNativeSystemInfo
GetSystemTimes
GetProcessTimes
GetFileTime
CompareFileTime
QueryUnbiasedInterruptTime
CancelIoEx
GetOverlappedResult
ReadDirectoryChangesW
UnregisterWaitEx
ProcessIdToSessionId
GetComputerNameW
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
ResumeThread
WriteConsoleW
TerminateThread
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
QueryThreadCycleTime
DeleteProcThreadAttributeList
K32GetProcessImageFileNameW
GetThreadId
CreatePipe
SetHandleInformation
GetProcessShutdownParameters
SetProcessShutdownParameters
WTSGetActiveConsoleSessionId
LocalAlloc
FileTimeToSystemTime
FlushFileBuffers
GetFullPathNameW
OutputDebugStringA
CompareStringW
OpenEventW
GetVersionExW
ExpandEnvironmentStringsW
VirtualAlloc
VirtualFree
GetExitCodeThread
SetFileAttributesW
GetFileSize
MoveFileExW
GetVolumeInformationW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFileAttributesExW
CreateDirectoryW
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
QueryDosDeviceW
CreateHardLinkW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetDateFormatW
GetTimeFormatW
WriteProcessMemory
GetVersion
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
HeapSetInformation
CopyFileW
K32GetMappedFileNameW
FindFirstVolumeW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemDirectoryA
MoveFileExA
GetEnvironmentVariableA
SleepEx
CreateFileA
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
ExpandEnvironmentStringsA
GetVersionExA
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
IsProcessorFeaturePresent
SetThreadAffinityMask
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryW

powrprof

CallNtPowerInformation

netapi32

NetUserGetLocalGroups
NetApiBufferFree

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CertFreeCertificateChain
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertAddEncodedCertificateToStore
CertFreeCertificateContext
CryptUnprotectData
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptProtectData

iphlpapi

if_nametoindex
if_indextoname
GetUnicastIpAddressTable
FreeMibTable
GetBestRoute2
GetAdaptersAddresses

ws2_32

WSAIoctl
WSAStartup
WSAAddressToStringA
WSACleanup
WSAStringToAddressA
WSAGetLastError
select
GetAddrInfoW
FreeAddrInfoW
getsockopt
send
WSACloseEvent
ntohs
WSASetLastError
WSACreateEvent
closesocket
htons
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
socket
__WSAFDIsSet
htonl
bind
connect
getsockname
recv
ioctlsocket
gethostname
setsockopt
ntohl
getservbyname
recvfrom
WSADuplicateSocketW
WSASocketW
InetNtopW
WSAAddressToStringW

shlwapi

PathIsDirectoryEmptyW
PathRemoveFileSpecW
PathAppendW
PathFindFileNameW
PathMatchSpecW

bcrypt

BCryptGenRandom

setupapi

SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstallParamsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

secur32

QueryContextAttributesW

dnsapi

DnsFree
DnsQuery_W

Exports

Exports

asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
on_avast_dll_unload
onexit_register_connector_avast_2

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 545KB - Virtual size: 590KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c7f44b0e6152cc98808ca997f921986

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:35:60:3f:7a:88:8a:e1:6c:05:b0:0f:15:3c:c6:fcCertificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

fa:b2:00:bb:38:1e:60:0f:37:e0:cc:dd:33:1a:d6:92:a0:8f:ac:14:e9:61:38:4f:91:39:30:f3:ef:4a:a1:25Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

winhttp

shell32

ntdll

advapi32

user32

ole32

oleaut32

kernel32

powrprof

netapi32

crypt32

iphlpapi

ws2_32

shlwapi

bcrypt

setupapi

secur32

dnsapi

Exports

Exports

Sections

.text Size: 4.9MB - Virtual size: 4.9MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 545KB - Virtual size: 590KB

.didat Size: 512B - Virtual size: 56B

.rsrc Size: 64KB - Virtual size: 64KB

.reloc Size: 275KB - Virtual size: 274KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:35:60:3f:7a:88:8a:e1:6c:05:b0:0f:15:3c:c6:fc
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

fa:b2:00:bb:38:1e:60:0f:37:e0:cc:dd:33:1a:d6:92:a0:8f:ac:14:e9:61:38:4f:91:39:30:f3:ef:4a:a1:25
Signer

.text
Size: 4.9MB - Virtual size: 4.9MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 545KB - Virtual size: 590KB

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 64KB - Virtual size: 64KB

.reloc
Size: 275KB - Virtual size: 274KB