2024-12-15_665aaf24dff08f63319c48b86d0bdcbb_luca-stealer_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-15_665aaf24dff08f63319c48b86d0bdcbb_luca-stealer_magniber
Size

1.8MB
MD5

665aaf24dff08f63319c48b86d0bdcbb
SHA1

7f75395d50767da37ce42ece8cc488fbb4196890
SHA256

d57d5aa108e63d37d5a764a8279f158d8a6ef589d9832303448d1cff41c97013
SHA512

17432817cbbc745d8289077ffffc3011a291edf74d6bccb609c3492cc025186e684ec022888fd6b67c975c866d58cbe9bcad37d34ab458700d9de99f22b037db
SSDEEP

24576:Z5pbf/eDTke6NW2GOKIzaac0mhPsyvXrFrONtpXktL02BMiKNTQyKVmZYAAGrIUD:tYRcW2BN+6oXpqNCnDYTQybVAGrIs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-15_665aaf24dff08f63319c48b86d0bdcbb_luca-stealer_magniber

Files

2024-12-15_665aaf24dff08f63319c48b86d0bdcbb_luca-stealer_magniber
.exe windows:5 windows x86 arch:x86

6705afac11461dba3d6f93508f03f2c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\sogou-src-git2\SogouPinyinMain\Bin\SogouInput\618Ad.pdb

Imports

gdiplus

GdipDeleteMatrix
GdipDrawImageRectRectI
GdipCreatePen1
GdipFree
GdipCreateImageAttributes
GdipCreatePath2
GdipSetPixelOffsetMode
GdipSetPenDashArray
GdipFillPath
GdipCreateSolidFill
GdipSetInterpolationMode
GdipSetPenMiterLimit
GdipCreateLineBrush
GdipSetWorldTransform
GdipSetSmoothingMode
GdipSetMatrixElements
GdipDisposeImage
GdipCreateMatrix
GdipDeletePath
GdipDisposeImageAttributes
GdipCreateMatrix2
GdipAlloc
GdipScaleMatrix
GdipRotateMatrix
GdipDeleteBrush
GdipSetPenStartCap
GdipCloneImage
GdipSetImageAttributesColorMatrix
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromScan0
GdipDeletePen
GdipSaveImageToStream
GdipGetImageWidth
GdipMultiplyMatrix
GdipDrawPath
GdipTranslateMatrix
GdipSetPenLineJoin
GdipSetPenEndCap
GdipGetMatrixElements
GdipCloneBrush
GdipSetPenDashOffset
GdipGetImageGraphicsContext
GdipDeleteGraphics

kernel32

GetModuleHandleW
GetModuleFileNameW
GetFileAttributesW
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetVersionExW
FindFirstFileW
WriteFile
FindClose
CreateFileW
DeleteFileW
GetCurrentDirectoryW
WaitForMultipleObjects
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
SetThreadPriority
TerminateThread
RaiseException
SizeofResource
GetCurrentProcess
GetStdHandle
LockResource
LoadResource
FindResourceW
CreateProcessW
VirtualQuery
GlobalAlloc
GlobalFree
OpenMutexW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
Sleep
CloseHandle
GetCurrentThreadId
CreateMutexW
GetLastError
SleepEx
LoadLibraryA
GetSystemDirectoryA
FormatMessageA
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetEndOfFile
SetStdHandle
SetFilePointerEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
PeekNamedPipe
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetFullPathNameW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
ExitProcess
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ReadFile
ResumeThread
LoadLibraryExW
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
SetUnhandledExceptionFilter
IsDebuggerPresent
lstrcpyW
GetLocalTime
lstrcatW
TerminateProcess
lstrlenW
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapSize
HeapFree
GetTickCount
InterlockedDecrement
InterlockedIncrement
FindNextFileW
InitializeCriticalSection
MultiByteToWideChar
OutputDebugStringW
GlobalLock
WideCharToMultiByte
GlobalUnlock
GlobalHandle
GetCommandLineW
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
QueryDosDeviceW
RemoveDirectoryW
OpenProcess
SetFileAttributesW
GetLogicalDriveStringsW
SetLastError
SetFilePointer
ExitThread
FormatMessageW
CreateThread
LocalFree
GetFileSize
DecodePointer
GetCurrentProcessId
LocalAlloc
FlushFileBuffers
ReleaseMutex

user32

EnumDisplaySettingsW
EnumDisplayDevicesW
GetMonitorInfoW
PostMessageW
DispatchMessageW
GetCursorPos
RegisterWindowMessageW
wvsprintfW
wsprintfW
EnumDisplayMonitors
GetDC
GetMessageW
TranslateMessage
LoadMenuW
GetSystemMetrics
TrackPopupMenu
GetSubMenu
DestroyMenu
LoadIconW
PostQuitMessage
PtInRect
SetForegroundWindow
LoadImageW
DefWindowProcW
CreateWindowExW
IsWindow
SetTimer
DestroyIcon
RegisterClassW
LoadCursorW
KillTimer
EnableWindow
EndPaint
BeginPaint
ReleaseDC
IsIconic
ReleaseCapture
SetCursor
SetCapture
SetPropW
IsWindowEnabled
TrackMouseEvent
ClientToScreen
ShowWindow
RegisterClassExW
NotifyWinEvent
ScreenToClient
GetPropW
SetWindowPos
IsWindowVisible
DestroyWindow
GetWindowRect
CallWindowProcW
GetKeyState
GetDesktopWindow
DrawTextW
UpdateLayeredWindow
GetFocus
FindWindowW
IntersectRect
MoveWindow
MonitorFromPoint
SubtractRect
SetRectEmpty

gdi32

DeleteDC
GetStockObject
SelectObject
CreateFontIndirectW
DeleteObject
CreateCompatibleDC
GetFontData
GetObjectW
CreateDIBSection
SetTextCharacterExtra
SetBkMode
SetTextColor
BitBlt

advapi32

CryptAcquireContextW
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
RegQueryValueExW
RegOpenKeyW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
InitializeAcl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessAllowedAceEx
GetLengthSid

shell32

ord165
SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize

imm32

ImmDisableIME

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetProcessMemoryInfo

setupapi

SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsExW
SetupDiGetDeviceInstanceIdW

msimg32

AlphaBlend

wininet

HttpSendRequestExW
InternetConnectA
HttpAddRequestHeadersW
HttpEndRequestW
InternetCrackUrlA
InternetOpenUrlW
InternetOpenW
HttpQueryInfoW
InternetCloseHandle
InternetSetOptionW
InternetReadFile
HttpOpenRequestA
InternetWriteFile

oleacc

LresultFromObject
AccessibleObjectFromWindow

oleaut32

SysAllocString

ws2_32

__WSAFDIsSet
gethostname
WSASetLastError
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
listen
recvfrom
sendto
htonl
socket
setsockopt
ioctlsocket
accept
select
ntohs
htons
WSAStartup
WSACleanup
closesocket
WSAGetLastError
recv
send
bind
connect
getpeername
getsockname
getsockopt

wldap32

ord35
ord33
ord32
ord27
ord26
ord22
ord79
ord200
ord60
ord211
ord46
ord143
ord301
ord41
ord30
ord50

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 121KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6705afac11461dba3d6f93508f03f2c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

imm32

version

psapi

setupapi

msimg32

wininet

oleacc

oleaut32

ws2_32

wldap32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 250KB - Virtual size: 249KB

.data Size: 121KB - Virtual size: 190KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 128KB - Virtual size: 132KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 250KB - Virtual size: 249KB

.data
Size: 121KB - Virtual size: 190KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 128KB - Virtual size: 132KB