2024-01-01_63d8a2888910c3412d3614e47d23ef48_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-01_63d8a2888910c3412d3614e47d23ef48_mafia
Size

12.3MB
MD5

63d8a2888910c3412d3614e47d23ef48
SHA1

05809d03d168f3c2bae472290d2f92002af10c86
SHA256

8c41888ceae18e073b9881c590795c2ce5b50bc0022ab1b643e8b530fe13f9cb
SHA512

5b99934bad4d736f50602acdbb6d7f3b616b4f22030fe8f643f5b1acaf7be3e2fc9b919e94de639734c61b3a421316240a05c13afd70356a8f1097687e3b8f30
SSDEEP

196608:c2hRJXX7mPuk4TZBDqkY4IftU5HXDBiD7Jsv6tWKFdu9C/:c2hRJn7fBDqkY4F1a7Jsv6tWKFdu9C/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-01_63d8a2888910c3412d3614e47d23ef48_mafia

Files

2024-01-01_63d8a2888910c3412d3614e47d23ef48_mafia
.exe windows:5 windows x86 arch:x86

376811f96d5bd9a72172bde1db55a106

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetFontData
GetTextFaceW
EnumFontFamiliesExW
GetRegionData
CreateRectRgn
CreateEllipticRgn
GetObjectW
RealizePalette
SelectPalette
PtInRegion
BitBlt
CreateDIBSection
GetDIBits
CreateBitmap
CreateCompatibleBitmap
GdiFlush
GetPaletteEntries
CreatePalette
SelectClipRgn
GetCharABCWidthsW
GetCharABCWidthsI
GetTextExtentPoint32W
GetCharABCWidthsFloatW
CreateFontIndirectW
GetTextMetricsW
SetGraphicsMode
SetWorldTransform
SelectObject
GetGlyphOutlineW
GetStockObject
SetTextColor
SetBkMode
SetTextAlign
ExtTextOutW
GetOutlineTextMetricsW
DeleteDC
CreateCompatibleDC
CombineRgn
OffsetRgn
DeleteObject
GetDeviceCaps

oleaut32

SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocString
VariantCopy
VariantInit
SysAllocStringLen
VariantClear

imm32

ImmGetDefaultIMEWnd
ImmReleaseContext
ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmGetContext

winmm

timeEndPeriod
timeBeginPeriod
PlaySoundW

ws2_32

WSAConnect
bind
WSASendTo
WSASend
getsockname
getpeername
WSAHtons
WSAHtonl
WSANtohs
WSANtohl
WSAAsyncSelect
select
__WSAFDIsSet
WSARecv
WSARecvFrom
WSAAccept
listen
setsockopt
WSASocketW
WSAIoctl
WSACleanup
WSAStartup
inet_addr
gethostbyaddr
ntohl
gethostbyname
WSAGetLastError
getsockopt
htonl
closesocket

ole32

OleInitialize
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemFree
OleUninitialize
ReleaseStgMedium
DoDragDrop
OleGetClipboard
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoGetMalloc
CoCreateInstance

user32

SetMenuItemInfoW
TrackPopupMenuEx
MapVirtualKeyW
ToAscii
ToUnicode
GetKeyboardLayout
DestroyCaret
SetCaretPos
CreateCaret
HideCaret
TranslateMessage
GetKeyboardLayoutList
RegisterWindowMessageW
GetAsyncKeyState
RegisterClipboardFormatW
GetIconInfo
DrawIconEx
CreateCursor
CreateIconIndirect
SetCursorPos
DestroyCursor
GetClassInfoW
LoadImageW
GetSysColorBrush
RegisterClassExW
GetCursorPos
DefWindowProcW
GetWindowRgn
UnregisterClassW
ClipCursor
GetUpdateRect
InvalidateRgn
BeginPaint
EndPaint
GetSysColor
WindowFromPoint
GetParent
GetDoubleClickTime
SetDoubleClickTime
SetCaretBlinkTime
PeekMessageW
GetKeyState
GetCaretBlinkTime
FlashWindowEx
MessageBeep
GetKeyboardState
CreateWindowExW
GetSystemMenu
EnableMenuItem
SetParent
ValidateRgn
GetClientRect
GetWindowPlacement
SetWindowPlacement
GetWindowRect
IsWindowVisible
IsIconic
IsZoomed
MoveWindow
InvalidateRect
ShowWindow
ScreenToClient
ClientToScreen
DestroyWindow
SetWindowRgn
SetCursor
SetWindowsHookExW
SetCapture
SendMessageW
SetWindowTextW
AdjustWindowRectEx
ScrollWindowEx
UpdateWindow
SetWindowPos
SetForegroundWindow
ReleaseCapture
UnhookWindowsHookEx
DestroyIcon
CallNextHookEx
SystemParametersInfoW
ReleaseDC
GetDC
GetWindowLongW
SetWindowLongW
GetActiveWindow
GetFocus
SetFocus
GetSystemMetrics
IsChild
CharLowerW
CharPrevExA
CharUpperW
SendMessageTimeoutW
EnumWindows
GetWindowThreadProcessId
PostMessageW
GetMenu
ChangeClipboardChain
SetClipboardViewer
LoadIconW
PostThreadMessageW
CharNextExA
SetTimer
KillTimer
GetQueueStatus
RegisterClassW
DispatchMessageW
MsgWaitForMultipleObjectsEx
GetDesktopWindow
GetClipboardFormatNameW

advapi32

CheckTokenMembership
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
RegCreateKeyExW
RegFlushKey
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
FreeSid

shell32

SHGetFolderLocation
ShellExecuteW
SHGetFileInfoW
SHChangeNotify
ShellExecuteExW

kernel32

HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetCPInfo
LCMapStringW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
HeapReAlloc
ExitThread
WriteConsoleW
HeapAlloc
HeapSetInformation
GetCommandLineA
HeapFree
RaiseException
RtlUnwind
InterlockedExchange
DecodePointer
EncodePointer
FindNextChangeNotification
FindFirstFileExW
GetOverlappedResult
GetUserDefaultUILanguage
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
GetFileAttributesExW
CopyFileW
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
GetLogicalDrives
SetFilePointerEx
GetFileType
IsProcessorFeaturePresent
GetEnvironmentStringsW
FreeEnvironmentStringsW
PeekNamedPipe
GetExitCodeProcess
CreatePipe
OutputDebugStringW
GetLocalTime
FormatMessageW
LocalFree
GetCurrentProcess
DuplicateHandle
CreateThread
TlsGetValue
GetThreadPriority
ResumeThread
TlsSetValue
SetThreadPriority
TerminateThread
TlsAlloc
SwitchToThread
TlsFree
GetUserDefaultLCID
CompareStringW
CreateFileA
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GlobalFree
lstrlenA
ExitProcess
GlobalSize
lstrcmpW
IsValidLanguageGroup
IsValidLocale
GlobalAlloc
GlobalLock
GlobalUnlock
HeapCreate
SetErrorMode
GetUserDefaultLangID
GetVolumeInformationW
ExpandEnvironmentStringsW
GetStartupInfoW
QueryPerformanceFrequency
InterlockedIncrement
GetCurrentThread
GetThreadTimes
InterlockedDecrement
WaitForMultipleObjects
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
GetFullPathNameW
lstrlenW
GetTempFileNameW
GetTempPathW
SearchPathW
DeleteFileW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
SetFileAttributesW
GetSystemDirectoryW
GetWindowsDirectoryW
FindFirstChangeNotificationW
FindNextFileW
FindFirstFileW
FindCloseChangeNotification
FindClose
GetModuleHandleW
GetSystemInfo
WideCharToMultiByte
MultiByteToWideChar
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
VirtualFree
VirtualAlloc
LocalFileTimeToFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetVersionExW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEndOfFile
SetFileTime
ReadFile
GetFileInformationByHandle
SetFilePointer
GetFileSize
CompareFileTime
WriteFile
FlushFileBuffers
LockFile
UnlockFile
Sleep
CreateProcessA
DeviceIoControl
CreateFileW
GetLastError
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
GetDriveTypeA
CreateToolhelp32Snapshot
GetLogicalDriveStringsA
SetHandleCount
GetFileAttributesA
GetModuleFileNameA
GetProcessHeap
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
SetEnvironmentVariableW
SetEnvironmentVariableA
GetStringTypeW
GetLocaleInfoA
EnumSystemLocalesA
Process32FirstW
Process32NextW
GetDriveTypeW
GetDiskFreeSpaceExA
OpenProcess
WaitForSingleObject
SetConsoleMode
SetConsoleScreenBufferSize
GetLargestConsoleWindowSize
GetStdHandle
AllocConsole
FreeConsole
GetEnvironmentVariableW
GetCommandLineW
CloseHandle
CreateProcessW
GetLongPathNameW
GetShortPathNameW
GetProcAddress
LoadLibraryW
FileTimeToSystemTime
FileTimeToLocalFileTime
TerminateProcess

mpr

WNetGetUniversalNameA

Sections

.text
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 501KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

376811f96d5bd9a72172bde1db55a106

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

oleaut32

imm32

winmm

ws2_32

ole32

user32

advapi32

shell32

kernel32

mpr

Sections

.text Size: 9.0MB - Virtual size: 9.0MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 81KB - Virtual size: 133KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 501KB - Virtual size: 501KB

.text
Size: 9.0MB - Virtual size: 9.0MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 81KB - Virtual size: 133KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 501KB - Virtual size: 501KB