2024-01-06_06b97b0b9b596fecdfe0b1ebeb335614_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-06_06b97b0b9b596fecdfe0b1ebeb335614_mafia
Size

1.3MB
MD5

06b97b0b9b596fecdfe0b1ebeb335614
SHA1

f7bae4e5de04d9b61885189281e2e055b4e8dea2
SHA256

404cdf89f487396831b29560b13ed972dd925bed4bbd9b889624eb179d69da73
SHA512

818587967de5b62fa217d66feef1a20acf81d1468013d01b42bfcd52f26ef4c227bbf81afb3063f5b4e78582e85bbf027896b91b9736584aa7db634451c022bc
SSDEEP

12288:ZFFbDMqRjSoDHtD4rg9TmOYgD7Kw/dReaRgQ2lmEgFHSHyQ:ZFF5x5DN9hD7K4ReaRgQ2lmEgFqy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-06_06b97b0b9b596fecdfe0b1ebeb335614_mafia

Files

2024-01-06_06b97b0b9b596fecdfe0b1ebeb335614_mafia
.exe windows:5 windows x86 arch:x86

f044f7dfa944cb0fba573bc3a361e6e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetModuleFileNameW
CreateFileW
lstrcmpW
MultiByteToWideChar
lstrlenW
GlobalUnlock
FlushInstructionCache
RaiseException
GetLastError
SetLastError
GetProcAddress
EnterCriticalSection
CreateSemaphoreW
LockResource
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
DeleteFileW
CreateThread
GetVersionExW
GetTimeZoneInformation
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
SetEnvironmentVariableA
GetProcessHeap
LoadLibraryW
WriteConsoleW
SetStdHandle
FlushFileBuffers
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
HeapSize
ExitProcess
HeapDestroy
HeapCreate
TerminateProcess
GetStdHandle
SetHandleCount
GetConsoleMode
GetConsoleCP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CompareStringW
LCMapStringW
RtlUnwind
MoveFileW
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
GetDateFormatW
GetTimeFormatW
HeapAlloc
HeapFree
GetLocaleInfoW
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
SetFileAttributesW
WaitForMultipleObjects
CreateEventW
GetFileSizeEx
ReadFile
GetTickCount
SetEvent
SetFilePointerEx
GetTempPathW
WideCharToMultiByte
GetExitCodeProcess
LeaveCriticalSection
SizeofResource
Sleep
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
GlobalAlloc
InitializeCriticalSection
WriteFile
GetModuleHandleW
GetSystemDefaultLCID
WaitForSingleObject
GlobalLock
GetFileType
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
CreateProcessW
LoadResource
FreeLibrary
FindResourceW
SetErrorMode
FindResourceExW
FreeResource
GetEnvironmentVariableW
MulDiv
LocalFree
GetFileAttributesExW
FormatMessageW
TerminateThread
SetFilePointer
SetEndOfFile

user32

UnregisterClassA
GetWindowLongW
GetSystemMetrics
GetClientRect
GetWindowRect
ClientToScreen
DispatchMessageW
IsIconic
MoveWindow
GetWindow
DefWindowProcW
CallWindowProcW
SetWindowTextW
EnableWindow
UpdateWindow
SendMessageW
SetDlgItemTextW
ReleaseCapture
MessageBoxW
UnhookWindowsHookEx
SetWindowsHookExW
CreateWindowExW
FindWindowExW
IsWindow
CreateDialogParamW
ShowWindow
LoadStringW
GetCursorPos
SetWindowPos
GetSysColor
GetDesktopWindow
RedrawWindow
EndDialog
SetWindowLongW
GetDlgItem
ReleaseDC
GetClassNameW
GetWindowTextW
InvalidateRect
GetScrollInfo
GetAsyncKeyState
LoadIconW
RegisterClassExW
TranslateMessage
GetDC
wsprintfW
GetClassInfoExW
PtInRect
BeginPaint
SetFocus
CreateAcceleratorTableW
EndPaint
DestroyWindow
SetCursor
GetWindowTextLengthW
DestroyAcceleratorTable
ScreenToClient
GetMessageW
PostQuitMessage
CharNextW
GetWindowDC
RegisterWindowMessageW
FindWindowW
FillRect
IsChild
SetCapture
PostMessageW
GetLastActivePopup
SetForegroundWindow
GetFocus
GetParent
InvalidateRgn
LoadCursorW

gdi32

SetTextColor
DeleteDC
CreateFontIndirectW
GetDeviceCaps
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
GetObjectW
GetStockObject
CreateSolidBrush
BitBlt

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
CheckTokenMembership
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW

shell32

ord165
SHGetFolderPathW
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExW
Shell_NotifyIconW

ole32

CoTaskMemRealloc
CoUninitialize
OleLockRunning
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
StringFromGUID2
OleInitialize
OleUninitialize
CoInitialize
CoTaskMemFree
CoGetClassObject
CoTaskMemAlloc
CoCreateGuid

oleaut32

SysAllocString
SysStringLen
VariantClear
LoadTypeLi
VariantInit
SysAllocStringLen
OleCreateFontIndirect
VarUI4FromStr
LoadRegTypeLi
SysFreeString

shlwapi

ord12

gdiplus

GdipCreateBitmapFromScan0
GdipFree
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdiplusStartup
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipGetImageHeight
GdipCloneBitmapAreaI
GdipDrawImageRectRect
GdipLoadImageFromStream
GdiplusShutdown
GdipReleaseDC
GdipCloneImage
GdipDrawImageRect
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipDrawImageRectI

ws2_32

gethostbyname
closesocket
socket
recv
ioctlsocket
connect
inet_ntoa
WSAStartup
select
WSAGetLastError
htons
WSACleanup
send

Sections

.text
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 119KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 808KB - Virtual size: 807KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f044f7dfa944cb0fba573bc3a361e6e4

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

ws2_32

Sections

.text Size: 288KB - Virtual size: 287KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 119KB - Virtual size: 152KB

.rsrc Size: 808KB - Virtual size: 807KB

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 288KB - Virtual size: 287KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 119KB - Virtual size: 152KB

.rsrc
Size: 808KB - Virtual size: 807KB

.reloc
Size: 30KB - Virtual size: 30KB