2024-01-06_cc74724f82d3286699f40f6a4055ca64_mafia_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-06_cc74724f82d3286699f40f6a4055ca64_mafia_revil
Size

4.6MB
MD5

cc74724f82d3286699f40f6a4055ca64
SHA1

9518327c512f35a809215960ba10ef1f9e0c484c
SHA256

95f2254b21352b781b524318158405503f113301debab272357dfbaf8e42310c
SHA512

06c64b7dd8ae63d1f54526b71b58443efac8f9d2dc396fdf4637968b5aa89390d14acb158645fe3dc7e947f95a3f8394a9db91c4d87f4d9eb631709b708619b3
SSDEEP

49152:h+kLUvJk6eycPHiq/g2BCIGNYn95FuQ1Ql5gUZXEoHmRr09CMTnQHTJxMp/tIECg:B4Bk6RcpAIGSw1w7k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-06_cc74724f82d3286699f40f6a4055ca64_mafia_revil

Files

2024-01-06_cc74724f82d3286699f40f6a4055ca64_mafia_revil
.exe windows:5 windows x86 arch:x86

af40402263f27b5e617df45a7c34aa9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

ws2_32

htonl
ioctlsocket
accept
listen
bind
sendto
getsockname
select
__WSAFDIsSet
shutdown
recvfrom
WSASocketA
WSAAsyncSelect
WSAEventSelect
WSAIoctl
WSASetLastError
gethostbyname
WSAAddressToStringA
WSAStringToAddressA
inet_ntoa
ntohl
socket
connect
send
recv
closesocket
WSAStartup
WSACleanup
inet_addr
gethostname
freeaddrinfo
getaddrinfo
setsockopt
WSAGetLastError
WSCGetProviderPath
WSCEnumProtocols
htons

kernel32

LeaveCriticalSection
GetCurrentThread
GetModuleFileNameA
IsDBCSLeadByte
FindResourceA
LoadLibraryExA
GetTempPathW
CopyFileW
CreateThread
GetCurrentThreadId
SetCurrentDirectoryW
GetCurrentDirectoryA
GetCommandLineA
ReadProcessMemory
IsWow64Process
GetNativeSystemInfo
Process32NextW
Process32FirstW
FreeConsole
WriteConsoleInputA
GetStdHandle
GetWindowsDirectoryA
SetFileAttributesW
GetSystemInfo
FormatMessageA
GetFileSize
WaitForMultipleObjects
WaitForSingleObject
PulseEvent
InitializeCriticalSection
TerminateThread
SetThreadAffinityMask
GetThreadPriority
SetThreadPriority
ResumeThread
ReleaseSemaphore
CreateSemaphoreA
VerifyVersionInfoA
CreateMutexA
GetFullPathNameA
SetStdHandle
GetTimeZoneInformation
HeapSize
SetFilePointer
GetFileType
SetHandleCount
ReadFile
ExitProcess
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapDestroy
HeapCreate
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
WriteFile
IsDebuggerPresent
SetUnhandledExceptionFilter
GetModuleHandleW
FindFirstFileW
FindNextFileW
FindClose
DeleteFileA
CreateProcessW
GetShortPathNameW
CreateToolhelp32Snapshot
Process32First
Process32Next
GetTempPathA
GetLogicalDriveStringsA
GetCurrentProcess
GetModuleHandleA
lstrcmpiA
GetWindowsDirectoryW
GetLocalTime
GetSystemTime
GetDateFormatA
GetTimeFormatA
DeviceIoControl
CreateFileA
LoadLibraryW
EnterCriticalSection
DeleteCriticalSection
CreateDirectoryW
LocalAlloc
CreateEventA
LocalFree
GetSystemDirectoryA
GetSystemDirectoryW
ExpandEnvironmentStringsW
SetFileAttributesA
SetEvent
Sleep
ResetEvent
LoadLibraryA
GetProcAddress
FreeLibrary
GetFileAttributesW
DeleteFileW
RemoveDirectoryW
GetTickCount
OpenProcess
GetLastError
CloseHandle
GetCurrentProcessId
InterlockedIncrement
InterlockedDecrement
lstrlenA
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
FlushFileBuffers
FatalAppExitA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
WriteConsoleW
CreateFileW
SetConsoleCtrlHandler
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
GetStartupInfoW
HeapSetInformation
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
SetFileTime
GetSystemTimeAsFileTime
VirtualQuery
VirtualAlloc
VirtualProtect
HeapAlloc
HeapReAlloc
HeapFree
EncodePointer
DecodePointer
RtlUnwind
SystemTimeToFileTime
InterlockedExchange
SetEndOfFile
GetProcessHeap
GetDriveTypeW
CompareStringW
SetEnvironmentVariableA
CopyFileA
GetVersion
FindNextFileA
FindFirstFileA
GlobalMemoryStatus
FlushConsoleInputBuffer
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
lstrlenW
RaiseException
TerminateProcess
GetFileAttributesA
GetVersionExA
SetLastError
VerSetConditionMask
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReleaseMutex

user32

GetDC
ReleaseDC
MessageBoxA
GetUserObjectInformationW
LoadStringA
CharNextA
CharNextW
PostThreadMessageA
DispatchMessageA
MsgWaitForMultipleObjectsEx
DestroyWindow
CreateWindowExA
UnregisterClassA
DefWindowProcA
RegisterClassA
KillTimer
PostMessageA
GetMessageA
TranslateMessage
SetTimer
GetProcessWindowStation
SetProcessWindowStation
CreateDesktopA
SetThreadDesktop
PeekMessageA

advapi32

QueryServiceStatus
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
SetNamedSecurityInfoA
RegisterEventSourceA
GetNamedSecurityInfoA
LookupAccountSidA
LookupAccountNameA
CreateServiceA
RegSetValueA
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
AllocateAndInitializeSid
RegSetValueExA
RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
EnumServicesStatusW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
ConvertSidToStringSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
DeleteService
ChangeServiceConfigW
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerW
CreateServiceW
ChangeServiceConfig2A
ChangeServiceConfigA
QueryServiceConfigW
RegQueryInfoKeyA
RegQueryInfoKeyW
OpenThreadToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSid
GetLengthSid
CopySid
RegDeleteValueA
RegCreateKeyExA
SetServiceStatus
RegisterEventSourceW
ReportEventA
DeregisterEventSource
OpenServiceW
GetSecurityDescriptorLength
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyA
RegQueryValueExW
RegEnumKeyA
ConvertStringSidToSidA
LookupAccountSidW
ControlService
QueryServiceStatusEx
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
RegOpenKeyA
RegEnumKeyExA
CryptGenKey
GetSidSubAuthority

ole32

CoRevokeClassObject
CoCreateFreeThreadedMarshaler
CoInitialize
CoUninitialize
CoCreateGuid
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeSecurity
CoInitializeEx
StringFromIID
StringFromGUID2
CoCreateInstance
ProgIDFromCLSID
CoTaskMemFree

oleaut32

SysAllocString
SysAllocStringLen
VariantClear
GetErrorInfo
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VariantInit
SysAllocStringByteLen
CreateErrorInfo
SetErrorInfo
SysStringLen
SysFreeString
SysStringByteLen
VariantChangeType

rpcrt4

RpcServerInqCallAttributesW

netapi32

NetUserGetInfo
NetApiBufferFree

secur32

GetUserNameExW
GetUserNameExA

iphlpapi

GetAdaptersInfo
GetExtendedTcpTable

crypt32

CertEnumCertificatesInStore
CertEnumCRLsInStore
CertNameToStrA
CertCreateCertificateContext
CertOpenSystemStoreA
CertGetCertificateChain
CertFreeCertificateChain
CertStrToNameA
CertCreateSelfSignCertificate
CryptAcquireCertificatePrivateKey
CertOpenStore
PFXExportCertStoreEx
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMemFree
CryptBinaryToStringA
CryptMemAlloc

gdi32

CreateCompatibleBitmap
GetObjectA
GetDIBits
DeleteObject
GetDeviceCaps

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 677KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af40402263f27b5e617df45a7c34aa9a

Headers

DLL Characteristics

File Characteristics

Imports

version

psapi

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

rpcrt4

netapi32

secur32

iphlpapi

crypt32

gdi32

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 677KB - Virtual size: 676KB

.data Size: 76KB - Virtual size: 101KB

.idata Size: 13KB - Virtual size: 12KB

.rsrc Size: 72KB - Virtual size: 71KB

.reloc Size: 137KB - Virtual size: 137KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 677KB - Virtual size: 676KB

.data
Size: 76KB - Virtual size: 101KB

.idata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 72KB - Virtual size: 71KB

.reloc
Size: 137KB - Virtual size: 137KB