2024-01-06_f4c585d46f80b9b93848efed806a1f97_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-06_f4c585d46f80b9b93848efed806a1f97_mafia
Size

666KB
MD5

f4c585d46f80b9b93848efed806a1f97
SHA1

b7f5ed7a78c1bc6e1d4d61f9763ec5ab95531ab2
SHA256

704f4fa31dcac7efd706fd1962dc2012eb44756ce66b0ae488f1110908d66da1
SHA512

f1f4102ebc62080b394f38f3b1ac20fb18b744e89c7ee93c8833ba51bd62a202cb5181aa54029f7b6d62ce24ec2ebf272de44faf359b1b9e414720b10809a5f3
SSDEEP

3072:8oMaQQEfL+ktDnt97uyGiiyFMdpltGsJhs3tViRiHGJedPbPIL0oTrjwYgJeSXQS:oRlNtduyGiHF0tJ23uRwe/jOefwr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-06_f4c585d46f80b9b93848efed806a1f97_mafia

Files

2024-01-06_f4c585d46f80b9b93848efed806a1f97_mafia
.exe windows:5 windows x86 arch:x86

a63278e650a8c08cb2cf1a6cb9f2158e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStructA
LeaveCriticalSection
GetPrivateProfileIntA
WritePrivateProfileStringA
EnterCriticalSection
CloseHandle
CreateMutexA
GetLastError
InterlockedExchange
GetPrivateProfileStringA
DeleteCriticalSection
SetEnvironmentVariableA
CompareStringW
CreateFileW
GetProcessHeap
SetEndOfFile
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
SetFilePointer
ReadFile
SetStdHandle
LoadLibraryW
HeapReAlloc
GetTimeZoneInformation
FlushFileBuffers
InitializeCriticalSection
GetLocalTime
CreateFileA
CreateDirectoryA
GetFileAttributesA
WriteFile
InterlockedIncrement
InterlockedDecrement
GetSystemInfo
CreateIoCompletionPort
WinExec
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetComputerNameA
FormatMessageA
GetModuleHandleA
VirtualQuery
GetCurrentThread
LocalFree
IsBadStringPtrA
LoadLibraryExA
Sleep
WaitForMultipleObjects
WaitForSingleObject
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetCommandLineA
InterlockedCompareExchange
GetFileSize
EncodePointer
DecodePointer
RtlUnwind
RaiseException
HeapSetInformation
GetStartupInfoW
GetSystemTimeAsFileTime
ExitThread
CreateThread
HeapFree
HeapSize
GetModuleHandleW
ExitProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
IsProcessorFeaturePresent
HeapAlloc
GetModuleFileNameW
GetLocaleInfoW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetConsoleCP
GetConsoleMode
GetPrivateProfileStructA

user32

PostMessageA
PostQuitMessage
GetCursorPos
SetForegroundWindow
TrackPopupMenu
DestroyIcon
KillTimer
SetTimer
GetSystemMetrics
GetWindowTextA
CallWindowProcA
SetWindowTextA
UpdateWindow
wsprintfA
SetPropA
CreateWindowExA
RegisterClassA
LoadIconA
SendMessageA
FindWindowA
DestroyWindow
DispatchMessageA
TranslateMessage
IsDialogMessageA
GetMessageA
DefWindowProcA
DestroyMenu
GetSysColor
LoadMenuA
GetSubMenu
GetPropA
RegisterWindowMessageA
SetWindowLongA
LoadCursorA
UnregisterClassA
GetSysColorBrush

ws2_32

connect
bind
setsockopt
listen
htonl
htons
gethostbyname
gethostname
WSASendTo
WSASocketA
WSARecvFrom
WSARecv
closesocket
WSAGetLastError
shutdown
ntohs
inet_ntoa
inet_addr
WSACleanup
WSAStartup
WSASend

winmm

timeBeginPeriod
timeGetTime
timeGetDevCaps

mswsock

GetAcceptExSockaddrs
AcceptEx

gdi32

SetBkColor
DeleteObject
CreateFontA
GetStockObject

advapi32

GetUserNameA

shell32

Shell_NotifyIconA

Sections

.text
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a63278e650a8c08cb2cf1a6cb9f2158e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

winmm

mswsock

gdi32

advapi32

shell32

Sections

.text Size: 291KB - Virtual size: 291KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 10KB - Virtual size: 108KB

.tls Size: 256KB - Virtual size: 256KB

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 291KB - Virtual size: 291KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 10KB - Virtual size: 108KB

.tls
Size: 256KB - Virtual size: 256KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 17KB - Virtual size: 16KB