2024-01-10_0db6fa69ccba1284d402b5f1e27b94e1_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-10_0db6fa69ccba1284d402b5f1e27b94e1_mafia
Size

12.8MB
MD5

0db6fa69ccba1284d402b5f1e27b94e1
SHA1

f8c6eeb232f49553481f25074054fda126e433a0
SHA256

e15aee575dd39b900f0e6da9a52b42864fba5e136fbf78a0a241ff8a0444b2a3
SHA512

4b44d7eeb2bf1f9ea218a2a73c77220f4425aa73eda98e816f1773e65896cb720b88692e4a706060a5e278b8c5f01bae92a5c671f262da2fbeafe4bfc25890fa
SSDEEP

24576:VLS9QlbYhFVnziDcCxrbkHKJYSYTEz2LPaXlv+HsbAzm2iYXPnavTOq:VS9+PDTxrYSrzQPElvbbam2iYfa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-10_0db6fa69ccba1284d402b5f1e27b94e1_mafia

Files

2024-01-10_0db6fa69ccba1284d402b5f1e27b94e1_mafia
.exe windows:5 windows x86 arch:x86

c22a9ec44d6dc8c80ade4e8434d70e84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringW
Sleep
GetExitCodeProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetCurrentDirectoryW
GetLongPathNameW
lstrcmpW
LocalFree
CreateProcessW
GetModuleFileNameW
OpenProcess
QueryDosDeviceW
TerminateProcess
ProcessIdToSessionId
CreateThread
GetPrivateProfileIntW
GetDiskFreeSpaceExW
OutputDebugStringW
CreateMutexW
ReleaseMutex
GetLocalTime
InitializeCriticalSectionAndSpinCount
MapViewOfFileEx
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
TerminateThread
GetUserDefaultLCID
GetSystemWow64DirectoryW
GetLocaleInfoW
GetUserDefaultUILanguage
InterlockedExchange
MulDiv
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
GlobalAlloc
WriteConsoleW
FlushFileBuffers
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
HeapSize
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
QueryPerformanceCounter
HeapDestroy
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
VirtualQuery
VirtualProtect
GetDateFormatW
GetTimeFormatW
ExitProcess
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
EncodePointer
DecodePointer
ExitThread
HeapFree
HeapAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
SetLastError
WritePrivateProfileStringW
GetCurrentThreadId
GetVersion
LoadLibraryW
FreeLibrary
GetCurrentProcess
FlushInstructionCache
RaiseException
lstrlenA
GetModuleHandleW
GetProcAddress
GetSystemInfo
SetEndOfFile
SetFilePointer
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
GetWindowsDirectoryW
MoveFileW
RemoveDirectoryW
SetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
WaitForMultipleObjects
GetStdHandle
ReadFile
CreateDirectoryW
GetTickCount
DeleteFileW
MoveFileExW
CopyFileW
GetSystemDirectoryW
VirtualAlloc
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WriteFile
GetCurrentProcessId
GetFileSize
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
FindNextFileW
GetFileAttributesW
FindFirstFileW
FindClose
CreateFileW
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
CloseHandle
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
VirtualFree
GetProcessHeap

user32

ReleaseCapture
GetNextDlgTabItem
SetFocus
SetCapture
GetKeyState
WindowFromPoint
GetScrollPos
SetWindowRgn
ClientToScreen
OffsetRect
RemoveMenu
DrawIconEx
LoadIconW
DrawFrameControl
EqualRect
DestroyIcon
GetDlgCtrlID
PtInRect
PostThreadMessageW
SetRectEmpty
PostQuitMessage
PostMessageW
ScreenToClient
SetTimer
SetWindowLongW
KillTimer
GetSystemMetrics
GetWindowDC
CreateWindowExW
SetCursor
FindWindowExW
GetWindowThreadProcessId
GetWindowLongW
MoveWindow
SetWindowPos
GetWindowRect
SendMessageW
wsprintfW
GetClientRect
InvalidateRect
IsChild
IsWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
GetClassInfoExW
LoadCursorW
CopyRect
SetRect
InflateRect
GetDlgItem
UnregisterClassA
ShowWindow
IsDialogMessageW
GetFocus
ReleaseDC
GetDC
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
RegisterClassExW
LoadBitmapW
LoadImageW
SetActiveWindow
SetForegroundWindow
AttachThreadInput
SystemParametersInfoW
GetForegroundWindow
EnableWindow
IsWindowEnabled
GetDesktopWindow
GetActiveWindow
BeginPaint
EndPaint
DefWindowProcW
CallWindowProcW
FindWindowW
SendMessageTimeoutW
CharLowerW
CharUpperW
DestroyWindow
GetSystemMenu
DrawTextW
IsWindowVisible
MessageBoxW
CharNextW
GetWindowTextW
SetWindowTextW

gdi32

RestoreDC
SaveDC
SelectClipRgn
Rectangle
ExtTextOutW
SetBkColor
CreatePen
DeleteObject
DeleteDC
BitBlt
CreateDIBSection
CreateCompatibleDC
GetObjectW
SetTextColor
StretchBlt
CreateBitmap
CreateCompatibleBitmap
SetStretchBltMode
GetStockObject
CreateFontIndirectW
CreateFontW
SetBkMode
CreateRectRgnIndirect
CombineRgn
RectInRegion
RoundRect
GetClipRgn
MoveToEx
LineTo
TextOutW
GetTextExtentPoint32W
SetRectRgn
OffsetRgn
CreateSolidBrush
SetDIBColorTable
GetDIBColorTable
DPtoLP
GetDeviceCaps
SelectObject
CreateRectRgn

shell32

SHGetPathFromIDListW
CommandLineToArgvW
SHGetFolderPathW
ord680
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

LoadTypeLibEx
VarUI4FromStr
VariantCopy
VariantClear
SysAllocString
SysFreeString
QueryPathOfRegTypeLi

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteKeyW
RegEnumKeyExW
FreeSid
CheckTokenMembership
ImpersonateLoggedOnUser
RevertToSelf
RegOpenCurrentUser
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyW
RegDeleteValueW
QueryServiceConfigW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
ControlService
RegOpenKeyW
CloseServiceHandle
GetTokenInformation
IsValidSid
EqualSid
AllocateAndInitializeSid
RegSetValueExW

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
PathRemoveBackslashW
PathAppendW
StrToIntW
ord176
StrStrIW
StrToIntA
PathFileExistsW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

EnumProcessModules
GetModuleFileNameExW

ws2_32

recvfrom
closesocket
sendto
htons
socket
gethostbyname
WSAStartup
setsockopt

urlmon

URLDownloadToFileW

gdiplus

GdipCreateBitmapFromFile
GdiplusStartup
GdiplusShutdown
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipCloneImage
GdipBitmapLockBits
GdipCreateBitmapFromFileICM
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStream
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipDrawImageRectI
GdipCreateBitmapFromScan0
GdipDrawImageRectRectI
GdipLoadImageFromStreamICM

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_SetBkColor
ImageList_GetImageInfo
ImageList_Draw
_TrackMouseEvent
InitCommonControlsEx

Sections

.text
Size: 555KB - Virtual size: 555KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c22a9ec44d6dc8c80ade4e8434d70e84

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

shlwapi

version

psapi

ws2_32

urlmon

gdiplus

msimg32

comctl32

Sections

.text Size: 555KB - Virtual size: 555KB

.rdata Size: 193KB - Virtual size: 193KB

.data Size: 17KB - Virtual size: 37KB

.rsrc Size: 36KB - Virtual size: 36KB

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 555KB - Virtual size: 555KB

.rdata
Size: 193KB - Virtual size: 193KB

.data
Size: 17KB - Virtual size: 37KB

.rsrc
Size: 36KB - Virtual size: 36KB

.reloc
Size: 43KB - Virtual size: 43KB