2024-01-11_3e1b7197591836dd9b6537ec39dc87df_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-11_3e1b7197591836dd9b6537ec39dc87df_mafia
Size

3.2MB
MD5

3e1b7197591836dd9b6537ec39dc87df
SHA1

bd0c35944de88de551d0c654c8c1dc6c339a7027
SHA256

4e1be254f3a0f612af2103aeb9faf8c105f6aaa1a24654adee177fc5a74056d8
SHA512

65766296b2d9a49ff4da851256bd997889add0730d7f31a1c63dcc3d28b5c3de0e4c662659b032691e598df4917ff3aa60e79b72f1004275919411e97640938d
SSDEEP

49152:sRELqdIL1vtcviAJSxLTb2sWeazqcFbY7eEGsbrt+SOFTppnTVSlqySYE:S4lcv4xbNazTweEVbBkM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-11_3e1b7197591836dd9b6537ec39dc87df_mafia

Files

2024-01-11_3e1b7197591836dd9b6537ec39dc87df_mafia
.exe windows:5 windows x86 arch:x86

fe8bf5823920070bb87b9c2853152ee3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleacc

GetRoleTextW
AccessibleChildren
AccessibleObjectFromWindow
GetStateTextW

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
recv
gethostname
ioctlsocket
select
__WSAFDIsSet
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
WSASetLastError
connect
socket
closesocket
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
shutdown

wldap32

ord41
ord27
ord301
ord33
ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord46

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

kernel32

GetACP
InterlockedIncrement
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetTimeZoneInformation
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
RaiseException
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
InterlockedExchange
SetConsoleCtrlHandler
ExitProcess
CreateThread
ExitThread
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapSetInformation
GetCommandLineA
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
LockFile
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
GetOEMCP
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringA
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
CreateEventA
SetEvent
GetCurrentThreadId
GetConsoleWindow
GetModuleFileNameW
InterlockedDecrement
GetComputerNameW
OpenProcess
WTSGetActiveConsoleSessionId
CreateProcessW
lstrcpynW
GlobalLock
GetModuleHandleW
GlobalAlloc
GetExitCodeProcess
GlobalUnlock
SetLastError
SleepEx
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
GetModuleHandleA
GetVersion
GlobalMemoryStatus
FlushConsoleInputBuffer
GetCurrentDirectoryW
FindClose
RemoveDirectoryW
CreateDirectoryW
GetFileInformationByHandle
FindFirstFileW
FindNextFileW
TlsAlloc
TlsFree
TlsGetValue
OpenEventA
ResetEvent
TlsSetValue
ResumeThread
SetWaitableTimer
CreateWaitableTimerA
GetCurrentProcess
DuplicateHandle
CreateProcessA
IsValidCodePage
GetCPInfo
DecodePointer
EncodePointer
WriteConsoleW
GetDateFormatA
GetTimeFormatA
GetConsoleCP
LCMapStringW
GetStringTypeW
GetLocaleInfoW
CreatePipe
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
lstrlenA
LoadLibraryA

user32

EndDialog
GetDlgItem
EmptyClipboard
GetWindowLongW
InvalidateRect
IsDialogMessageW
TranslateMessage
SetFocus
GetClientRect
GetKeyState
LoadImageW
RegisterWindowMessageW
PostQuitMessage
GetMessageW
SetActiveWindow
GetWindowRect
CloseClipboard
DestroyWindow
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
MapWindowPoints
UpdateWindow
EnableWindow
SetClipboardData
SetWindowPos
SetWindowTextW
MoveWindow
DispatchMessageW
TrackPopupMenu
PostMessageW
GetSubMenu
SetForegroundWindow
GetMenuItemInfoW
LoadIconW
LoadMenuW
EnableMenuItem
GetMenuState
GetCursorPos
RemoveMenu
SetMenuDefaultItem
InsertMenuW
DestroyMenu
DestroyIcon
SetMenuItemInfoW
CheckMenuItem
keybd_event
VkKeyScanExW
SendInput
GetKeyboardLayout
GetLastInputInfo
wsprintfW
GetWindowTextW
GetWindowThreadProcessId
GetSysColorBrush
CreateDialogParamW
OpenClipboard
IsWindowVisible
GetDlgItemTextW
GetDlgCtrlID
SetDlgItemTextW
ShowWindow
GetWindow
MessageBoxW
GetClassNameW
SendMessageW
DdeInitializeW
DdeCreateStringHandleW
DdeGetData
GetForegroundWindow
DdeDisconnect
DdeConnect
DdeClientTransaction
DdeUninitialize
DdeFreeStringHandle
IsWindowEnabled

gdi32

SetTextColor
SetBkMode
CreateFontW

advapi32

StartServiceCtrlDispatcherW
RegisterEventSourceW
CloseServiceHandle
DeleteService
OpenSCManagerW
RegisterEventSourceA
OpenServiceW
ReportEventA
GetUserNameW
RegSetValueExW
RegCloseKey
RegCreateKeyW
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerW
ReportEventW
CreateServiceW

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetFolderPathW

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantInit
SysAllocStringLen

winhttp

WinHttpSetTimeouts
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 745KB - Virtual size: 744KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe8bf5823920070bb87b9c2853152ee3

Headers

DLL Characteristics

File Characteristics

Imports

psapi

version

oleacc

ws2_32

wldap32

secur32

wtsapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winhttp

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 745KB - Virtual size: 744KB

.data Size: 121KB - Virtual size: 145KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 159KB - Virtual size: 158KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 745KB - Virtual size: 744KB

.data
Size: 121KB - Virtual size: 145KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 159KB - Virtual size: 158KB