2024-01-11_72722b6d1b0abc35428ccd9dda983c12_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-11_72722b6d1b0abc35428ccd9dda983c12_mafia
Size

6.3MB
MD5

72722b6d1b0abc35428ccd9dda983c12
SHA1

b0927a9fcce7143ba4a4941dc478313f021cb008
SHA256

3c17ad1fb43f2f2c5854c241a5de008e45b83c7ca2a319762622a5a086790207
SHA512

62418936f7c65f715e31747949cbac1d73a4485f143da5bb7a79ca9e25ec9c28b3169edfd570ff3d04cc5030168a8c1afa5e1b48bd7d6ef3e5cd12fd582973c9
SSDEEP

98304:HKZ4Mc+nitvbjHZ4CFYvzlVDbwRlW6KVdJVFnxWUouHu62XFgXMnhpPerXaFDQp:qZPlnitvbyrXFgluO632zerXaFa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-11_72722b6d1b0abc35428ccd9dda983c12_mafia

Files

2024-01-11_72722b6d1b0abc35428ccd9dda983c12_mafia
.exe windows:5 windows x86 arch:x86

176377b423cd3bb75a69eabd13d287e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

odbc32

ord36
ord31
ord9
ord24
ord16
ord75
ord26
ord43
ord7
ord8
ord4
ord18
ord20
ord11
ord13

kernel32

lstrcpyA
OpenFile
GetFileSize
_lclose
ReadFile
GlobalAlloc
GlobalFree
HeapFree
GetProcessHeap
HeapAlloc
GetQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
PostQueuedCompletionStatus
LoadLibraryA
GetProcAddress
ExitProcess
FindFirstFileA
OutputDebugStringA
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
GetPrivateProfileStringA
Sleep
CreateThread
GetLastError
CloseHandle
VirtualQueryEx
GetModuleFileNameA
CreateFileA
GetCurrentProcess
TerminateThread
FormatMessageA
InitializeCriticalSectionAndSpinCount
FreeLibrary
GetCurrentThread
GetThreadContext
WriteFile
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceW
LocalFree
GlobalUnlock
GlobalLock
GlobalSize
CopyFileA
SetLastError
GetModuleHandleA
CompareStringA
GetModuleHandleW
GetModuleFileNameW
DeactivateActCtx
CreateActCtxW
ReleaseActCtx
ActivateActCtx
GetCurrentProcessId
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalGetAtomNameA
GetAtomNameA
lstrcmpA
GetThreadLocale
FileTimeToSystemTime
SystemTimeToFileTime
GetStringTypeExA
lstrcmpiA
DeleteFileA
MoveFileA
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FindClose
GetVolumeInformationA
GetFullPathNameA
GetShortPathNameA
GlobalAddAtomA
GlobalFlags
SetThreadPriority
ResumeThread
GetCurrentThreadId
SetEvent
SuspendThread
CreateEventA
SetErrorMode
GetFileAttributesExA
SetFileAttributesA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
LoadLibraryExA
GetLocaleInfoA
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GlobalDeleteAtom
lstrcmpW
LoadLibraryW
GetVersionExA
GlobalFindAtomA
FreeResource
FindResourceA
GetACP
GetSystemDirectoryW
GetCurrentDirectoryA
WritePrivateProfileStringA
GetCPInfo
GetOEMCP
GetWindowsDirectoryA
GetNumberFormatA
GetTempFileNameA
GetTempPathA
GetProfileIntA
SearchPathA
VirtualProtect
GetUserDefaultLCID
ReplaceFileA
GetDiskFreeSpaceA
FindResourceExW
LocalUnlock
LocalLock
RtlUnwind
RaiseException
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
ExitThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
VirtualAlloc
VirtualQuery
HeapReAlloc
HeapQueryInformation
HeapSize
SetStdHandle
GetFileType
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetHandleCount
GetStdHandle
FatalAppExitA
GetConsoleCP
GetConsoleMode
HeapCreate
HeapDestroy
IsValidCodePage
GetTimeZoneInformation
SetConsoleCtrlHandler
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeW
LCMapStringW
CompareStringW
WriteConsoleW
EnumSystemLocalesA
IsValidLocale
CreateFileW
SetEnvironmentVariableA
GetLocalTime
CreateDirectoryA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileIntA
GetTickCount

user32

RegisterWindowMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
GetNextDlgTabItem
CreateDialogIndirectParamA
SetRectEmpty
SystemParametersInfoA
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadCursorW
SetCursor
ShowOwnedPopups
DeleteMenu
InvalidateRect
InflateRect
GetMenuItemInfoA
DestroyMenu
CopyImage
IntersectRect
GetMenuDefaultItem
CreatePopupMenu
IsRectEmpty
MapVirtualKeyA
SetCapture
GetAsyncKeyState
ReleaseCapture
InvertRect
DrawFocusRect
HideCaret
EnableScrollBar
NotifyWinEvent
MessageBeep
OffsetRect
GetIconInfo
LoadImageA
GetNextDlgGroupItem
DrawIconEx
GetDialogBaseUnits
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
WindowFromPoint
SetClassLongA
LoadMenuW
GetSystemMenu
DrawStateA
DrawEdge
DrawFrameControl
CopyAcceleratorTableA
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
SetCursorPos
BringWindowToTop
LockWindowUpdate
GetKeyNameTextA
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
IsCharLowerA
MapVirtualKeyExA
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
InsertMenuItemA
GetMenuBarInfo
LoadMenuA
ReuseDDElParam
UnpackDDElParam
PostThreadMessageA
WaitMessage
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
InSendMessage
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
SendNotifyMessageA
FrameRect
GetUpdateRect
RegisterClipboardFormatA
CopyIcon
CharUpperBuffA
GetDoubleClickTime
SubtractRect
EnumChildWindows
MapDialogRect
DrawIcon
DestroyCursor
WindowFromDC
GetWindowRgn
GetDCEx
GetTabbedTextExtentW
GetTabbedTextExtentA
GetScrollRange
ShowScrollBar
RedrawWindow
LoadIconW
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetMenu
CopyRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetForegroundWindow
IsIconic
PostMessageA
SetWindowPos
ScrollWindowEx
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetScrollPos
SetScrollPos
SetFocus
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
UnregisterClassA
GetFocus
GetDesktopWindow
RealChildWindowFromPoint
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
CharUpperA
DestroyIcon
GetWindowTextLengthA
GetWindowTextA
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
GetSystemMetrics
GetSysColor
GetSysColorBrush
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
wsprintfA
MessageBoxA
EqualRect
SetWindowLongA
CallWindowProcA
IsWindow
SendMessageA
SetDlgItemTextA
EndDialog
GetDlgItem
ShowWindow
CreateDialogParamA
ReleaseDC
FillRect
GetDC
SetWindowTextA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
LoadStringA
SetTimer
RegisterClassExA
LoadCursorA
LoadIconA
UpdateWindow
CreateWindowExA
WinHelpA
IsChild
PostQuitMessage
DestroyWindow
KillTimer
DefWindowProcA
DialogBoxParamA
FindWindowA
SetRect
GetClientRect
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetClassInfoExA
SetScrollRange

gdi32

GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
GetCharWidthA
StretchDIBits
GetCurrentObject
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
GetDIBits
StretchBlt
SetPixel
Rectangle
OffsetRgn
GetRgnBox
EnumFontFamiliesExA
CreateDIBitmap
CreateHatchBrush
ExtCreatePen
CreatePen
RoundRect
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetLayout
SetLayout
CreatePalette
SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
StartDocA
PtVisible
RectVisible
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
DeleteObject
CreateSolidBrush
TextOutA
SetTextColor
CreateFontA
SelectObject
SetBkMode
GetStockObject
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
CreateCompatibleDC
GetBkColor
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
GetTextExtentPoint32A
GetTextCharsetInfo
EnumFontFamiliesA
GetTextMetricsA
CreateRectRgnIndirect
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreateCompatibleBitmap
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
CreateBitmap
CreateDCA
CopyMetaFileA
SetArcDirection
GetDeviceCaps
DeleteMetaFile
CloseMetaFile
CreateMetaFileA
GetTextExtentPoint32W
GetTextExtentPointA
GetTextFaceA
GetTextAlign
GetStretchBltMode
GetROP2
GetPolyFillMode
GetBkMode
GetNearestColor
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
SetPixelV
SetPaletteEntries
ExtFloodFill
CreateFontIndirectA

mumsg

??0CMsg@@QAE@XZ
?LoadWTF@CMsg@@QAEXPAD@Z
??1CMsg@@QAE@XZ
?Get@CMsg@@QAEPADH@Z

msimg32

TransparentBlt
AlphaBlend

comctl32

ord17
ImageList_DrawEx
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_GetImageCount
ImageList_Create
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_GetIconSize

shlwapi

PathRemoveExtensionA
PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW

oledlg

ord8

wsock32

closesocket
WSAStartup
listen
bind
htons
socket
recv
accept
setsockopt
send
connect
gethostbyname
ioctlsocket
ntohs
gethostname
sendto
recvfrom
htonl
WSAGetLastError
shutdown
WSACleanup
inet_addr
WSAAsyncSelect

ws2_32

WSASendTo
WSASend
WSARecv
WSASocketA
WSAAccept

imagehlp

SymGetOptions
SymSetOptions
SymInitialize
SymFunctionTableAccess
StackWalk
SymGetModuleInfo
SymGetSymFromAddr
SymGetLineFromAddr
SymLoadModule

rpcrt4

UuidCreateSequential

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipBitmapLockBits
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCreateBitmapFromScan0

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA

winspool.drv

GetJobA
OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA

advapi32

SetFileSecurityA
RegCloseKey
RegSetValueA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteValueA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExW
RegQueryValueExA
RegEnumValueA
GetFileSecurityA

shell32

SHGetFileInfoA
SHAddToRecentDocs
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
ExtractIconA
SHBrowseForFolderA
DragFinish
DragQueryFileA
SHAppBarMessage
ShellExecuteExA
SHGetMalloc

ole32

OleSave
WriteClassStm
OleSaveToStream
OleDestroyMenuDescriptor
OleCreateLinkFromData
OleCreateStaticFromData
OleCreate
OleLoad
GetHGlobalFromILockBytes
OleSetContainedObject
OleCreateFromFile
OleCreateLinkToFile
OleGetIconOfClass
CreateItemMoniker
CreateGenericComposite
OleRegEnumVerbs
OleRegGetMiscStatus
OleRun
OleGetClipboard
RegisterDragDrop
StgCreateDocfileOnILockBytes
RevokeDragDrop
OleQueryCreateFromData
OleQueryLinkFromData
OleIsRunning
GetRunningObjectTable
CoGetMalloc
CreateOleAdviseHolder
CreateDataAdviseHolder
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromProgID
OleCreateMenuDescriptor
StgIsStorageFile
StgOpenStorage
CreateFileMoniker
PropVariantCopy
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
OleSetMenuDescriptor
OleLockRunning
IsAccelerator
CoLockObjectExternal
OleTranslateAccelerator
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfile
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateGuid
CLSIDFromString
CoCreateInstance
CoDisconnectObject
StringFromGUID2
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
OleCreateFromData

oleaut32

VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayRedim
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
VariantInit
SysAllocString
VariantClear
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SafeArrayPutElement

Sections

.textbss
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 726KB - Virtual size: 726KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 313.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

176377b423cd3bb75a69eabd13d287e2

Headers

DLL Characteristics

File Characteristics

Imports

odbc32

kernel32

user32

gdi32

mumsg

msimg32

comctl32

shlwapi

oledlg

wsock32

ws2_32

imagehlp

rpcrt4

oleacc

gdiplus

imm32

winmm

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.textbss Size: - Virtual size: 2.1MB

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 726KB - Virtual size: 726KB

.data Size: 64KB - Virtual size: 313.3MB

.idata Size: 25KB - Virtual size: 25KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 1.1MB - Virtual size: 1.1MB

.textbss
Size: - Virtual size: 2.1MB

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 726KB - Virtual size: 726KB

.data
Size: 64KB - Virtual size: 313.3MB

.idata
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 1.1MB - Virtual size: 1.1MB