2024-01-18_95fa6b9dc901abd907592cd772545dd0_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-18_95fa6b9dc901abd907592cd772545dd0_mafia
Size

958KB
MD5

95fa6b9dc901abd907592cd772545dd0
SHA1

7c934d957b78fa257b1532c675d1ffa80c3bb650
SHA256

57ed83f783ded75a11f140256ebbb817d1c31b7f7b53b193f05f7767d99eb089
SHA512

b51d2a4a61a3e7c7fcc9b29436cf4bd9b31a510db374a1401c107e115b33c3b4fcc5dab961dc0a85f75b612fbb9da4c247a61af5658b57f51c5f9c7077244a50
SSDEEP

24576:VQfNXQn2cb2eViUW6HkBy2/+YJTrT6xcl9:sqViUW6HkBy2GYJTP6xcl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-18_95fa6b9dc901abd907592cd772545dd0_mafia

Files

2024-01-18_95fa6b9dc901abd907592cd772545dd0_mafia
.exe windows:5 windows x86 arch:x86

774c869d82c0235a1b6a2504b8921e75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

gethostname
WSAGetLastError
WSAStartup
getnameinfo
freeaddrinfo
getaddrinfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

imm32

ImmDisableIME

wtsapi32

WTSQueryUserToken

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

kernel32

HeapAlloc
GetProcessHeap
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
Thread32Next
ResumeThread
SuspendThread
OpenThread
GetCurrentProcessId
Thread32First
CreateToolhelp32Snapshot
VirtualQuery
IsBadWritePtr
lstrcpyW
lstrlenW
DeleteCriticalSection
SetEnvironmentVariableW
SetLastError
GetFullPathNameW
CreateProcessW
SetCurrentDirectoryW
SetUnhandledExceptionFilter
GetCommandLineW
CreateMutexW
OutputDebugStringW
GetSystemTime
FreeConsole
GetConsoleScreenBufferInfo
GetStdHandle
AllocConsole
WriteConsoleW
SetConsoleTextAttribute
GetPrivateProfileIntW
Sleep
ReleaseMutex
GetModuleHandleW
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
TerminateProcess
SetProcessAffinityMask
InterlockedIncrement
lstrcmpiW
LoadLibraryExW
OpenFileMappingW
GetPrivateProfileStringW
WritePrivateProfileStringW
ExitProcess
FindClose
OpenMutexW
GetExitCodeProcess
WTSGetActiveConsoleSessionId
FlushInstructionCache
CopyFileW
RemoveDirectoryW
GetFileAttributesExW
CompareStringW
MulDiv
lstrlenA
lstrcmpW
GlobalUnlock
GlobalLock
QueueUserWorkItem
InterlockedExchangeAdd
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
SetFilePointerEx
SetFileValidData
HeapDestroy
HeapReAlloc
HeapSize
InterlockedCompareExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
EncodePointer
DecodePointer
InterlockedExchange
RtlUnwind
GetModuleFileNameW
GetConsoleMode
ExitThread
CreateThread
UnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatW
GetDateFormatW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
SetStdHandle
GetLocaleInfoW
MoveFileExW
GetVersionExW
CreateEventW
WaitForMultipleObjects
SetThreadPriority
FlushFileBuffers
SetEvent
ResetEvent
WaitForSingleObject
TerminateThread
OpenProcess
LocalFree
FormatMessageW
LoadLibraryW
GetProcAddress
DeleteFileW
FreeLibrary
SetEndOfFile
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableA
GetLastError
TlsFree
DosDateTimeToFileTime
SetFileAttributesW
TlsSetValue
TlsGetValue
GetCurrentThreadId
DeviceIoControl
GlobalAlloc
GlobalFree
GetVolumeInformationA
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
TlsAlloc
GetTickCount
UnmapViewOfFile
GetLocalTime
CreateFileMappingW
MapViewOfFile
GetFileSize
WriteFile
SetFileTime
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
WideCharToMultiByte
MultiByteToWideChar
LocalFileTimeToFileTime
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileW
SetFilePointer
lstrcpynW
GetCurrentProcess
GetTempPathW
FindFirstFileW
GetConsoleCP
FindNextFileW
OpenEventW

user32

DialogBoxParamW
CreateDialogParamW
IsWindowVisible
GetClassNameW
GetSysColor
GetFocus
OffsetRect
GetCapture
ReleaseCapture
ReleaseDC
GetDC
SetCursor
DrawFocusRect
FillRect
PtInRect
GetDlgCtrlID
SetCapture
IsWindowEnabled
UpdateWindow
GetWindowTextLengthW
MoveWindow
ClientToScreen
InvalidateRgn
IsChild
DestroyAcceleratorTable
GetSystemMetrics
SetParent
SetLayeredWindowAttributes
EqualRect
CopyRect
GetWindowTextW
SetRectEmpty
AttachThreadInput
SetActiveWindow
IsIconic
ScreenToClient
BringWindowToTop
GetPropW
MessageBoxW
PeekMessageW
LoadIconW
LoadStringW
SetFocus
GetForegroundWindow
GetAsyncKeyState
CreateWindowExW
CallWindowProcW
RegisterClassExW
LoadCursorW
GetClassInfoExW
CreatePopupMenu
InsertMenuW
GetCursorPos
EnableWindow
CreateAcceleratorTableW
KillTimer
SetForegroundWindow
TrackPopupMenu
DestroyMenu
GetDlgItem
EndDialog
RegisterWindowMessageW
EndPaint
BeginPaint
DrawTextW
LoadImageW
CharNextW
SetPropW
SetWindowTextW
RedrawWindow
SetWindowRgn
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
AdjustWindowRectEx
InvalidateRect
GetClientRect
SetWindowPos
GetMenu
GetWindowLongW
SetWindowLongW
ShowWindow
PostMessageW
GetWindowThreadProcessId
SetTimer
AllowSetForegroundWindow
IsWindow
SendMessageW
DestroyWindow
DestroyIcon
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetDesktopWindow
wsprintfW
IsRectEmpty
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
UnregisterClassA
DefWindowProcW

gdi32

SelectObject
CreateCompatibleDC
StretchBlt
SetBkMode
SetTextColor
BitBlt
SetBkColor
ExtTextOutW
DPtoLP
GetObjectW
CreateBrushIndirect
CreateFontIndirectW
GetStockObject
CreateCompatibleBitmap
GetDeviceCaps
CreateSolidBrush
GetCurrentObject
GetTextMetricsW
DeleteObject
CreatePolygonRgn
DeleteDC

advapi32

RegDeleteKeyW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
SetSecurityDescriptorSacl
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
LookupPrivilegeValueW
RegCreateKeyW
CreateServiceW
ChangeServiceConfig2W
ControlService
DeleteService
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
AdjustTokenPrivileges
BuildExplicitAccessWithNameW
GetUserNameW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetServiceObjectSecurity
SetServiceStatus
GetNamedSecurityInfoW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
LookupAccountSidW
GetExplicitEntriesFromAclW
SetSecurityInfo
SetEntriesInAclW
GetSecurityInfo
StartServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
CreateProcessAsUserW
DuplicateTokenEx
QueryServiceStatusEx
CryptReleaseContext
CryptDecrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
SetNamedSecurityInfoW
GetSecurityDescriptorSacl

shell32

ord165
ShellExecuteW
SHCreateDirectoryExW
ShellExecuteExW
SHFileOperationW
CommandLineToArgvW
Shell_NotifyIconW
SHGetFolderPathW

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid
CLSIDFromProgID
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
StringFromCLSID
OleUninitialize
CoUninitialize

oleaut32

SysAllocString
VariantInit
VarUI4FromStr
VarBstrCmp
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysFreeString
SysAllocStringLen
SysStringLen
DispCallFunc

shlwapi

PathFileExistsW
StrStrW
SHGetValueW
PathRemoveFileSpecW

comctl32

_TrackMouseEvent

msimg32

GradientFill
AlphaBlend

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeleteGraphics
GdipCreateFromHDC
GdipLoadImageFromFile
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDeleteFont
GdipDeleteStringFormat
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDrawString
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDeleteFontFamily

iphlpapi

GetAdaptersInfo

rpcrt4

UuidToStringW
RpcStringFreeW

wininet

InternetConnectA
InternetSetOptionA
InternetOpenA
InternetQueryOptionW
InternetSetOptionW
InternetOpenW
InternetSetStatusCallbackW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
InternetErrorDlg
HttpEndRequestW
HttpQueryInfoW
InternetGetLastResponseInfoW
HttpOpenRequestA
InternetCloseHandle
HttpEndRequestA
InternetReadFileExA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA

Exports

Exports

?XNetDownloadFile@@YAPAXPAXPAVIXNetDownloadStatusCallback@@PB_W2W4XnetMethodType@@22@Z
?XNetHttpRequest@@YAPAXPAXP6AX0H0KPB_W@Z1W4XnetMethodType@@11K@Z
?XNetInit@@YAHXZ
?XNetStop@@YAHPAX@Z
?XNetUninit@@YAHXZ

Sections

.text
Size: 613KB - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

774c869d82c0235a1b6a2504b8921e75

Headers

DLL Characteristics

File Characteristics

Imports

version

ws2_32

userenv

wintrust

crypt32

imm32

wtsapi32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

iphlpapi

rpcrt4

wininet

Exports

Exports

Sections

.text Size: 613KB - Virtual size: 613KB

.rdata Size: 151KB - Virtual size: 150KB

.data Size: 23KB - Virtual size: 33KB

.rsrc Size: 119KB - Virtual size: 119KB

.reloc Size: 50KB - Virtual size: 49KB

.text
Size: 613KB - Virtual size: 613KB

.rdata
Size: 151KB - Virtual size: 150KB

.data
Size: 23KB - Virtual size: 33KB

.rsrc
Size: 119KB - Virtual size: 119KB

.reloc
Size: 50KB - Virtual size: 49KB