2024-01-18_4f11fcbe3949f8b34a5d5d6b1f8c1945_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-18_4f11fcbe3949f8b34a5d5d6b1f8c1945_mafia
Size

4.1MB
MD5

4f11fcbe3949f8b34a5d5d6b1f8c1945
SHA1

3c7ac1ffc1f32e843eb7e00695281840297e3771
SHA256

797710b0300587147feab37760afcb94c568c9b89664edec79ca6a22f7931a29
SHA512

93e1bd52f1774112723ece06ab6bd4e2d7b7e0e89be57bbcd69bfaa1a0837b1da504af8c0bfd01b6734b6e1bd5a4d8774fa5cbc4071e8503335dc0498689fcd1
SSDEEP

98304:AACGPJcRl31edznnMb11h2xWXndAP7cmAJWVRNrxXtbKZYMMP:wRRSJ6ckJWVRNrxXtWGMMP

Score

10^/10

Malware Config

Signatures

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-18_4f11fcbe3949f8b34a5d5d6b1f8c1945_mafia

Files

2024-01-18_4f11fcbe3949f8b34a5d5d6b1f8c1945_mafia
.exe windows:5 windows x86 arch:x86

0d30c9465deb59b85eb70df99c3968c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libintl3

ord51
ord26
ord49
ord27
ord35

libcurl

curl_easy_getinfo
curl_easy_init
curl_slist_append
curl_easy_setopt
curl_slist_free_all
curl_easy_perform
curl_easy_cleanup
curl_global_init
curl_global_cleanup
curl_version_info

kernel32

GetTempPathW
GetWindowsDirectoryW
GetNumberFormatW
SearchPathW
GetUserDefaultLCID
FindResourceExW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
ExitThread
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
GlobalFlags
PeekNamedPipe
GetFileType
HeapReAlloc
GetTimeZoneInformation
RtlUnwind
ExitProcess
VirtualQuery
HeapQueryInformation
HeapSize
SetStdHandle
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEnvironmentVariableA
LocalReAlloc
GlobalHandle
GlobalReAlloc
GlobalGetAtomNameW
GetFullPathNameW
GetVolumeInformationW
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetPrivateProfileIntW
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
lstrcmpA
GetProfileIntW
ReleaseActCtx
CreateActCtxW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
InitializeCriticalSectionAndSpinCount
lstrcmpW
GlobalSize
VirtualAlloc
VirtualProtect
GetExitCodeThread
HeapCreate
GetSystemDirectoryA
WaitForMultipleObjects
GetThreadContext
SetThreadContext
GetCurrentThreadId
DuplicateHandle
GetThreadPriority
SetThreadPriority
TlsFree
TlsAlloc
TlsGetValue
GetTempFileNameW
InterlockedExchange
InterlockedExchangeAdd
CreateEventA
InterlockedCompareExchange
CancelIo
DeviceIoControl
WriteFile
PostQueuedCompletionStatus
SetConsoleCtrlHandler
CreateIoCompletionPort
GetQueuedCompletionStatus
GetCurrentThread
QueryPerformanceFrequency
QueryPerformanceCounter
FileTimeToLocalFileTime
FileTimeToSystemTime
LoadLibraryA
GetFileAttributesW
CopyFileW
OpenMutexW
CreateMutexW
LocalAlloc
ReadFile
GetFileSize
CreateFileA
GetVersion
lstrcmpiW
GetCPInfo
SetErrorMode
FreeResource
ResumeThread
CreateEventW
ResetEvent
MulDiv
SetEvent
lstrcpyW
WinExec
lstrcatW
lstrlenW
GetModuleFileNameA
LocalFree
GetSystemInfo
VerifyVersionInfoW
TerminateProcess
FormatMessageW
GetProcessHeap
HeapFree
GetCurrentProcess
VerSetConditionMask
HeapAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
GetCurrentProcessId
GetModuleFileNameW
CreateDirectoryW
CreateFileW
WaitForSingleObject
CreateProcessW
FindNextFileW
FindFirstFileW
InterlockedIncrement
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
FreeLibrary
GetVersionExW
RaiseException
GetTickCount
Sleep
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetThreadLocale
CreateThread
CloseHandle
TerminateThread
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
ActivateActCtx
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
DeactivateActCtx
SetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteFileW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetCurrentDirectoryW
TlsSetValue
GetSystemDirectoryW
GetFileInformationByHandle

user32

DrawFrameControl
SetClassLongW
DestroyAcceleratorTable
SetParent
PostThreadMessageW
GetNextDlgGroupItem
IsClipboardFormatAvailable
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
TranslateAcceleratorW
CharNextW
InvalidateRgn
CopyAcceleratorTableW
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
NotifyWinEvent
GetSystemMenu
UnregisterClassW
SetLayeredWindowAttributes
EnumDisplayMonitors
CopyImage
RealChildWindowFromPoint
SetRectEmpty
CharUpperW
ShowOwnedPopups
WaitMessage
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
IsRectEmpty
GetMessageW
CreateDialogIndirectParamW
EndDialog
MapVirtualKeyW
GetKeyNameTextW
IntersectRect
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
IsWindowEnabled
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
ToUnicodeEx
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
ValidateRect
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
GetWindowRgn
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
GetMenuStringW
TabbedTextOutW
DeleteMenu
CreateMenu
DrawTextExW
GetMenuItemInfoW
ModifyMenuW
SystemParametersInfoW
GetMenuState
GrayStringW
GetSysColorBrush
RemoveMenu
InsertMenuW
RegisterWindowMessageW
GetMenuItemID
SetRect
DrawIconEx
SetCapture
MessageBeep
SetWindowRgn
IsZoomed
ShowWindow
FindWindowW
GetClassInfoW
SendMessageA
ReleaseCapture
EqualRect
DrawTextW
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetMenuItemCount
CreatePopupMenu
AppendMenuW
GetMessagePos
GetDesktopWindow
GetFocus
GetWindow
UpdateWindow
DrawEdge
PtInRect
GetKeyState
MessageBoxW
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
SetCursorPos
LockWindowUpdate
InvertRect
HideCaret
CopyIcon
CharUpperBuffW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
GetUpdateRect
DrawIcon
GetSystemMetrics
IsIconic
SetFocus
SetForegroundWindow
SetActiveWindow
LoadIconW
DispatchMessageW
TranslateMessage
ScreenToClient
GetCursorPos
GetAsyncKeyState
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
SubtractRect
DestroyWindow
BringWindowToTop
IsWindow
KillTimer
SetTimer
LoadCursorW
RedrawWindow
LoadBitmapW
FrameRect
LoadMenuW
LoadImageW
CreateIconIndirect
GetIconInfo
ReleaseDC
GetDC
GetSysColor
FillRect
DrawStateW
OffsetRect
GetClientRect
DrawFocusRect
InflateRect
CopyRect
PostMessageW
TrackPopupMenuEx
GetSubMenu
GetWindowRect
GetActiveWindow
WindowFromPoint
ClientToScreen
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
SendMessageW
GetWindowLongW
DestroyIcon
DestroyMenu
DestroyCursor
EnableWindow
DeferWindowPos
MonitorFromWindow

gdi32

CreateDIBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetRgnBox
GetTextColor
CreatePolygonRgn
CreateEllipticRgn
Polyline
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
GetMapMode
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
SetTextAlign
MoveToEx
DPtoLP
LineTo
IntersectClipRect
ExcludeClipRect
CombineRgn
SetRectRgn
CreateRectRgnIndirect
GetObjectType
SelectPalette
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SetTextColor
SetBkColor
SelectObject
CreateBitmap
BitBlt
CreateCompatibleBitmap
SelectClipRgn
SetLayout
GetLayout
CreateCompatibleDC
GetStockObject
EnumFontFamiliesExW
DeleteObject
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CopyMetaFileW
CreateDCW
PatBlt
CreateHatchBrush
GetBkMode
CreateDIBSection
ExtTextOutW
Ellipse
PtVisible
Escape
CreatePen
RectVisible
TextOutW
GetDeviceCaps
StretchBlt
CreateRoundRectRgn
GetBkColor
GetTextExtentPoint32W
Rectangle
CreateFontIndirectW
CreateSolidBrush
GetObjectW
SetPixel
GetPixel
DeleteDC

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
SystemFunction036
RegEnumKeyExA
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetSpecialFolderLocation
ShellExecuteW
SHGetFolderPathW
Shell_NotifyIconW
SHGetFileInfoW
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteExW
SHGetPathFromIDListW
SHGetDesktopFolder

comctl32

_TrackMouseEvent
InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW

ole32

CoRevokeClassObject
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CLSIDFromString
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoCreateGuid
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoDisconnectObject
CoInitialize
CoUninitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleGetClipboard
CoInitializeEx
CoRegisterMessageFilter
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor

oleaut32

VarBstrFromDate
SysStringLen
SafeArrayDestroy
LoadTypeLi
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
OleLoadPicture
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
VariantInit
SysAllocString
SysFreeString
VariantChangeType
VariantClear
OleCreateFontIndirect
VariantCopy

oledlg

OleUIBusyW

gdiplus

GdiplusShutdown
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipGetImagePixelFormat
GdipCreateFromHDC

wsock32

gethostbyname
select
closesocket
connect
ntohs
WSAGetLastError
ntohl
inet_addr
htonl
WSAStartup
setsockopt
gethostname
accept
send
WSASetLastError
socket
bind
__WSAFDIsSet
recvfrom
inet_ntoa
ioctlsocket
sendto
listen
WSACleanup
getpeername
htons
getsockname
recv

iphlpapi

DeleteIpForwardEntry
CreateIpForwardEntry
GetIpAddrTable
GetIpForwardTable
GetAdaptersInfo

ws2_32

WSASocketA
getaddrinfo
WSASend
WSARecv
WSAIoctl
freeaddrinfo

wininet

InternetCloseHandle
HttpQueryInfoW
HttpOpenRequestA
HttpQueryInfoA
HttpAddRequestHeadersA
InternetReadFile
InternetOpenA
InternetConnectA
InternetSetOptionW
HttpSendRequestW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 435KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ctors
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dtors
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d30c9465deb59b85eb70df99c3968c2

Headers

DLL Characteristics

File Characteristics

Imports

libintl3

libcurl

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

wsock32

iphlpapi

ws2_32

wininet

oleacc

imm32

winmm

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 435KB - Virtual size: 434KB

.data Size: 49KB - Virtual size: 135KB

.ctors Size: 512B - Virtual size: 4B

.dtors Size: 512B - Virtual size: 4B

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 282KB - Virtual size: 282KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 435KB - Virtual size: 434KB

.data
Size: 49KB - Virtual size: 135KB

.ctors
Size: 512B - Virtual size: 4B

.dtors
Size: 512B - Virtual size: 4B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 282KB - Virtual size: 282KB