2024-01-23_aae520be63006d52cbfa86dcbba7f8bf_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-23_aae520be63006d52cbfa86dcbba7f8bf_mafia
Size

1.3MB
MD5

aae520be63006d52cbfa86dcbba7f8bf
SHA1

7300f0b15d897ff94b909d0093ed80ac59553d66
SHA256

68abcb34bb8e3dead7349d1e9a21655ff1bab1bcb44d3ff020b812b075fbc484
SHA512

207f6932ce5dabf5debf57579da30d4991f6908ea87d30c73172910bdc358cb18cca0f54e0144c52f9aa30b29ef28b1dbfdfafd0f01421a9f78ec6abf2aaf1b6
SSDEEP

24576:AYBURA3rnicbMKB5SYxhcAH9dfZgYR0eZ+soHCf7J9:13ric5lhZPN+soH+7J9

Score

1^/10

Malware Config

Signatures

Files

2024-01-23_aae520be63006d52cbfa86dcbba7f8bf_mafia
.exe windows:5 windows x86 arch:x86

3fc4e7d8dd51a82bda7b2bf4969089a8

Code Sign

0b:f7:ab:5e:59:7d:a8:83:10:8c:7c:f5:e7:4a:59:4f:48:89:fb:ca:54:00:10:07:1c:4f:f9:1d:d7:8a:ea:98
Signer

Actual PE Digest

0b:f7:ab:5e:59:7d:a8:83:10:8c:7c:f5:e7:4a:59:4f:48:89:fb:ca:54:00:10:07:1c:4f:f9:1d:d7:8a:ea:98

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
InitCommonControlsEx

kernel32

GetCurrentThread
OutputDebugStringA
VirtualAlloc
VirtualFree
FormatMessageA
GetSystemDirectoryA
GetWindowsDirectoryA
DeviceIoControl
lstrcpyW
lstrcmpA
CreateEventA
GlobalMemoryStatusEx
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetThreadContext
GetSystemInfo
SetUnhandledExceptionFilter
ExitProcess
GetOverlappedResult
CancelIo
ResetEvent
OpenEventA
TerminateProcess
lstrcpynA
TlsAlloc
TlsGetValue
TlsSetValue
CreateToolhelp32Snapshot
VirtualProtect
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
SetStdHandle
WriteConsoleW
GetExitCodeProcess
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
SetFilePointer
GetConsoleMode
WaitForDebugEvent
HeapReAlloc
GetLocaleInfoW
LoadLibraryA
GetStringTypeW
GetModuleFileNameW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
HeapDestroy
HeapCreate
GetCurrentThreadId
TlsFree
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
LoadLibraryW
GetCPInfo
LCMapStringW
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetFileAttributesA
HeapAlloc
HeapFree
DecodePointer
EncodePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
CreateFileW
ReadFile
WriteFile
GetModuleHandleW
RaiseException
InterlockedExchange
FreeLibrary
GetModuleFileNameA
WaitForSingleObject
SetEvent
ContinueDebugEvent
GetCommandLineA
CreateProcessA
GetStartupInfoA
OpenProcess
GetVersionExA
Process32Next
GetConsoleCP
Process32First
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
LocalFree
LocalAlloc
Sleep
Beep
GetVersion
SetLastError
GetLastError
CloseHandle
GetCurrentProcess
GetSystemTime
SystemTimeToFileTime
CreateThread
InterlockedDecrement
CreateFileA
GetModuleHandleA
HeapSize
GetProcAddress

user32

ReleaseCapture
LoadCursorA
SetCursor
GetParent
GetWindowLongA
SetPropA
GetDlgItem
keybd_event
CallWindowProcA
TranslateMessage
DispatchMessageA
PtInRect
SendInput
GetCapture
GetKeyboardState
SetKeyboardState
VkKeyScanA
ShowWindow
SetForegroundWindow
SetFocus
GetClassNameA
GetWindowTextA
FindWindowA
ClientToScreen
GetWindowRect
SetCapture
MapVirtualKeyA
InvalidateRect
RedrawWindow
EnableWindow
ScreenToClient
SendMessageA
SetWindowLongA
GetKeyState
RemovePropA
GetPropA
PeekMessageA
EnumWindows
GetMessageA
GetWindowThreadProcessId
EnumDisplayDevicesA
MessageBoxA
LoadAcceleratorsA
TranslateAcceleratorA
IsDialogMessageA
EndDialog
GetComboBoxInfo
GetRawInputData
PostQuitMessage
GetSysColorBrush
DestroyMenu
TrackPopupMenu
InsertMenuA
IsWindowVisible
CreatePopupMenu
AppendMenuA
GetSystemMenu
RegisterRawInputDevices
DestroyIcon
LoadImageA
CreateDialogParamA
FindWindowExA
PostMessageA
LockWorkStation
GetSystemMetrics
SetWindowPos
GetForegroundWindow
GetCursorPos
ClipCursor
ExitWindowsEx
wsprintfW
DestroyWindow
GetAsyncKeyState
UpdateWindow
SetWindowTextA

gdi32

SetBkMode
CreateFontA
CreateSolidBrush
CreateFontIndirectA
GetObjectA
DeleteObject
SetTextColor
SelectObject

advapi32

RegCloseKey
CryptReleaseContext
CryptAcquireContextA
RegQueryInfoKeyA
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
CryptGenRandom
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shell32

SHAppBarMessage
Shell_NotifyIconA
ShellExecuteA
SHGetSpecialFolderPathA

ole32

CLSIDFromProgID
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitialize

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

ws2_32

select
socket
send
recv
connect
closesocket
bind
WSAGetLastError
getaddrinfo
freeaddrinfo
htonl
ntohl

wintrust

WinVerifyTrust

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CryptMsgGetParam
CertGetNameStringA
CryptDecodeObject
CryptQueryObject
CryptMsgClose

psapi

GetProcessImageFileNameA

rpcrt4

UuidToStringA

powrprof

SetSuspendState

winhttp

WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen

Sections

.text
Size: 911KB - Virtual size: 910KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fc4e7d8dd51a82bda7b2bf4969089a8

Code Sign

0b:f7:ab:5e:59:7d:a8:83:10:8c:7c:f5:e7:4a:59:4f:48:89:fb:ca:54:00:10:07:1c:4f:f9:1d:d7:8a:ea:98Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

wintrust

crypt32

psapi

rpcrt4

powrprof

winhttp

Sections

.text Size: 911KB - Virtual size: 910KB

.rdata Size: 196KB - Virtual size: 196KB

.data Size: 19KB - Virtual size: 129KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 117KB - Virtual size: 116KB

0b:f7:ab:5e:59:7d:a8:83:10:8c:7c:f5:e7:4a:59:4f:48:89:fb:ca:54:00:10:07:1c:4f:f9:1d:d7:8a:ea:98
Signer

.text
Size: 911KB - Virtual size: 910KB

.rdata
Size: 196KB - Virtual size: 196KB

.data
Size: 19KB - Virtual size: 129KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 117KB - Virtual size: 116KB