2024-01-23_1949aa029defc1c7d717e599a794d422_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-23_1949aa029defc1c7d717e599a794d422_mafia
Size

1.3MB
MD5

1949aa029defc1c7d717e599a794d422
SHA1

3974547160f7918596e241956f09981e9da46ea7
SHA256

12c5649b456837a4c4b062a132c351fd08ecc1add569e2d7d42127bf760e98a9
SHA512

4374a3e71cfdf6fe70fae7e67ac9ea5b121ec7f51cea6b9f5188612f9af410f42602788d3c5e9ed050696259f06e444b1bbf2b3d3c8584e4422a4595ae365f9e
SSDEEP

24576:6aq+HBtwfvZEqSxK8CXg+otVoIEuJxo4K9lkkkkkknOWmHjzDRojgt18:4aBYuqSA80Zifxo4G0ojgt18

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-23_1949aa029defc1c7d717e599a794d422_mafia

Files

2024-01-23_1949aa029defc1c7d717e599a794d422_mafia
.exe windows:5 windows x86 arch:x86

5d7b26d8759896c22a2193100be9eda1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegCloseKey
GetLengthSid
GetTokenInformation
OpenProcessToken
RegCreateKeyExA
RegSetValueExA
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CopySid

user32

MessageBoxW
GetForegroundWindow
FindWindowExW

libgtk-win32-2.0-0

gtk_button_set_image
gtk_container_set_border_width
gtk_image_get_pixbuf
gtk_image_set_from_pixbuf
gtk_progress_bar_set_text
gtk_image_new
gtk_widget_set_sensitive
gtk_init_abi_check
gtk_scrolled_window_add_with_viewport
gtk_spinner_start
gtk_viewport_get_type
gtk_image_set_from_file_utf8
gtk_spinner_new
gtk_image_get_type
gtk_window_set_default_icon
gtk_widget_add_events
gtk_label_set_justify
gtk_tooltips_new
gtk_widget_get_toplevel
gtk_paned_get_type
gtk_widget_hide
gtk_set_locale
gtk_event_box_new
gtk_main_quit
gtk_button_get_type
gtk_widget_destroy
gtk_widget_get_style
gtk_widget_draw
gtk_widget_modify_bg
gtk_button_set_relief
gtk_alignment_set_padding
gtk_widget_modify_fg
gtk_hpaned_new
gtk_container_add
gtk_widget_set_usize
gtk_tooltips_get_type
gtk_alignment_set
gtk_label_get_type
gtk_widget_set_name
gtk_label_new
gtk_object_get_type
gtk_tooltips_set_tip
gtk_scrolled_window_set_policy
gtk_window_set_decorated
gtk_main_iteration
gtk_paned_add1
gtk_window_set_position
gtk_hbox_new
gtk_spinner_get_type
gtk_scrolled_window_new
gtk_vbox_new
gtk_label_set_attributes
gtk_button_new
gtk_container_get_children
gtk_box_get_type
gtk_label_set_use_markup
gtk_widget_set_size_request
gtk_progress_bar_set_fraction
gtk_window_present
gtk_widget_modify_font
gtk_window_set_resizable
gtk_main
gtk_image_new_from_file_utf8
gtk_box_pack_start
gtk_spinner_stop
gtk_label_set_text
gtk_widget_set_style
gtk_window_get_type
gtk_container_get_type
gtk_window_new
gtk_scrolled_window_get_type
gtk_widget_show
gtk_progress_bar_get_type
gtk_viewport_set_shadow_type
gtk_paned_set_position
gtk_window_set_title
gtk_widget_get_type
gtk_message_dialog_new
gtk_widget_show_all
gtk_scrolled_window_get_vadjustment
gtk_alignment_new
gtk_widget_get_name
gtk_progress_bar_new
gtk_paned_add2
gtk_events_pending
gtk_alignment_get_type
gtk_scrolled_window_set_shadow_type
gtk_widget_destroyed
gtk_scrolled_window_get_hadjustment

libgdk-win32-2.0-0

gdk_cursor_new
gdk_threads_enter
gdk_threads_leave
gdk_window_set_cursor
gdk_threads_init
gdk_color_parse

libgdk_pixbuf-2.0-0

gdk_pixbuf_get_height
gdk_pixbuf_get_type
gdk_pixbuf_new_from_file_utf8
gdk_pixbuf_scale_simple
gdk_pixbuf_get_width

libpango-1.0-0

pango_parse_markup
pango_font_description_from_string

libgthread-2.0-0

g_thread_init

libgobject-2.0-0

g_signal_connect_data
g_object_set_data
g_object_unref
g_type_check_instance_cast
g_object_get_data
g_type_check_instance_is_a
g_object_get
g_object_set

libglib-2.0-0

g_dir_close
g_get_real_time
g_slist_append
g_strcmp0
g_slist_length
g_sprintf
g_thread_create_full
g_free
g_malloc
g_strsplit_set
g_strdup
g_strrstr
g_file_get_contents_utf8
g_file_test_utf8
g_get_tmp_dir_utf8
g_strconcat
g_printerr
g_strlcat
g_dir_read_name_utf8
g_error_free
g_snprintf
g_stpcpy
g_chmod
g_file_set_contents
g_str_has_suffix
g_dir_open_utf8
g_slist_free
g_utf8_to_utf16
g_mkdir

kernel32

OpenEventA
SetEnvironmentVariableA
CompareStringW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
CreateFileA
SetStdHandle
GetExitCodeProcess
GetFileAttributesA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
ReadFile
HeapCreate
IsProcessorFeaturePresent
GetLocaleInfoW
LoadLibraryW
IsValidCodePage
GetOEMCP
GetACP
InitializeCriticalSectionAndSpinCount
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCPInfo
DeleteFileA
MoveFileA
GetDateFormatA
GetTimeFormatA
CreateThread
ExitThread
HeapReAlloc
PeekNamedPipe
FileTimeToLocalFileTime
FileTimeToSystemTime
RaiseException
GetModuleFileNameW
WriteConsoleW
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleW
FormatMessageA
LocalFree
AreFileApisANSI
GetModuleHandleA
SetLastError
GetFileInformationByHandle
FindNextFileW
FindFirstFileW
GetFullPathNameW
DeviceIoControl
DeleteFileW
RemoveDirectoryW
FindClose
CreateFileW
SetEndOfFile
DecodePointer
EncodePointer
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
CreateSemaphoreA
ReleaseSemaphore
CreateMutexA
ReleaseMutex
GetTimeZoneInformation
GetCurrentProcess
OutputDebugStringA
AllocConsole
GetStdHandle
GetFileType
WriteConsoleA
WriteFile
ResetEvent
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
InterlockedCompareExchange
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetSystemTime
GetSystemInfo
GetSystemDirectoryA
GetVolumeInformationA
LoadLibraryA
GetProcAddress
GetTickCount
FreeLibrary
SetEvent
HeapFree
CloseHandle
CreateEventA
HeapAlloc
CopyFileExW
Sleep
GetFileAttributesW
MultiByteToWideChar
GetLastError
GetCurrentDirectoryW
SetFileAttributesW
WaitForSingleObject
GetProcessHeap

shell32

ShellExecuteExW
ShellExecuteW

netapi32

Netbios

ws2_32

WSAGetLastError
WSAStartup
WSACleanup
gethostbyname
htons
htonl
send
recv
inet_addr
connect
socket
closesocket
setsockopt
gethostname

Sections

.text
Size: 754KB - Virtual size: 754KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d7b26d8759896c22a2193100be9eda1

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

libgtk-win32-2.0-0

libgdk-win32-2.0-0

libgdk_pixbuf-2.0-0

libpango-1.0-0

libgthread-2.0-0

libgobject-2.0-0

libglib-2.0-0

kernel32

shell32

netapi32

ws2_32

Sections

.text Size: 754KB - Virtual size: 754KB

.rdata Size: 392KB - Virtual size: 391KB

.data Size: 111KB - Virtual size: 121KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 95KB - Virtual size: 95KB

.text
Size: 754KB - Virtual size: 754KB

.rdata
Size: 392KB - Virtual size: 391KB

.data
Size: 111KB - Virtual size: 121KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 95KB - Virtual size: 95KB