2024-01-25_e6171ddf0501f3e19faa85dd518aa97e_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-25_e6171ddf0501f3e19faa85dd518aa97e_mafia
Size

11.3MB
MD5

e6171ddf0501f3e19faa85dd518aa97e
SHA1

ba12659f74e57c0b1480af56792f3de64fc9e994
SHA256

17cb455c14dd3385c9c931952e851060d89bb4f76bdb491bcc0d0e4444df0210
SHA512

674927a20a08ae143b00c0066c92765be5847007d8684f629e287bd60f9364091546eb5e78e54e95d5e90ba850e5ec558a44abce442d4bf4f317fae91f03f4c0
SSDEEP

196608:pGnpn7is1i6O7KdEs1xIY3K1UtTdvR4OOFf01GQBzGadPMfM0fB2NAy:mp7PSeD1xzKITvTT1GQBzGmCMVj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-25_e6171ddf0501f3e19faa85dd518aa97e_mafia

Files

2024-01-25_e6171ddf0501f3e19faa85dd518aa97e_mafia
.exe windows:5 windows x86 arch:x86

a91b22be75afcdb59804c2f18931a7e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetProcessMemoryInfo
GetMappedFileNameW
QueryWorkingSet

kernel32

CreateDirectoryW
GetFileAttributesW
WaitForSingleObject
CreateProcessW
GetFileSize
CreateFileW
GetModuleFileNameW
OpenProcess
QueryDosDeviceW
TerminateProcess
GetSystemDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
MoveFileExW
lstrcmpW
DeleteFileW
SetFileAttributesW
FindFirstFileW
GetTempPathW
CopyFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateThread
WaitForMultipleObjects
VirtualAlloc
VirtualFree
DeleteCriticalSection
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
GetStdHandle
WriteFile
WideCharToMultiByte
GetFileInformationByHandle
lstrcatW
lstrlenW
lstrcpyW
SetFileTime
MoveFileW
GetWindowsDirectoryW
GetShortPathNameW
GetFullPathNameW
GetCurrentDirectoryW
SearchPathW
GetTempFileNameW
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLogicalDriveStringsW
SetEndOfFile
CompareFileTime
GetSystemInfo
GlobalMemoryStatus
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FreeLibrary
LoadLibraryExW
CreateMutexW
SetUnhandledExceptionFilter
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
ReplaceFileW
GetFileAttributesExW
SetCurrentDirectoryW
GetLongPathNameW
LocalFree
GetCommandLineW
TryEnterCriticalSection
InterlockedCompareExchange
InterlockedExchange
InterlockedExchangeAdd
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
GetQueuedCompletionStatus
CreateIoCompletionPort
CloseHandle
PostQueuedCompletionStatus
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
GetLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
ReleaseMutex
FormatMessageA
GetModuleHandleA
IsDebuggerPresent
AllocConsole
AttachConsole
GetExitCodeProcess
GetProcessIoCounters
VirtualQueryEx
HeapSetInformation
SetPriorityClass
GetProcessHeaps
GetModuleHandleExA
GetProcessId
DuplicateHandle
SetHandleInformation
CreatePipe
ResumeThread
AssignProcessToJobObject
GetProcessTimes
GetNativeSystemInfo
SetFilePointerEx
FlushFileBuffers
RtlCaptureStackBackTrace
Sleep
SetThreadPriority
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
UnregisterWaitEx
RegisterWaitForSingleObject
ExpandEnvironmentStringsW
GetModuleHandleExW
LoadLibraryW
SetEnvironmentVariableA
CompareStringW
GetFullPathNameA
CreateFileA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
FatalAppExitA
SetStdHandle
WriteConsoleW
GetTimeZoneInformation
SetConsoleCtrlHandler
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
GetCurrentThread
GetLocaleInfoW
GetCPInfo
LCMapStringW
ExitProcess
GetConsoleMode
GetConsoleCP
GetProcAddress
UnhandledExceptionFilter
GetStartupInfoW
ExitThread
RtlUnwind
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
GetLogicalDrives
GetDriveTypeA
GetDriveTypeW
OutputDebugStringA
BeginUpdateResourceW
UpdateResourceW
SetFilePointer
ReadFile
GetVersionExW
FindResourceExW
GetTickCount
EndUpdateResourceW
GetVersion
CreateToolhelp32Snapshot
Process32FirstW
GetCurrentProcessId
SystemTimeToFileTime
Process32NextW
SetLastError
lstrlenA
MultiByteToWideChar
GetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetModuleHandleW
FindResourceW
SizeofResource
LoadResource
LockResource
SetInformationJobObject

user32

MsgWaitForMultipleObjectsEx
UnregisterClassW
WaitForInputIdle
SetWindowTextW
PostMessageW
GetWindowLongW
SetWindowLongW
LoadCursorW
UnregisterClassA
SetCursor
WaitMessage
RegisterClassExW
CreateWindowExW
IsIconic
SetWindowPos
GetWindowRect
GetWindowPlacement
ShowWindow
SetTimer
KillTimer
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
UpdateLayeredWindow
DestroyWindow
GetWindowDC
ReleaseDC
SendMessageW
LoadImageW
GetSystemMetrics
PostQuitMessage
SendDlgItemMessageW
EndDialog
CreateDialogParamW
GetActiveWindow
GetCursorPos
ScreenToClient
ExitWindowsEx
CharUpperW
CharPrevExA
CharToOemW
DialogBoxParamW
CharLowerW
wsprintfW
CharNextW
MessageBoxA
MessageBoxW
PeekMessageW
DispatchMessageW
IsWindow
TranslateMessage
CallMsgFilterW
GetQueueStatus
DefWindowProcW

gdi32

DeleteObject
DeleteDC
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC

advapi32

InitializeSecurityDescriptor
TraceEvent
UnregisterTraceGuids
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumValueW
RegNotifyChangeKeyValue
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW
SetSecurityDescriptorDacl
CreateProcessAsUserW

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHFileOperationA
SHFileOperationW

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitialize

oleaut32

SysAllocStringByteLen
VariantClear
VariantCopy
VarUI4FromStr
SysFreeString
SysAllocString

shlwapi

SHDeleteKeyW
PathCombineA
PathCanonicalizeA
PathCombineW
PathStripToRootW
PathAddBackslashW
PathAppendW
PathCanonicalizeW
PathFileExistsW
SHGetValueW
PathIsDirectoryW
ord12
SHSetValueW
PathRemoveFileSpecW

comctl32

_TrackMouseEvent

gdiplus

GdiplusStartup
GdipReleaseDC
GdipGetDC
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawImageI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipRestoreGraphics
GdipSaveGraphics
GdipSetClipRectI
GdipTranslateWorldTransform
GdipCloneImage
GdipCreateFont
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipAlloc
GdipFree
GdipGraphicsClear

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 853KB - Virtual size: 852KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a91b22be75afcdb59804c2f18931a7e1

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

winmm

userenv

Sections

.text Size: 853KB - Virtual size: 852KB

.rdata Size: 94KB - Virtual size: 94KB

.data Size: 14KB - Virtual size: 35KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 504KB - Virtual size: 504KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 853KB - Virtual size: 852KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 14KB - Virtual size: 35KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 504KB - Virtual size: 504KB

.reloc
Size: 32KB - Virtual size: 32KB