2024-01-25_001ab29baa7bff604e18e4692f812c39_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-25_001ab29baa7bff604e18e4692f812c39_mafia
Size

14.4MB
MD5

001ab29baa7bff604e18e4692f812c39
SHA1

29b9459a6b950ed207f628eda7f0461e5e173898
SHA256

896df73eea6669a69ebf3aea7d397d62ceeb25d02ee7a5a486bfb3a3dc2d76fa
SHA512

7c78ab68f3f26820f6adeaeac626d35891ca1b0293fa377fc66abafbef019a36b8292e70f16060e772c93594de7a14ed70c86044bb8fef5990ae6f31841c33c5
SSDEEP

98304:jR+IuzdelVOKjAiOReHWZ78jAuDIHFfr7yDbXSZF08JQtjt9:V+KtfypSXSZF08+tp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-25_001ab29baa7bff604e18e4692f812c39_mafia

Files

2024-01-25_001ab29baa7bff604e18e4692f812c39_mafia
.exe windows:5 windows x86 arch:x86

f67101566817a605131d3128880d6d99

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dsound

ord6

comctl32

_TrackMouseEvent
ImageList_GetIconSize
InitCommonControlsEx

winmm

mmioDescend
mmioGetInfo
mmioWrite
mmioRead
mmioSetInfo
mmioSeek
mmioCreateChunk
mixerClose
mmioAscend
mmioOpenW
mmioClose
mmioAdvance
mixerOpen
mixerGetLineControlsW
mixerGetLineInfoW
mixerGetControlDetailsW
mixerSetControlDetails
PlaySoundW

kernel32

lstrcmpiW
DuplicateHandle
GetVolumeInformationW
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalGetAtomNameW
FileTimeToSystemTime
GlobalFlags
GetSystemDirectoryW
SetErrorMode
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
ConvertDefaultLocale
GetWindowsDirectoryW
GetNumberFormatW
GetProfileIntW
SearchPathW
VirtualProtect
GetUserDefaultLCID
FindResourceExW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RtlUnwind
EncodePointer
DecodePointer
ExitProcess
VirtualAlloc
VirtualQuery
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
MoveFileA
ExitThread
SetStdHandle
GetFileType
HeapQueryInformation
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
LCMapStringW
WriteConsoleW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
GetThreadLocale
RaiseException
SuspendThread
ResumeThread
SetThreadPriority
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleW
CompareStringW
lstrcmpW
ReleaseActCtx
CreateActCtxW
lstrcmpA
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
ActivateActCtx
DeactivateActCtx
SetLastError
lstrcpyA
lstrcatA
lstrlenA
TlsSetValue
TlsGetValue
WritePrivateProfileStringW
GetVersion
AreFileApisANSI
CreateFileMappingA
CreateFileMappingW
CreateMutexW
DeleteFileA
FlushFileBuffers
FormatMessageA
FormatMessageW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFullPathNameA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetVersionExA
GetVersionExW
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
HeapValidate
LoadLibraryA
LocalFree
LockFile
LockFileEx
MapViewOfFile
ReadFile
SetEndOfFile
SetFilePointer
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
OutputDebugStringA
OutputDebugStringW
CreateDirectoryW
GetCommandLineA
MoveFileW
DeleteFileW
CopyFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
FindFirstFileW
FindClose
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
SetUnhandledExceptionFilter
GetPrivateProfileStringW
WriteFile
CreateThread
ReleaseSemaphore
InitializeCriticalSection
CreateSemaphoreW
GetFileAttributesW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
GetFullPathNameW
CreateFileW
lstrcpyW
lstrlenW
FindResourceW
LoadResource
SizeofResource
LockResource
CreateEventW
WaitForMultipleObjects
TerminateThread
QueueUserAPC
SetWaitableTimer
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateIoCompletionPort
InterlockedCompareExchange
HeapAlloc
GetProcessHeap
HeapFree
WaitForSingleObject
TlsFree
InterlockedDecrement
TlsAlloc
GetLastError
InterlockedExchangeAdd
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
CreateEventA
SetEvent
Sleep
GetTickCount
PostQueuedCompletionStatus
InterlockedExchange
CreateFileA
GetFileSize
CloseHandle
GetPrivateProfileIntW
GetCurrentThread
IsBadReadPtr
GetUserDefaultUILanguage
OpenEventA
ResetEvent
GetTempFileNameW
CreateWaitableTimerA

user32

GetWindowRgn
MapDialogRect
OffsetRect
CharNextW
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
DrawStateW
GetMessageW
TranslateMessage
GetActiveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
FillRect
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
RedrawWindow
IsClipboardFormatAvailable
ValidateRect
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
DestroyCursor
CopyRect
GetWindow
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
RemoveMenu
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
MoveWindow
GetClassNameW
FindWindowW
EnumChildWindows
DrawTextW
ReleaseDC
GetDC
FlashWindow
KillTimer
SetTimer
SetWindowRgn
IsIconic
GetSystemMenu
LoadMenuW
SetMenuItemBitmaps
GetSubMenu
AppendMenuW
CreatePopupMenu
DrawIcon
LoadBitmapW
SetWindowTextA
SetForegroundWindow
IsWindow
ShowWindow
GetClientRect
GetParent
PtInRect
GetCursorPos
GetWindowRect
SystemParametersInfoW
GetSystemMetrics
EnableWindow
InvalidateRect
SetCursor
SetWindowPos
GetWindowLongW
SetWindowLongW
SetLayeredWindowAttributes
CreateMenu
TranslateMDISysAccel
SetFocus
LoadIconW
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
PostThreadMessageW
CharUpperBuffW
LoadCursorW
PostMessageW
SendMessageW
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageW
CopyIcon
UnpackDDElParam
ReuseDDElParam
SetWindowContextHelpId
InsertMenuItemW
TranslateAcceleratorW
FrameRect
RegisterClipboardFormatW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
LoadImageW
GetIconInfo
HideCaret
InvertRect
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
PostQuitMessage
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SubtractRect
MapVirtualKeyExW
GetKeyNameTextW
IsCharLowerW
GetDoubleClickTime
GetUpdateRect
GetMenu
SetClassLongW
DestroyAcceleratorTable
SetParent
DestroyIcon
WaitMessage
GetNextDlgGroupItem
InvalidateRgn
SetRect
CopyAcceleratorTableW
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsRectEmpty
IsZoomed
GetAsyncKeyState
NotifyWinEvent
MessageBeep
ReleaseCapture
WindowFromPoint
SetCapture
DeleteMenu
EnumDisplayMonitors
SetRectEmpty
CopyImage
RealChildWindowFromPoint
UnregisterClassW
GetSysColorBrush
IntersectRect
CharUpperW
DestroyMenu
GetMenuItemInfoW
InflateRect
ShowOwnedPopups
IsWindowVisible

gdi32

CreateRoundRectRgn
CreateSolidBrush
StretchBlt
SelectObject
CreateDIBSection
DeleteDC
SetDIBColorTable
GetDIBColorTable
CreateDIBitmap
StretchDIBits
FillRgn
CopyMetaFileW
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
FrameRgn
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateBitmap
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
GetBkColor
GetTextColor
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetRgnBox
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetPixel
Rectangle
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
GetBoundsRect
GetTextFaceW
SetPixelV
GetObjectW
DeleteObject
BitBlt
CreateCompatibleDC
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
OffsetViewportOrgEx
GetStockObject

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegCreateKeyExA
RegSetValueExA
RegisterEventSourceA
ReportEventA
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW
DeregisterEventSource
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
SHAppBarMessage
DragFinish
DragQueryFileW
ShellExecuteExW
SHGetPathFromIDListW

shlwapi

PathStripToRootW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathFindExtensionW
PathIsUNCW

ole32

CoInitialize
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
BindMoniker
MkParseDisplayName
CreateBindCtx
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
OleCreateMenuDescriptor
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleUninitialize
CoFreeUnusedLibraries
OleInitialize

oleaut32

LoadTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
OleCreateFontIndirect
LoadRegTypeLi
DispCallFunc
SysAllocStringLen
VariantClear
SysStringByteLen
SysAllocStringByteLen
VariantInit
SysAllocString
VarBstrFromDate
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipSetInterpolationMode
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdiplusStartup
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipDrawImageI
GdipDrawImageRectI
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown
GdipSaveImageToFile
GdipDisposeImage
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP

xvidcore

xvid_global
xvid_decore
xvid_encore

mxtmediaclt

StartRemoteAudio
TeacherStopAudio
StartLocalAudio
InitMediaClt
InitAudioSession
ReleaseMediaClt

udt

?recvfile@UDT@@YA_JHAAV?$basic_fstream@DU?$char_traits@D@std@@@std@@AA_J_JH@Z
?sendfile@UDT@@YA_JHAAV?$basic_fstream@DU?$char_traits@D@std@@@std@@AA_J_JH@Z
?getlasterror@UDT@@YAAAVCUDTException@@XZ
?INVALID_SOCK@UDT@@3HB
?cleanup@UDT@@YAHXZ
?ERROR@UDT@@3HB
?epoll_create_udset@UDT@@YAPAV?$set@HU?$less@H@std@@V?$allocator@H@2@@std@@XZ
?epoll_wait@UDT@@YAHHPAV?$set@HU?$less@H@std@@V?$allocator@H@2@@std@@0_JPAV?$set@IU?$less@I@std@@V?$allocator@I@2@@3@2@Z
?recv@UDT@@YAHHPADHH@Z
?epoll_remove_usock@UDT@@YAHHH@Z
?epoll_release_udset@UDT@@YAXPAV?$set@HU?$less@H@std@@V?$allocator@H@2@@std@@@Z
?epoll_add_usock@UDT@@YAHHHPBH@Z
?epoll_create@UDT@@YAHXZ
?close@UDT@@YAHH@Z
?send@UDT@@YAHHPBDHH@Z
?startup@UDT@@YAHXZ
?listen@UDT@@YAHHH@Z
?select@UDT@@YAHHPAV?$set@HU?$less@H@std@@V?$allocator@H@2@@std@@00PBUtimeval@@@Z
?accept@UDT@@YAHHPAUsockaddr@@PAH@Z
?connect@UDT@@YAHHPBUsockaddr@@H@Z
?socket@UDT@@YAHHHH@Z
?setsockopt@UDT@@YAHHHW4UDTOpt@@PBXH@Z
?bind2@UDT@@YAHHI@Z

ws2_32

WSASend
ioctlsocket
ntohl
htonl
WSASetLastError
WSAStringToAddressA
WSACleanup
WSAStartup
getaddrinfo
freeaddrinfo
getsockname
gethostname
WSAGetLastError
gethostbyname
setsockopt
select
recvfrom
inet_ntoa
ntohs
inet_addr
htons
sendto
socket
WSASocketW
recv
shutdown
bind
gethostbyaddr
connect
getsockopt
send
WSARecv
closesocket

dbghelp

MiniDumpWriteDump

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

Exports

Exports

??0IMxtAVDataIOEvent@@QAE@ABV0@@Z
??0IMxtAVDataIOEvent@@QAE@XZ
??4IMxtAVDataIOEvent@@QAEAAV0@ABV0@@Z
??_7IMxtAVDataIOEvent@@6B@

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.4MB - Virtual size: 11.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f67101566817a605131d3128880d6d99

Headers

DLL Characteristics

File Characteristics

Imports

dsound

comctl32

winmm

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

oledlg

gdiplus

xvidcore

mxtmediaclt

udt

ws2_32

dbghelp

oleacc

imm32

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 429KB - Virtual size: 428KB

.data Size: 81KB - Virtual size: 119KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 11.4MB - Virtual size: 11.4MB

.reloc Size: 247KB - Virtual size: 246KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 429KB - Virtual size: 428KB

.data
Size: 81KB - Virtual size: 119KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 11.4MB - Virtual size: 11.4MB

.reloc
Size: 247KB - Virtual size: 246KB