2024-01-27_1984c1db2dae87a3a7623d3c86fa66b0_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-27_1984c1db2dae87a3a7623d3c86fa66b0_mafia
Size

15.8MB
MD5

1984c1db2dae87a3a7623d3c86fa66b0
SHA1

2ec328549b3e00ce611d3a446ff9d0a9505f29a3
SHA256

4d7e48671759f2d0030c9190abf6ac623947cc5e2c977740cfe406111967205b
SHA512

ac5d63acb83eaf4fc99d3c6cc90f2be5d582629836c5407f6f54dd12b7c2dc962543e7b863145f980e529ecd9a1883d6af5031fb34efda99a762ce67d9fb356e
SSDEEP

196608:RiZwuxWOD26TDJDOt0DFquCagQZhzvilh2WhCeMuym+:WwuxWODBTVlhquCagQZhzvilh2WVtym

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-27_1984c1db2dae87a3a7623d3c86fa66b0_mafia

Files

2024-01-27_1984c1db2dae87a3a7623d3c86fa66b0_mafia
.exe windows:5 windows x86 arch:x86

9022a37e4f87afe0b6daf291580e4f2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
CreateFileMappingA
GetFileAttributesW
FindClose
GetCurrentDirectoryW
SetLastError
GetCommandLineA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetDriveTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
GetVersionExW
GetVolumeInformationW
LoadLibraryA
OutputDebugStringW
OutputDebugStringA
GenerateConsoleCtrlEvent
UnlockFile
GetSystemTimeAsFileTime
ReadProcessMemory
GetFileAttributesA
DeleteFileA
MapViewOfFile
GetCurrentDirectoryA
GetThreadContext
SuspendThread
Thread32Next
OpenThread
Thread32First
CreateToolhelp32Snapshot
GetProcessId
IsWow64Process
CreateProcessW
CopyFileW
CopyFileExW
CreateDirectoryW
CreateDirectoryExW
DeleteFileW
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
GetComputerNameW
GetFullPathNameW
GetTempFileNameW
MoveFileW
MoveFileExW
RemoveDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
SetVolumeLabelW
SetHandleInformation
CopyFileA
CopyFileExA
CreateDirectoryA
CreateDirectoryExA
CreateProcessA
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
GetComputerNameA
GetFileTime
GetSystemTime
GetFullPathNameA
GetTempFileNameA
MoveFileA
MoveFileExA
SetCurrentDirectoryA
SetFileAttributesA
SetVolumeLabelA
VirtualQuery
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapCreate
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
GetLocaleInfoA
GetThreadLocale
GetACP
GetTimeZoneInformation
GetFileInformationByHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
WriteConsoleW
IsProcessorFeaturePresent
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
SetHandleCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
InterlockedExchange
LCMapStringW
IsValidCodePage
GetOEMCP
CompareStringW
SetEnvironmentVariableA
GetDateFormatA
GetTimeFormatA
FindFirstFileExA
LocalFileTimeToFileTime
SetFileTime
GetStringTypeW
GetDateFormatW
GetTimeFormatW
FindFirstFileExW
SetEnvironmentVariableW
GetFileType
GetProcessHeap
GetCPInfo
RtlUnwind
GetConsoleCP
EncodePointer
HeapSetInformation
DecodePointer
ExitProcess
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OpenProcess
TerminateProcess
GetCurrentProcess
SetStdHandle
GetSystemInfo
GetCurrentThreadId
GetExitCodeProcess
RaiseException
IsDBCSLeadByteEx
GetStdHandle
MultiByteToWideChar
GetConsoleMode
WideCharToMultiByte
GetUserDefaultLangID
GetVersionExA
GetDriveTypeA
CreateFileA
DeviceIoControl
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThread
GetLogicalDrives
CompareFileTime
SetEndOfFile
GetProcAddress
FreeLibrary
SetEvent
Sleep
CloseHandle
PeekNamedPipe
WaitForSingleObject
WriteFile
SetFilePointer
GetLastError
ReadFile
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetModuleFileNameW
SystemTimeToFileTime
SetFilePointerEx
LoadLibraryW
ResetEvent
CreateEventW
CreateWaitableTimerA
SetWaitableTimer
DuplicateHandle
RemoveDirectoryA
ResumeThread
CreatePipe
IsDebuggerPresent
GetCurrentProcessId
CreateFileW
SetErrorMode

netapi32

NetApiBufferFree
NetRemoteTOD

ws2_32

select
getpeername
getsockname
ioctlsocket
setsockopt
getsockopt
shutdown
closesocket
listen
accept
connect
recvfrom
recv
sendto
bind
socket
__WSAFDIsSet
getnameinfo
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
WSAGetLastError
WSAStartup
WSACleanup
send

user32

PeekMessageA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenThreadToken
SetSecurityDescriptorGroup
AccessCheck
GetFileSecurityW
ImpersonateSelf
SetFileSecurityW
SetSecurityDescriptorOwner
GetSecurityDescriptorOwner
RevertToSelf
GetSecurityDescriptorGroup
GetUserNameA
LookupAccountNameW
LookupAccountNameA
LookupAccountSidW
LookupAccountSidA
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegConnectRegistryA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey

mpr

WNetGetConnectionA
WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum

psapi

GetModuleFileNameExA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

?CurrentKind@btkEvent@@1HA
?PRO_MACHINE_TYPE@@3PBDB
?PRO_OS_TYPE@@3PBDB
?StdStream@btkProcess@@2VDefaultStream@1@A
?mbsMode@btkMBStrFunc@@0PAVbtkOBSFunc@@A
icudt46_dat

Sections

.text
Size: 901KB - Virtual size: 901KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14.8MB - Virtual size: 14.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9022a37e4f87afe0b6daf291580e4f2a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

netapi32

ws2_32

user32

advapi32

mpr

psapi

version

Exports

Exports

Sections

.text Size: 901KB - Virtual size: 901KB

.rdata Size: 14.8MB - Virtual size: 14.8MB

.data Size: 52KB - Virtual size: 247KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 146KB - Virtual size: 145KB

.text
Size: 901KB - Virtual size: 901KB

.rdata
Size: 14.8MB - Virtual size: 14.8MB

.data
Size: 52KB - Virtual size: 247KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 146KB - Virtual size: 145KB