2024-01-28_5a45051869fb11ac406fbdc8ea9e31e2_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-28_5a45051869fb11ac406fbdc8ea9e31e2_mafia
Size

1.7MB
MD5

5a45051869fb11ac406fbdc8ea9e31e2
SHA1

04de3b8bbfbf357b9676480a7fd47ea94b565f24
SHA256

af9e512cccaff4a9f27589dac5ac17636cf0961b040a8f53dd42c78d89ae3718
SHA512

9cd357641facdb2f38c281b2b710f4907fb29b6b8a3a349b4b37f8889492a8d4a21815033d4c7adea59156cacfa37ab79a3a8cb74379e84c1deca9626830222b
SSDEEP

49152:PoJkawvmRb19qHlPyZBjHimwTbxiDmg27RnWGj:GkdmRb19PZBjHdmiD527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-28_5a45051869fb11ac406fbdc8ea9e31e2_mafia

Files

2024-01-28_5a45051869fb11ac406fbdc8ea9e31e2_mafia
.exe windows:5 windows x86 arch:x86

c6acab189d85daf53fd56697731cb394

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Webhost\06-07-2021\WindowsBuilds\DC_NATIVE\4175332\desktopcentral\ONPREMISE\SA_SRC\native\agent\Release\dcswmeter.pdb

Imports

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA
WTSQuerySessionInformationA

dclibxml2

xmlParseMemory
xmlCleanupParser
xmlNewTextReaderFilename
xmlStrcmp
xmlFreeTextReader
xmlTextReaderRead
xmlTextReaderName
xmlTextReaderDepth
xmlTextReaderValue
xmlFreeDoc
xmlTextReaderGetAttribute
xmlTextReaderAttributeCount
xmlNodeListGetString
xmlFree
xmlParseFile
xmlDocGetRootElement

psapi

EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW
EnumProcesses

iphlpapi

GetAdaptersInfo

dcagenthttp

freeDCAgenthttp
AgentSendRequestEx

userenv

UnloadUserProfile
DestroyEnvironmentBlock
LoadUserProfileA
CreateEnvironmentBlock

crypt32

CertOpenStore
CertFreeCertificateContext
CertGetNameStringA
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertCloseStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CryptStringToBinaryA
CertCreateCertificateContext
PFXImportCertStore
PFXVerifyPassword
CertDeleteCertificateFromStore
CertVerifyTimeValidity

wsock32

WSAStartup
WSACleanup
WSAGetLastError

winhttp

WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetOption
WinHttpSendRequest
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpQueryOption
WinHttpWriteData

netapi32

NetGetJoinInformation
DsGetDcNameA
NetApiBufferFree

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

DuplicateHandle
HeapFree
HeapAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetCPInfo
LCMapStringW
UnhandledExceptionFilter
IsDebuggerPresent
FindResourceExW
FindResourceW
LoadResource
SetUnhandledExceptionFilter
GetCurrentProcess
SetEvent
GetModuleHandleW
WideCharToMultiByte
LoadLibraryW
Sleep
SizeofResource
GetLastError
GetProcAddress
ResetEvent
LockResource
WaitForMultipleObjects
SetProcessShutdownParameters
CloseHandle
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
ReleaseMutex
SystemTimeToFileTime
GetLogicalDriveStringsW
GetProcessTimes
OpenProcess
GetLocalTime
ProcessIdToSessionId
CreateEventW
QueryDosDeviceW
GetSystemTime
MultiByteToWideChar
CreateMutexW
SetThreadPriority
FindFirstFileW
CreateDirectoryW
WriteFile
CreateFileW
CreateDirectoryA
FindClose
FindNextFileW
DeleteFileW
GetACP
LeaveCriticalSection
ReadFile
GetFileSizeEx
EnterCriticalSection
DeleteCriticalSection
CreateFileA
FormatMessageA
GetUserDefaultLangID
ReadProcessMemory
FormatMessageW
GetVersionExW
FileTimeToSystemTime
lstrlenW
BackupRead
BackupWrite
Process32NextW
GetModuleHandleA
RtlUnwind
LocalFree
lstrcpyW
CreateTimerQueue
SetConsoleMode
CreateTimerQueueTimer
DeleteTimerQueue
SetConsoleCtrlHandler
DeleteTimerQueueTimer
GetCurrentThreadId
CreateMutexA
SuspendThread
ResumeThread
GetEnvironmentVariableA
GetFileSize
FindFirstFileA
LoadLibraryA
GetLocaleInfoA
FreeLibrary
Process32Next
TerminateProcess
GetExitCodeProcess
Process32First
GetVersionExA
DeleteFileA
FindNextFileA
GetSystemInfo
GetTimeZoneInformation
CreateProcessA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetTickCount
SystemTimeToTzSpecificLocalTime
CopyFileA
QueryPerformanceCounter
GlobalFree
GlobalAlloc
GetComputerNameExW
lstrlenA
FlushFileBuffers
GetCurrentProcessId
CopyFileW
SetFilePointer
SetCurrentDirectoryW
GetCurrentDirectoryW
GetSystemDirectoryA
LocalAlloc
DisconnectNamedPipe
ConnectNamedPipe
GetOEMCP
lstrcmpW
lstrcmpiA
GetNativeSystemInfo
GetFileAttributesExA
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
GetFileType
TlsFree
SetLastError
PeekNamedPipe
DecodePointer
GetFileInformationByHandle
ExitProcess
GetSystemTimeAsFileTime
FindFirstFileExA
RaiseException
InterlockedExchange
HeapReAlloc
HeapSize
GetProcessHeap
ExitThread
CreateThread
GetCommandLineW
HeapSetInformation
FileTimeToLocalFileTime
CreateToolhelp32Snapshot
HeapCreate
IsProcessorFeaturePresent
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
GetDriveTypeA
EncodePointer
MoveFileExA
GetModuleFileNameA
LocalLock
LocalUnlock
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoW
GetConsoleCP
GetConsoleMode
GetFullPathNameA
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetFileAttributesA
CreatePipe
WriteConsoleW
GetDriveTypeW
SetEndOfFile
VirtualQuery
CompareStringW
SetEnvironmentVariableA
InitializeCriticalSection
CreateNamedPipeA

user32

wsprintfW
MessageBoxA

advapi32

LogonUserA
CreateProcessAsUserA
RegDeleteValueA
RegCreateKeyExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
ControlService
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptAcquireContextA
CryptGetUserKey
CryptGenKey
CryptReleaseContext
CryptDestroyKey
ImpersonateLoggedOnUser
RevertToSelf
CreateProcessAsUserW
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
IsValidSid
AllocateAndInitializeSid
QueryServiceStatus
LookupAccountSidW
LookupPrivilegeValueW
RegQueryValueExW
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenServiceW
OpenSCManagerW
GetSidSubAuthority
CloseServiceHandle
GetSidIdentifierAuthority
OpenProcessToken
RegDeleteKeyA
RegDeleteValueW
RegEnumKeyA
LookupPrivilegeNameA
RegOpenKeyA
LookupPrivilegeValueA
RegSetValueExA
CryptGetHashParam
LookupAccountSidA

shell32

SHCreateDirectoryExW
SHCreateDirectoryExA

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoUninitialize

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
SysAllocStringByteLen
SysAllocString
VariantChangeType
VariantInit
VariantClear
SysStringLen

odbc32

ord43
ord39
ord29
ord36
ord11
ord18
ord8
ord4
ord26
ord72
ord48
ord49
ord13
ord3
ord19
ord12
ord16
ord20
ord2
ord1
ord31
ord41
ord9

shlwapi

StrStrIA
StrTrimA
PathFindExtensionA

Sections

.text
Size: 823KB - Virtual size: 822KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 628KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c6acab189d85daf53fd56697731cb394

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtsapi32

dclibxml2

psapi

iphlpapi

dcagenthttp

userenv

crypt32

wsock32

winhttp

netapi32

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

odbc32

shlwapi

Sections

.text Size: 823KB - Virtual size: 822KB

.rdata Size: 227KB - Virtual size: 226KB

.data Size: 55KB - Virtual size: 65KB

.rsrc Size: 512B - Virtual size: 504B

.reloc Size: 628KB - Virtual size: 632KB

.text
Size: 823KB - Virtual size: 822KB

.rdata
Size: 227KB - Virtual size: 226KB

.data
Size: 55KB - Virtual size: 65KB

.rsrc
Size: 512B - Virtual size: 504B

.reloc
Size: 628KB - Virtual size: 632KB