2024-02-03_af40b7efd60f5b81d93e2fef97808064_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-03_af40b7efd60f5b81d93e2fef97808064_mafia
Size

1.9MB
MD5

af40b7efd60f5b81d93e2fef97808064
SHA1

083b3b95d090a15bc0fdcc5e6fcf5cea159dbe7a
SHA256

75c8166c47a87613f0f9d3f31325bc8da16f0b5f45c39397c8285ade5944d430
SHA512

9f9785cac69a7f139d01c62814bf51b4ffe08aaa7fcb46e5cd93c5d40a3b60d48cc5fd38adf0d9f4cfd7bd8e107de3e981e45081c857e595c3f9774b3cd8568a
SSDEEP

49152:qsAWM99UBRCQSbTBz/CxAMJcU8E/U4Pc0xPqYJx3ehZNBij:8WM99UBPOBz/Cx7JcU8EC0xyYJx3e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-03_af40b7efd60f5b81d93e2fef97808064_mafia

Files

2024-02-03_af40b7efd60f5b81d93e2fef97808064_mafia
.exe windows:5 windows x86 arch:x86

5b5096a02f029d1c86683b3224683596

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\YAN\Documents\개발 프로젝트\OneWay\FileAgent\OneWayFileRecvProgram\Release\OneWayFileRecvProgram.pdb

Imports

kernel32

lstrcmpA
CreateMutexW
ReleaseMutex
InterlockedExchange
LoadLibraryExW
GetLocaleInfoW
GetSystemDefaultUILanguage
CreateActCtxW
GetUserDefaultUILanguage
GetCurrentThread
lstrcpyW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
SetThreadPriority
SuspendThread
GlobalReAlloc
FindNextFileW
FileTimeToLocalFileTime
GetSystemDirectoryW
InterlockedIncrement
LocalAlloc
TlsGetValue
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalGetAtomNameW
GetThreadLocale
GlobalFlags
GetCurrentDirectoryW
lstrcmpiW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
GetFullPathNameW
GetTempFileNameW
GetTempPathW
GetWindowsDirectoryW
GetNumberFormatW
GetTickCount
GetProfileIntW
SearchPathW
SetErrorMode
GetFileAttributesExW
GetFileSizeEx
GetFileTime
VirtualProtect
GetUserDefaultLCID
FindResourceExW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
HeapFree
DecodePointer
EncodePointer
GetDriveTypeA
FindFirstFileExA
GetTimeZoneInformation
HeapAlloc
RtlUnwind
RaiseException
HeapReAlloc
ExitProcess
ExitThread
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
HeapQueryInformation
SetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetStringTypeW
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
GetDriveTypeW
GetProcessHeap
SetEnvironmentVariableA
GetCurrentProcessId
GetModuleFileNameW
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
FreeLibrary
lstrcmpW
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
FileTimeToSystemTime
InterlockedDecrement
GetSystemTimeAsFileTime
ReleaseActCtx
GetFileSize
GetFileAttributesW
ResumeThread
CreateThread
SetEvent
ResetEvent
CreateDirectoryW
CreateFileW
MoveFileW
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ActivateActCtx
GetProcAddress
GetModuleHandleW
LoadLibraryW
DeactivateActCtx
SetLastError
CreateEventW
CreateSemaphoreW
Sleep
FindClose
FindFirstFileW
lstrlenA
GetLastError
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
ConvertDefaultLocale
SizeofResource

user32

SetRectEmpty
IntersectRect
OpenClipboard
CopyImage
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
DestroyIcon
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
OffsetRect
DeleteMenu
SetWindowRgn
SetCapture
WindowFromPoint
ReleaseCapture
MessageBeep
NotifyWinEvent
GetAsyncKeyState
IsZoomed
CharUpperW
UnionRect
EnableScrollBar
UpdateLayeredWindow
MonitorFromPoint
IsMenu
CreatePopupMenu
SetMenuDefaultItem
GetMenuDefaultItem
UnregisterClassW
WaitMessage
CharNextW
CopyAcceleratorTableW
SetRect
InvalidateRgn
GetNextDlgGroupItem
DrawEdge
DrawFrameControl
DrawFocusRect
DrawIconEx
SetParent
DestroyAcceleratorTable
SetClassLongW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
SetCursorPos
BringWindowToTop
LockWindowUpdate
InvertRect
HideCaret
GetIconInfo
RegisterClipboardFormatW
FrameRect
TranslateAcceleratorW
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
CopyIcon
CharUpperBuffW
PostThreadMessageW
GetDoubleClickTime
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
IsCharLowerW
MapVirtualKeyExW
SubtractRect
DestroyCursor
GetWindowRgn
TabbedTextOutW
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
TranslateMessage
IsRectEmpty
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowLongW
SetWindowLongW
SetWindowPos
PtInRect
GetWindow
MapVirtualKeyW
GetKeyNameTextW
ReleaseDC
GetDC
CopyRect
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetClassNameW
LoadBitmapW
InvalidateRect
UpdateWindow
FillRect
DrawStateW
EnableWindow
SendMessageW
LoadIconW
GetSystemMenu
AppendMenuW
GetClientRect
IsIconic
GetSystemMetrics
DrawIcon
PostMessageW
SetTimer
KillTimer
IsWindow
GetParent
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
ShowOwnedPopups
SetCursor
GetMessageW
LoadMenuW
GetCursorPos
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
SetMenuItemBitmaps

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetFileInfoW
ShellExecuteW
SHAppBarMessage
DragFinish
DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation

oleaut32

VariantChangeType
VariantInit
SysAllocString
SysStringLen
VariantClear
SysAllocStringLen
SysFreeString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect

libcurl

curl_global_init
curl_easy_setopt
curl_slist_append
curl_easy_perform
curl_slist_free_all
curl_easy_cleanup
curl_global_cleanup
curl_easy_strerror
curl_easy_init

msimg32

TransparentBlt
AlphaBlend

comctl32

InitCommonControlsEx
ImageList_GetIconSize
ImageList_Create

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathRemoveFileSpecW

oledlg

OleUIBusyW

gdiplus

GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromStream
GdipGetImageWidth
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDrawImageI

ws2_32

socket
inet_addr
htons
bind
listen
ioctlsocket
select
accept
closesocket
getpeername
inet_ntoa
recv
WSAGetLastError
WSAStartup
WSACleanup
setsockopt

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

gdi32

GetTextExtentPoint32W
SetDIBColorTable
RealizePalette
CreateCompatibleBitmap
CombineRgn
StretchBlt
SetPixel
CreateDIBSection
CreateDIBitmap
CreateSolidBrush
GetObjectW
GetStockObject
GetDeviceCaps
CopyMetaFileW
CreateDCW
CreateRectRgnIndirect
PatBlt
SetTextColor
SetBkColor
CreateBitmap
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
CreateFontIndirectW
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateHatchBrush
CreatePen
GetObjectType
SelectPalette
CreateCompatibleDC
CreatePatternBrush
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
DeleteObject
SetPixelV
GetTextFaceW
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
SetPaletteEntries
ExtFloodFill
EnumFontFamiliesExW
RectVisible
TextOutW
ExtTextOutW
Escape
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
SetRectRgn
OffsetRgn
GetMapMode
DPtoLP
CreateRoundRectRgn
GetBkColor
GetTextColor
GetRgnBox
CreateEllipticRgn
CreatePolygonRgn
Polyline
Ellipse
Polygon
Rectangle
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
SelectObject

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

comdlg32

GetFileTitleW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
CreateILockBytesOnHGlobal
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
CoTaskMemFree
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
OleGetClipboard

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b5096a02f029d1c86683b3224683596

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

oleaut32

libcurl

msimg32

comctl32

shlwapi

oledlg

gdiplus

ws2_32

oleacc

imm32

winmm

gdi32

winspool.drv

comdlg32

advapi32

ole32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 309KB - Virtual size: 309KB

.data Size: 27KB - Virtual size: 57KB

.rsrc Size: 89KB - Virtual size: 88KB

.reloc Size: 176KB - Virtual size: 176KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 309KB - Virtual size: 309KB

.data
Size: 27KB - Virtual size: 57KB

.rsrc
Size: 89KB - Virtual size: 88KB

.reloc
Size: 176KB - Virtual size: 176KB