2024-02-03_f161cce3bea0c33a2850f5c1fbc65c84_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-03_f161cce3bea0c33a2850f5c1fbc65c84_mafia
Size

453KB
MD5

f161cce3bea0c33a2850f5c1fbc65c84
SHA1

4288937f16dcc7deb94e0cee9c6dbe2284a918e6
SHA256

57437f0a1bd517a5bd5aae174d552377fb1fbdef88a8f4b4da29d4a296e6baa6
SHA512

5602d05f830cf53bb71ce06260935502252f813b800d157d222bec4f09d5bd896e076965a6e7853f3af434524dd04f0812ca8e3454e1c4d886278f3bc9668f8e
SSDEEP

6144:/+2Rvo+YHCO1zHpc+Wyk/IFRYpWPcjr5rPC9q8oLdc956KqV:/nTWpc+WykPm2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-03_f161cce3bea0c33a2850f5c1fbc65c84_mafia

Files

2024-02-03_f161cce3bea0c33a2850f5c1fbc65c84_mafia
.exe windows:5 windows x86 arch:x86

332c3b7a7708f813d0d0be887aaa6f1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\C++-Programme\8GadgetPack\Release\8GadgetPack.pdb

Imports

kernel32

CreateProcessW
MoveFileExW
GetCurrentProcess
CreateDirectoryW
WaitForSingleObject
GetTickCount
GetPrivateProfileStringW
WriteFile
OpenProcess
WideCharToMultiByte
Sleep
CopyFileW
Wow64DisableWow64FsRedirection
GetExitCodeProcess
Wow64RevertWow64FsRedirection
GetFileAttributesW
TerminateProcess
GetModuleFileNameW
CreateFileW
lstrlenW
WritePrivateProfileStringW
GetTempPathW
GetLastError
SetLastError
GetLocalTime
Process32FirstW
ProcessIdToSessionId
DebugActiveProcessStop
Process32NextW
ContinueDebugEvent
CreateToolhelp32Snapshot
WaitForDebugEvent
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
LocalFree
SetFileAttributesW
CreateThread
ExpandEnvironmentStringsW
SetEndOfFile
InitializeCriticalSection
WriteConsoleW
SetStdHandle
HeapReAlloc
RtlUnwind
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
GetStringTypeW
CreateMutexW
GetTempFileNameW
GetCommandLineW
DebugActiveProcess
DeleteFileW
FindNextFileW
RemoveDirectoryW
IsWow64Process
FindClose
GetProcAddress
FindFirstFileW
VerifyVersionInfoW
GetVersionExW
LoadLibraryW
LCMapStringW
MultiByteToWideChar
HeapSize
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
FlushFileBuffers
GetConsoleMode
VerSetConditionMask
FreeLibrary
ReleaseMutex
GetConsoleCP
SetFilePointer
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
HeapAlloc
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
ExitProcess
ReadFile
GetProcessHeap

user32

UnhookWindowsHookEx
CharUpperW
PostMessageW
ReleaseDC
EnumWindows
GetClassNameW
SetWindowsHookExW
FindWindowW
MessageBoxW
SendMessageW
GetWindowThreadProcessId
EnumThreadWindows
GetDC

gdi32

DeleteObject
GetDeviceCaps

advapi32

RegGetValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegCreateKeyExW

shell32

CommandLineToArgvW
ShellExecuteExW
ShellExecuteW
ExtractIconExW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

comctl32

ord345
ord17

shlwapi

StrToIntExW

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

332c3b7a7708f813d0d0be887aaa6f1b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

shlwapi

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 5KB - Virtual size: 19KB

.rsrc Size: 290KB - Virtual size: 290KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 5KB - Virtual size: 19KB

.rsrc
Size: 290KB - Virtual size: 290KB

.reloc
Size: 10KB - Virtual size: 10KB