2024-02-03_41f60e8da85478c7af5f4828e94cf075_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-03_41f60e8da85478c7af5f4828e94cf075_mafia
Size

1.3MB
MD5

41f60e8da85478c7af5f4828e94cf075
SHA1

7442d24ea5d5afc6e84ef16432f736417e22ef10
SHA256

b384a4e29a9fbbd0de752859a47dd0e5c823e420e59d8800c21b84ddf5c6070a
SHA512

8ecb567ea69521d94bbede7cb2318176cd79df4bdfd2c7aa434038f492a6ae387885a4a62010b3d80b0bdde6c8b530e86a676cb9273a4be1e94549723f9f3a82
SSDEEP

24576:qMjgWwghZY3ilMOF19U1oSoKvhnOKq2JOt934J7Z6bQaj1BvUm9J:RjgWwgk3i8oKv/JJE3jM2ce

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-03_41f60e8da85478c7af5f4828e94cf075_mafia

Files

2024-02-03_41f60e8da85478c7af5f4828e94cf075_mafia
.exe windows:5 windows x86 arch:x86

7baf1619b1357cacefe25a74ce35137a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\TFS\UA\Release\PandaZone\Nano\Source\Code\Deploy\PSANInstall\Project\Win32\Release\PSANCU.pdb

Imports

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

ws2_32

WSACleanup
WSAStartup
inet_addr
WSAGetLastError
htons
sendto
socket
closesocket

kernel32

CopyFileW
SizeofResource
MoveFileW
FindClose
LockResource
RemoveDirectoryW
FindNextFileW
DeleteFileW
FreeLibrary
LoadLibraryExW
InterlockedExchange
GetModuleHandleExW
GetLastError
GetCurrentProcess
GetModuleHandleW
GetVersionExW
MultiByteToWideChar
LocalAlloc
LocalFree
GetTickCount
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
GetSystemDirectoryW
GetPrivateProfileStructW
WritePrivateProfileStructW
WritePrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileIntW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
GetNativeSystemInfo
SetDllDirectoryW
MoveFileExW
Sleep
OpenProcess
GetFileAttributesW
TerminateProcess
ReadFile
CreateFileW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenEventW
GetCurrentProcessId
GetSystemTime
CreateMutexW
OpenMutexW
ReleaseMutex
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
GetFileType
SetHandleCount
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetStdHandle
WriteFile
CreateDirectoryW
LoadResource
FindResourceW
FindResourceExW
FindFirstFileW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetCurrentThreadId
GetProcAddress
GetModuleFileNameW
GetExitCodeProcess
LoadLibraryW
WaitForSingleObject
CreateProcessW
EnumSystemLocalesA
InterlockedCompareExchange
IsValidLocale
HeapReAlloc
SetStdHandle
WriteConsoleW
SetEndOfFile
GetProcessHeap
WideCharToMultiByte
LoadLibraryA
SetEvent
ExitProcess
HeapDestroy
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetStringTypeW
EncodePointer
DecodePointer
HeapFree
HeapAlloc
GetCPInfo
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RtlUnwind
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetACP
RaiseException

user32

wsprintfW

advapi32

RegEnumKeyW
CloseEventLog
RegisterTraceGuidsW
ClearEventLogW
ControlService
GetTraceEnableLevel
QueryServiceStatusEx
UnregisterTraceGuids
RegDeleteValueW
StartServiceW
GetTraceLoggerHandle
GetTraceEnableFlags
OpenEventLogW
RegOpenKeyW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegSetValueExW
TraceEvent
RegDeleteKeyW
RegCreateKeyExW
CryptDecrypt
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptSetKeyParam
CryptAcquireContextW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
CommandLineToArgvW
SHFileOperationW

ole32

CoInitializeEx
CoUninitialize
OleRun
CoCreateInstance

oleaut32

SafeArrayCopy
SysFreeString
SysStringByteLen
SafeArrayGetVartype
SafeArrayLock
SafeArrayRedim
VariantChangeType
VariantInit
SafeArrayCreate
SafeArrayUnlock
SafeArrayDestroy
SysAllocStringByteLen
VariantCopy
VariantClear
SafeArrayGetLBound
SysStringLen
SysAllocString
SafeArrayGetUBound

shlwapi

PathFileExistsW
PathAppendW
PathRemoveFileSpecW
SHDeleteKeyW

Sections

.text
Size: 535KB - Virtual size: 535KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 600KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7baf1619b1357cacefe25a74ce35137a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 535KB - Virtual size: 535KB

.rdata Size: 229KB - Virtual size: 228KB

.data Size: 10KB - Virtual size: 18KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 600KB - Virtual size: 604KB

.text
Size: 535KB - Virtual size: 535KB

.rdata
Size: 229KB - Virtual size: 228KB

.data
Size: 10KB - Virtual size: 18KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 600KB - Virtual size: 604KB