2024-02-03_c96e366b8f78571e2f7fdfa226c243fd_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-03_c96e366b8f78571e2f7fdfa226c243fd_mafia
Size

1.9MB
MD5

c96e366b8f78571e2f7fdfa226c243fd
SHA1

43a2ca06dbc512ea583a9a5395948aa1f92d536c
SHA256

1c88c26bcc35cd77f89c91ec6c173175a55611661920fd809f1a81c269c8d77a
SHA512

0471e8b0cfc7d3650def1e24b19e13379a7cddccc176d31887d92ef20b738f7938a192aaf2f5f69c0b122f1b9b33358226c0e361a2e2e8f17965bc7b7eae6b85
SSDEEP

24576:ylfDSsPk+IuZUP6ENk8Si2JOt934J7Z6bQaj1BvUm9J:ylD0+IuZUPY80JE3jM2ce

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-03_c96e366b8f78571e2f7fdfa226c243fd_mafia

Files

2024-02-03_c96e366b8f78571e2f7fdfa226c243fd_mafia
.exe windows:5 windows x86 arch:x86

5ad0ad49aafdae13f3c4a6cf407102c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\TFS\UA\Release\Retail_2016\Nano\Source\Code\Deploy\PSANInstall\Project\Win32\Release\PSANCU.pdb

Imports

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

kernel32

FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetLastError
GetCurrentProcess
GetModuleHandleW
CreateFileW
MultiByteToWideChar
LocalAlloc
LocalFree
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
GetSystemDirectoryW
GetPrivateProfileStructW
WritePrivateProfileStructW
WritePrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileIntW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
SetDllDirectoryW
MoveFileExW
SetEvent
GetTickCount
OpenProcess
GetFileAttributesW
TerminateProcess
ReadFile
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenEventW
GetVersionExW
CreateMutexW
OpenMutexW
ReleaseMutex
GetProcessHeap
SetEndOfFile
WriteConsoleW
SetStdHandle
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
FlushFileBuffers
DeleteFileW
FindNextFileW
RemoveDirectoryW
LockResource
FindClose
MoveFileW
SizeofResource
CopyFileW
Sleep
CreateDirectoryW
LoadResource
FindResourceW
FindResourceExW
FindFirstFileW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetCurrentThreadId
GetProcAddress
GetModuleFileNameW
GetExitCodeProcess
LoadLibraryW
WaitForSingleObject
HeapSetInformation
CreateProcessW
GetCommandLineW
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
GetFileType
SetHandleCount
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetStdHandle
WriteFile
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetStringTypeW
InterlockedCompareExchange
WideCharToMultiByte
RaiseException
LoadLibraryA
InterlockedExchange
RtlUnwind
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
ExitProcess
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
SetLastError
TlsFree
TlsSetValue
GetStartupInfoW

user32

wsprintfW

advapi32

ClearEventLogW
CloseEventLog
RegSetValueExW
RegisterTraceGuidsW
ControlService
GetTraceEnableLevel
QueryServiceStatusEx
UnregisterTraceGuids
RegDeleteValueW
StartServiceW
GetTraceLoggerHandle
GetTraceEnableFlags
RegCreateKeyExW
RegEnumKeyW
OpenServiceW
OpenEventLogW
OpenSCManagerW
CloseServiceHandle
RegOpenKeyW
TraceEvent
CryptDecrypt
CryptDestroyKey
CryptImportKey
CryptReleaseContext
CryptSetKeyParam
CryptAcquireContextW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
CommandLineToArgvW
SHFileOperationW

ole32

CoUninitialize
CoInitializeEx
OleRun
CoCreateInstance

oleaut32

VarDateFromStr
SafeArrayCopy
SafeArrayGetUBound
SysFreeString
SafeArrayGetVartype
SafeArrayLock
SafeArrayRedim
VariantChangeType
VariantInit
SafeArrayCreate
SafeArrayUnlock
SafeArrayDestroy
VariantCopy
VariantClear
SafeArrayGetLBound
SysStringLen
SysAllocString

shlwapi

PathAppendW
PathRemoveFileSpecW
SHDeleteKeyW
PathFileExistsW

Sections

.text
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5ad0ad49aafdae13f3c4a6cf407102c7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 401KB - Virtual size: 400KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 9KB - Virtual size: 26KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1.4MB - Virtual size: 2.2MB

.text
Size: 401KB - Virtual size: 400KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 9KB - Virtual size: 26KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1.4MB - Virtual size: 2.2MB