2024-02-03_e69c70e72021e60874bafacb8de891bd_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-03_e69c70e72021e60874bafacb8de891bd_mafia
Size

1.9MB
MD5

e69c70e72021e60874bafacb8de891bd
SHA1

3a523690ab4a1390f91afb77a24be34db53f730d
SHA256

7a1aafcf80578999078d2e39612d66f6b6ab569aadacfdc0650b8cf810813cec
SHA512

7d07aebfaeae26869176779182675da09300222964d9667e2e06895f559965f9e081c91aaafa187645033bffc570e337e09e50c46e7e4c0e35b553eead2445a6
SSDEEP

24576:PlfDSsPk+IuZUP6ENk8Sm2JOt934J7Z6bQaj1BvUm9J:PlD0+IuZUPY8sJE3jM2ce

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-03_e69c70e72021e60874bafacb8de891bd_mafia

Files

2024-02-03_e69c70e72021e60874bafacb8de891bd_mafia
.exe windows:5 windows x86 arch:x86

5ad0ad49aafdae13f3c4a6cf407102c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\TFS\UA\Release\Retail_2016\Nano\Source\Code\Deploy\PSANInstall\Project\Win32\Release\PSANCU.pdb

Imports

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

kernel32

FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetLastError
GetCurrentProcess
GetModuleHandleW
CreateFileW
MultiByteToWideChar
LocalAlloc
LocalFree
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
GetSystemDirectoryW
GetPrivateProfileStructW
WritePrivateProfileStructW
WritePrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileIntW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
SetDllDirectoryW
MoveFileExW
SetEvent
GetTickCount
OpenProcess
GetFileAttributesW
TerminateProcess
ReadFile
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenEventW
GetVersionExW
CreateMutexW
OpenMutexW
ReleaseMutex
GetProcessHeap
SetEndOfFile
WriteConsoleW
SetStdHandle
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
FlushFileBuffers
DeleteFileW
FindNextFileW
RemoveDirectoryW
LockResource
FindClose
MoveFileW
SizeofResource
CopyFileW
Sleep
CreateDirectoryW
LoadResource
FindResourceW
FindResourceExW
FindFirstFileW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetCurrentThreadId
GetProcAddress
GetModuleFileNameW
GetExitCodeProcess
LoadLibraryW
WaitForSingleObject
HeapSetInformation
CreateProcessW
GetCommandLineW
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
GetFileType
SetHandleCount
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetStdHandle
WriteFile
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetStringTypeW
InterlockedCompareExchange
WideCharToMultiByte
RaiseException
LoadLibraryA
InterlockedExchange
RtlUnwind
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
ExitProcess
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
SetLastError
TlsFree
TlsSetValue
GetStartupInfoW

user32

wsprintfW

advapi32

ClearEventLogW
CloseEventLog
RegSetValueExW
RegisterTraceGuidsW
ControlService
GetTraceEnableLevel
QueryServiceStatusEx
UnregisterTraceGuids
RegDeleteValueW
StartServiceW
GetTraceLoggerHandle
GetTraceEnableFlags
RegCreateKeyExW
RegEnumKeyW
OpenServiceW
OpenEventLogW
OpenSCManagerW
CloseServiceHandle
RegOpenKeyW
TraceEvent
CryptDecrypt
CryptDestroyKey
CryptImportKey
CryptReleaseContext
CryptSetKeyParam
CryptAcquireContextW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
CommandLineToArgvW
SHFileOperationW

ole32

CoUninitialize
CoInitializeEx
OleRun
CoCreateInstance

oleaut32

VarDateFromStr
SafeArrayCopy
SafeArrayGetUBound
SysFreeString
SafeArrayGetVartype
SafeArrayLock
SafeArrayRedim
VariantChangeType
VariantInit
SafeArrayCreate
SafeArrayUnlock
SafeArrayDestroy
VariantCopy
VariantClear
SafeArrayGetLBound
SysStringLen
SysAllocString

shlwapi

PathAppendW
PathRemoveFileSpecW
SHDeleteKeyW
PathFileExistsW

Sections

.text
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5ad0ad49aafdae13f3c4a6cf407102c7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 401KB - Virtual size: 400KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 9KB - Virtual size: 26KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1.4MB - Virtual size: 2.2MB

.text
Size: 401KB - Virtual size: 400KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 9KB - Virtual size: 26KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1.4MB - Virtual size: 2.2MB