2024-02-04_89bc8006eafd80c34cd5275718860544_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-04_89bc8006eafd80c34cd5275718860544_mafia
Size

18.5MB
MD5

89bc8006eafd80c34cd5275718860544
SHA1

a32a88128fb143960fc4fbf863c5221ada8f6fed
SHA256

cbf6f095587edc65be1161b3665ecdfe51c502fb4125c2fb1929e981e29a3c87
SHA512

d396b468ac50767868f73ab3d7f9a55a42d76588f352863f00a4233d55b43dcf9e771d608619493a84e7ddc9c35043fc4b60540820e11a1a318897487c421dd4
SSDEEP

393216:HEq+npwf+phsDFbKFdu9ZEKno3bXhFGQOzgDW7kMkm1YJoHZ:Hv+pO7EKno3bXhZ8wo5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-04_89bc8006eafd80c34cd5275718860544_mafia

Files

2024-02-04_89bc8006eafd80c34cd5275718860544_mafia
.exe windows:5 windows x86 arch:x86

37c6e3b492d35956b230f67462eed292

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetGlyphOutlineA
EqualRgn
CreatePalette
GetCharABCWidthsFloatW
CreateBitmap
CreateDIBSection
CreatePolygonRgn
GdiFlush
SelectPalette
SelectClipRgn
GetTextFaceA
CombineRgn
GetPaletteEntries
CreateCompatibleDC
GetTextCharsetInfo
GetTextMetricsW
SelectObject
GetDeviceCaps
SetWorldTransform
GetGlyphOutlineW
CreateEllipticRgn
GetStockObject
GetTextExtentPoint32W
GetRgnBox
GetCharABCWidthsA
BitBlt
EnumFontFamiliesExW
SetTextColor
CreateFontIndirectA
GetOutlineTextMetricsA
PtInRegion
ExtCreateRegion
GetDIBits
OffsetRgn
DeleteDC
GetTextFaceW
CreateRectRgn
CreateCompatibleBitmap
RealizePalette
GetObjectW
EnumFontFamiliesExA
GetTextMetricsA
CreateFontIndirectW
SetGraphicsMode
GetCharABCWidthsW
ExtTextOutW
SetTextAlign
GetRegionData
GetFontData
SetBkMode
DeleteObject
GetObjectA

oleaut32

VariantInit
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocString

imm32

ImmGetContext
ImmSetCandidateWindow
ImmGetDefaultIMEWnd
ImmAssociateContext
ImmNotifyIME
ImmGetCompositionStringW
ImmReleaseContext
ImmSetCompositionFontA
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmGetCompositionStringA

winmm

PlaySoundW
PlaySoundA

ws2_32

gethostname
ioctlsocket
__WSAFDIsSet
select
recvfrom
sendto
htonl
listen
accept
getaddrinfo
WSAResetEvent
WSASetLastError
connect
socket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
freeaddrinfo
recv
WSAEventSelect
WSACloseEvent
WSACreateEvent
WSAIoctl
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAStartup
WSACleanup
WSAGetLastError
send
closesocket
WSAAsyncSelect

ole32

RevokeDragDrop
OleUninitialize
OleInitialize
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleSetClipboard
OleFlushClipboard
CoLockObjectExternal
RegisterDragDrop
StringFromGUID2
CoInitialize
CoCreateInstance
ReleaseStgMedium
CoTaskMemFree
CoGetMalloc
CoCreateGuid
CoUninitialize

user32

SetParent
DispatchMessageA
DispatchMessageW
GetWindowLongW
MapVirtualKeyA
SetForegroundWindow
SetWindowLongA
RegisterClipboardFormatA
RegisterClassW
ChangeClipboardChain
EndPaint
SetCursor
InvalidateRect
GetDesktopWindow
MoveWindow
GetWindowRect
DestroyCursor
GetWindowLongA
MsgWaitForMultipleObjectsEx
GetClipboardFormatNameW
EnableMenuItem
PeekMessageA
LoadImageW
GetClipboardFormatNameA
DrawIconEx
GetWindowPlacement
RegisterClipboardFormatW
UnregisterClassW
GetFocus
SetClipboardViewer
ScreenToClient
SetWindowTextW
DestroyWindow
GetSysColor
ClientToScreen
MapVirtualKeyW
GetClassInfoA
DestroyIcon
GetKeyboardLayoutList
BeginPaint
SetCaretPos
GetActiveWindow
ScrollWindowEx
InvalidateRgn
ClipCursor
GetUpdateRect
CreateCaret
CreateWindowExW
ToAscii
RegisterWindowMessageW
IsChild
RegisterClassA
SetMenuItemInfoW
SystemParametersInfoW
GetKeyboardState
SetDoubleClickTime
TrackPopupMenuEx
DefWindowProcA
GetSystemMetrics
GetCursorPos
KillTimer
GetSystemMenu
SetWindowLongW
GetParent
RegisterWindowMessageA
SetWindowPos
UnhookWindowsHookEx
PostMessageA
ShowWindow
GetSysColorBrush
HideCaret
GetDC
DefWindowProcW
GetDoubleClickTime
CreateCursor
SendMessageW
SetWindowPlacement
UnregisterClassA
SetCapture
ReleaseDC
GetMenu
PeekMessageW
SetCursorPos
GetKeyState
SetFocus
IsZoomed
LoadCursorW
GetIconInfo
CreateWindowExA
GetCaretBlinkTime
UpdateWindow
SendMessageA
ReleaseCapture
SetWindowRgn
ToUnicode
ValidateRgn
SetCaretBlinkTime
CreateIconIndirect
SystemParametersInfoA
GetClassInfoW
CharNextExA
LoadIconA
IsWindowVisible
WindowFromPoint
DestroyCaret
TranslateMessage
AdjustWindowRectEx
SetWindowTextA
IsIconic
PostMessageW
LoadCursorA
MessageBeep
LoadIconW
GetKeyboardLayout
GetClientRect
GetWindowRgn
SetTimer

advapi32

RegDeleteValueW
RegQueryInfoKeyA
RegEnumKeyExW
RegOpenKeyExA
RegCloseKey
CryptDestroyKey
CryptGetHashParam
RegSetValueExA
RegEnumValueA
RegSetValueExW
CryptReleaseContext
RegEnumValueW
CryptDestroyHash
RegQueryValueExW
RegFlushKey
RegQueryValueExA
CryptHashData
CryptAcquireContextA
RegCreateKeyExA
CryptCreateHash
RegDeleteKeyW
RegDeleteKeyA
CryptGenRandom
RegEnumKeyExA
CryptEncrypt
RegDeleteValueA
RegQueryInfoKeyW
CryptImportKey
RegOpenKeyExW
RegCreateKeyExW

shell32

ShellExecuteA
ShellExecuteW

kernel32

GlobalUnlock
CreateFileA
FileTimeToSystemTime
RemoveDirectoryW
GetModuleFileNameW
EncodePointer
IsDebuggerPresent
GetProcAddress
TlsGetValue
FindFirstFileW
GetModuleHandleA
LocalFree
PeekNamedPipe
FindNextFileA
MoveFileW
IsValidLocale
VerSetConditionMask
InterlockedIncrement
SetEnvironmentVariableA
UnmapViewOfFile
RtlUnwind
QueryPerformanceCounter
ExitThread
GetEnvironmentVariableA
GetConsoleMode
FreeEnvironmentStringsW
RemoveDirectoryA
SetErrorMode
GetUserDefaultLangID
GetProcessHeap
HeapReAlloc
CreateProcessW
GetThreadPriority
GetEnvironmentStringsW
WriteConsoleW
GetDateFormatW
UnhandledExceptionFilter
SetThreadPriority
IsValidCodePage
SetUnhandledExceptionFilter
EnterCriticalSection
GetStringTypeW
GetStartupInfoW
GetFileAttributesW
OpenFileMappingW
SetEndOfFile
GetFileSizeEx
DecodePointer
GetTickCount
GetDriveTypeA
HeapSize
SetCurrentDirectoryA
CopyFileA
SetHandleCount
HeapSetInformation
InterlockedDecrement
GetTimeFormatA
FreeLibrary
WaitForMultipleObjects
GetUserDefaultLCID
TlsFree
OutputDebugStringA
DeleteFileA
GetCommandLineW
TerminateThread
OutputDebugStringW
CloseHandle
IsProcessorFeaturePresent
WideCharToMultiByte
DuplicateHandle
CreateFileW
GetDriveTypeW
GetFileType
WriteFile
VirtualQuery
EnumSystemLocalesA
GetFileAttributesExA
GetFullPathNameA
SetCurrentDirectoryW
FileTimeToLocalFileTime
TerminateProcess
MoveFileExA
GetModuleFileNameA
RaiseException
GlobalLock
TlsAlloc
GetSystemDirectoryA
LoadLibraryW
FormatMessageW
GetLogicalDrives
SetFileAttributesW
ReadFile
HeapCreate
GetLastError
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
TlsSetValue
lstrcmpW
FindFirstFileA
GetFileAttributesExW
GetStdHandle
InitializeCriticalSection
GetCommandLineA
ResetEvent
SystemTimeToTzSpecificLocalTime
LCMapStringW
GetDateFormatA
ReleaseSemaphore
GetFileAttributesA
GetCurrentProcess
FindFirstFileExA
SystemTimeToFileTime
CopyFileW
FindClose
SetFilePointer
ExitProcess
MapViewOfFile
DeleteFileW
GetTimeFormatW
GetACP
GetCurrentThread
GlobalAlloc
LoadLibraryA
GetSystemInfo
HeapFree
OpenFileMappingA
DeleteCriticalSection
CreateEventA
CreateFileMappingW
HeapAlloc
CreateDirectoryA
MultiByteToWideChar
GetCurrentDirectoryW
SetFileAttributesA
GetVersionExA
FindNextFileW
FormatMessageA
CreateProcessA
SetLastError
CreateDirectoryW
InterlockedExchange
GetFileTime
WaitForSingleObject
CreateSemaphoreW
ResumeThread
GetLocalTime
GetTimeZoneInformation
GetOEMCP
FlushFileBuffers
GetCurrentThreadId
GetCurrentProcessId
MoveFileA
ExpandEnvironmentStringsA
CreateThread
SetStdHandle
GetFullPathNameW
CreateSemaphoreA
GetCPInfo
GetCurrentDirectoryA
QueryPerformanceFrequency
CompareStringW
GetLocaleInfoW
GlobalSize
SleepEx
LeaveCriticalSection
CreateFileMappingA
GetConsoleCP
GetFileSize
GetFileInformationByHandle
Sleep
VerifyVersionInfoW
GetTickCount64
GetSystemTimeAsFileTime
CreateEventW
GetModuleHandleW
SetEvent

crypt32

CertFreeCertificateContext
PFXImportCertStore
CertCloseStore
CertCreateCertificateChainEngine
CertAddCertificateContextToStore
CertGetCertificateChain
CertEnumCertificatesInStore
CryptDecodeObjectEx
CertFreeCertificateChain
CryptQueryObject
CertFreeCertificateChainEngine
CertOpenStore
CertFindCertificateInStore
CertFindExtension
CryptStringToBinaryA

wldap32

ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord41
ord46
ord60
ord50
ord143
ord217
ord211
ord22
ord45

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37c6e3b492d35956b230f67462eed292

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

oleaut32

imm32

winmm

ws2_32

ole32

user32

advapi32

shell32

kernel32

crypt32

wldap32

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 28KB - Virtual size: 49KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 203KB - Virtual size: 202KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 28KB - Virtual size: 49KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 203KB - Virtual size: 202KB