2024-02-18_302b53d91c8dc2edd3241b3315b52e35_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-18_302b53d91c8dc2edd3241b3315b52e35_mafia
Size

4.2MB
MD5

302b53d91c8dc2edd3241b3315b52e35
SHA1

282da439bb28c3e5dd4324c430e7a836ff1c1201
SHA256

70bd0268f9e7e8d16d9080297990da98035f42eb0f7d8d99c3fd8c32bc92fedd
SHA512

a996d470198a4f3cf41a3864aa9c44c178da24e579fbf6489db629b4b8ca040b525f307340dcd38fbcea656959dbe2b1b69c34ca15b8d04e3f7950c44b6bc224
SSDEEP

98304:AgISF0yZ9VM/R5k+XvHW23VtqoEf5gkQvcThmbNRXvl80GgdW+YmcgD5Oi:AgI2sTvFVt4yvcThmbNRXvl80GgdW+Yj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-18_302b53d91c8dc2edd3241b3315b52e35_mafia

Files

2024-02-18_302b53d91c8dc2edd3241b3315b52e35_mafia
.exe windows:5 windows x86 arch:x86

7a76f7544551ee838fc82abe35c1c55e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\BaseInstaller_Release\V700\FC1\BIBuilds\Win32\Release\Setup.pdb

Imports

setupapi

SetupGetSourceFileLocationW
SetupGetSourceInfoW
SetupIterateCabinetW
SetupGetStringFieldW
SetupCopyOEMInfW
SetupFindNextLine
SetupCloseInfFile
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetLineTextW
SetupGetFileCompressionInfoW
SetupDecompressOrCopyFileW
CM_Locate_DevNodeW
CM_Reenumerate_DevNode
CM_Get_DevNode_Registry_PropertyW
SetupDiGetClassDevsW
CM_Get_Parent
CM_Get_Sibling
CM_Get_Child
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiClassGuidsFromNameW
SetupGetLineByIndexW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wsock32

send
closesocket
socket
recv
WSACleanup
htons
WSAGetLastError
ioctlsocket
WSAStartup
connect

wininet

HttpOpenRequestW
InternetCloseHandle
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
InternetQueryOptionW
InternetCrackUrlW
InternetOpenW
HttpQueryInfoW

mscms

GetColorDirectoryW
EnumColorProfilesW

netapi32

NetApiBufferFree
NetShareEnum

kernel32

UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GlobalFlags
SetErrorMode
GetTempFileNameW
GetNumberFormatW
GetTickCount
GetProfileIntW
SearchPathW
GetUserDefaultLCID
VirtualProtect
FindResourceExW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
GetTimeZoneInformation
HeapSize
HeapReAlloc
RtlUnwind
RaiseException
SetStdHandle
GetFileType
ExitProcess
HeapQueryInformation
VirtualAlloc
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
HeapDestroy
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
GetDriveTypeW
SetEnvironmentVariableA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalGetAtomNameW
GetFileSizeEx
GetFileAttributesExW
ConvertDefaultLocale
GetSystemDefaultUILanguage
CompareStringA
InterlockedExchange
FileTimeToLocalFileTime
FileTimeToSystemTime
ReleaseActCtx
CreateActCtxW
SuspendThread
SetThreadPriority
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
lstrcmpA
LockFile
MulDiv
SystemTimeToFileTime
GetSystemInfo
GetVersionExW
GetEnvironmentVariableW
GetComputerNameW
GetCurrentProcessId
GetCurrentThreadId
ReleaseMutex
GetLocalTime
WriteFile
SetFilePointer
GetCurrentThread
OutputDebugStringW
SetCurrentDirectoryW
GetCurrentDirectoryW
WriteProfileStringW
GetProfileStringW
OpenFileMappingW
CreateFileMappingW
FlushViewOfFile
UnmapViewOfFile
MapViewOfFile
DeactivateActCtx
ActivateActCtx
CreateThread
ExitThread
ReadFile
GetProcessHeap
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleW
GetCurrentProcess
CreateMutexW
lstrlenA
SleepEx
OpenMutexW
OpenProcess
GlobalUnlock
GlobalLock
MoveFileExW
Sleep
GetFileTime
SetFileAttributesW
GetExitCodeProcess
CreateDirectoryW
CreateProcessW
ResetEvent
InterlockedIncrement
GetFileAttributesW
GetDiskFreeSpaceExW
FindNextFileW
FindClose
CreateFileW
FindFirstFileW
GetFileSize
GetWindowsDirectoryW
lstrcatW
GetACP
CopyFileW
WideCharToMultiByte
GetUserDefaultUILanguage
GetLocaleInfoW
GetTempPathW
GetExitCodeThread
SetLastError
FormatMessageW
WaitForSingleObject
InterlockedDecrement
ResumeThread
GetPrivateProfileSectionW
WaitForMultipleObjects
lstrlenW
MultiByteToWideChar
lstrcpynW
lstrcmpiW
LocalFree
LocalAlloc
DeleteFileW
RemoveDirectoryW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcpyW
GlobalFree
lstrcmpW
GlobalAlloc
GetLastError
LoadLibraryW
GetSystemDirectoryW
CloseHandle
CreateEventW
LockResource
GetProcAddress
SizeofResource
SetEvent
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
FlushFileBuffers
GlobalSize
InterlockedCompareExchange

user32

UpdateLayeredWindow
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
GetNextDlgGroupItem
LoadImageW
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFrameControl
DrawEdge
DrawStateW
ReleaseCapture
SetCapture
SetClassLongW
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
SetRect
MessageBeep
IsClipboardFormatAvailable
IsIconic
DeleteMenu
CharUpperW
UnregisterClassW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
RealChildWindowFromPoint
LoadCursorW
GetSysColorBrush
DestroyMenu
GetMenuItemInfoW
ShowOwnedPopups
SetCursor
PostQuitMessage
GetWindowThreadProcessId
MapVirtualKeyW
GetKeyNameTextW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMessageW
GetCursorPos
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
IsMenu
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
ValidateRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
wsprintfW
EnableWindow
SendMessageW
GetSystemMetrics
GetSysColor
LoadIconW
DrawFocusRect
DrawIconEx
DispatchMessageW
PeekMessageW
TranslateMessage
SetForegroundWindow
LoadStringW
GetDesktopWindow
ReleaseDC
GetDC
FindWindowW
MessageBoxW
ExitWindowsEx
PostMessageW
LoadBitmapW
InvalidateRect
GetWindowRect
SetWindowLongW
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
PtInRect
GetWindow
IntersectRect
InflateRect
CopyRect
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetParent
LoadMenuW
GetMenuState
GetMenuStringW
AppendMenuW
CreateMenu
MapDialogRect
PostThreadMessageW
WaitMessage
SetMenuDefaultItem
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
SendMessageTimeoutW
GetActiveWindow
GetForegroundWindow
SetActiveWindow
DestroyIcon
SetTimer
KillTimer
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
SubtractRect
GetWindowRgn
DestroyCursor
DrawIcon
GetLastActivePopup
GetWindowLongW
IsWindowVisible
RemoveMenu
GetSystemMenu
RedrawWindow
SystemParametersInfoW
GetClientRect
ClientToScreen
UpdateWindow
GetAsyncKeyState
IsDialogMessageW
LockWindowUpdate
ReuseDDElParam

gdi32

SelectClipRgn
CreateRectRgn
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
SetDIBColorTable
DeleteObject
SetPixel
Rectangle
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceW
SetPixelV
CombineRgn
SetRectRgn
SetLayout
GetLayout
SetTextAlign
GetTextCharsetInfo
EnumFontFamiliesW
CreateCompatibleBitmap
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
CreateDIBitmap
GetTextExtentPoint32W
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
CreateDCW
CopyMetaFileW
CreateBrushIndirect
BitBlt
PatBlt
StretchBlt
CreateCompatibleDC
GetObjectW
CreateSolidBrush
GetStockObject
GetDeviceCaps
GetTextMetricsW
ExtTextOutW
GetBkColor
GetTextColor
CreateRectRgnIndirect
CreateFontIndirectW
CreateHatchBrush
CreatePen
GetObjectType
SelectPalette
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
DPtoLP

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
EnumPortsW
OpenPrinterW
EnumPrinterDriversW
EnumPrintersW
GetPrinterDataExW
DocumentPropertiesW
GetPrinterW
SetPrinterW
GetPrinterDriverDirectoryW
ord203
EnumMonitorsW
AddPortW
GetPrinterDriverW
XcvDataW
AddMonitorW
DeleteMonitorW
AddPrinterConnectionW
DeletePrinterConnectionW
AddPrinterW
DeletePrinter

advapi32

FreeSid
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
CloseServiceHandle
RegQueryValueW
RegEnumKeyW
RegQueryInfoKeyW
DeregisterEventSource
ReportEventW
OpenThreadToken
RegisterEventSourceW
ConvertSecurityDescriptorToStringSecurityDescriptorW
AdjustTokenPrivileges
RegCreateKeyExW
AllocateAndInitializeSid
LookupPrivilegeValueW
EqualSid
GetTokenInformation
OpenProcessToken
QueryServiceConfigW
ControlService
QueryServiceStatus
StartServiceW
OpenServiceW
EnumDependentServicesW
OpenSCManagerW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW
ExtractIconExW
SHGetFileInfoW
SHGetDesktopFolder
ShellExecuteW
DragFinish
DragQueryFileW
SHAppBarMessage
SHBrowseForFolderW
SHGetSpecialFolderLocation

comctl32

ord17
ImageList_GetIconSize

shlwapi

PathFileExistsW
PathAddBackslashW
SHStrDupW
PathIsDirectoryW
PathRemoveBackslashW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
SHDeleteKeyW

ole32

DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleCreateMenuDescriptor
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoCreateInstance
CreateStreamOnHGlobal
CoCreateGuid
OleRun
PropVariantClear
CoWaitForMultipleHandles
OleDuplicateData
ReleaseStgMedium
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
OleDestroyMenuDescriptor

oleaut32

VariantInit
VariantChangeType
SysStringByteLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
SysAllocStringByteLen
VariantClear
VarBstrFromDate
SysStringLen
SysFreeString
SysAllocString

userenv

GetUserProfileDirectoryW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipDrawImageI
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 627KB - Virtual size: 627KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 824KB - Virtual size: 828KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7a76f7544551ee838fc82abe35c1c55e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

version

wsock32

wininet

mscms

netapi32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

userenv

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 627KB - Virtual size: 627KB

.data Size: 87KB - Virtual size: 118KB

.rsrc Size: 306KB - Virtual size: 305KB

.reloc Size: 824KB - Virtual size: 828KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 627KB - Virtual size: 627KB

.data
Size: 87KB - Virtual size: 118KB

.rsrc
Size: 306KB - Virtual size: 305KB

.reloc
Size: 824KB - Virtual size: 828KB