2024-02-18_30cac8a8ee1f6f020911e2a3924258b5_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-18_30cac8a8ee1f6f020911e2a3924258b5_mafia
Size

275KB
MD5

30cac8a8ee1f6f020911e2a3924258b5
SHA1

0f94c2e222a51f55fc02888d84bf1af80515fba1
SHA256

7b98aa1fe63e96c7457e17f6c0322f8d037d20d388d48ada898a8279b9922fd8
SHA512

3ac8ea5f054eac315fa95337c5b4efd352fb131e1e438f31e396bfab400f44fb374a0fff37500b96ea89886f8c67e0cc35b66e2f8f16471167f89cdfd027c379
SSDEEP

6144:irF3BRcV/niMnBx6TcdmKIUcPLDcgzpoorf/wd:sxRU/niMnBx6QQKIUcPL46d/w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-18_30cac8a8ee1f6f020911e2a3924258b5_mafia

Files

2024-02-18_30cac8a8ee1f6f020911e2a3924258b5_mafia
.exe windows:5 windows x86 arch:x86

62fbb7d8962bc3ee077d81fcf45cb182

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\mcci+ReleaseWin32_6-9-1_release\mcci\McciControlHost\McciControlHost\SourceCode\Win32\Release\pcControlHost.pdb

Imports

kernel32

LoadLibraryExA
GetCommandLineA
IsBadCodePtr
InterlockedIncrement
InterlockedDecrement
GetVersionExA
GetCurrentProcess
LoadLibraryA
SetLastError
GetACP
MapViewOfFileEx
CreateFileMappingA
UnmapViewOfFile
OutputDebugStringA
GetCurrentProcessId
GetWindowsDirectoryA
CreateDirectoryA
SuspendThread
ResumeThread
GetCurrentThread
FindResourceA
TerminateThread
WaitForMultipleObjects
PulseEvent
ReleaseMutex
CreateMutexA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CompareStringW
SetEndOfFile
CreateFileW
CreateFileA
SetStdHandle
WriteConsoleW
LoadLibraryW
FlushFileBuffers
ReadFile
FreeLibrary
SetEvent
TlsAlloc
GetTickCount
IsDBCSLeadByte
GetCurrentThreadId
LocalFree
GetModuleHandleW
GetModuleFileNameA
CreateEventA
CreateThread
Sleep
TlsSetValue
TlsGetValue
lstrcmpiA
lstrlenA
WaitForSingleObject
CloseHandle
GetModuleHandleA
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
ResetEvent
SetFilePointer
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
IsProcessorFeaturePresent
LCMapStringW
HeapCreate
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
TlsFree
IsValidCodePage
GetOEMCP
GetCPInfo
ExitThread
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
VirtualProtect
SetEnvironmentVariableA

user32

TranslateMessage
GetMessageA
PostThreadMessageA
CharNextA
CharUpperA
CharNextW
LoadStringA
GetFocus
DispatchMessageA

advapi32

MakeSelfRelativeSD
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeAbsoluteSD
GetSecurityDescriptorControl
RegQueryValueExA
ConvertStringSidToSidW
LookupAccountSidW
CheckTokenMembership
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

ole32

CLSIDFromProgID
CoCreateInstance
CoTaskMemRealloc
CoInitialize
CoReleaseServerProcess
ProgIDFromCLSID
CLSIDFromString
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoAddRefServerProcess
CoRevertToSelf
CoImpersonateClient
CoRegisterChannelHook
CoInitializeSecurity
CoTaskMemAlloc
CoInitializeEx
StringFromGUID2

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
CreateErrorInfo
SetErrorInfo
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi

shlwapi

PathStripPathW
PathFileExistsA
PathAppendW
PathAddBackslashW

Sections

.text
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62fbb7d8962bc3ee077d81fcf45cb182

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 191KB - Virtual size: 191KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 191KB - Virtual size: 191KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 20KB - Virtual size: 19KB