2024-02-19_5620023094030cf51abf1600592db115_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-19_5620023094030cf51abf1600592db115_mafia
Size

643KB
MD5

5620023094030cf51abf1600592db115
SHA1

969b6a1d8ac1eabf2b69b9a8f93c5d91ccbc1568
SHA256

929256f8ba727c29645ff704cd7ec35e8ec6816013350e24c538ca6ed2ab8441
SHA512

dd105e3106e7ef06f87e84ee16a7ae75abd8d5773a7407f9939f301d5342da3f83ff49c465da9262a88e3d3ad7986f808f2aa4b90fca395bc89dd5b3372647b4
SSDEEP

12288:LNyt42O4wFtd7vSn95Gk5PN/pQETo41zdkYcrAklQJA5yrOLMfEWmkL74wu:LahODiGk5VPT51zyvrXn5yrOL9Zw4w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-19_5620023094030cf51abf1600592db115_mafia

Files

2024-02-19_5620023094030cf51abf1600592db115_mafia
.exe windows:5 windows x86 arch:x86

c15fed084460e4c8ba01be13b692e8b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetUserNameA

kernel32

RtlUnwind
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
GetModuleFileNameA
GetProcAddress
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
UnmapViewOfFile
CloseHandle
FindClose
FindFirstFileA
SearchPathA
GetOEMCP
GetACP
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
GetStdHandle
GetVersion
GetLastError
GetModuleHandleW
ExitProcess
DecodePointer
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
HeapSetInformation
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
HeapReAlloc
GetFileType
GetModuleFileNameW
SetStdHandle
InitializeCriticalSectionAndSpinCount
DuplicateHandle
GetCurrentProcess
CreateFileA
ReadFile
EncodePointer
LoadLibraryW
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WriteFile
SetHandleCount
GetStartupInfoW
Sleep
GetCPInfo
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
LCMapStringW
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
HeapSize
CompareStringW
CreateFileW

Sections

.text
Size: 433KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c15fed084460e4c8ba01be13b692e8b0

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Sections

.text Size: 433KB - Virtual size: 432KB

.rdata Size: 165KB - Virtual size: 164KB

.data Size: 22KB - Virtual size: 36KB

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 433KB - Virtual size: 432KB

.rdata
Size: 165KB - Virtual size: 164KB

.data
Size: 22KB - Virtual size: 36KB

.reloc
Size: 22KB - Virtual size: 21KB