2024-02-19_08d6d1c0608c04d6078a223a20b5b066_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-19_08d6d1c0608c04d6078a223a20b5b066_mafia
Size

657KB
MD5

08d6d1c0608c04d6078a223a20b5b066
SHA1

a855f1b776d53bac5eebc6a016e9c56ef0c3dfe2
SHA256

ec270a3e3ce2b1535493bfd6dfb36e43269f37549dca41269e2a8a3265932eb1
SHA512

8e57f71e702c4b92dcbdf58c3c8c3f297fada592ee02f0b1dafc98f5c8f11ef43126d2ad96b5eebf2489e741f59020c1599a3b72847ee821f4ace03f6b89817a
SSDEEP

12288:OdAzlliAgN52ViezY0gBwHqXbblb1Zn3SHNQmuiGQgeGYMqyM4pXuC7Ra8TgrZto:OdrMie0bb1Zn3SHCPivoYR4pdTgA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-19_08d6d1c0608c04d6078a223a20b5b066_mafia

Files

2024-02-19_08d6d1c0608c04d6078a223a20b5b066_mafia
.exe windows:5 windows x86 arch:x86

47bc7361933f6d0124fd2e8f8c1ba749

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\jenkins-slave\workspace\advflow2\xIcon\Bin\Release\ShellExe\ShellExe.pdb

Imports

iphlpapi

GetAdaptersInfo

advapi32

CryptReleaseContext
CryptGenRandom
CryptCreateHash
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptGetHashParam
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
CryptHashData
CryptDestroyHash
CryptAcquireContextA
EnumDependentServicesW

ws2_32

setsockopt
listen
ioctlsocket
gethostname
htonl
ntohl
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
recvfrom
connect
getpeername
getsockopt
bind
ntohs
getsockname
accept
WSAIoctl
send
recv
select
__WSAFDIsSet
WSASetLastError
htons
sendto
socket
closesocket
getaddrinfo

crypt32

CertFreeCertificateContext

wldap32

ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord22
ord211
ord143
ord60

kernel32

EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
GetFullPathNameA
GetLocaleInfoW
GetModuleFileNameW
GetStartupInfoW
SetHandleCount
HeapCreate
ExitProcess
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
HeapReAlloc
ExitThread
LoadLibraryW
GetCurrentDirectoryW
WriteConsoleW
GetTimeZoneInformation
RtlUnwind
RaiseException
HeapSetInformation
Sleep
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetFileSize
CreateDirectoryA
GetModuleFileNameA
GetModuleHandleExA
CompareStringW
SetFilePointer
CreateFileA
SetEndOfFile
SystemTimeToFileTime
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
WriteFile
FileTimeToSystemTime
OutputDebugStringA
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
EnterCriticalSection
GetTickCount
GetProcAddress
GetModuleHandleA
GetNativeSystemInfo
GetComputerNameExA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
QueryDosDeviceA
GetLogicalDriveStringsA
LocalFree
FormatMessageA
GetCurrentProcess
OpenProcess
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
WaitForSingleObject
CreateToolhelp32Snapshot
ResumeThread
TerminateProcess
CreateProcessA
Process32Next
Process32First
GetFileAttributesExA
ReadFile
HeapFree
GetProcessHeap
CreateEventA
LoadLibraryA
HeapAlloc
CreateFileW
TlsGetValue
TlsSetValue
TlsAlloc
SetEvent
TerminateThread
CreateThread
GetModuleHandleW
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
TlsFree
PostQueuedCompletionStatus
InterlockedExchangeAdd
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
VerifyVersionInfoA
VerSetConditionMask
SetWaitableTimer
CreateIoCompletionPort
QueueUserAPC
WaitForMultipleObjects
GetQueuedCompletionStatus
SetLastError
InterlockedCompareExchange
GetSystemTimeAsFileTime
ReleaseSemaphore
OpenEventA
ResetEvent
FreeLibrary
SleepEx
GetSystemDirectoryA
PeekNamedPipe
GetFileType
GetStdHandle
GetCommandLineA
DecodePointer
EncodePointer
SetEnvironmentVariableA
CloseHandle
GetDriveTypeW

user32

GetWindowThreadProcessId
FindWindowA
wsprintfA

psapi

GetModuleFileNameExA
GetProcessImageFileNameA

Sections

.text
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.l1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

47bc7361933f6d0124fd2e8f8c1ba749

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

advapi32

ws2_32

crypt32

wldap32

kernel32

user32

psapi

Sections

.text Size: 473KB - Virtual size: 472KB

.rdata Size: 113KB - Virtual size: 112KB

.data Size: 19KB - Virtual size: 28KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 42KB - Virtual size: 41KB

.l1 Size: 8KB - Virtual size: 8KB

.text
Size: 473KB - Virtual size: 472KB

.rdata
Size: 113KB - Virtual size: 112KB

.data
Size: 19KB - Virtual size: 28KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 42KB - Virtual size: 41KB

.l1
Size: 8KB - Virtual size: 8KB