2024-02-20_6cc0dcac61b7ad0165334b1676103db0_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-20_6cc0dcac61b7ad0165334b1676103db0_mafia
Size

1.6MB
MD5

6cc0dcac61b7ad0165334b1676103db0
SHA1

30fc49ccc3bc836e9153ed40e98fb69514440ef3
SHA256

fd3301e3b6bf7caa72581ac26ec7e98d3b0d6c614b2a388aef87c3ddc606629d
SHA512

60de4203d4074479e556beab91e4965ada1a153063d6d5dcc17812fe709c50c1088146c274e06903979fd7e95e10734ab07724a616d855abfd1c01bde15d9281
SSDEEP

49152:XD1PnVLX5mLq26S2zgljcALjwFqQ1lDNVQYSfRiHFWfwnpMf1rGZHVQyV:NlALq26S2zgmALjRQ1xAYSfRmnpMtrGL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-20_6cc0dcac61b7ad0165334b1676103db0_mafia

Files

2024-02-20_6cc0dcac61b7ad0165334b1676103db0_mafia
.exe windows:5 windows x86 arch:x86

a1b0936c4f7c3f4171d061c91110d47f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN Windows项目\GD_Link\Tags\V4.6.9.13723\Release\GD_Link_CLI.pdb

Imports

kernel32

SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
GetVersionExW
GlobalDeleteAtom
GlobalFindAtomW
FreeResource
InterlockedExchange
GetLocaleInfoW
GetUserDefaultUILanguage
GetFileAttributesExW
FileTimeToLocalFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
GetWindowsDirectoryW
GetNumberFormatW
lstrcpyW
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
GetTempFileNameW
GetTempPathW
GetProfileIntW
SearchPathW
VirtualProtect
GetUserDefaultLCID
FindResourceExW
EncodePointer
DecodePointer
ExitThread
ExitProcess
HeapFree
GetCommandLineW
HeapSetInformation
HeapAlloc
HeapReAlloc
UnlockFile
RaiseException
HeapQueryInformation
HeapSize
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileAttributesA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetStartupInfoW
LCMapStringW
HeapCreate
GetConsoleCP
GetConsoleMode
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeW
GetTimeZoneInformation
GetExitCodeProcess
CreateProcessA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEnvironmentVariableA
ReleaseActCtx
DeactivateActCtx
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
GetLastError
SetLastError
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
LockFile
FlushFileBuffers
WriteFile
SetFilePointer
ReadFile
LoadLibraryW
CreateFileW
lstrcmpiW
GlobalAddAtomW
ActivateActCtx
GlobalFlags
lstrcmpW
CompareStringW
InterlockedIncrement
GetModuleHandleW
GetProcAddress
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FileTimeToSystemTime
lstrlenA
lstrcmpA
GlobalGetAtomNameW
FreeLibrary
InterlockedDecrement
RtlUnwind
GetModuleFileNameW
CreateFileA
TerminateThread
Sleep
GetTickCount
SetEvent
GetExitCodeThread
WaitForSingleObject
ResumeThread
GetCurrentThreadId
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GetCurrentProcessId
LockResource
SizeofResource
LoadResource
FindResourceW
GetConsoleWindow
CreateThread
SetConsoleCtrlHandler
SetThreadPriority
CloseHandle
GetProcessHeap

user32

ShowOwnedPopups
DeleteMenu
GetKeyNameTextW
DrawStateW
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadMenuW
IsCharLowerW
MapVirtualKeyExW
GetKeyboardLayout
DrawEdge
DrawFrameControl
SetWindowRgn
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
TranslateAcceleratorW
BringWindowToTop
InsertMenuItemW
LoadAcceleratorsW
ReuseDDElParam
UnpackDDElParam
WindowFromPoint
IsZoomed
PostThreadMessageW
WaitMessage
GetSystemMenu
SetParent
DestroyAcceleratorTable
SetClassLongW
CopyAcceleratorTableW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
SetRect
SetCursorPos
LockWindowUpdate
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
RegisterClipboardFormatW
FrameRect
CharUpperBuffW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
MapDialogRect
DestroyCursor
DrawIcon
GetWindowRgn
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
CopyImage
BeginPaint
GetWindowDC
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
CharUpperW
DestroyIcon
SetWindowsHookExW
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetLayeredWindowAttributes
MoveWindow
SetWindowLongW
IsWindow
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
CheckDlgButton
GetScrollPos
SetScrollPos
SetFocus
GetFocus
RealChildWindowFromPoint
ClientToScreen
GetWindow
GetDlgCtrlID
GetClassNameW
PtInRect
SetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
SendMessageW
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
GetWindowTextLengthW
GetWindowTextW
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
KillTimer
GetIconInfo
GetNextDlgTabItem
MessageBeep
NotifyWinEvent
SetCursor
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
ReleaseCapture
GetAsyncKeyState
SetCapture
InvalidateRect
MapVirtualKeyW
SetRectEmpty
IsRectEmpty
CreatePopupMenu
GetMenuDefaultItem
RedrawWindow
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
IntersectRect
InflateRect
PostQuitMessage
IsIconic
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
GetClientRect
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
EnumDisplayMonitors
CreateDialogIndirectParamW
EndDialog
DrawIconEx
GetNextDlgGroupItem
ShowWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
LoadImageW
TrackPopupMenu
SetMenu
SetScrollRange
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
GetMessageW
SetTimer
PeekMessageW
SetWindowPos
OffsetRect
CopyRect
GetWindowRect
GetDesktopWindow
GetParent
GetScrollRange
SetForegroundWindow
ShowScrollBar
EndPaint
UpdateWindow
RemovePropW

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize

shlwapi

PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW
PathFindFileNameW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

ws2_32

gethostbyname
gethostname
connect
recv
inet_ntoa
closesocket
send
htons
socket
WSACleanup
inet_addr
WSAStartup

gdlink

GDLink_Init
GDLink_SetSpeed
GDLink_Connect
GDLink_GetLastOperationState
GDLink_RecognizeTarget
GDLink_DisConnect
GDLink_Read
GDLink_Write
GDLink_Download
GDLink_AddressToPageStartAddress
GDLink_Erasechip
GDLink_ResetCPU
GDLink_RunCPU
GDLink_HaltCPU
GDLink_StepCPU
GDLink_SetPC
GDLink_ConfigReadProtect
GDLink_ReadAP
GDLink_WriteAP
GDLink_ReadDP
GDLink_WriteDP
GDLink_GetMCUID
GDLink_GetOPTBytes
GDLink_GetMCUPartNo
GDLink_GetFlashSize
GDLink_GetSRAMSize
GDLink_GetFlashBaseAddress
GDLink_GetRegister
GDLink_UnInit
GDLink_GetMCUMapSize
GDLink_GetChipNoList
GDLink_CheckByPartNo
GDLink_ConnectByPartNo
GDLink_SelectJtagDevice
GDLink_WriteIR
GDLink_WriteDR
GDLink_GetJtagDeviceInfo
GDLink_SetInterface

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

gdi32

SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateDCW
GetDeviceCaps
GetTextFaceW
GetBoundsRect
FillRgn
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
SetPaletteEntries
ExtFloodFill
SetPixelV
FrameRgn
PtInRegion
CreateRoundRectRgn
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
Rectangle
Polygon
Ellipse
Polyline
GetTextColor
CreatePolygonRgn
CreateEllipticRgn
CreateDIBSection
SetPixel
StretchBlt
SetDIBColorTable
GetTextCharsetInfo
EnumFontFamiliesW
CreateCompatibleBitmap
CreateDIBitmap
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetObjectW
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreateBitmap
CreateCompatibleDC
GetStockObject
SelectPalette
CreatePalette
GetBkColor
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectW
CreateRectRgnIndirect
SetRectRgn
CombineRgn
PatBlt
DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
CopyMetaFileW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

comdlg32

GetFileTitleW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey

shell32

SHAppBarMessage
DragQueryFileW
DragFinish
SHBrowseForFolderW
ShellExecuteW
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

OleGetClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree

oleaut32

SysAllocString
VariantInit
VarBstrFromDate
SysFreeString
VariantClear
VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1b0936c4f7c3f4171d061c91110d47f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msimg32

comctl32

shlwapi

gdiplus

ws2_32

gdlink

oleacc

imm32

winmm

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 274KB - Virtual size: 273KB

.data Size: 23KB - Virtual size: 53KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 165KB - Virtual size: 164KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 274KB - Virtual size: 273KB

.data
Size: 23KB - Virtual size: 53KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 165KB - Virtual size: 164KB