2024-02-20_7241ffa2346e01975621df7366bc6fdf_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-20_7241ffa2346e01975621df7366bc6fdf_mafia
Size

1.1MB
MD5

7241ffa2346e01975621df7366bc6fdf
SHA1

70f8acee463383dff1f318cf4ad01d1412ff5c13
SHA256

581c5ce505919400e350908f6c5c4b3bf32d359744a646b230f68980fc8d4b40
SHA512

f16d54e4ab4152343a4be65f15eb50baafbe4c8e14686940a2bb048be41e310ec055ed0b87cdeb9a7a554fa9fce53dfd23d3761223ae23316d0503dca913823d
SSDEEP

24576:ZxhEiHzUi1UbdUm/NChMSaAkjR/qqNrk2TFxLbEMJ:ZxpEhUmUhWVl9TFx3EMJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-20_7241ffa2346e01975621df7366bc6fdf_mafia

Files

2024-02-20_7241ffa2346e01975621df7366bc6fdf_mafia
.exe windows:5 windows x86 arch:x86

9ca4c0da425a0e4dadfbd1e218e13984

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\build\shmobile\tags\flores_45_shm\src\bin\Release\rbtlogger.pdb

Imports

kernel32

LocalAlloc
GetSystemInfo
SetErrorMode
FreeLibrary
SetUnhandledExceptionFilter
GetCurrentProcess
WaitForSingleObject
GetCurrentThread
InitializeCriticalSection
LeaveCriticalSection
TerminateProcess
SetThreadPriority
GetProcAddress
EnterCriticalSection
LoadLibraryA
GetExitCodeThread
DeleteCriticalSection
GetCurrentThreadId
ResumeThread
CreateThread
GetModuleFileNameW
CreateProcessW
CreateEventA
SetEvent
GetExitCodeProcess
ReadFile
GetProcessId
WaitForMultipleObjects
GetUserDefaultLangID
SetConsoleCtrlHandler
RaiseException
CreateSemaphoreA
ReleaseSemaphore
FormatMessageA
LocalFree
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
SetEndOfFile
UnlockFileEx
FlushFileBuffers
VerSetConditionMask
GetFileAttributesExW
GetSystemTimeAsFileTime
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
ResetEvent
InterlockedIncrement
GetQueuedCompletionStatus
Sleep
InterlockedExchange
CreateIoCompletionPort
GetThreadContext
SetThreadContext
TlsGetValue
InterlockedDecrement
TlsSetValue
SetLastError
InterlockedExchangeAdd
GetThreadPriority
GetProcessAffinityMask
DuplicateHandle
TlsAlloc
TlsFree
GetOverlappedResult
DeviceIoControl
DeleteTimerQueueTimer
InterlockedCompareExchange
GetStringTypeW
EncodePointer
DecodePointer
HeapFree
GetCommandLineA
HeapSetInformation
GetCPInfo
HeapAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
GetModuleHandleW
ExitProcess
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
HeapSize
ExitThread
RtlUnwind
LCMapStringW
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
SetHandleCount
GetStdHandle
GetStartupInfoW
GetLocaleInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
LoadLibraryW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetProcessHeap
PostQueuedCompletionStatus
VerifyVersionInfoA
ReadConsoleInputA
SetConsoleMode
GetCurrentProcessId
DeleteFileW
GetLocalTime
GetLastError
CreateFileW
WriteFile
MoveFileExW
SetFilePointer
GetFileSize
CloseHandle

shell32

SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteExW

ws2_32

WSASend
WSARecv
getpeername
socket
ntohl
WSAGetLastError
shutdown
WSAIoctl
ntohs
getsockname
setsockopt
WSACleanup
bind
getsockopt
WSASocketA
WSACloseEvent
connect
WSAEnumNetworkEvents
htons
WSAEventSelect
WSACreateEvent
closesocket
inet_addr
htonl
WSASetLastError

mswsock

GetAcceptExSockaddrs
AcceptEx

psapi

GetModuleBaseNameA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo
SendARP
GetIpNetTable
GetIfEntry
GetBestRoute
NotifyRouteChange
NotifyAddrChange

user32

GetWindowThreadProcessId
PostMessageW
MessageBoxW

ole32

CoUninitialize
CoInitializeEx

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenThreadToken
OpenProcessToken
CloseServiceHandle
DeleteService
OpenSCManagerW
StartServiceCtrlDispatcherW
OpenServiceW
RegisterServiceCtrlHandlerExW
SetServiceStatus
FreeSid
RegOpenKeyExW
RegNotifyChangeKeyValue
GetLengthSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CopySid
RegQueryValueExW
RegCloseKey
CreateServiceW

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

oleaut32

VariantClear

Sections

.text
Size: 730KB - Virtual size: 729KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ca4c0da425a0e4dadfbd1e218e13984

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

ws2_32

mswsock

psapi

version

iphlpapi

user32

ole32

advapi32

setupapi

oleaut32

Sections

.text Size: 730KB - Virtual size: 729KB

.rdata Size: 229KB - Virtual size: 228KB

.data Size: 28KB - Virtual size: 114KB

.rsrc Size: 66KB - Virtual size: 66KB

.reloc Size: 68KB - Virtual size: 67KB

.text
Size: 730KB - Virtual size: 729KB

.rdata
Size: 229KB - Virtual size: 228KB

.data
Size: 28KB - Virtual size: 114KB

.rsrc
Size: 66KB - Virtual size: 66KB

.reloc
Size: 68KB - Virtual size: 67KB