2024-02-21_d8742a5ff6d42cc2c2716d94d230d00f_hacktools_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-21_d8742a5ff6d42cc2c2716d94d230d00f_hacktools_mafia
Size

10.9MB
MD5

d8742a5ff6d42cc2c2716d94d230d00f
SHA1

ea326b453293752499048ad46a01444a80fe0889
SHA256

0e300c28b3abd55b1e41391762d1a130fd90a0860448d62d3d6a74a70810dec0
SHA512

109ca4dac86f85da140b425712a57baf14f4c8a242c4fa137f9e318997f5c34123e0df46a501bbc768c22b11114679f096c8e105aed127798a38de1656d6e0ed
SSDEEP

98304:n1lwzbV7fZKXpf/1CS1+saGr85/xjrBFfk943gb39ExA9jInka4:nIRYZf/1CSIsak+5Bc9E1k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-21_d8742a5ff6d42cc2c2716d94d230d00f_hacktools_mafia

Files

2024-02-21_d8742a5ff6d42cc2c2716d94d230d00f_hacktools_mafia
.exe windows:5 windows x86 arch:x86

a9eaa88477483f20e307f0c60e8ca81f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

winzip32.pdb

Imports

kernel32

LoadLibraryExW
GetFileSize
ReadFile
SetFilePointer
SetEndOfFile
GetVolumeInformationW
GetDriveTypeW
GlobalFindAtomW
GlobalAddAtomW
MoveFileExW
GetVersion
InterlockedDecrement
GetCommandLineW
GetModuleFileNameW
GetFullPathNameW
GlobalFree
GlobalSize
GlobalAlloc
RemoveDirectoryW
DeleteFileW
GetProfileStringW
CreateEventW
Sleep
ResetEvent
WaitForSingleObject
IsBadReadPtr
IsBadWritePtr
CreateFileW
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetLastError
GetFileType
GetLastError
CreateDirectoryW
SetVolumeLabelW
QueryPerformanceFrequency
IsDBCSLeadByteEx
GetLongPathNameW
GetFileAttributesExW
FindResourceA
lstrcmpA
GlobalAddAtomA
GetProfileStringA
lstrcmpiA
lstrlenA
LocalAlloc
GetVersionExA
GetComputerNameA
SetFileAttributesA
CreateDirectoryA
GetTempPathA
FormatMessageA
GetFileAttributesA
MoveFileA
GetPrivateProfileStringA
GetCurrentDirectoryA
lstrcmpW
FlushInstructionCache
lstrcmpiW
OpenProcess
GlobalHandle
SetThreadPriority
ResumeThread
FindNextFileA
FindFirstFileA
GetDriveTypeA
LoadLibraryA
DeviceIoControl
InitializeCriticalSection
InterlockedCompareExchange
GetModuleHandleA
GetPrivateProfileIntW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetPrivateProfileStringW
GetTimeFormatA
GetDateFormatA
FileTimeToDosDateTime
SetEnvironmentVariableA
HeapReAlloc
CreateFileA
WriteConsoleW
GetTimeZoneInformation
InterlockedExchange
GetFullPathNameA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LockResource
WriteProfileStringA
MulDiv
WritePrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
CreateProcessW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemInfo
OpenFileMappingW
OutputDebugStringW
GetSystemTime
GetCurrentProcessId
OpenEventW
FileTimeToSystemTime
SetErrorMode
FindClose
FindFirstFileW
FreeResource
SizeofResource
SearchPathW
ExitProcess
FileTimeToLocalFileTime
SystemTimeToFileTime
LoadLibraryW
FormatMessageW
GetComputerNameW
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetVersionExW
GetModuleHandleW
WriteFile
FindResourceW
LoadResource
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
DuplicateHandle
CreateSemaphoreA
ReleaseSemaphore
ExitThread
UnlockFile
LockFile
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
GetLogicalDrives
GetUserDefaultUILanguage
SetThreadUILanguage
FlushFileBuffers
CompareStringW
GetDiskFreeSpaceW
GetLocaleInfoW
GetStringTypeW
HeapSize
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
IsProcessorFeaturePresent
QueryPerformanceCounter
HeapCreate
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
GlobalMemoryStatus
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
FindFirstFileExW
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
PeekNamedPipe
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
SetStdHandle
SetEnvironmentVariableW
GetSystemTimeAsFileTime
InterlockedIncrement
RaiseException
RtlUnwind
EncodePointer
DecodePointer
GetStartupInfoW
HeapSetInformation
FindNextFileW
CompareFileTime
GetTempFileNameW
GetTickCount
GetTempPathW
GetCurrentDirectoryW
GetShortPathNameW
GetSystemDirectoryW
GetWindowsDirectoryW
MoveFileW
GetStdHandle
GetFileInformationByHandle
IsDBCSLeadByte
MultiByteToWideChar
FindResourceExW
GetSystemDefaultUILanguage
lstrlenW
LocalFree
GetProcessHeap
HeapAlloc
DeleteFileA
GlobalUnlock
GlobalLock
CreateThread
GetFileAttributesW
SetFileAttributesW
SetCurrentDirectoryW
SetEvent
CloseHandle
CreateEventA
GlobalMemoryStatusEx
GetACP
GetProcAddress
FreeLibrary
HeapFree

advapi32

RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegSetValueExW
RegCreateKeyW
StartServiceW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
CryptVerifySignatureW
SetFileSecurityW
RegEnumKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegQueryValueW
RegOpenKeyW
RegCreateKeyExW
RegSetValueW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegEnumKeyExW
GetUserNameA
RegSetValueExA
RegQueryValueExA
CryptDestroyKey
RegOpenKeyExA
RegCreateKeyExA
CryptAcquireContextA
CryptEnumProvidersA
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptImportKey
CryptDeriveKey
CryptGenRandom
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
GetUserNameW

user32

GetSysColor
GetSysColorBrush
SendMessageW
DrawTextW
DrawFocusRect
CallWindowProcW
PostMessageW
KillTimer
UpdateWindow
SetDlgItemInt
SetTimer
GetDlgItem
ShowWindow
InvalidateRect
PtInRect
GetCursorPos
GetClientRect
GetParent
EndPaint
EnableWindow
GetWindowRect
DestroyWindow
ScreenToClient
UnregisterClassA
BeginPaint
LoadBitmapW
IsWindow
GetWindow
SetWindowPos
SystemParametersInfoW
SetWindowLongW
SetFocus
SendDlgItemMessageW
LoadIconW
GetLastActivePopup
MoveWindow
IsWindowVisible
IsWindowEnabled
EndDialog
GetClassNameW
GetSystemMetrics
LoadMenuW
RemoveMenu
CreateMenu
MapDialogRect
IntersectRect
PostQuitMessage
GetSystemMenu
SetWindowPlacement
RegisterClassExW
UnregisterClassW
SendMessageTimeoutW
GetMessageW
LoadStringA
IsDialogMessageW
DefWindowProcW
SetMenuDefaultItem
AppendMenuW
SetParent
GetMenuState
GetIconInfo
DrawIconEx
CheckMenuRadioItem
GetMenuItemCount
GetMenuStringW
EnableMenuItem
GetDlgCtrlID
GetCapture
TrackPopupMenu
DestroyIcon
LoadImageW
InvalidateRgn
GetScrollInfo
InflateRect
UnhookWindowsHook
SetWindowsHookW
LoadAcceleratorsW
GetSubMenu
GetMenu
RegisterClassW
BringWindowToTop
FindWindowW
EnumChildWindows
SetCapture
ReleaseCapture
WindowFromPoint
DestroyCursor
GetAsyncKeyState
FlashWindow
GetActiveWindow
CheckRadioButton
IsCharAlphaNumericA
SetForegroundWindow
ReleaseDC
GetDC
IsIconic
DispatchMessageW
PeekMessageW
SetCursor
IsDlgButtonChecked
FindWindowExW
SetDlgItemTextW
CheckDlgButton
RegisterWindowMessageW
MessageBeep
IsChild
GetFocus
ChildWindowFromPoint
CreateWindowExW
GetKeyState
GetWindowDC
MsgWaitForMultipleObjects
IsMenu
InsertMenuW
DeleteMenu
ModifyMenuW
DrawMenuBar
GetDesktopWindow
OpenClipboard
EnumWindows
SetWindowTextW
CharToOemBuffA
RegisterClipboardFormatW
GetClipboardFormatNameW
ClientToScreen
CreatePopupMenu
IsClipboardFormatAvailable
TrackPopupMenuEx
DestroyMenu
GetClassInfoW
GetWindowTextLengthW
CheckMenuItem
SetMenu
TranslateAcceleratorW
TranslateMessage
SetPropW
RemovePropW
MessageBoxW
GetPropW
SetActiveWindow
GetDlgItemInt
GetMessagePos
IsRectEmpty
LoadCursorW
DeferWindowPos
DrawFrameControl
RedrawWindow
BeginDeferWindowPos
EndDeferWindowPos
IsZoomed
GetWindowPlacement
SetRectEmpty
GetWindowLongW
ValidateRect
SetRect
FillRect
GetForegroundWindow
CloseClipboard
GetDlgItemTextA
CharNextW
GetWindowTextW
GetDlgItemTextW
LoadStringW
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
GetMenuItemInfoW
DialogBoxIndirectParamW
DialogBoxParamW
CreateDialogIndirectParamW
DestroyAcceleratorTable
GetClassInfoExW
CreateAcceleratorTableW
SendDlgItemMessageA
GetClipboardData
MessageBoxIndirectW
GetPropA
SetPropA
SetWindowLongA
SendMessageA
CallWindowProcA
RemovePropA
CharNextA
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowLongA
OffsetRect
DefWindowProcA
GetClassInfoA
CallNextHookEx
GetClassNameA
DrawTextA
GetWindowTextA
ExcludeUpdateRgn
ShowCaret
MapWindowPoints
HideCaret
CharUpperW
OemToCharA
OemToCharBuffA
CharToOemA
CharLowerA
CharUpperA

gdi32

CreatePalette
GetMapMode
GetCharWidth32W
CreateBitmap
RestoreDC
PatBlt
CreatePatternBrush
CreateDIBitmap
SaveDC
SetMapMode
Escape
GetTextMetricsW
EndDoc
EndPage
StartPage
SetViewportOrgEx
StartDocW
SetAbortProc
TextOutW
DPtoLP
SetTextAlign
GetTextExtentPointW
ExtTextOutW
GetCurrentObject
GetDIBits
CreateDIBSection
GetPixel
DeleteObject
CreateDCW
SetPolyFillMode
PolyPolygon
UpdateColors
SelectPalette
RealizePalette
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetBkColor
CreateSolidBrush
DeleteDC
GetDeviceCaps
CreateFontIndirectW
GetTextExtentPoint32W
GetObjectW
CreatePen
SelectObject
GetStockObject
Rectangle
MoveToEx
LineTo
SetBkColor
SetTextColor
SetBkMode
GetTextExtentPointA
IntersectClipRect
ExtTextOutA
GetTextExtentExPointW

comdlg32

PrintDlgW
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
ChooseFontW

wininet

InternetTimeFromSystemTimeW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetReadFile
HttpQueryInfoW
InternetQueryOptionW
InternetCrackUrlW
InternetSetOptionW
HttpSendRequestA
InternetWriteFile
FtpDeleteFileW
FtpOpenFileW
InternetGetConnectedState
InternetAutodial
InternetOpenW
InternetConnectW
InternetGetLastResponseInfoW
FtpCreateDirectoryW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpFindFirstFileW
InternetFindNextFileW
InternetCrackUrlA
InternetCloseHandle

iphlpapi

GetAdaptersInfo

msimg32

AlphaBlend

psapi

GetModuleFileNameExW
EnumProcessModules

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shell32

SHGetDesktopFolder
SHChangeNotify
SHGetFileInfoW
DragFinish
DragQueryPoint
SHBindToParent
SHGetMalloc
DragAcceptFiles
SHGetSpecialFolderLocation
ShellExecuteExW
ord18
ord21
ord155
FindExecutableW
ShellExecuteW
SHFileOperationW
DragQueryFileW
SHAddToRecentDocs
SHGetPathFromIDListW
SHGetFolderPathW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoSetProxyBlanket
CoInitializeSecurity
DoDragDrop
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoGetMalloc
StringFromGUID2
OleInitialize
OleUninitialize
CLSIDFromString
CoGetClassObject
CoTaskMemAlloc
CoTaskMemRealloc
OleLockRunning
CLSIDFromProgID
CreateStreamOnHGlobal
PropVariantClear
PropVariantCopy
CoCreateInstance

oleaut32

VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
DispCallFunc
SafeArrayCopy
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreateVector
SafeArrayGetElement
VarR8FromDec
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantClear
SysFreeString
SysAllocString
VarDecFromR8
SysStringLen

comctl32

ImageList_Add
ImageList_Draw
ImageList_Replace
ImageList_Create
ImageList_Destroy
ImageList_Remove
ImageList_GetImageCount
PropertySheetW
ImageList_SetBkColor
ord17
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_AddMasked

shlwapi

StrRetToStrW
SHStrDupW
ord176

ws2_32

htons
inet_addr
socket
WSAGetLastError
setsockopt
WSAStartup
ntohs
getsockname
gethostbyname
connect
ioctlsocket
select
__WSAFDIsSet
bind
closesocket
gethostname
shutdown
send
inet_ntoa
recv

crypt32

CertVerifyCertificateChainPolicy
CryptImportPublicKeyInfo
CryptDecodeObject
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertGetCertificateChain
CertCreateCertificateChainEngine
CertGetCertificateContextProperty
CertCreateCertificateContext
CryptAcquireCertificatePrivateKey
CertDuplicateCertificateContext
CertSetCertificateContextProperty
CertFreeCertificateContext
CertNameToStrA
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertAddCertificateContextToStore
CertSaveStore
CertGetSubjectCertificateFromStore
CryptSignMessage
CryptEncodeObject
CryptVerifyDetachedMessageSignature
CryptDecodeMessage
CryptDecryptMessage
CryptEncryptMessage
CryptVerifyMessageSignature

rpcrt4

UuidCreate

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT_TEX
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 250KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9eaa88477483f20e307f0c60e8ca81f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

comdlg32

wininet

iphlpapi

msimg32

psapi

version

shell32

ole32

oleaut32

comctl32

shlwapi

ws2_32

crypt32

rpcrt4

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

INIT_TEX Size: 2KB - Virtual size: 1KB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 250KB - Virtual size: 490KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 5.2MB - Virtual size: 5.2MB

.reloc Size: 364KB - Virtual size: 363KB

.text
Size: 3.9MB - Virtual size: 3.9MB

INIT_TEX
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 250KB - Virtual size: 490KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 5.2MB - Virtual size: 5.2MB

.reloc
Size: 364KB - Virtual size: 363KB