2024-02-21_3f2107f9922256c4d28ab80628f3d5a6_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-21_3f2107f9922256c4d28ab80628f3d5a6_mafia
Size

522KB
MD5

3f2107f9922256c4d28ab80628f3d5a6
SHA1

21ea7c3d5889729159d1754d1c5196e7d43232fd
SHA256

c6580dbf94e270142e4bd7f844f24db20180a10f458e82dcdeb35ccd637e4e66
SHA512

9f26dbd934c8b1ecb84471edeb2f30bcaf519ace8927e0af9181ddd1c4e8aa6eb415466160f7db6b6077dcd260cff3f1f7582cc704b9da2848f770055490aab6
SSDEEP

6144:KA+1ZOdBD6298Fr0YFXMXYuNfmw81ipdkzUWKHUFHnvFuqgKvu:KA+1ZOJ8SYFXIvfmw2ipdkztKHUpvHL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-21_3f2107f9922256c4d28ab80628f3d5a6_mafia

Files

2024-02-21_3f2107f9922256c4d28ab80628f3d5a6_mafia
.exe windows:5 windows x86 arch:x86

9b9ede2a05896c759f8e4e8450062986

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
CreateProcessW
CopyFileW
ExpandEnvironmentStringsW
FormatMessageW
LoadLibraryExW
CreateEventW
CreateThread
ReadProcessMemory
OpenProcess
TerminateProcess
SleepEx
ResumeThread
GetThreadContext
VirtualFreeEx
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
CreateRemoteThread
CreateFileW
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesA
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
HeapFree
HeapAlloc
MultiByteToWideChar
ReadFile
GetStringTypeW
EncodePointer
WriteFile
LocalAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FatalAppExitA
SetHandleCount
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
SetConsoleCtrlHandler
LoadLibraryW
RtlUnwind
FreeLibrary
InterlockedExchange
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
IsProcessorFeaturePresent
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetStdHandle
SetFilePointer
SetEndOfFile
GetProcessHeap
HeapReAlloc
CreateFileA
HeapSize
GetDriveTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA
GetCurrentDirectoryW
SetCurrentDirectoryW
FindNextFileW
RemoveDirectoryW
CreateDirectoryW
CloseHandle
GetSystemDirectoryW
GetShortPathNameW
GetModuleHandleW
GetProcAddress
LocalFree
DeleteFileW
MoveFileW
MoveFileExW
FindFirstFileW
FindClose
GetCurrentThread
GetCurrentProcess
GetFullPathNameA
FormatMessageA
GetLastError
WideCharToMultiByte
GetEnvironmentVariableA

drconfiglib

dr_register_process
dr_process_is_registered
dr_register_client
dr_num_registered_clients
dr_get_config_dir
dr_unregister_process

drinjectlib

dr_inject_using_debug_key
dr_inject_process_exit
dr_inject_process_run
dr_inject_process_inject
dr_inject_get_process_id
dr_inject_process_create
dr_inject_print_stats
dr_inject_wait_for_child

advapi32

SetSecurityDescriptorDacl
IsValidSecurityDescriptor
RegSetKeySecurity
GetLengthSid
GetSecurityInfo
ClearEventLogW
OpenEventLogW
NotifyChangeEventLog
GetNumberOfEventLogRecords
GetOldestEventLogRecord
ReadEventLogW
CloseEventLog
RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
LookupAccountNameW
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
InitiateSystemShutdownW
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SetSecurityDescriptorOwner

Sections

.text
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b9ede2a05896c759f8e4e8450062986

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

drconfiglib

drinjectlib

advapi32

Sections

.text Size: 411KB - Virtual size: 411KB

.rdata Size: 81KB - Virtual size: 81KB

.data Size: 6KB - Virtual size: 15KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 411KB - Virtual size: 411KB

.rdata
Size: 81KB - Virtual size: 81KB

.data
Size: 6KB - Virtual size: 15KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB