2024-02-21_37c80947a5dc3ecd2554884553b43584_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-21_37c80947a5dc3ecd2554884553b43584_mafia
Size

1.8MB
MD5

37c80947a5dc3ecd2554884553b43584
SHA1

1509dfbc153662fa9cf3184923451985ae6eec67
SHA256

9d266218366215d07fd794c7758ac6bd3cba32a3a3f4fa0142600ce851faf7c0
SHA512

704cb3f32d070a4e03bf435a907a0535e51ed57814be377104171a7a8b1677348ef007f1d774f4ab700fa2bd2ae991e99ebb2f658881829612b560623598e865
SSDEEP

49152:KSAk4+GLGLKIrXYeX1dx1FTpZUhDyxCV8HO9sN8066HfNGMCQyidKdsEJclzN7Cc:s+GLGLKV066/MbdzcjWOm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-21_37c80947a5dc3ecd2554884553b43584_mafia

Files

2024-02-21_37c80947a5dc3ecd2554884553b43584_mafia
.exe windows:5 windows x86 arch:x86

96a3ffd54b0b0b6480f77c8d2ec15172

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Builds\2\PSafe\PSafe_PROD_Client_Builds\Binaries\PSafeCategoryFinder.pdb

Imports

shlwapi

PathFindFileNameW

libeay32

ord2623
ord2254
ord485
ord2291
ord395
ord202
ord200
ord66
ord223
ord3050
ord680
ord484
ord2442
ord364
ord1178
ord909
ord566
ord89
ord1653
ord82
ord1654
ord248
ord469
ord3212
ord109
ord578
ord1186
ord204
ord84
ord648
ord579
ord222
ord181
ord544
ord467
ord254
ord227
ord641
ord652
ord2206
ord657
ord363

wtsapi32

WTSQueryUserToken

ssleay32

ord222
ord17
ord75
ord141
ord58
ord61
ord182
ord6
ord31
ord157
ord96
ord111
ord235
ord12
ord108
ord48
ord8
ord78
ord225
ord183
ord142
ord73
ord242
ord76
ord83
ord42
ord74
ord90
ord16
ord43
ord21
ord166
ord24

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

userenv

GetUserProfileDirectoryW

kernel32

TlsAlloc
TlsFree
TlsGetValue
OpenEventA
TlsSetValue
ResumeThread
SystemTimeToFileTime
SetWaitableTimer
CreateWaitableTimerA
GetCPInfo
ExitProcess
GetTimeFormatA
GetDateFormatA
GetConsoleCP
GetConsoleMode
HeapReAlloc
ExitThread
GetCommandLineW
GetModuleHandleA
CreateDirectoryW
HeapSetInformation
RtlUnwind
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
GetLocaleInfoA
GetUserDefaultLCID
SetHandleCount
GetFileType
GetStartupInfoW
HeapCreate
HeapDestroy
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
RemoveDirectoryW
InterlockedExchange
GetStringTypeW
EncodePointer
RaiseException
DecodePointer
DeviceIoControl
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableW
SetEnvironmentVariableA
GetStringTypeExW
CreateThread
GetSystemTime
GetLongPathNameW
lstrlenW
InterlockedDecrement
ReadDirectoryChangesW
WriteConsoleW
SetStdHandle
LoadLibraryW
GetProcAddress
GetCurrentThreadId
WideCharToMultiByte
GetLastError
GetSystemTimeAsFileTime
GetModuleFileNameA
CreateEventA
CloseHandle
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalFree
WaitForSingleObject
GetTickCount
WaitForMultipleObjects
ReleaseSemaphore
GetProcessHeap
HeapFree
HeapAlloc
CreateFileW
GetFileTime
Sleep
GetFileAttributesW
MultiByteToWideChar
SetFilePointer
ReadFile
SetEndOfFile
WriteFile
WTSGetActiveConsoleSessionId
GetCurrentProcess
GetModuleHandleW
GetModuleFileNameW
TerminateProcess
ResetEvent
FormatMessageA
SetLastError
GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
MapViewOfFile
UnmapViewOfFile
FreeLibrary
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
UnlockFileEx
FormatMessageW
GetVersionExW
GetFileAttributesA
FlushFileBuffers
GetTempPathW
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteFileW
GetCurrentProcessId
GetTempPathA
CreateSemaphoreW
AreFileApisANSI
DeleteFileA
GetLogicalDriveStringsW
GetDriveTypeW
FindFirstFileW
FindNextFileW
FindClose
WaitForSingleObjectEx
GetStdHandle
CancelIo
SleepEx
InterlockedIncrement
QueueUserAPC
InitializeCriticalSectionAndSpinCount

user32

LoadStringW
DestroyIcon

advapi32

RegOpenKeyExW
RegCloseKey
OpenProcessToken
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
StartServiceCtrlDispatcherW
OpenSCManagerW
CreateServiceW
StartServiceW
CloseServiceHandle
OpenServiceW
ControlService
DeleteService
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ord727
SHGetFileInfoW

ole32

CoInitializeEx
CreateStreamOnHGlobal
CoUninitialize

gdiplus

GdipDrawImageRectRectI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipCloneImage
GdipSaveImageToStream
GdipFree
GdipLoadImageFromFile
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageThumbnail
GdipCreateBitmapFromHICON
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0

comctl32

ord17

ws2_32

shutdown
setsockopt
sendto
recv
socket
closesocket
gethostbyname
send
getsockopt
accept
htons
WSAGetLastError
select
inet_addr
ntohl
recvfrom
WSAStartup
connect
ioctlsocket
__WSAFDIsSet

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96a3ffd54b0b0b6480f77c8d2ec15172

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

libeay32

wtsapi32

ssleay32

secur32

userenv

kernel32

user32

advapi32

shell32

ole32

gdiplus

comctl32

ws2_32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 234KB - Virtual size: 234KB

.data Size: 42KB - Virtual size: 172KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 107KB - Virtual size: 106KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 234KB - Virtual size: 234KB

.data
Size: 42KB - Virtual size: 172KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 107KB - Virtual size: 106KB