2024-02-22_62a82b4b4f5c8159ba002b604905a203_mafia_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-22_62a82b4b4f5c8159ba002b604905a203_mafia_revil
Size

2.9MB
MD5

62a82b4b4f5c8159ba002b604905a203
SHA1

286619195fbcce805b109bd34b97a6dbce9c3191
SHA256

63f3f32bbbdc4f52583c54a7229a05892dcb1b73a4116eb5a11ba14b06618397
SHA512

6d22b88cf354e2acbb730ac1d607a495dc07cfe38d4670a879704512e2e142e81b15a09cdb6dba37278a45de5c2ef3dc8b8b00abae90fcbf455da517830b1504
SSDEEP

49152:CTSzTU3wx5ADgMkquPa2Evs6q0+9xhCMKSkf/5kMzKcjU9UHsTvlIDWo31BEO3jH:W2U3wx5ak3qvs6+9GMCf/5bKUU9UHsTz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-22_62a82b4b4f5c8159ba002b604905a203_mafia_revil

Files

2024-02-22_62a82b4b4f5c8159ba002b604905a203_mafia_revil
.exe windows:5 windows x86 arch:x86

9325fb6fb7ef6dd0ae83241a7c44e4d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

S:\Project\svnbse.bkav.com\TMS\TMS\02_Source\TokenManager\branches\20161003- 2.8.0.10 - Window Service\BkavCAToken\BkavCATokenManager.pdb

Imports

crypt32

CertFindCertificateInStore
CertOpenSystemStoreW
CertNameToStrW
CertDeleteCertificateFromStore
CertCompareCertificate
CertAddCertificateContextToStore
CertSetCertificateContextProperty
CertOpenStore
CertCloseStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
PFXImportCertStore
PFXVerifyPassword
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCreateCertificateContext

cryptui

CryptUIDlgViewContext

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpSetStatusCallback
WinHttpGetIEProxyConfigForCurrentUser

sqlite3

sqlite3_open
sqlite3_free
sqlite3_exec
sqlite3_close
sqlite3_errmsg

kernel32

HeapSize
VirtualAlloc
GetSystemInfo
VirtualQuery
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
LCMapStringW
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetFileAttributesA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetExitCodeProcess
CreateProcessA
SetEnvironmentVariableA
CreateFileA
GetConsoleMode
SetConsoleMode
SetConsoleCtrlHandler
ExitThread
WriteConsoleW
DeleteFileA
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
ExitProcess
DecodePointer
EncodePointer
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
InitializeCriticalSectionAndSpinCount
GetNumberFormatW
GetWindowsDirectoryW
GetTempFileNameW
SetErrorMode
lstrcpyW
GlobalFlags
GetCurrentDirectoryW
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedIncrement
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
DeleteFileW
lstrcmpiW
GetThreadLocale
GlobalFindAtomW
CompareStringW
GlobalAddAtomW
SuspendThread
SetThreadPriority
GetPrivateProfileStringW
WritePrivateProfileStringW
HeapQueryInformation
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
InterlockedExchange
CopyFileW
GlobalSize
FlushConsoleInputBuffer
LoadLibraryA
FreeLibrary
GlobalMemoryStatus
QueryPerformanceCounter
GetStdHandle
GetFileType
GetModuleHandleA
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
InitializeCriticalSection
SetFileAttributesW
GetTempPathW
WaitForMultipleObjects
CreateThread
InterlockedExchangeAdd
DeleteCriticalSection
GetVersion
GetVersionExW
lstrcmpW
FindClose
FindNextFileW
FindFirstFileW
LocalFree
ResetEvent
SetEvent
WaitForSingleObject
FreeResource
ResumeThread
MulDiv
CreateEventW
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
WriteFile
HeapFree
HeapAlloc
GetProcessHeap
ReadFile
SetNamedPipeHandleState
WaitNamedPipeW
CloseHandle
GetCurrentProcess
GetCurrentThreadId
CreateFileW
GetLocalTime
SetUnhandledExceptionFilter
GetCurrentProcessId
GetACP
Sleep
GetTickCount
GetFullPathNameW
GetFileAttributesW
GlobalFree
lstrlenA
FormatMessageW
LocalAlloc
ActivateActCtx
GetProcAddress
GetModuleHandleW
DeactivateActCtx
SetLastError
lstrlenW
CreateProcessW
GetModuleFileNameW
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalUnlock
GlobalLock
GlobalAlloc
TerminateThread
CreateDirectoryW
MultiByteToWideChar
SetCurrentDirectoryW
LoadLibraryW
GetLastError
CreateMutexW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
RaiseException
SetStdHandle
RtlUnwind
GetPrivateProfileIntW
ReadConsoleInputA

user32

IsDialogMessageW
SetDlgItemTextW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
ScrollWindow
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetClassInfoExW
GetClassInfoW
RegisterClassW
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
GetMenu
ShowOwnedPopups
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
SetWindowPos
GetLastActivePopup
IsWindowEnabled
UnhookWindowsHookEx
PostQuitMessage
GetMenuState
GetMenuStringW
GetMenuItemID
RemoveMenu
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
GetMenuItemCount
DestroyWindow
SendNotifyMessageW
DefWindowProcW
RegisterClassExW
InsertMenuW
SetActiveWindow
SystemParametersInfoW
CopyIcon
FindWindowW
SetMenuDefaultItem
RegisterWindowMessageW
CopyRect
SetRect
CreateWindowExW
MessageBoxW
MessageBoxIndirectW
GetWindowThreadProcessId
DeleteMenu
OffsetRect
MapDialogRect
GetClassNameW
SetWindowTextW
ShowWindow
KillTimer
WindowFromPoint
MapWindowPoints
TrackMouseEvent
ShowCursor
ReleaseDC
CreateIconIndirect
GetDC
GetIconInfo
DrawIconEx
InflateRect
FillRect
GetSysColorBrush
DestroyIcon
GetDlgItem
SetPropW
GetParent
SetCursor
LoadCursorW
ReleaseCapture
PtInRect
ClientToScreen
GetWindowRect
SetCapture
InvalidateRect
GetCapture
RemovePropW
CallWindowProcW
GetPropW
RedrawWindow
GetSysColor
CloseWindow
SetWindowLongW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FrameRect
CopyImage
HideCaret
CheckMenuItem
ModifyMenuW
InvertRect
RegisterClipboardFormatW
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
GetMenuItemInfoW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetKeyState
PostMessageW
TrackPopupMenu
GetCursorPos
GetSubMenu
LoadMenuW
IsWindowVisible
LoadImageW
BringWindowToTop
SetForegroundWindow
SetParent
DrawIcon
GetSystemMetrics
IsIconic
SetTimer
EnableMenuItem
GetWindowLongW
AdjustWindowRectEx
GetClientRect
RegisterDeviceNotificationW
AppendMenuW
GetSystemMenu
LoadIconW
EnableWindow
SendMessageW
IsWindow
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
SetClassLongW
DestroyAcceleratorTable
MoveWindow
GetWindowDC
BeginPaint
EndPaint
GetKeyNameTextW
GetWindowRgn
DestroyCursor
SubtractRect
MapVirtualKeyExW
IsCharLowerW
GetDoubleClickTime
GetUpdateRect
IsClipboardFormatAvailable
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
TranslateAcceleratorW
GetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
PostThreadMessageW
GetWindow
CharUpperBuffW
MapVirtualKeyW
UnionRect
IsZoomed
GetAsyncKeyState
NotifyWinEvent
SetWindowRgn
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IntersectRect
IsRectEmpty
CopyAcceleratorTableW
UnregisterClassW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
RealChildWindowFromPoint
WaitMessage
CharNextW
DrawStateW
CharUpperW
DestroyMenu
EnableScrollBar

gdi32

SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
RestoreDC
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
GetBkColor
GetTextColor
CreateDIBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetRgnBox
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateRoundRectRgn
CreateDIBSection
CreatePolygonRgn
SetROP2
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
SaveDC
SetBkColor
CreateBitmap
CreateDCW
CopyMetaFileW
SetBkMode
GetStockObject
GetDeviceCaps
SetDIBits
GetDIBits
Rectangle
CreatePen
GetTextExtentPoint32W
CreateFontW
SetTextColor
CreateSolidBrush
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
SetBoundsRect
BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreateEllipticRgn
GetObjectW
SetPolyFillMode
ScaleWindowExtEx

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptGetUserKey
CryptExportKey
CryptReleaseContext
CryptImportKey
CryptSetKeyParam
CryptSetProvParam
CryptDestroyKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
StartServiceW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegSetValueExW
CryptCreateHash
CryptHashData
CryptGetHashParam
RegEnumKeyExW
CryptDestroyHash
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
ChangeServiceConfigW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetFolderPathW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetDesktopFolder
DragQueryFileW
DragFinish
ShellExecuteW
SHGetFileInfoW
SHFileOperationW
SHAppBarMessage

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

StrFormatKBSizeW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFileExistsW
PathRemoveFileSpecW

ole32

OleLockRunning
CoTaskMemFree
CoInitializeEx
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
IsAccelerator
ReleaseStgMedium
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize
CoTaskMemAlloc
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoRegisterMessageFilter
CoRevokeClassObject
OleTranslateAccelerator
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes

oleaut32

SysFreeString
OleCreateFontIndirect
VariantCopy
SystemTimeToVariantTime
SafeArrayDestroy
SysStringLen
VarBstrFromDate
VariantTimeToSystemTime
OleLoadPicture
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
VariantChangeType

oledlg

OleUIBusyW

urlmon

ObtainUserAgentString

gdiplus

GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipCreateBitmapFromStream
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipDrawImageRectI
GdipDrawImageI

wininet

InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
InternetCrackUrlW

iphlpapi

GetAdaptersInfo

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 564KB - Virtual size: 563KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9325fb6fb7ef6dd0ae83241a7c44e4d3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

cryptui

version

winhttp

sqlite3

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

urlmon

gdiplus

wininet

iphlpapi

oleacc

imm32

winmm

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 564KB - Virtual size: 563KB

.data Size: 33KB - Virtual size: 72KB

.rsrc Size: 155KB - Virtual size: 155KB

.reloc Size: 224KB - Virtual size: 224KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 564KB - Virtual size: 563KB

.data
Size: 33KB - Virtual size: 72KB

.rsrc
Size: 155KB - Virtual size: 155KB

.reloc
Size: 224KB - Virtual size: 224KB