2024-02-23_102c68c4e2cf10594911e9e9fd523e05_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-23_102c68c4e2cf10594911e9e9fd523e05_mafia
Size

2.7MB
MD5

102c68c4e2cf10594911e9e9fd523e05
SHA1

6ea873a525908892ac94f4bf304fba51260584f2
SHA256

ba57cef86ca64c1755580b79fbdfb65a8edfbd10155b97c3fac1fe16b1d4995a
SHA512

d0abf50231ca76903357bd9a4fce88cfcce7793818138030e3c08b9df7cee955de3e4d859a7ea2e54aae2ceb54f75e8269d2d14ed14cda3727cdb3c01bf1af73
SSDEEP

49152:VTUBtNwHWsNErgOElxqEcRykzhmawT+e0+dqQ6:2BU6rH9EcE0w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-23_102c68c4e2cf10594911e9e9fd523e05_mafia

Files

2024-02-23_102c68c4e2cf10594911e9e9fd523e05_mafia
.exe windows:5 windows x86 arch:x86

bfa36edbe1b3262bfd184c0212d4ff36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildMachine\jobs\ReadyDrop\workspace\_Release\Win32\ReadyDrop.pdb

Imports

shlwapi

PathAppendW
PathRemoveFileSpecW
PathMakeSystemFolderW
PathCombineW

rpcrt4

UuidToStringA
UuidCreate
UuidFromStringA
UuidCreateSequential
RpcStringFreeA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

AreFileApisANSI
CreateFileMappingA
CreateFileMappingW
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
CloseHandle
GetLastError
SetFilePointer
ReadFile
GetFileAttributesW
WriteFile
SetEvent
CreateFileW
GetModuleFileNameW
LocalFree
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateDirectoryW
GetProcAddress
LoadLibraryW
UnhandledExceptionFilter
GetModuleHandleW
WideCharToMultiByte
GetLocalTime
GetVersionExW
SetFileAttributesW
SleepEx
CancelIo
ReadDirectoryChangesW
lstrcpynW
FormatMessageW
SetConsoleTextAttribute
DeleteFileA
FormatMessageA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetSystemTime
GetTempPathA
HeapValidate
LoadLibraryA
LockFile
LockFileEx
MapViewOfFile
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
OutputDebugStringA
OutputDebugStringW
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
CreateFileA
SetStdHandle
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeLibrary
GetConsoleMode
GetConsoleCP
GetFileType
GetConsoleScreenBufferInfo
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
Sleep
InitializeCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetCurrentDirectoryW
GetLongPathNameW
GetTempPathW
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetLogicalDriveStringsW
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
GetFileAttributesExW
SetFileTime
SetEndOfFile
CopyFileW
MoveFileW
DeleteFileW
RemoveDirectoryW
CreateEventW
WaitForSingleObject
ResetEvent
FindFirstFileW
FindClose
FindNextFileW
SetThreadPriority
GetExitCodeThread
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetExitCodeProcess
GetProcessTimes
CreateProcessW
GetConsoleWindow
GetStdHandle
DuplicateHandle
GetStartupInfoW
TerminateProcess
OpenProcess
GetTimeZoneInformation
GetEnvironmentVariableW
SetEnvironmentVariableW
GetVersionExA
GetSystemInfo
GetComputerNameW
FlushFileBuffers
CreatePipe
CreateMutexW
ReleaseMutex
WaitForMultipleObjects
RtlUnwind
RaiseException
HeapFree
IsDebuggerPresent
GetCPInfo
ExitProcess
GetCommandLineW
HeapSetInformation
HeapAlloc
HeapReAlloc
LCMapStringW
ExitThread
CreateThread
IsProcessorFeaturePresent
GetLocaleInfoW
SetLastError
HeapCreate
HeapDestroy
HeapSize
SetHandleCount

user32

GetSubMenu
SetMenuDefaultItem
SetMenuItemInfoW
RemoveMenu
AppendMenuW
GetSystemMetrics
SetForegroundWindow
TrackPopupMenuEx
LoadMenuW
SendMessageW
wsprintfW
DestroyWindow
PostQuitMessage
LoadCursorW
RegisterClassExW
DestroyIcon
PostMessageW
LoadIconW
KillTimer
SetTimer
GetProcessWindowStation
GetUserObjectInformationW
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjectsEx
CreateWindowExW
ShowWindow
DefWindowProcW
GetCursorPos
SetWindowLongW
GetWindowLongW
DestroyMenu

shell32

SHOpenFolderAndSelectItems
ord155
ord190
CommandLineToArgvW
SHGetFolderPathW
SHChangeNotify
Shell_NotifyIconW

ole32

CoInitialize
CoUninitialize

iphlpapi

GetAdaptersInfo

ws2_32

send
recv
sendto
recvfrom
getsockname
getpeername
setsockopt
getsockopt
socket
ioctlsocket
ntohs
htons
getservbyname
ntohl
inet_addr
freeaddrinfo
getaddrinfo
getnameinfo
gethostname
WSAStartup
WSACleanup
shutdown
closesocket
listen
bind
connect
accept
select
WSAGetLastError
__WSAFDIsSet

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCreateKeyExW
RegSetValueExW
RegCloseKey
ReportEventW
DeregisterEventSource
RegisterEventSourceW

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 396KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfa36edbe1b3262bfd184c0212d4ff36

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

rpcrt4

version

kernel32

user32

shell32

ole32

iphlpapi

ws2_32

advapi32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 396KB - Virtual size: 396KB

.data Size: 40KB - Virtual size: 58KB

.rsrc Size: 150KB - Virtual size: 149KB

.reloc Size: 109KB - Virtual size: 108KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 396KB - Virtual size: 396KB

.data
Size: 40KB - Virtual size: 58KB

.rsrc
Size: 150KB - Virtual size: 149KB

.reloc
Size: 109KB - Virtual size: 108KB