2024-02-24_46235c327c5bf54c9f0e66655c8e0a39_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-24_46235c327c5bf54c9f0e66655c8e0a39_mafia
Size

2.8MB
MD5

46235c327c5bf54c9f0e66655c8e0a39
SHA1

483ffd15663e4418ad5be5d3287d9afe299465ce
SHA256

967b4e2802f25797c99f60bd8d38828297dfb879b63a94d7ac8c8eb26d6e1dea
SHA512

d06509ca5597eae27aa5defe310c44234d4fbb2ac130a90836b4c491a932dc98e6e888b1a4930843eb6260af215a3ba069a6a6ad22cae64b3d7110537abba957
SSDEEP

49152:KfZBKQeATpqo7USeiY5Hhys6dPxDn30/Ud53QfjCFa1qoyRutEIR0ZHz2BzJ+tPP:MBKQeATpqo7USeiY5Hhys6dPxDn30/Ul

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-24_46235c327c5bf54c9f0e66655c8e0a39_mafia

Files

2024-02-24_46235c327c5bf54c9f0e66655c8e0a39_mafia
.exe windows:5 windows x86 arch:x86

4403c57bf69948617e349c5988c5742f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleA
GetVersionExW
GetVolumeInformationW
LoadLibraryW
LoadLibraryA
OutputDebugStringW
OutputDebugStringA
SetWaitableTimer
CreateWaitableTimerA
ResetEvent
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
SetLastError
InitializeCriticalSection
DeleteCriticalSection
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
ReleaseSemaphore
ResumeThread
DuplicateHandle
SystemTimeToFileTime
VirtualQuery
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
GetFileAttributesW
FindClose
GenerateConsoleCtrlEvent
GetFileSize
UnlockFile
ReadProcessMemory
GetFileAttributesA
GetCurrentDirectoryA
GetThreadContext
SuspendThread
Thread32Next
OpenThread
Thread32First
CreateToolhelp32Snapshot
CopyFileW
CopyFileExW
CreateDirectoryW
CreateDirectoryExW
CreateFileW
CreateProcessW
DeleteFileW
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
GetComputerNameW
GetFullPathNameW
GetTempFileNameW
MoveFileW
RemoveDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
SetVolumeLabelW
SetHandleInformation
CopyFileA
CopyFileExA
CreateDirectoryA
CreateDirectoryExA
CreateProcessA
DeleteFileA
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
GetComputerNameA
GetFileTime
GetSystemTimeAsFileTime
GetSystemTime
GetFullPathNameA
GetTempFileNameA
MoveFileA
MoveFileExA
RemoveDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
SetVolumeLabelA
HeapAlloc
HeapFree
HeapReAlloc
HeapCreate
GetWindowsDirectoryA
GetVersion
GetTickCount
VirtualAlloc
VirtualFree
GetPrivateProfileStringA
GetPrivateProfileIntA
GetLocalTime
SearchPathA
OpenSemaphoreA
lstrlenA
MapViewOfFile
GetThreadLocale
InterlockedCompareExchange
CompareStringW
GetFileInformationByHandle
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
InterlockedExchange
HeapSize
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
SetHandleCount
SetEnvironmentVariableA
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
FindFirstFileExA
LocalFileTimeToFileTime
SetFileTime
GetStringTypeW
GetDateFormatW
GetTimeFormatW
FindFirstFileExW
SetEnvironmentVariableW
GetFileType
GetProcessHeap
GetCPInfo
RtlUnwind
GetConsoleCP
InterlockedIncrement
ExitProcess
EncodePointer
DecodePointer
HeapSetInformation
GetEnvironmentVariableA
GetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDriveTypeW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetCommandLineA
GetCommandLineW
DefineDosDeviceW
CreateSemaphoreA
CreateMutexA
CreateFileMappingA
CreateEventA
CreateEventW
GetCurrentThread
CompareFileTime
SetEndOfFile
FindFirstChangeNotificationW
GetLogicalDrives
FindCloseChangeNotification
FileTimeToLocalFileTime
FileTimeToSystemTime
OpenProcess
TerminateProcess
ExitThread
GetDriveTypeA
InterlockedDecrement
DeviceIoControl
GetVersionExA
DefineDosDeviceA
CreateFileA
GetVolumeInformationA
GetProcessTimes
GetCurrentProcess
SetStdHandle
GetSystemInfo
GetCurrentThreadId
GetExitCodeProcess
RaiseException
IsDBCSLeadByteEx
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLangID
GlobalMemoryStatusEx
GetStdHandle
GetConsoleMode
SetErrorMode
GetProcAddress
FreeLibrary
SetEvent
CreateThread
Sleep
LocalAlloc
LocalFree
ReleaseMutex
CloseHandle
PeekNamedPipe
WaitForSingleObject
WriteFile
SetFilePointer
GetLastError
ReadFile
FlushFileBuffers
CreatePipe
IsDebuggerPresent
GetCurrentProcessId
MoveFileExW

netapi32

NetApiBufferFree
Netbios
NetRemoteTOD

ws2_32

ntohs
WSACleanup
WSAStartup
getprotobyname
inet_addr
inet_ntoa
select
getpeername
getsockname
ioctlsocket
setsockopt
getsockopt
shutdown
closesocket
listen
accept
connect
recvfrom
recv
sendto
send
bind
socket
__WSAFDIsSet
getnameinfo
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
htonl
htons
ntohl
WSAGetLastError
gethostname

user32

GetWindowLongA
SendMessageA
GetDlgItem
GetWindowRect
EnableWindow
GetActiveWindow
PeekMessageA
TranslateMessage
MsgWaitForMultipleObjects
SetWindowTextA
MessageBeep
SetDlgItemTextA
MessageBoxA
GetDlgItemTextW
GetDlgItemTextA
EndDialog
GetClientRect
GetSystemMetrics
GetParent
GetFocus
SetFocus
MoveWindow
ScreenToClient
DispatchMessageA
ShowWindow
wsprintfA
CreateDialogIndirectParamA
DialogBoxIndirectParamA

comctl32

ord17

comdlg32

GetOpenFileNameA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegConnectRegistryA
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
GetFileSecurityW
SetFileSecurityW
RevertToSelf
AccessCheck
OpenThreadToken
ImpersonateSelf
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetUserNameW
GetUserNameA
LookupAccountNameW
LookupAccountNameA
LookupAccountSidW
LookupAccountSidA

mpr

WNetGetConnectionA
WNetCloseEnum
WNetEnumResourceA
WNetOpenEnumA

psapi

GetProcessImageFileNameW
EnumProcessModules
GetModuleInformation

ole32

CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
VariantClear
SysFreeString

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

?CurrentKind@btkEvent@@1HA
?PRO_MACHINE_TYPE@@3PBDB
?PRO_OS_TYPE@@3PBDB
?StdStream@btkProcess@@2VDefaultStream@1@A
?mbsMode@btkMBStrFunc@@0PAVbtkOBSFunc@@A

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 534KB - Virtual size: 533KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 685KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4403c57bf69948617e349c5988c5742f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

netapi32

ws2_32

user32

comctl32

comdlg32

advapi32

mpr

psapi

ole32

oleaut32

version

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.textidx Size: 534KB - Virtual size: 533KB

CONST Size: 512B - Virtual size: 80B

.rdata Size: 365KB - Virtual size: 365KB

.data Size: 185KB - Virtual size: 685KB

.rsrc Size: 1024B - Virtual size: 776B

.reloc Size: 165KB - Virtual size: 164KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.textidx
Size: 534KB - Virtual size: 533KB

CONST
Size: 512B - Virtual size: 80B

.rdata
Size: 365KB - Virtual size: 365KB

.data
Size: 185KB - Virtual size: 685KB

.rsrc
Size: 1024B - Virtual size: 776B

.reloc
Size: 165KB - Virtual size: 164KB