2024-02-25_4dcfc271fc0cc6f695ad0696898841a3_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-25_4dcfc271fc0cc6f695ad0696898841a3_mafia
Size

1.1MB
MD5

4dcfc271fc0cc6f695ad0696898841a3
SHA1

ac82ad609b1bea6f2bb71c84232ba8aa12448f2a
SHA256

b17e0f0827a2f337d3811b1caacb7b3aec5c9c0c1014c8c38140b3a7b321aaee
SHA512

fce0a6d656110b38df161fbe0dc7ca00037f12ab5f86847517692d59a581f77a93323c5e2c2aaf40eaada570fbdb7b1f8a3878c6561939ad5afbe50753b2737e
SSDEEP

24576:6EJG2a5pexxtPkMaJXiAbIKfb7VbcLRPlTruMMnGrr:tG2ep0oMmXiAbIwpbcLRPlTyMcGrr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-25_4dcfc271fc0cc6f695ad0696898841a3_mafia

Files

2024-02-25_4dcfc271fc0cc6f695ad0696898841a3_mafia
.exe windows:5 windows x86 arch:x86

23128e179b2508602d10d111a1e30ee1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
FreeLibrary
LoadLibraryExW
GlobalFree
GlobalHandle
CloseHandle
DeleteFileW
Sleep
InitializeCriticalSection
CreateMutexW
GetPrivateProfileSectionW
GetCurrentProcessId
GetLocalTime
WriteFile
SetFilePointer
GetFileSize
CreateFileW
GetCommandLineW
LoadLibraryW
GetDateFormatW
CreateThread
SetErrorMode
SetUnhandledExceptionFilter
GlobalLock
WideCharToMultiByte
SetEvent
RemoveDirectoryW
FindClose
FindNextFileW
MoveFileW
FindFirstFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
CreateEventW
CreateDirectoryW
GetTickCount
ResumeThread
IsDBCSLeadByte
VirtualProtect
WriteProcessMemory
CreateFileA
GetTempFileNameW
SystemTimeToFileTime
GetSystemTime
CompareStringW
SetEndOfFile
GetTimeZoneInformation
ReadFile
GlobalUnlock
GetLastError
WinExec
GetProcessTimes
Process32NextW
Process32FirstW
GetPrivateProfileStringW
MulDiv
WaitForMultipleObjects
GetVersionExW
GlobalMemoryStatusEx
VerSetConditionMask
VerifyVersionInfoW
GetSystemInfo
LocalFree
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
ExitThread
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
lstrcmpW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetPrivateProfileIntW
SizeofResource
GetModuleHandleW
GetProcAddress
lstrlenW
GetCurrentThreadId
GlobalAlloc
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
RaiseException
CompareFileTime
lstrlenA
GetModuleFileNameW
FreeResource
WritePrivateProfileStringW
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
CreateToolhelp32Snapshot
SetEnvironmentVariableA

user32

DestroyWindow
GetWindowLongW
ShowWindow
SetTimer
KillTimer
SendDlgItemMessageW
GetSystemMetrics
UnregisterClassA
SetWindowPos
MapWindowPoints
GetClientRect
GetWindowRect
GetWindow
GetParent
PostMessageW
PostQuitMessage
SetWindowLongW
IsWindow
DispatchMessageW
TranslateMessage
UnionRect
IntersectRect
GetMessageW
PeekMessageW
CharNextW
DefWindowProcW
MapDialogRect
EndDialog
MonitorFromWindow
GetMonitorInfoW
CreateWindowExW
SetWindowContextHelpId
SendMessageW
GetSysColor
MoveWindow
ClientToScreen
ScreenToClient
OffsetRect
PtInRect
FindWindowExW
EnumChildWindows
SetActiveWindow
AnimateWindow
BringWindowToTop
SetForegroundWindow
OpenClipboard
SystemParametersInfoW
EnableWindow
IsRectEmpty
SetWindowsHookExW
CallNextHookEx
GetAncestor
UnhookWindowsHookEx
GetClassInfoW
RegisterClassW
SetPropW
GetPropW
CreateDialogIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
RegisterClassExW
LoadCursorW
GetClassInfoExW
GetFocus
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC

gdi32

CreateCompatibleDC
GetDeviceCaps
SelectObject
DeleteObject
DeleteDC
GetObjectW
BitBlt
CreateSolidBrush
CreateCompatibleBitmap
GetStockObject

comdlg32

PrintDlgExA
PrintDlgExW

advapi32

RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
GetUserNameW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathA
SHGetFolderPathW
SHCreateDirectoryExW

ole32

CoTaskMemAlloc
CoInitialize
CoCreateGuid
CreateBindCtx
CLSIDFromString
ProgIDFromCLSID
OleInitialize
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
OleRun
CoUninitialize
CLSIDFromProgID
CoGetClassObject
OleLockRunning
OleUninitialize
CoSetProxyBlanket
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

VarBstrCmp
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayDestroy
VariantChangeType
DispCallFunc
SysStringByteLen
SysAllocStringByteLen
VariantCopy
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
GetErrorInfo
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

shlwapi

SHDeleteKeyW
PathIsDirectoryW
StrStrIW
PathFileExistsW

urlmon

CoInternetGetSession
ObtainUserAgentString
UrlMkSetSessionOption

wininet

InternetCloseHandle
InternetSetCookieW
InternetOpenW
HttpQueryInfoW
InternetReadFile
HttpSendRequestW
InternetCanonicalizeUrlW
InternetCrackUrlW
CommitUrlCacheEntryA
CommitUrlCacheEntryW
InternetErrorDlg
InternetQueryOptionW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW

dsound

ord1

dbghelp

ImageDirectoryEntryToDataEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

EnumProcessModules
GetProcessMemoryInfo
GetModuleFileNameExW

winmm

waveOutWrite
midiStreamOut
PlaySoundA
PlaySoundW

wintrust

WinVerifyTrust

crypt32

CertOpenStore

ws2_32

getaddrinfo
gethostname

pdh

PdhGetFormattedCounterValue
PdhCollectQueryData
PdhAddCounterW
PdhCloseQuery
PdhOpenQueryW

Sections

.text
Size: 813KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23128e179b2508602d10d111a1e30ee1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

wininet

dsound

dbghelp

version

psapi

winmm

wintrust

crypt32

ws2_32

pdh

Sections

.text Size: 813KB - Virtual size: 812KB

.rdata Size: 175KB - Virtual size: 174KB

.data Size: 22KB - Virtual size: 31KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 61KB - Virtual size: 60KB

.text
Size: 813KB - Virtual size: 812KB

.rdata
Size: 175KB - Virtual size: 174KB

.data
Size: 22KB - Virtual size: 31KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 61KB - Virtual size: 60KB