2024-02-25_34865e911129e0e95ec090e8df65d40f_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-25_34865e911129e0e95ec090e8df65d40f_mafia
Size

2.7MB
MD5

34865e911129e0e95ec090e8df65d40f
SHA1

835daefd3ec02a764eae48967a35ef458c880495
SHA256

8e4fc5f6a09cfed0694f784470207b79a69515fc3ce12471985e2f5397ec6c87
SHA512

874be2c40f7a101ced422c8c8e778416dbcb2822ee9ba3e6180ee70ee4b37a727b312379b63e6d338544f1581b0143e4542e2ae803c586a18bd42ef134604f08
SSDEEP

49152:rCmtgMaPtXV+Yv9SIr/3NA3GSVLYloSIwJaXyT6/1hEQcGtp/V2Xy0zKVO:rt+/3NA3GSU/IwIL/nEAOf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-25_34865e911129e0e95ec090e8df65d40f_mafia

Files

2024-02-25_34865e911129e0e95ec090e8df65d40f_mafia
.exe windows:5 windows x86 arch:x86

12529499f601dac603824705acb20d69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\buildbot\slaves\ad_aware_antivirus_msvc_2010\AdAware11\build\_build\bin\Win32\Release\AdAwareWebInstaller.pdb

Imports

wldap32

ord46
ord41
ord27
ord301
ord33
ord200
ord79
ord35
ord32
ord30
ord26
ord50
ord60
ord143
ord211
ord22

ws2_32

WSACleanup
WSAStartup
WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
recv
send
WSAIoctl
setsockopt
getsockname
gethostname
ioctlsocket
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
shutdown

kernel32

SetEnvironmentVariableA
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetFullPathNameA
SetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
FlushFileBuffers
GetConsoleCP
HeapCreate
SetHandleCount
WriteFile
TlsFree
LoadLibraryW
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
CopyFileW
GetModuleFileNameW
TlsGetValue
InitializeCriticalSection
GetProcessTimes
TlsSetValue
CreateEventA
GetCurrentProcess
SetEvent
GetSystemTimeAsFileTime
LeaveCriticalSection
GetLastError
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
CloseHandle
GetCurrentProcessId
GetCommandLineW
FindResourceW
LoadResource
GlobalLock
GlobalAlloc
SizeofResource
GlobalUnlock
GlobalFree
LockResource
CreateMutexW
CreateProcessW
GetModuleHandleW
GetProcessHeap
HeapAlloc
HeapFree
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
GetDriveTypeW
GetProcAddress
EndUpdateResourceW
BeginUpdateResourceW
UpdateResourceW
Sleep
SetLastError
GetTickCount
SleepEx
VerifyVersionInfoA
VerSetConditionMask
FormatMessageA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
FreeLibrary
LoadLibraryA
ExpandEnvironmentStringsA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
GetVersion
QueryPerformanceCounter
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
CreateDirectoryW
AreFileApisANSI
GetFileInformationByHandle
GetCurrentDirectoryW
GetFileAttributesW
DeviceIoControl
DeleteFileW
RemoveDirectoryW
FindClose
CreateFileW
SetEndOfFile
GetLocaleInfoW
DecodePointer
EncodePointer
GetStringTypeW
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
RaiseException
InterlockedExchange
LocalFree
LocalAlloc
ExitProcess
GetCPInfo
ReleaseSemaphore
OpenEventA
HeapSetInformation
ResetEvent
ResumeThread
SystemTimeToFileTime
SetWaitableTimer
CreateWaitableTimerA
GetStringTypeExA
GetStringTypeExW
LCMapStringA
GetTempPathW
MultiByteToWideChar
GetStartupInfoW
HeapReAlloc
TerminateProcess
CompareStringW
GetDateFormatA
GetTimeFormatA
LCMapStringW
RtlUnwind
GetTimeZoneInformation
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
CreateFileA
FindFirstFileExA
GetDriveTypeA
SetFilePointer
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateThread
ExitThread

user32

LoadStringW
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
SendMessageA
FindWindowA
GetWindowRect
GetParent
GetClientRect
MonitorFromWindow
SetWindowPos
MapWindowPoints
GetMonitorInfoW
GetWindow
UpdateLayeredWindow
ScreenToClient
GetMessageW
PostQuitMessage
PostMessageW
LoadCursorW
GetDC
TranslateMessage
RegisterClassExW
LoadIconW
GetWindowLongW
ReleaseDC
SetWindowLongW
GetCursorPos
ShowWindow
GetSysColorBrush
CreateWindowExW
ReleaseCapture
DefWindowProcW
DispatchMessageW
LoadStringA
SendMessageW

gdi32

DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateDIBSection

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource

shell32

SHGetFolderPathW

ole32

CreateStreamOnHGlobal

gdiplus

GdipDeleteBrush
GdipFree
GdipCloneBrush
GdipGetImageHeight
GdipDeleteGraphics
GdipDrawImageRectI
GdipSetSmoothingMode
GdipDeleteFontFamily
GdipCreateSolidFill
GdipAlloc
GdipAddPathStringI
GdipDeletePath
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipFillPath
GdipFillRectangleI
GdipCreatePath
GdipGetImageWidth
GdiplusShutdown
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdiplusStartup

Exports

Exports

libssh2_agent_connect
libssh2_agent_disconnect
libssh2_agent_free
libssh2_agent_get_identity
libssh2_agent_init
libssh2_agent_list_identities
libssh2_agent_userauth
libssh2_banner_set
libssh2_base64_decode
libssh2_channel_close
libssh2_channel_direct_tcpip_ex
libssh2_channel_eof
libssh2_channel_flush_ex
libssh2_channel_forward_accept
libssh2_channel_forward_cancel
libssh2_channel_forward_listen_ex
libssh2_channel_free
libssh2_channel_get_exit_signal
libssh2_channel_get_exit_status
libssh2_channel_handle_extended_data
libssh2_channel_handle_extended_data2
libssh2_channel_open_ex
libssh2_channel_process_startup
libssh2_channel_read_ex
libssh2_channel_receive_window_adjust
libssh2_channel_receive_window_adjust2
libssh2_channel_request_pty_ex
libssh2_channel_request_pty_size_ex
libssh2_channel_send_eof
libssh2_channel_set_blocking
libssh2_channel_setenv_ex
libssh2_channel_wait_closed
libssh2_channel_wait_eof
libssh2_channel_window_read_ex
libssh2_channel_window_write_ex
libssh2_channel_write_ex
libssh2_channel_x11_req_ex
libssh2_exit
libssh2_free
libssh2_hostkey_hash
libssh2_init
libssh2_keepalive_config
libssh2_keepalive_send
libssh2_knownhost_add
libssh2_knownhost_addc
libssh2_knownhost_check
libssh2_knownhost_checkp
libssh2_knownhost_del
libssh2_knownhost_free
libssh2_knownhost_get
libssh2_knownhost_init
libssh2_knownhost_readfile
libssh2_knownhost_readline
libssh2_knownhost_writefile
libssh2_knownhost_writeline
libssh2_poll
libssh2_poll_channel_read
libssh2_scp_recv
libssh2_scp_send64
libssh2_scp_send_ex
libssh2_session_abstract
libssh2_session_banner_get
libssh2_session_banner_set
libssh2_session_block_directions
libssh2_session_callback_set
libssh2_session_disconnect_ex
libssh2_session_flag
libssh2_session_free
libssh2_session_get_blocking
libssh2_session_get_timeout
libssh2_session_handshake
libssh2_session_hostkey
libssh2_session_init_ex
libssh2_session_last_errno
libssh2_session_last_error
libssh2_session_method_pref
libssh2_session_methods
libssh2_session_set_blocking
libssh2_session_set_timeout
libssh2_session_startup
libssh2_session_supported_algs
libssh2_sftp_close_handle
libssh2_sftp_fstat_ex
libssh2_sftp_fstatvfs
libssh2_sftp_get_channel
libssh2_sftp_init
libssh2_sftp_last_error
libssh2_sftp_mkdir_ex
libssh2_sftp_open_ex
libssh2_sftp_read
libssh2_sftp_readdir_ex
libssh2_sftp_rename_ex
libssh2_sftp_rmdir_ex
libssh2_sftp_seek
libssh2_sftp_seek64
libssh2_sftp_shutdown
libssh2_sftp_stat_ex
libssh2_sftp_statvfs
libssh2_sftp_symlink_ex
libssh2_sftp_tell
libssh2_sftp_tell64
libssh2_sftp_unlink_ex
libssh2_sftp_write
libssh2_trace
libssh2_trace_sethandler
libssh2_userauth_authenticated
libssh2_userauth_hostbased_fromfile_ex
libssh2_userauth_keyboard_interactive_ex
libssh2_userauth_list
libssh2_userauth_password_ex
libssh2_userauth_publickey
libssh2_userauth_publickey_fromfile_ex

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 377KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12529499f601dac603824705acb20d69

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wldap32

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 423KB - Virtual size: 423KB

.data Size: 99KB - Virtual size: 117KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 377KB - Virtual size: 377KB

.reloc Size: 129KB - Virtual size: 128KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 423KB - Virtual size: 423KB

.data
Size: 99KB - Virtual size: 117KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 377KB - Virtual size: 377KB

.reloc
Size: 129KB - Virtual size: 128KB