2024-02-28_85511f990e2cf635c9769d718dd1797e_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-28_85511f990e2cf635c9769d718dd1797e_mafia
Size

2.8MB
MD5

85511f990e2cf635c9769d718dd1797e
SHA1

5e753c880fb052628176472b2df8142e2902918e
SHA256

c293049e93e17cd22c6e34d20614a5edf1b848c2c4b0a9c065527816b1d95236
SHA512

7720af7f26a93bf77ee910967370c7cc2a15e1e075d279ec7ba67453b35b84248d38af3e3964e8475c16abe8ae64d073caceb3e8e652e81e211cdcc2b9cbeb71
SSDEEP

49152:HrK+VCwZNJW3k+EEYFWTrWI5hUKytD4UeSfYcQlQkSO5fM/gad9mm:3pZNJtGKIDYO5Kd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-28_85511f990e2cf635c9769d718dd1797e_mafia

Files

2024-02-28_85511f990e2cf635c9769d718dd1797e_mafia
.exe windows:5 windows x86 arch:x86

1a72b6959da1c6555eac759099fde938

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleA
GetVersionExW
GetVolumeInformationW
LoadLibraryW
LoadLibraryA
OutputDebugStringW
OutputDebugStringA
SetWaitableTimer
CreateWaitableTimerA
ResetEvent
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
SetLastError
InitializeCriticalSection
DeleteCriticalSection
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
ReleaseSemaphore
ResumeThread
DuplicateHandle
SystemTimeToFileTime
VirtualQuery
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
GetFileAttributesW
FindClose
GenerateConsoleCtrlEvent
GetFileSize
UnlockFile
ReadProcessMemory
GetFileAttributesA
GetCurrentDirectoryA
GetThreadContext
SuspendThread
Thread32Next
OpenThread
Thread32First
CreateToolhelp32Snapshot
CopyFileW
CopyFileExW
CreateDirectoryW
CreateDirectoryExW
CreateFileW
CreateProcessW
DeleteFileW
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
GetComputerNameW
GetFullPathNameW
GetTempFileNameW
MoveFileW
RemoveDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
SetVolumeLabelW
SetHandleInformation
CopyFileA
CopyFileExA
CreateDirectoryA
CreateDirectoryExA
CreateProcessA
DeleteFileA
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
GetComputerNameA
GetFileTime
GetSystemTimeAsFileTime
GetSystemTime
GetFullPathNameA
GetTempFileNameA
MoveFileA
MoveFileExA
RemoveDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
SetVolumeLabelA
HeapAlloc
HeapFree
HeapReAlloc
HeapCreate
GetWindowsDirectoryA
GetVersion
GetTickCount
VirtualAlloc
VirtualFree
GetPrivateProfileStringA
GetPrivateProfileIntA
GetLocalTime
SearchPathA
OpenSemaphoreA
lstrlenA
MapViewOfFile
GetThreadLocale
InterlockedCompareExchange
CompareStringW
GetFileInformationByHandle
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
InterlockedExchange
HeapSize
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
SetHandleCount
SetEnvironmentVariableA
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
FindFirstFileExA
LocalFileTimeToFileTime
SetFileTime
GetStringTypeW
GetDateFormatW
GetTimeFormatW
FindFirstFileExW
SetEnvironmentVariableW
GetFileType
GetProcessHeap
GetCPInfo
RtlUnwind
GetConsoleCP
InterlockedIncrement
ExitProcess
EncodePointer
DecodePointer
HeapSetInformation
GetEnvironmentVariableA
GetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDriveTypeW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetCommandLineA
GetCommandLineW
DefineDosDeviceW
CreateSemaphoreA
CreateMutexA
CreateFileMappingA
CreateEventA
CreateEventW
GetCurrentThread
CompareFileTime
SetEndOfFile
FindFirstChangeNotificationW
GetLogicalDrives
FindCloseChangeNotification
FileTimeToLocalFileTime
FileTimeToSystemTime
OpenProcess
TerminateProcess
ExitThread
GetDriveTypeA
InterlockedDecrement
DeviceIoControl
GetVersionExA
DefineDosDeviceA
CreateFileA
GetVolumeInformationA
GetProcessTimes
GetCurrentProcess
SetStdHandle
GetSystemInfo
GetCurrentThreadId
GetExitCodeProcess
RaiseException
IsDBCSLeadByteEx
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLangID
GlobalMemoryStatusEx
GetStdHandle
GetConsoleMode
SetErrorMode
GetProcAddress
FreeLibrary
SetEvent
CreateThread
Sleep
LocalAlloc
LocalFree
ReleaseMutex
CloseHandle
PeekNamedPipe
WaitForSingleObject
WriteFile
SetFilePointer
GetLastError
ReadFile
FlushFileBuffers
CreatePipe
IsDebuggerPresent
GetCurrentProcessId
MoveFileExW

netapi32

NetRemoteTOD
Netbios
NetApiBufferFree

ws2_32

ntohs
WSACleanup
WSAStartup
getprotobyname
inet_addr
inet_ntoa
select
getpeername
getsockname
ioctlsocket
setsockopt
getsockopt
shutdown
closesocket
listen
accept
connect
recvfrom
recv
sendto
send
bind
socket
__WSAFDIsSet
getnameinfo
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
htonl
htons
ntohl
WSAGetLastError
gethostname

user32

GetWindowLongA
SendMessageA
GetDlgItem
GetWindowRect
EnableWindow
GetActiveWindow
PeekMessageA
TranslateMessage
MsgWaitForMultipleObjects
SetWindowTextA
MessageBeep
SetDlgItemTextA
MessageBoxA
GetDlgItemTextW
GetDlgItemTextA
EndDialog
GetParent
GetFocus
SetFocus
MoveWindow
ScreenToClient
GetClientRect
GetSystemMetrics
DispatchMessageA
wsprintfA
CreateDialogIndirectParamA
ShowWindow
DialogBoxIndirectParamA

comctl32

ord17

comdlg32

GetOpenFileNameA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegConnectRegistryA
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
GetFileSecurityW
SetFileSecurityW
RevertToSelf
AccessCheck
OpenThreadToken
ImpersonateSelf
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetUserNameW
GetUserNameA
LookupAccountNameW
LookupAccountNameA
LookupAccountSidW
LookupAccountSidA

mpr

WNetGetConnectionA
WNetCloseEnum
WNetEnumResourceA
WNetOpenEnumA

psapi

GetProcessImageFileNameW
EnumProcessModules
GetModuleInformation

ole32

CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
VariantClear
SysFreeString

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

?CurrentKind@btkEvent@@1HA
?PRO_MACHINE_TYPE@@3PBDB
?PRO_OS_TYPE@@3PBDB
?StdStream@btkProcess@@2VDefaultStream@1@A
?mbsMode@btkMBStrFunc@@0PAVbtkOBSFunc@@A

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 534KB - Virtual size: 533KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a72b6959da1c6555eac759099fde938

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

netapi32

ws2_32

user32

comctl32

comdlg32

advapi32

mpr

psapi

ole32

oleaut32

version

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.textidx Size: 534KB - Virtual size: 533KB

CONST Size: 512B - Virtual size: 80B

.rdata Size: 365KB - Virtual size: 365KB

.data Size: 185KB - Virtual size: 686KB

.rsrc Size: 1024B - Virtual size: 776B

.reloc Size: 165KB - Virtual size: 164KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.textidx
Size: 534KB - Virtual size: 533KB

CONST
Size: 512B - Virtual size: 80B

.rdata
Size: 365KB - Virtual size: 365KB

.data
Size: 185KB - Virtual size: 686KB

.rsrc
Size: 1024B - Virtual size: 776B

.reloc
Size: 165KB - Virtual size: 164KB