2024-02-28_9cfad2c528cdff832535ba2308c7e55e_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-28_9cfad2c528cdff832535ba2308c7e55e_mafia
Size

568KB
MD5

9cfad2c528cdff832535ba2308c7e55e
SHA1

efb630513514fe351b4b25d4f312b8e8a38d649a
SHA256

04e16750a16cb2b1f0cc9784a239afb0b9a0c990962589a11a74e38d46ddad81
SHA512

4e462034f7d43171c9779b793a17b502bea62842ead3ca8f0d4a36cc0bee802e0e4de157dffa3e9f1dbbe318514ed380d95d9bb60444567f22c3b1137d19eb2f
SSDEEP

12288:xV2RzTShwhGbiXqC/euDeesSeQBPl4Gq0BeLh5:ksI/lmYdTB0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-28_9cfad2c528cdff832535ba2308c7e55e_mafia

Files

2024-02-28_9cfad2c528cdff832535ba2308c7e55e_mafia
.exe windows:5 windows x86 arch:x86

d0d5d073c8ed5dcf4c1dab2647854215

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

R:\app\ecom\ccservice\callcloud\cp-client\TinyWebBrowser\bin\cefwebpage.pdb

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
SetEvent
GetLastError
ResetEvent
GlobalLock
OpenProcess
GlobalAlloc
WideCharToMultiByte
CreateEventA
GlobalUnlock
GetModuleHandleA
CloseHandle
GetCommandLineA
GetCurrentProcessId
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
HeapReAlloc
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetLocalTime
FindClose
SetFilePointer
ReadFile
HeapCreate
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LoadLibraryW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetModuleFileNameW
GetStdHandle
WriteFile
HeapSize
IsProcessorFeaturePresent
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
HeapAlloc
CreateThread
ResumeThread
ExitThread
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
HeapFree
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleW
InterlockedExchange
DecodePointer
EncodePointer
Module32Next
GetCurrentThreadId
CreateToolhelp32Snapshot
Module32First
SetUnhandledExceptionFilter
SetErrorMode
GetModuleHandleExA
CreateFileA
DeleteFileA
GetVersionExA
LoadLibraryA
GetProcAddress
MultiByteToWideChar
GetFileAttributesA
GetCurrentProcess
Sleep
ReleaseSemaphore
CreateSemaphoreA
CreateDirectoryA
FindFirstFileA
FindNextFileA
GetModuleFileNameA

user32

GetWindowThreadProcessId
SetClipboardData
OpenClipboard
PostMessageA
GetClassInfoA
ShowWindow
DefWindowProcA
EmptyClipboard
RegisterClassA
GetWindowLongA
MessageBoxA
SetWindowLongA
GetKeyState
GetClassNameA
CloseClipboard
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
SendMessageTimeoutA
SetTimer

shell32

ShellExecuteW
SHGetSpecialFolderPathA

libcef

cef_command_line_create
cef_stream_reader_create_for_file
cef_post_data_create
cef_browser_host_create_browser_sync
cef_cookie_manager_get_global_manager
cef_urlrequest_create
cef_post_data_element_create
cef_request_create
cef_string_multimap_alloc
cef_string_multimap_free
cef_v8context_get_current_context
cef_string_map_free
cef_v8value_create_string
cef_v8value_create_double
cef_v8value_create_int
cef_v8value_create_bool
cef_process_message_create
cef_register_extension
cef_post_task
cef_register_scheme_handler_factory
cef_initialize
cef_api_hash
cef_execute_process
cef_parse_url
cef_currently_on
cef_quit_message_loop
cef_run_message_loop
cef_shutdown
cef_string_list_alloc
cef_string_list_free
cef_dictionary_value_create
cef_string_userfree_utf16_free
cef_string_utf16_set
cef_string_utf16_cmp
cef_string_utf8_to_utf16
cef_string_utf16_clear
cef_string_utf8_clear
cef_string_utf16_to_utf8
cef_string_map_alloc
cef_string_list_copy
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_list_size
cef_string_list_value
cef_string_multimap_append
cef_string_map_append
cef_post_delayed_task
cef_string_list_append

shlwapi

PathFileExistsA

dbghelp

MiniDumpWriteDump

ole32

CoTaskMemFree

Sections

.text
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0d5d073c8ed5dcf4c1dab2647854215

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

libcef

shlwapi

dbghelp

ole32

Sections

.text Size: 439KB - Virtual size: 439KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 439KB - Virtual size: 439KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 38KB - Virtual size: 37KB