2024-02-29_b5a3e11c0ab235ec1ecddb30fe3016d4_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-29_b5a3e11c0ab235ec1ecddb30fe3016d4_mafia
Size

3.1MB
MD5

b5a3e11c0ab235ec1ecddb30fe3016d4
SHA1

c9ce8b3428051fb79a1bdbf3c0fac9c2088382c1
SHA256

e547226780066c9e8176192b72ea1e73a7799a72c11e919303f198f17bf751e8
SHA512

322003ec96645765b155cd0972fbdd8e696c03a0b9a43120bd52c9440212bb49fcc874d6323efe1e2af2355ee07ec9cb090e281a7e8fa0df637caa126f99fdf9
SSDEEP

49152:wdufly8kFVdQPBGPV3dv9KEI8R5AUQ1zAK1aEcOqT4UK4Cy6iXwknOPg:wylyLFVd883B9KEI8Rutf1a+4Cy6i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-29_b5a3e11c0ab235ec1ecddb30fe3016d4_mafia

Files

2024-02-29_b5a3e11c0ab235ec1ecddb30fe3016d4_mafia
.exe windows:5 windows x86 arch:x86

173f1b6def3f94f5ae363224aa57701c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash

ws2_32

connect
socket
closesocket
getpeername
getsockopt
htons
freeaddrinfo
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
getaddrinfo
ioctlsocket
bind

shlwapi

PathFindFileNameA

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
HeapCreate
LoadLibraryW
HeapSize
GetModuleFileNameW
GetConsoleMode
QueryPerformanceCounter
GetACP
GetOEMCP
PeekNamedPipe
SetEnvironmentVariableW
GetConsoleCP
GetStartupInfoW
WaitForMultipleObjects
ReleaseSemaphore
GetSystemTimeAsFileTime
GetLastError
FormatMessageA
LocalFree
Sleep
CloseHandle
CreateFileA
GetSystemInfo
LockFileEx
UnlockFileEx
GetProcessHeap
GetCurrentThreadId
DuplicateHandle
HeapAlloc
CreateEventA
GetCurrentProcess
HeapFree
CreateSemaphoreA
WaitForSingleObject
SetEvent
SetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
GetLocaleInfoA
GetVersionExA
ExpandEnvironmentStringsA
FlushFileBuffers
GetExitCodeProcess
CreateProcessA
SetFilePointer
GetStdHandle
ReadFile
SetHandleInformation
CreatePipe
SetEndOfFile
CreateFileW
FindClose
RemoveDirectoryW
DeleteFileW
DeviceIoControl
GetFullPathNameW
FindFirstFileW
FindNextFileW
GetFileAttributesW
CopyFileW
GetCurrentDirectoryW
GetFileInformationByHandle
CreateDirectoryW
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
AreFileApisANSI
WideCharToMultiByte
TlsAlloc
TlsFree
TlsGetValue
GetCurrentProcessId
OpenEventA
ResetEvent
TlsSetValue
ResumeThread
SystemTimeToFileTime
SetWaitableTimer
CreateWaitableTimerA
EnumSystemLocalesA
IsValidLocale
GetFileType
InitializeCriticalSectionAndSpinCount
WriteConsoleW
SetStdHandle
GetDriveTypeW
SleepEx
IsDBCSLeadByteEx
IsValidCodePage
GetFileSize
WriteFile
GetCurrentDirectoryA
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
LCMapStringW
InterlockedCompareExchange
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
GetLocaleInfoW
GetStringTypeW
GetModuleHandleW
ExitProcess
GetCommandLineA
HeapSetInformation
RtlUnwind
RaiseException
HeapReAlloc
ExitThread
CreateThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetTimeFormatA
GetDateFormatA
SetEnvironmentVariableA
GetCPInfo
GetTimeZoneInformation
CompareStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SetHandleCount

shell32

SHGetSpecialFolderPathA

user32

LoadStringA

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 782KB - Virtual size: 781KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

173f1b6def3f94f5ae363224aa57701c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ws2_32

shlwapi

kernel32

shell32

user32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 782KB - Virtual size: 781KB

.data Size: 196KB - Virtual size: 212KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 199KB - Virtual size: 198KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 782KB - Virtual size: 781KB

.data
Size: 196KB - Virtual size: 212KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 199KB - Virtual size: 198KB