2024-03-05_710429460d3480d83d965b287938db45_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-05_710429460d3480d83d965b287938db45_mafia
Size

8.7MB
MD5

710429460d3480d83d965b287938db45
SHA1

00c69b6acbbd4925b5a93ed41749e41a88a4699f
SHA256

c965ffa5128caf6ba971b7c9642caf30aa1857869031c0d1f57e7e13e4e2207f
SHA512

cf699d995f95bcfa5023c29320a05ac512fad2c07f1f68090ad39f89bd88838bade58fcfea387c0ac212fd9f70d71eec2db7a56f997b7c4a13b9ea2be6a47480
SSDEEP

196608:Yxn+HR59rV03aqOhwqxxZGpcBMcI9HcyK4OcFH70SY:Y5+x59rV03ahwEGpcqcIJcyKlU0SY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-05_710429460d3480d83d965b287938db45_mafia

Files

2024-03-05_710429460d3480d83d965b287938db45_mafia
.exe windows:5 windows x86 arch:x86

7e7be6e64b2832d78fa3e023965383b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\VC\google\Flylinkdc-VIP-r5xx\flylinkdc-shparki\compiled\ShparkiDC.pdb

Imports

imagehlp

ImageLoad
ImageUnload

ws2_32

inet_ntoa
WSAAsyncSelect
htonl
WSASetLastError
getaddrinfo
freeaddrinfo
gethostbyaddr
closesocket
shutdown
__WSAFDIsSet
select
sendto
send
recvfrom
recv
setsockopt
getsockopt
connect
listen
ntohs
getsockname
bind
htons
accept
socket
WSAGetLastError
ioctlsocket
WSAStartup
ntohl
inet_addr
gethostbyname
gethostname
WSACleanup

gdiplus

GdipLoadImageFromFile
GdipImageGetFrameDimensionsCount
GdipDeleteBrush
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipImageGetFrameDimensionsList
GdipDisposeImage
GdipAlloc
GdipFree
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImagePointRectI
GdipCreateBitmapFromFile
GdipFillPath
GdipDrawPath
GdipDrawLineI
GdipSetSmoothingMode
GdipCreateFromHDC
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipSetPenColor
GdipDeletePen
GdipCreatePen2
GdipCreatePen1
GdipSetLinePresetBlend
GdipSetLineColors
GdipCreateLineBrushFromRect
GdipCloneBrush

msimg32

AlphaBlend

kernel32

GetCurrentProcessId
GetModuleHandleA
SetUnhandledExceptionFilter
Sleep
SetThreadPriority
GetCommandLineW
GetPriorityClass
SetPriorityClass
GetVersion
GetVersionExA
QueryPerformanceFrequency
QueryPerformanceCounter
GetProcessTimes
OpenProcess
ReadProcessMemory
HeapAlloc
GetProcessHeap
HeapFree
LocalAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
DecodePointer
EncodePointer
InterlockedCompareExchange
CreateTimerQueueTimer
DeleteTimerQueueTimer
FindFirstFileExW
FindNextFileA
FindFirstFileA
CreateThread
GetTimeZoneInformation
ResumeThread
GetLogicalDrives
TlsAlloc
WaitForMultipleObjects
ExitProcess
TlsSetValue
SetWaitableTimer
TlsGetValue
DeleteFileA
AreFileApisANSI
GetSystemTime
GetTempPathA
GetSystemInfo
GetDiskFreeSpaceA
LockFileEx
GetFileAttributesA
UnlockFileEx
LockFile
UnlockFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetFullPathNameA
DeviceIoControl
GetOEMCP
GetACP
InitializeCriticalSection
FormatMessageA
GetFileSize
CreateFileA
GetVolumeInformationA
DuplicateHandle
CreateSemaphoreA
ResetEvent
VirtualFree
VirtualAlloc
GetOverlappedResult
GetTickCount
FlushFileBuffers
SetEndOfFile
WriteFile
SetFilePointerEx
GetFileSizeEx
SystemTimeToFileTime
SetFileTime
GetFileTime
GetSystemTimeAsFileTime
ReadFile
LocalFree
GlobalFree
InterlockedExchange
LockResource
ReleaseSemaphore
LoadLibraryA
FindClose
FreeLibrary
InterlockedDecrement
InterlockedIncrement
MulDiv
GlobalLock
GlobalAlloc
LoadResource
SizeofResource
GlobalUnlock
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetCurrentThreadId
RaiseException
FlushInstructionCache
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
SetLastError
WaitForSingleObject
CloseHandle
SetEvent
CreateEventA
InterlockedPopEntrySList
HeapDestroy
HeapReAlloc
HeapSize
VirtualProtect
VirtualQuery
SetConsoleCtrlHandler
ExitThread
HeapSetInformation
PeekNamedPipe
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetTimeFormatA
GetDateFormatA
GetFileType
GetStdHandle
RtlUnwind
HeapCreate
SetHandleCount
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetExitCodeProcess
CreateProcessA
SetEnvironmentVariableA
GlobalMemoryStatus
FlushConsoleInputBuffer
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
ReadConsoleInputA
SetConsoleMode
GetFileInformationByHandle
TlsFree

user32

FrameRect
WindowFromPoint
GetMenu
DrawFocusRect
DrawIconEx
SetRect
InflateRect
IsWindowEnabled
GetUpdateRect
GetCursorPos
GetDlgCtrlID
BringWindowToTop
TranslateMDISysAccel
IsZoomed
ChildWindowFromPoint
SetMenu
IsMenu
ScrollWindow
GetForegroundWindow
GetSystemMetrics
SystemParametersInfoA
OpenClipboard
EmptyClipboard
CloseClipboard
SetFocus
DestroyIcon
GetWindowThreadProcessId
SetWindowPos
MapWindowPoints
GetClientRect
SetClipboardData
GetParent
GetWindowRect
GetWindow
EndDialog
InvalidateRect
ExitWindowsEx
IsWindow
GetProcessWindowStation
GetUserObjectInformationW
UnregisterClassA
MessageBoxA
SetWindowTextA
UnregisterDeviceNotification
CopyRect
RedrawWindow
CreatePopupMenu
TrackPopupMenu
EnableMenuItem
DestroyWindow
IsChild
GetFocus
ShowWindow
IntersectRect
GetMenuDefaultItem
GetDlgItem
GetSystemMenu
GetDlgItemInt
KillTimer
SetTimer
SetDlgItemInt
CloseWindow
EnumWindows
SetProcessDefaultLayout
HideCaret
SendMessageA
TranslateMessage
GetDesktopWindow
GetWindowPlacement
IsIconic
CheckRadioButton
UnhookWindowsHookEx
CallNextHookEx
DrawFrameControl
ValidateRect
LockWindowUpdate
EqualRect
OffsetRect
SetWindowRgn
ReleaseDC
DestroyAcceleratorTable
InvalidateRgn
GetSysColorBrush
CheckMenuItem
SetMenuInfo
GetWindowDC
CreateMenu
MoveWindow
GetDC
BeginPaint
EndPaint
GetKeyState
PtInRect
UnionRect
GetActiveWindow
GetScrollInfo
ScreenToClient
GetMessagePos
CheckDlgButton
IsDlgButtonChecked
SetCursor
SetForegroundWindow
ClientToScreen
DeleteMenu
GetMenuItemCount
RemoveMenu
SetMenuDefaultItem
DestroyMenu
SetRectEmpty
GetMenuState
GetSubMenu
GetMenuItemID
UpdateWindow
SetCapture
GetCapture
ReleaseCapture
GetSysColor
IsWindowVisible
AdjustWindowRectEx
DrawMenuBar
PostQuitMessage
LoadStringA
FillRect
DrawEdge
MessageBeep
TrackPopupMenuEx

gdi32

CreatePatternBrush
CreateBitmap
PatBlt
Polyline
MoveToEx
LineTo
SetBkMode
GetStockObject
SetTextColor
CreateSolidBrush
Rectangle
CreatePen
CreateDIBSection
SetDIBColorTable
GetViewportOrgEx
SetStretchBltMode
StretchBlt
SetPixelV
GetDIBits
SetDIBits
SetDCBrushColor
DeleteDC
CreateCompatibleDC
DeleteObject
SelectObject
GetPixel
CreateRectRgnIndirect
GetDeviceCaps
SaveDC
SetWindowOrgEx
GetCurrentObject
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
LPtoDP
SetMapMode
SetViewportOrgEx
CreateCompatibleBitmap
SetBkColor
BitBlt
SetBrushOrgEx
GetBkColor

advapi32

RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
RegisterEventSourceA
DeregisterEventSource
ReportEventA
OpenProcessToken

shell32

DragFinish
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder

ole32

CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
CoGetMalloc
CreateBindCtx
GetRunningObjectTable
CLSIDFromString
CoInitialize
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
OleCreateStaticFromData
OleSetContainedObject
CLSIDFromProgID
CreateILockBytesOnHGlobal
OleSaveToStream
WriteClassStm
ReadClassStm
CoCreateInstance
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemAlloc
CoTaskMemRealloc
CreateOleAdviseHolder
ReleaseStgMedium
CoTaskMemFree
OleInitialize
StgCreateDocfileOnILockBytes

shlwapi

PathIsDirectoryW
SHDeleteKeyW

comctl32

ImageList_GetImageCount
ImageList_GetIcon
PropertySheetW
_TrackMouseEvent
ImageList_GetIconSize
ImageList_Add
InitCommonControlsEx
ImageList_Draw
ImageList_GetImageInfo
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
CreateStatusWindowW
ImageList_DrawIndirect
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_ReplaceIcon
ImageList_DrawEx

uxtheme

DrawThemeBackground
GetWindowTheme
SetWindowTheme

mpr

WNetCloseEnum

iphlpapi

GetAdaptersInfo
GetIpAddrTable
GetBestRoute

shfolder

SHGetFolderPathW

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenW
InternetSetOptionW
InternetTimeToSystemTimeA
InternetCloseHandle

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 229KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e7be6e64b2832d78fa3e023965383b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imagehlp

ws2_32

gdiplus

msimg32

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

uxtheme

mpr

iphlpapi

shfolder

wininet

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 229KB - Virtual size: 313KB

.tls Size: 512B - Virtual size: 29B

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 332KB - Virtual size: 331KB

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 229KB - Virtual size: 313KB

.tls
Size: 512B - Virtual size: 29B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 332KB - Virtual size: 331KB