2024-03-05_b30c6992f12f3a17d86c737aa0ebd58b_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-05_b30c6992f12f3a17d86c737aa0ebd58b_mafia
Size

454KB
MD5

b30c6992f12f3a17d86c737aa0ebd58b
SHA1

466cb355c93dbd540266e0625264419d894c799a
SHA256

3731341da17dfa80728acec34b82328777fef3fbf5281f62b4b74efb500b32fd
SHA512

cf08712f74eb2a20121dae44a0eed89f95bb8d7c68e10948e689914d2004fe211dc0896e77205b2c9b66c2aacefe63aca656ca2fa1081e4710df2a9f3fe43d04
SSDEEP

6144:cURfokneEgaTNWfyX1yAC91x4pWPcjr5rPC9q8oLdc956Kqz:T3VWfyX1yAbm6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-05_b30c6992f12f3a17d86c737aa0ebd58b_mafia

Files

2024-03-05_b30c6992f12f3a17d86c737aa0ebd58b_mafia
.exe windows:5 windows x86 arch:x86

affff1b08b5c08699f3bd2e5b9aadc6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\C++-Programme\8GadgetPack\Release\8GadgetPack.pdb

Imports

kernel32

CreateProcessW
MoveFileExW
GetCurrentProcess
CreateDirectoryW
WaitForSingleObject
GetTickCount
GetPrivateProfileStringW
WriteFile
OpenProcess
WideCharToMultiByte
Sleep
CopyFileW
Wow64DisableWow64FsRedirection
GetExitCodeProcess
Wow64RevertWow64FsRedirection
GetFileAttributesW
TerminateProcess
GetModuleFileNameW
CreateFileW
lstrlenW
WritePrivateProfileStringW
GetTempPathW
GetLastError
SetLastError
GetLocalTime
Process32FirstW
ProcessIdToSessionId
DebugActiveProcessStop
Process32NextW
ContinueDebugEvent
CreateToolhelp32Snapshot
WaitForDebugEvent
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
LocalFree
SetFileAttributesW
CreateThread
ExpandEnvironmentStringsW
SetEndOfFile
InitializeCriticalSection
WriteConsoleW
SetStdHandle
HeapReAlloc
RtlUnwind
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
GetStringTypeW
CreateMutexW
GetTempFileNameW
GetCommandLineW
DebugActiveProcess
DeleteFileW
FindNextFileW
RemoveDirectoryW
IsWow64Process
FindClose
GetProcAddress
FindFirstFileW
VerifyVersionInfoW
GetVersionExW
LoadLibraryW
LCMapStringW
MultiByteToWideChar
HeapSize
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
FlushFileBuffers
GetConsoleMode
VerSetConditionMask
FreeLibrary
ReleaseMutex
GetConsoleCP
SetFilePointer
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
HeapAlloc
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
ExitProcess
ReadFile
GetProcessHeap

user32

UnhookWindowsHookEx
CharUpperW
PostMessageW
ReleaseDC
EnumWindows
GetClassNameW
SetWindowsHookExW
FindWindowW
MessageBoxW
SendMessageW
GetWindowThreadProcessId
EnumThreadWindows
GetDC

gdi32

DeleteObject
GetDeviceCaps

advapi32

RegGetValueW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegSetValueExW
RegCreateKeyExW

shell32

CommandLineToArgvW
ShellExecuteExW
ShellExecuteW
ExtractIconExW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

comctl32

ord345
ord17

shlwapi

StrToIntExW

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

affff1b08b5c08699f3bd2e5b9aadc6f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

shlwapi

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 5KB - Virtual size: 19KB

.rsrc Size: 290KB - Virtual size: 290KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 5KB - Virtual size: 19KB

.rsrc
Size: 290KB - Virtual size: 290KB

.reloc
Size: 10KB - Virtual size: 10KB