2024-03-06_37cd73dc5948617d08880988306a5a0e_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-06_37cd73dc5948617d08880988306a5a0e_mafia
Size

968KB
MD5

37cd73dc5948617d08880988306a5a0e
SHA1

5abbb9bf5c1f3eadb1442ef9df320c92166efd21
SHA256

9b25c3c22c3c8c92f77cd8bd70f1962160ac1e5557a068fa154e6fd009f6dfab
SHA512

0e96d08dffd7fdd48a5f66939d8929375a6644d298de05d9573c2469a6da44978a02e095b46bc2feb3be736f8c81bc4288d147c062b621b91f705232249dd4e3
SSDEEP

6144:xO+CqyTN+RM/FljfDFoFRdv7Q8tH3pn7gfz9Cy2kAYUG1B1DJWqwj67qlE:xO+CqyTcuvDDF8RdjQK3KJJSqwj67qlE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-06_37cd73dc5948617d08880988306a5a0e_mafia

Files

2024-03-06_37cd73dc5948617d08880988306a5a0e_mafia
.exe windows:5 windows x86 arch:x86

71ee535995da501437b9460874fbb6fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Steward\Technology\Sample\SandCastleSample\Release\SelectBehaviorsExe.pdb

Imports

kernel32

CreateThread
CloseHandle
OpenEventW
CreateEventW
GetLastError
WaitForSingleObject
CreateMutexW
GetExitCodeProcess
GetVolumeNameForVolumeMountPointA
GetFullPathNameA
FindFirstFileW
GetDriveTypeW
FreeLibrary
CreateProcessW
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
QueryDosDeviceA
CreateDirectoryW
GetLogicalDrives
OutputDebugStringW
GetModuleHandleW
GetWindowsDirectoryA
GetDriveTypeA
OpenProcess
WideCharToMultiByte
GetVolumeInformationA
LoadLibraryW
Sleep
CopyFileW
GetVersionExW
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
CreateProcessA
TerminateProcess
GetModuleFileNameW
MultiByteToWideChar
GetStartupInfoW
GetTempPathW
CreateDirectoryA
GetStartupInfoA
GetCurrentDirectoryW
GetProcAddress
RemoveDirectoryA
CopyFileA
EnterCriticalSection
SetFileAttributesA
GetDiskFreeSpaceW
FindClose
GetLocalTime
LoadLibraryA
RemoveDirectoryW
QueryDosDeviceW
GetDiskFreeSpaceA
GetModuleFileNameA
GetModuleHandleA
FindNextFileW
GetCurrentDirectoryA
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcessId
GetTempPathA
GetSystemTime
SetFileAttributesW
FindResourceW
LoadResource
GlobalLock
WriteFile
GlobalAlloc
SizeofResource
ReadFile
CreateFileW
ExitThread
GlobalUnlock
GlobalFree
LockResource
DeleteFileW
GetCommandLineA
HeapSetInformation
HeapFree
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetSystemTimeAsFileTime
GetStringTypeW
DeleteFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
DecodePointer
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
QueryPerformanceCounter
GetTickCount
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
LCMapStringW
SetFilePointer
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
RaiseException
WriteConsoleW
SetStdHandle
HeapReAlloc
IsProcessorFeaturePresent
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetProcessHeap
GetTimeZoneInformation
HeapSize

user32

EnumChildWindows
GetWindowThreadProcessId
GetWindowTextA
EnumWindows
GetClassNameA
MessageBoxW
DispatchMessageW
DefWindowProcW
UpdateWindow
RegisterClassW
CreateWindowExW
LoadStringW
SetTimer
GetMessageW
PostQuitMessage
SetClassLongW
KillTimer
LoadCursorW
TranslateMessage
LoadIconW
GetWindowLongW
PostMessageW

gdi32

GetStockObject

wininet

InternetOpenW
InternetOpenUrlW
InternetConnectW
HttpOpenRequestW
InternetCloseHandle

urlmon

URLDownloadToFileW

advapi32

RegSetValueExW
RegSetValueExA
RegQueryValueExA
RegQueryValueExW
RegOpenKeyW
RegDeleteKeyA
RegDeleteKeyW
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyW
RegCloseKey
RegOpenKeyA
RegOpenKeyExW
RegDeleteValueA
RegDeleteValueW

shell32

ShellExecuteW

dbghelp

MakeSureDirectoryPathExists

Exports

Exports

AddActiveSetupValueRegistry
AddAutorunRegistry
AddStartupFileOrFolder
DeleteAntivirusRegistry
DropsFileIntosharedFolder
InstallBHO
ModifyAppInitDLLsRegistry
ModifyImportantRegistryEntry
RequestsURL
RequestsURLFor0x00010004
RequestsURLFor0x00040004Ftp
RequestsURLFor0x00040004Gopher
RequestsURLFor0x00040004Http
RequestsURLFor0x00040004Https
RequestsURLForDOCFile
SelectBehaviors
TM_AddCharToString
TM_AddCharToStringW
TM_AddDirtoPath
TM_AddDirtoPathW
TM_AddFileListToListA
TM_AddFileListToListW
TM_AddFileNametoPathExA
TM_AddFileNametoPathExW
TM_AddTokenToListEx
TM_AddTokenToListExW
TM_AnsiToUnicode
TM_AppendLine
TM_AppendLineEx
TM_AppendStringA
TM_AppendStringExA
TM_AppendStringExW
TM_AppendStringW
TM_ArgumentListAdd
TM_ArgumentListFree
TM_ArgumentListGet
TM_ArgumentListGetFileList
TM_ArgumentListInitEx
TM_ArgumentListIsArg
TM_ArgumentPickOptionEx
TM_BufferPrint
TM_BufferToHexStr
TM_CompareBuffer
TM_CompareString
TM_CompareStringExA
TM_CompareStringExW
TM_ComposeUNCPath
TM_ComposeUNCPathW
TM_ConvertDateTimeString
TM_ConvertDateTimeStringW
TM_CopyBuffer
TM_CopyFileA
TM_CopyFileW
TM_CopyStringA
TM_CopyStringExA
TM_CopyStringExW
TM_CopyStringToA
TM_CopyStringToExA
TM_CopyStringToExW
TM_CopyStringToLowerA
TM_CopyStringToLowerW
TM_CopyStringToUpperA
TM_CopyStringToUpperW
TM_CopyStringToW
TM_CopyStringW
TM_CreateDirectory
TM_CreateDirectoryTree
TM_CreateDirectoryTreeW
TM_CreateDirectoryW
TM_CreateExecuteProcess
TM_CreateExecuteProcessEx
TM_CreateFileDirectoryTree
TM_CreateFileDirectoryTreeW
TM_CreateProcessExA
TM_CreateProcessExW
TM_DebugLog
TM_DebugLogW
TM_DeleteFileA
TM_DeleteFileW
TM_DeleteProcess
TM_DeleteProcessID
TM_DeviceToDriveA
TM_DeviceToDriveW
TM_DiscardLineEx
TM_DumpLogicalDriveInformation
TM_DuplicateBuffer
TM_DuplicateString
TM_DuplicateStringEx
TM_DynamicAllocate
TM_DynamicDuplicate
TM_DynamicFree
TM_DynamicStringAdd
TM_DynamicStringAllocate
TM_DynamicStringFree
TM_DynamicStringSize
TM_ExecuteInfA
TM_ExpandEnvironmentPath
TM_FileListAdd
TM_FileListAddEx
TM_FileListAddW
TM_FileListFree
TM_FileListGet
TM_FileListGetEx
TM_FileListGetPtr
TM_FindNextDriveA
TM_FindNextDriveExA
TM_FindWindow
TM_FormatString
TM_FormatStringW
TM_GUIDBufferToString
TM_GUIDToString
TM_GetBracketBufferSize
TM_GetBracketStringEx
TM_GetBufferChecksum
TM_GetCharEnvType
TM_GetCurrentDirectoryA
TM_GetCurrentDirectoryW
TM_GetDateTimeString
TM_GetDateTimeStringW
TM_GetDiskSizeA
TM_GetDiskSizeW
TM_GetDriveTypeA
TM_GetDriveTypeW
TM_GetElapsedTime
TM_GetElapsedTimeString
TM_GetEntryName
TM_GetFileSizeA
TM_GetFileSizeW
TM_GetFileVersionInfo
TM_GetFileVersionStringW
TM_GetFileVolumePathNameA
TM_GetFileVolumePathNameW
TM_GetFullPathName
TM_GetHardwareCode
TM_GetLetterOrdinal
TM_GetLine
TM_GetLineW
TM_GetLocalApplicationDirectoryW
TM_GetLocalTime
TM_GetLogicalDriveInformation
TM_GetMyDocumentDirectory
TM_GetNonSpaceToken
TM_GetProcessID
TM_GetProcessIDByName
TM_GetProcessInformation
TM_GetProcessInformationPerf
TM_GetProcessModuleInformation
TM_GetProgramDirectory
TM_GetProgramDirectoryA
TM_GetProgramDirectoryW
TM_GetProgramFileNameA
TM_GetProgramFileNameW
TM_GetProgramFilesDirectory
TM_GetProgramGroupDirectoryA
TM_GetProgramGroupDirectoryW
TM_GetQuotedString
TM_GetQuotedStringExW
TM_GetSpecialDirectoryW
TM_GetStatusString
TM_GetStringA
TM_GetStringW
TM_GetSystemRootDirectory
TM_GetSystemTime
TM_GetTargetDirectoryPathName
TM_GetTargetDirectoryPathNameEx
TM_GetTempDirectoryA
TM_GetTempDirectoryW
TM_GetTempName
TM_GetToken
TM_GetTokenExA
TM_GetVolumePathNameA
TM_GetVolumePathNameW
TM_GetVolumePathNamesA
TM_GetWindowsInformation
TM_HexDumpBuffer
TM_HexDumpBufferToLog
TM_HexStrToBuffer
TM_HexStrToValue
TM_HexToVersionA
TM_HexToVersionW
TM_InitRandom
TM_IsANSICodePageString
TM_IsANSICodePageStringW
TM_IsAbsolutePath
TM_IsAbsolutePathW
TM_IsBigEndian
TM_IsBracketBuffer
TM_IsDigitStringA
TM_IsDigitStringW
TM_IsDir
TM_IsDirW
TM_IsDriveA
TM_IsFileA
TM_IsFileFormat
TM_IsFileW
TM_IsHexBuffer
TM_IsHexStringA
TM_IsHexStringW
TM_IsLetterChar
TM_IsLetterCharW
TM_IsLittleEndian
TM_IsLogicalDriveName
TM_IsNumericBuffer
TM_IsNumericStringA
TM_IsNumericStringW
TM_IsOctalBuffer
TM_IsOctalStringA
TM_IsOctalStringW
TM_IsPostfixA
TM_IsPostfixW
TM_IsPrefix
TM_IsPrefixA
TM_IsPrefixEx
TM_IsPrefixW
TM_IsPrintASCIIStringA
TM_IsPrintASCIIStringW
TM_IsReadOnlyDriveA
TM_IsSamePath
TM_IsTwoByteLeading
TM_IsUnixDeviceName
TM_IsUnixPartitionName
TM_IsUserAdmin
TM_IsWildCardMatch
TM_IsWildCardMatchW
TM_IsWinNT
TM_IsWinNT5
TM_IsWinXP
TM_IsWinXPSP2
TM_IsWow64
TM_LastCharA
TM_LastCharW
TM_ListAddEx
TM_ListAddEx2
TM_ListAddString
TM_ListAddStringEx
TM_ListAddStringW
TM_ListBubbleSortString
TM_ListCount
TM_ListDelete
TM_ListDeleteTail
TM_ListDeleteTailEx
TM_ListDuplicate
TM_ListFindString
TM_ListFree
TM_ListGet
TM_ListItem
TM_ListQuickSortString
TM_ListSortString
TM_ListSwap
TM_ListTail
TM_Log
TM_LogBuffer
TM_LogEx
TM_LogExW
TM_LogW
TM_LowerBuffer
TM_LowerCaseA
TM_LowerCaseW
TM_MBToWC
TM_MapAdd
TM_MapAddPointer
TM_MapAddString
TM_MapAddStringW
TM_MapDelete
TM_MapFind
TM_MapFindEx
TM_MapFindNextW
TM_MapFindPointer
TM_MapFindPointerNextW
TM_MapFindPointerW
TM_MapFindW
TM_MapFree
TM_MapInit
TM_MarkTimeTag
TM_OctalStrToValue
TM_PickBaseFileName
TM_PickBaseFileNameW
TM_PickDirectoryName
TM_PickDirectoryNameEx
TM_PickDirectoryNameExW
TM_PickExtensionNameEx
TM_PickExtensionNameExW
TM_PickFileNameA
TM_PickFileNameExA
TM_PickFileNameExW
TM_PickFileNameW
TM_PickProgramName
TM_PickVolumeNameA
TM_PickVolumeNameExA
TM_PickVolumeNameExW
TM_PickVolumeNameW
TM_Pop
TM_PopStringA
TM_Print
TM_PrintW
TM_Push
TM_PushStringA
TM_PushStringW
TM_QueryFileVersionInfo
TM_Random
TM_RandomBuffer
TM_ReadLineEx
TM_RegistryCreateA
TM_RegistryCreateW
TM_RegistryDeleteKeyA
TM_RegistryDeleteKeyTreeA
TM_RegistryDeleteKeyW
TM_RegistryDeleteValueA
TM_RegistryDeleteValueW
TM_RegistryExistA
TM_RegistryExistW
TM_RegistryReadA
TM_RegistryReadExA
TM_RegistryReadValueA
TM_RegistryReadW
TM_RegistryWriteA
TM_RegistryWriteExA
TM_RegistryWriteValueW
TM_RegistryWriteW
TM_RemoveDirectory
TM_RemoveDirectoryW
TM_RemoveReadOnlyAttribute
TM_RemoveReadOnlyAttributeW
TM_ReplaceExtensionName
TM_ReplaceStringA
TM_ReplaceStringChar
TM_ReplaceStringW
TM_SIG_SetAlarmTimeOut
TM_SearchBuffer
TM_SearchCharA
TM_SearchCharW
TM_SearchFile
TM_SearchFileNameW
TM_SearchMatchBracket
TM_SearchStringExA
TM_SearchStringExW
TM_SecondstoTime
TM_SeparateStringA
TM_SeparateStringEx
TM_SeparateStringW
TM_SetBuffer
TM_SetBufferW
TM_SetCharEnvType
TM_SetCharLanguageType
TM_SetSecurityPrivilege
TM_ShiftBuffer
TM_ShiftBufferEx
TM_Sleep
TM_SplitUNCPath
TM_StrToInt
TM_StrToLong
TM_StrToUInt
TM_StrToULong
TM_StringArrayBufferAllocate
TM_StringArrayBufferAllocateW
TM_StringArrayBufferFree
TM_StringArrayBufferFreeW
TM_StringArrayBufferSize
TM_StringArrayBufferSizeW
TM_TimetoSeconds
TM_ToLowerA
TM_ToLowerW
TM_ToUpperA
TM_ToUpperW
TM_TrimAllChar
TM_TrimAllEx
TM_TrimCRLF
TM_TrimCRLFW
TM_TrimCharA
TM_TrimCharW
TM_TrimEx
TM_TrimLeftChar
TM_TrimLeftCharW
TM_TrimLeftEx
TM_ULongToStr
TM_UTF8ToWC
TM_UnicodeToAnsi
TM_UpperBuffer
TM_UpperCaseA
TM_UpperCaseW
TM_ValueStrAdd
TM_ValueToHexStr
TM_WCToMB
TM_WCToUTF8
TM_ZeroBuffer
UsesDeceivingExtension
UsesDoubleExtWithExeTail
tm_htonl
tm_htons

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 492KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71ee535995da501437b9460874fbb6fc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

wininet

urlmon

advapi32

shell32

dbghelp

Exports

Exports

Sections

.text Size: 192KB - Virtual size: 192KB

.rdata Size: 492KB - Virtual size: 492KB

.data Size: 7KB - Virtual size: 21KB

.rsrc Size: 262KB - Virtual size: 262KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 192KB - Virtual size: 192KB

.rdata
Size: 492KB - Virtual size: 492KB

.data
Size: 7KB - Virtual size: 21KB

.rsrc
Size: 262KB - Virtual size: 262KB

.reloc
Size: 12KB - Virtual size: 12KB