2024-03-06_9ca88907b18da1b00f02f4874a4c5e8f_karagany_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-06_9ca88907b18da1b00f02f4874a4c5e8f_karagany_mafia
Size

252KB
MD5

9ca88907b18da1b00f02f4874a4c5e8f
SHA1

8824cfc75ef6b21235d6e50333f293bfc60dbc2d
SHA256

1bb44d36c9bdfd75f5db7aeadcedc5dbe2c00e24d1318e6573f690025efd72fb
SHA512

5e07cbe786548c3348305a8e8e985e34b72707d5b7a697686809ffcb5bf27cc97c5cd8086fb134af138d39f272b7a570664b820673def1d800c4a3ecf02eb0e1
SSDEEP

3072:NDfQ3G/FURxKJNSmzolTjciFHMBmp4Of9StuqWI5d8wGlVu+GFcXY:NDr/FU7KJNSmMlVrRf//I5x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-06_9ca88907b18da1b00f02f4874a4c5e8f_karagany_mafia

Files

2024-03-06_9ca88907b18da1b00f02f4874a4c5e8f_karagany_mafia
.exe windows:5 windows x86 arch:x86

ecf719a753940423fdfc9afd2b3d1df3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Builds\3\PSafe\PSafe_PROD_Client_Builds\Binaries\pluginsetup.pdb

Imports

kernel32

FindFirstFileW
FindClose
CopyFileW
GetTimeZoneInformation
CompareStringW
GetDateFormatA
GetTimeFormatA
InitializeCriticalSection
CloseHandle
CreateFileW
DeviceIoControl
GetLastError
GetFileAttributesW
CreateDirectoryW
SetLastError
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
AreFileApisANSI
WideCharToMultiByte
LocalFree
FormatMessageA
GetCommandLineW
HeapSetInformation
RaiseException
DecodePointer
EncodePointer
RtlUnwind
HeapFree
InterlockedDecrement
GetCPInfo
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
Sleep
HeapSize
LCMapStringW
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage
InterlockedExchange
LoadLibraryW
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleW
SetFilePointer
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InterlockedCompareExchange
SetEnvironmentVariableA

shell32

SHGetFolderPathW

shlwapi

PathCombineW
PathFindFileNameW

Sections

.text
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ecf719a753940423fdfc9afd2b3d1df3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

shlwapi

Sections

.text Size: 195KB - Virtual size: 195KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 195KB - Virtual size: 195KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 15KB - Virtual size: 14KB