C:\Users\YAN\Documents\개발 프로젝트\OneWay\FileAgent\OneWayFileRecvProgram\Release\OneWayFileRecvProgram.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-07_463ddd4629de43f76d2522197edf7985_mafia.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2024-03-07_463ddd4629de43f76d2522197edf7985_mafia.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-03-07_463ddd4629de43f76d2522197edf7985_mafia
-
Size
1.9MB
-
MD5
463ddd4629de43f76d2522197edf7985
-
SHA1
af456e891c2a9bdf42993b9e16eca7684d15d1e0
-
SHA256
f72bb91a4569fb9ba2aa40db2499f39bb7aba4d20a5cb5f6dd1e2a9a4ce9af98
-
SHA512
aad0438f8cca641bd6e1dfb2fad88088d76f272cab39ff66ae7cc4b95e4ea05d493e954b3bd9f0afe6d0738cfe357ba07a4c087ab67b0b898149161b1519abf3
-
SSDEEP
49152:4lxcRTlSvI6E2xZOj0g1dd0l//9QSG0pZEtyZQBicoqKiZo0BC:4cRTlSvIcKj0grd0F/9QSG6ZTcoqKC
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-03-07_463ddd4629de43f76d2522197edf7985_mafia
Files
-
2024-03-07_463ddd4629de43f76d2522197edf7985_mafia.exe windows:5 windows x86 arch:x86
ac7bb733d14795c18178e4cb899c7158
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
ReleaseMutex
InterlockedExchange
LoadLibraryExW
GetLocaleInfoW
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
InterlockedDecrement
lstrcpyW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
SetThreadPriority
SuspendThread
GlobalReAlloc
FindNextFileW
FileTimeToLocalFileTime
GetSystemDirectoryW
InterlockedIncrement
LocalAlloc
TlsGetValue
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalGetAtomNameW
GetThreadLocale
GlobalFlags
GetCurrentDirectoryW
lstrcmpiW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
GetFullPathNameW
GetTempFileNameW
GetTempPathW
GetWindowsDirectoryW
GetNumberFormatW
GetTickCount
GetProfileIntW
SearchPathW
SetErrorMode
GetFileAttributesExW
GetFileSizeEx
GetFileTime
VirtualProtect
GetUserDefaultLCID
FindResourceExW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetSystemTimeAsFileTime
HeapFree
CreateMutexW
EncodePointer
GetDriveTypeA
FindFirstFileExA
GetTimeZoneInformation
HeapAlloc
RtlUnwind
RaiseException
HeapReAlloc
ExitProcess
ExitThread
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
HeapQueryInformation
SetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetStringTypeW
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
GetDriveTypeW
GetProcessHeap
SetEnvironmentVariableA
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
GetModuleFileNameW
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
FreeLibrary
lstrcmpW
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
lstrcmpA
DecodePointer
FileTimeToSystemTime
GetFileSize
GetFileAttributesW
ResumeThread
CreateThread
SetEvent
ResetEvent
CreateDirectoryW
CreateFileW
MoveFileW
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
DeleteFileW
Sleep
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ActivateActCtx
GetProcAddress
GetModuleHandleW
LoadLibraryW
DeactivateActCtx
SetLastError
CreateEventW
CreateSemaphoreW
FindClose
FindFirstFileW
lstrlenA
GetLastError
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
GetCurrentThread
SizeofResource
user32
OpenClipboard
CopyImage
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
DestroyIcon
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
OffsetRect
DeleteMenu
SetWindowRgn
SetCapture
WindowFromPoint
ReleaseCapture
MessageBeep
NotifyWinEvent
GetAsyncKeyState
IsZoomed
CharUpperW
UnionRect
EnableScrollBar
UpdateLayeredWindow
MonitorFromPoint
IsMenu
CreatePopupMenu
SetMenuDefaultItem
GetMenuDefaultItem
UnregisterClassW
WaitMessage
CharNextW
CopyAcceleratorTableW
SetRect
InvalidateRgn
GetNextDlgGroupItem
DrawEdge
DrawFrameControl
DrawFocusRect
DrawIconEx
SetParent
DestroyAcceleratorTable
SetClassLongW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
SetCursorPos
BringWindowToTop
LockWindowUpdate
InvertRect
HideCaret
GetIconInfo
RegisterClipboardFormatW
FrameRect
TranslateAcceleratorW
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
CopyIcon
CharUpperBuffW
PostThreadMessageW
GetDoubleClickTime
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
IsCharLowerW
MapVirtualKeyExW
SubtractRect
DestroyCursor
GetWindowRgn
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetCursor
IntersectRect
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowLongW
SetWindowLongW
SetWindowPos
PtInRect
GetWindow
MapVirtualKeyW
GetKeyNameTextW
ReleaseDC
GetDC
CopyRect
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetClassNameW
LoadBitmapW
InvalidateRect
UpdateWindow
FillRect
DrawStateW
EnableWindow
SendMessageW
LoadIconW
GetSystemMenu
AppendMenuW
GetClientRect
IsIconic
GetSystemMetrics
DrawIcon
PostMessageW
SetTimer
KillTimer
IsWindow
GetParent
GetMessageW
TranslateMessage
SetWindowContextHelpId
SetRectEmpty
IsRectEmpty
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
ShowOwnedPopups
MapDialogRect
PostQuitMessage
LoadMenuW
GetCursorPos
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
EndDialog
shell32
SHGetDesktopFolder
SHGetMalloc
SHGetFileInfoW
ShellExecuteW
SHAppBarMessage
DragFinish
DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
oleaut32
VariantChangeType
VariantInit
SysAllocString
SysStringLen
VariantClear
SysAllocStringLen
SysFreeString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect
libcurl
curl_global_init
curl_easy_setopt
curl_easy_cleanup
curl_global_cleanup
curl_easy_strerror
curl_easy_perform
curl_easy_init
msimg32
TransparentBlt
AlphaBlend
comctl32
InitCommonControlsEx
ImageList_GetIconSize
ImageList_Create
shlwapi
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathRemoveFileSpecW
oledlg
OleUIBusyW
gdiplus
GdipCreateBitmapFromStream
GdipGetImageGraphicsContext
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDrawImageI
GdipFree
ws2_32
setsockopt
inet_addr
htons
bind
listen
ioctlsocket
select
accept
closesocket
getpeername
inet_ntoa
recv
WSAGetLastError
WSAStartup
WSACleanup
socket
oleacc
CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject
imm32
ImmReleaseContext
ImmGetContext
ImmGetOpenStatus
winmm
PlaySoundW
gdi32
GetTextExtentPoint32W
SetDIBColorTable
RealizePalette
CreateCompatibleBitmap
CombineRgn
StretchBlt
SetPixel
CreateDIBSection
CreateDIBitmap
CreateSolidBrush
GetObjectW
GetStockObject
GetDeviceCaps
CopyMetaFileW
CreateDCW
CreateRectRgnIndirect
PatBlt
SetTextColor
SetBkColor
CreateBitmap
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
CreateFontIndirectW
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
CreateHatchBrush
CreatePen
GetObjectType
SelectPalette
CreateCompatibleDC
CreatePatternBrush
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
DeleteObject
SetPixelV
GetTextFaceW
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
SetPaletteEntries
RectVisible
TextOutW
ExtTextOutW
Escape
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
SetRectRgn
ExtFloodFill
EnumFontFamiliesExW
GetMapMode
DPtoLP
CreateRoundRectRgn
GetBkColor
GetTextColor
GetRgnBox
CreateEllipticRgn
CreatePolygonRgn
Polyline
Ellipse
Polygon
Rectangle
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
OffsetRgn
SelectObject
winspool.drv
ClosePrinter
DocumentPropertiesW
OpenPrinterW
comdlg32
GetFileTitleW
advapi32
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW
ole32
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleGetClipboard
OleIsCurrentClipboard
CoLockObjectExternal
RevokeDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoUninitialize
CoInitialize
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
DoDragDrop
OleFlushClipboard
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
RegisterDragDrop
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 309KB - Virtual size: 308KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 27KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 88KB - Virtual size: 88KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 176KB - Virtual size: 176KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ