2024-03-08_c7e36a38b8e907eaf15f351e27b6fcd1_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-08_c7e36a38b8e907eaf15f351e27b6fcd1_mafia
Size

313KB
MD5

c7e36a38b8e907eaf15f351e27b6fcd1
SHA1

5a9915d81b1b61763cdd3e993648bb183c5d1513
SHA256

bb4e1187d91be018d4386e83051c77514b861a6fc0fdb0b5407ce038fd5369b3
SHA512

dd6751773332a2226392a4fb0e9887de4192d3bc0409604bb79c3d5b7619664cee0c0df0722ae12d9c6ce81c0523f3d85d6e7dff70991bb06cc061fedab089cf
SSDEEP

6144:Y31aJmcXr7NVMfQnWy2SB3dMbY4z4J0WK9CJ4E:Y3EnXQE/b1dIY4zErJ4E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-08_c7e36a38b8e907eaf15f351e27b6fcd1_mafia

Files

2024-03-08_c7e36a38b8e907eaf15f351e27b6fcd1_mafia
.exe windows:5 windows x86 arch:x86

774804c4a7d2c701a362c51648a312a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\UniPrint8_Mondo\UPCtlSvc\Win32\Release\UPCtlSvc.pdb

Imports

ws2_32

bind
WSACloseEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
WSACleanup
recv
send
setsockopt
ioctlsocket
closesocket
listen
accept
select
__WSAFDIsSet
getpeername
inet_ntoa
connect
htonl
WSAGetLastError
getsockname
WSAStartup
socket
gethostbyname
htons
getservbyname
ntohs
shutdown

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

advapi32

DeregisterEventSource
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
LsaOpenPolicy
LsaQueryInformationPolicy
ConvertSidToStringSidW
LsaClose
LsaFreeMemory
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
RegEnumKeyExW
RegQueryInfoKeyW
OpenThreadToken
OpenProcessToken
SetServiceStatus
RegisterEventSourceW
ReportEventW
SetSecurityDescriptorOwner
ControlService
DeleteService
ChangeServiceConfigW
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
GetTokenInformation
SetSecurityDescriptorGroup
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW

kernel32

WriteFile
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
ExitProcess
GetStdHandle
HeapReAlloc
HeapSize
SetStdHandle
SetHandleCount
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WriteConsoleW
FreeLibrary
GetCurrentProcessId
GetModuleFileNameW
GetTempPathW
GetLocalTime
DeleteCriticalSection
GetCurrentThreadId
FindClose
FindNextFileW
LoadLibraryExW
GetProcAddress
FindFirstFileW
CloseHandle
WaitForSingleObject
WaitForMultipleObjects
ResetEvent
OpenThread
SetEvent
CreateEventW
SetConsoleCtrlHandler
RaiseException
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
InterlockedDecrement
lstrlenW
GetCurrentProcess
GetCurrentThread
Sleep
InterlockedIncrement
lstrcmpiW
SetCurrentDirectoryW
GetCommandLineW
LoadLibraryW
SizeofResource
LoadResource
FindResourceW
VirtualFree
VirtualAlloc
FormatMessageW
GetVersionExW
GetModuleHandleA
WideCharToMultiByte
GetComputerNameW
LocalFree
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
CreateFileW
GetFileType
GetSystemTimeAsFileTime
HeapAlloc
CreateThread
ExitThread
HeapFree
GetFullPathNameW
GetFileAttributesW
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
InterlockedCompareExchange
GetStringTypeW
GetCurrentDirectoryW
GetDriveTypeW
GetLastError
MultiByteToWideChar

user32

GetMessageW
DispatchMessageW
MessageBoxW
CharNextW
LoadStringW
PostThreadMessageW

ole32

CoCreateGuid
CoInitialize
CoInitializeSecurity
CoUninitialize
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString

netapi32

NetWkstaGetInfo
NetApiBufferFree

clusapi

CloseCluster
OpenCluster
GetClusterQuorumResource
GetClusterInformation

Sections

.text
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

774804c4a7d2c701a362c51648a312a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

version

advapi32

kernel32

user32

ole32

oleaut32

netapi32

clusapi

Sections

.text Size: 179KB - Virtual size: 178KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 55KB - Virtual size: 54KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 179KB - Virtual size: 178KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 55KB - Virtual size: 54KB

.reloc
Size: 14KB - Virtual size: 13KB