2024-03-08_ecc0b0fc628ecc082152a1f3b59eecf7_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-08_ecc0b0fc628ecc082152a1f3b59eecf7_mafia
Size

2.1MB
MD5

ecc0b0fc628ecc082152a1f3b59eecf7
SHA1

f60bababe7104829732dc8925c725060e4ed7962
SHA256

7d72c841014a900d517a3ba31ebfaabce5a38e9fb28938d66a44868da96db81a
SHA512

7573164a39db12748b4a7b4c51bcdcc44d5ecac74a8ab6065d73cc5548c1f8100450d32bca1e8ac942bd0b00a8a73a2b72b3af4c909618157a21218d9b1b72a7
SSDEEP

49152:+2v9uHnzac4rSK/b9FVpYtYq1+eagoEIvKqVzOnZx2wZaP0bCwhM4k3cYcm/:+muHnzacfK/b9FVgtago/vKqVzOWS60U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-08_ecc0b0fc628ecc082152a1f3b59eecf7_mafia

Files

2024-03-08_ecc0b0fc628ecc082152a1f3b59eecf7_mafia
.exe windows:5 windows x86 arch:x86

82edf1032456b4ffceb4e3435ec5bb4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Darrell Curry\My Documents\Visual Studio 2010\Projects\PDM-sandbox-bonjour\Release\PosiSoft Desktop Manager.pdb

Imports

hid

HidD_GetSerialNumberString
HidD_GetAttributes
HidD_GetProductString
HidD_GetHidGuid

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

irprops.cpl

BluetoothEnumerateInstalledServices
BluetoothGetDeviceInfo
BluetoothFindDeviceClose
BluetoothFindNextDevice
BluetoothFindFirstDevice
BluetoothGetRadioInfo
BluetoothFindFirstRadio
BluetoothFindNextRadio
BluetoothFindRadioClose

iphlpapi

GetIfEntry

wlanapi

WlanQueryInterface
WlanEnumInterfaces
WlanOpenHandle
WlanFreeMemory

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoInitializeEx
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
StringFromGUID2
CoCreateGuid

kernel32

GetUserDefaultLCID
FindResourceExW
GetCommandLineW
GetStartupInfoW
HeapFree
EncodePointer
DecodePointer
SetStdHandle
GetFileType
HeapAlloc
RtlUnwind
HeapReAlloc
ExitThread
CreateThread
ExitProcess
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
HeapQueryInformation
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualProtect
HeapCreate
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetNumberFormatW
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
GetProcessHeap
InterlockedCompareExchange
SearchPathW
GetProfileIntW
GetTempPathW
GetTempFileNameW
SetHandleCount
GetTickCount
WaitForMultipleObjectsEx
CreateEventW
CreateWaitableTimerW
GetLastError
ReadFile
GetOverlappedResult
CancelWaitableTimer
ResetEvent
SetWaitableTimer
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
CloseHandle
SetEvent
lstrlenW
WideCharToMultiByte
CreateFileA
GetCommState
SetCommState
GetCommTimeouts
SetCommTimeouts
Sleep
GetWindowsDirectoryW
SetErrorMode
GetCurrentDirectoryW
GetSystemDirectoryW
GlobalFlags
GetFullPathNameW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DeleteFileW
lstrcmpiW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FindFirstFileW
FindClose
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
GetThreadLocale
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
RaiseException
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcpyW
lstrcmpA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleW
CompareStringW
lstrcmpW
FreeResource
SuspendThread
GetCurrentThreadId
ResumeThread
SetThreadPriority
LocalAlloc
ActivateActCtx
DeactivateActCtx
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
lstrlenA
HeapSetInformation
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
WriteFile
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
LoadLibraryW
SetLastError
GetVersionExW
CreateFileW
GetVolumeInformationW
GetDriveTypeW
GetLogicalDriveStringsW
WaitForSingleObject
lstrcpynW
GetFileAttributesW
GetStdHandle
AllocConsole
CreateMutexW
Process32NextW
GetCurrentProcessId
GetOEMCP

user32

GetWindowRgn
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFrameControl
DrawEdge
SetClassLongW
DestroyAcceleratorTable
SetParent
RegisterClipboardFormatW
DrawIconEx
LoadImageW
CopyImage
GetIconInfo
HideCaret
DrawFocusRect
InvertRect
DestroyIcon
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsZoomed
GetAsyncKeyState
NotifyWinEvent
RedrawWindow
SetWindowRgn
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
IntersectRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
OffsetRect
CharNextW
RealChildWindowFromPoint
CharUpperW
LoadCursorW
GetSysColorBrush
InvalidateRect
DrawStateW
ShowOwnedPopups
SetCursor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
WaitMessage
PostQuitMessage
GetWindowThreadProcessId
MapVirtualKeyW
GetKeyNameTextW
ReleaseDC
GetDC
WindowFromPoint
SetWindowContextHelpId
MapDialogRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
DestroyCursor
SubtractRect
GetDoubleClickTime
GetUpdateRect
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
GetWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
IsClipboardFormatAvailable
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
SetCursorPos
IsCharLowerW
PostThreadMessageW
CharUpperBuffW
CopyIcon
FrameRect
EmptyClipboard
CloseClipboard
SetClipboardData
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetActiveWindow
IsWindowVisible
PeekMessageW
ValidateRect
GetDesktopWindow
GetMenuState
GetMenuStringW
OpenClipboard
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
LockWindowUpdate
BringWindowToTop
CheckMenuItem
GetMenuItemID
GetMenuItemCount
RemoveMenu
DispatchMessageW
TranslateMessage
GetKeyState
MessageBoxW
wsprintfW
RegisterDeviceNotificationW
GetParent
GetFocus
PtInRect
GetWindowLongW
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
DeleteMenu
GetSubMenu
InsertMenuW
CreatePopupMenu
SetForegroundWindow
GetCursorPos
LoadMenuW
AppendMenuW
GetSystemMenu
LoadIconW
KillTimer
SetTimer
SendMessageW
EnableWindow
PostMessageW
MapVirtualKeyExW

gdi32

GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
DeleteObject
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
GetTextMetricsW
GetTextColor
SetMapMode
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateDIBitmap
CreateCompatibleBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
SetPixelV
GetTextFaceW
GetRgnBox
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
ExtTextOutW
BitBlt
CreateCompatibleDC
CreateFontIndirectW
PatBlt
CreateRectRgnIndirect
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
CreateDCW
CopyMetaFileW
GetDeviceCaps
GetBkColor
GetTextExtentPoint32W

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW

shell32

SHGetFolderPathW
Shell_NotifyIconW
SHAppBarMessage
DragQueryFileW
DragFinish
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteW

comctl32

ImageList_GetIconSize

shlwapi

UrlUnescapeW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathAppendW

oleaut32

SysStringLen
SysAllocString
VariantChangeType
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
OleCreateFontIndirect
VariantInit
SysFreeString
SafeArrayCreate
SysAllocStringLen
SafeArrayDestroy

oledlg

OleUIBusyW

gdiplus

GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipGetImagePixelFormat
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePaletteSize
GdipGetImagePalette
GdipDisposeImage
GdipCreateBitmapFromStream

ws2_32

listen
shutdown
closesocket
WSACloseEvent
send
WSAEnumNetworkEvents
recv
accept
WSACleanup
gethostbyname
socket
connect
WSAEventSelect
select
__WSAFDIsSet
ntohs
WSASetLastError
bind
htons
htonl
WSASocketW
WSACreateEvent
WSAStartup
WSAGetLastError
inet_ntoa

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82edf1032456b4ffceb4e3435ec5bb4c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

hid

setupapi

irprops.cpl

iphlpapi

wlanapi

ole32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

oledlg

gdiplus

ws2_32

wininet

oleacc

imm32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 314KB - Virtual size: 314KB

.data Size: 29KB - Virtual size: 60KB

.rsrc Size: 304KB - Virtual size: 304KB

.reloc Size: 181KB - Virtual size: 180KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 314KB - Virtual size: 314KB

.data
Size: 29KB - Virtual size: 60KB

.rsrc
Size: 304KB - Virtual size: 304KB

.reloc
Size: 181KB - Virtual size: 180KB