2024-03-09_2f8c36bed87bd89585db57a0f4008f90_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-09_2f8c36bed87bd89585db57a0f4008f90_mafia
Size

573KB
MD5

2f8c36bed87bd89585db57a0f4008f90
SHA1

9506c3abe4987db57b9ea99f6faca990c89cdc6a
SHA256

035e92f4c6def78538dcaeac15c4ca7ea77ea1658f4e14ec9812593dabf45036
SHA512

04a29b076efc86426e39af452dd0c11055199e2526f04f1a62bba8470362fefe9a9229b1bcb93f165f58ef2816d05315f9e4f1177ef497ee71460a0ab438bcf4
SSDEEP

12288:cM+vWn6gcrD5v/Bqe0NyNkDmnhKaWlt22jc5Ug/3VoA7SRTORSHmg2aSm5MaL:cM+vdgcl6Oay9o0gTORSGg2nm5Mc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-09_2f8c36bed87bd89585db57a0f4008f90_mafia

Files

2024-03-09_2f8c36bed87bd89585db57a0f4008f90_mafia
.exe windows:5 windows x86 arch:x86

4b7ed35114bd2c638b25870e6ba71d3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Transinstall\TI-Downloader\Release\TIInstaller.pdb

Imports

kernel32

GlobalAlloc
MulDiv
lstrcmpW
GlobalUnlock
GetModuleHandleA
LockResource
GlobalLock
CreateThread
GetTempPathA
CloseHandle
GetCurrentThreadId
DeleteCriticalSection
lstrcmpiW
WaitForMultipleObjects
CreateEventW
GetTempFileNameA
EnterCriticalSection
GetProcAddress
SetLastError
GetLastError
RaiseException
FlushInstructionCache
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
GetProcessHeap
SetEndOfFile
CreateFileW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
LoadLibraryW
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FlushFileBuffers
SetFilePointer
GetConsoleMode
lstrlenW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
GetStdHandle
WriteFile
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
HeapSize
TlsFree
MultiByteToWideChar
GetSystemDirectoryA
GetModuleFileNameW
CreateProcessA
GetExitCodeProcess
LeaveCriticalSection
SizeofResource
Sleep
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetModuleHandleW
SetEvent
WaitForSingleObject
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
TlsSetValue
TlsGetValue
TlsAlloc
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CompareStringW
GetDateFormatA
GetTimeFormatA
LCMapStringW
RtlUnwind
GetCPInfo
FindResourceA
GetCommandLineW
GlobalMemoryStatusEx
IsWow64Process
GetLocaleInfoA
GetVersionExA
TerminateProcess
OpenProcess
GetCurrentThread
CreateDirectoryA
CreateEventA
TerminateThread
CreateFileA
DeleteFileA
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapAlloc
HeapFree
GetLocaleInfoW
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
ExpandEnvironmentStringsW
ReadFile
InitializeCriticalSection
GetConsoleCP
GetModuleFileNameA
GetFileAttributesA
LocalFree

user32

GetWindow
GetMonitorInfoW
MapWindowPoints
SetWindowTextA
CreateWindowExW
ShowWindow
SetWindowPos
SetWindowLongW
MonitorFromWindow
MoveWindow
GetWindowLongW
MessageBoxA
RegisterClassExW
GetForegroundWindow
TranslateMessage
GetDC
UnregisterClassA
GetSystemMetrics
GetClassInfoExW
GetClientRect
LoadCursorW
GetParent
DispatchMessageW
PeekMessageW
EndPaint
ClientToScreen
GetWindowTextLengthW
DestroyAcceleratorTable
ScreenToClient
RegisterWindowMessageW
FillRect
IsChild
SetCapture
GetFocus
InvalidateRgn
CreateAcceleratorTableW
SetFocus
BeginPaint
InvalidateRect
GetWindowTextW
GetClassNameW
ReleaseDC
GetDlgItem
RedrawWindow
GetDesktopWindow
GetSysColor
IsWindow
ReleaseCapture
SendMessageW
SetWindowTextW
PostMessageW
CallWindowProcW
DefWindowProcW
DestroyWindow
GetWindowRect
GetMessageW
PostQuitMessage
CharNextW

gdi32

GetDeviceCaps
CreateSolidBrush
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
BitBlt
GetStockObject

advapi32

RegQueryValueExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegOpenKeyExA
CryptDestroyHash
RegQueryValueExA
AdjustTokenPrivileges
CryptHashData
OpenProcessToken
OpenThreadToken
LookupPrivilegeValueA

shell32

ShellExecuteW
CommandLineToArgvW
ShellExecuteExA

ole32

CoGetClassObject
OleUninitialize
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoTaskMemAlloc
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

oleaut32

DispCallFunc
LoadRegTypeLi
OleCreateFontIndirect
LoadTypeLi
SysStringLen
SysFreeString
VarUI4FromStr
VariantChangeType
SysAllocStringLen
VarBstrCmp
VariantInit
VariantCopy
VariantClear
SysAllocString

winhttp

WinHttpReadData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpReceiveResponse

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b7ed35114bd2c638b25870e6ba71d3f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winhttp

version

iphlpapi

Sections

.text Size: 442KB - Virtual size: 441KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 19KB - Virtual size: 28KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 442KB - Virtual size: 441KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 19KB - Virtual size: 28KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 34KB - Virtual size: 33KB