2024-03-12_0de26ec95a9f49859fe5c67827146ee0_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-12_0de26ec95a9f49859fe5c67827146ee0_mafia
Size

2.2MB
MD5

0de26ec95a9f49859fe5c67827146ee0
SHA1

37c62b774f6c42a40249f23f720fd6965727f248
SHA256

720936147702e7404a6d75d81ec44d690f2fba54a75537573aeb33feb73c6968
SHA512

7a2be9dba2295644fa91dbc8dbca2a31aef86f9d1fefc643b36bd6392f0799adb2a6fc9767885e45b446a7b39f8bbfafc584d9085e1d6ed9a414d14a7e43124a
SSDEEP

49152:qTCOOtcY7UpoByuVPdlTD0/SgvhDP8i6/y3:CFOtZzIr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-12_0de26ec95a9f49859fe5c67827146ee0_mafia

Files

2024-03-12_0de26ec95a9f49859fe5c67827146ee0_mafia
.exe windows:5 windows x86 arch:x86

f7feb0524781e5ef7bff48aff3943e91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
FindNextFileW
FindNextFileA
FindClose
Sleep
ResetEvent
CreateEventA
SetEvent
GetVolumeInformationA
GetDriveTypeA
VirtualAlloc
VirtualFree
SetLastError
lstrcmpA
GetFileAttributesA
HeapFree
DeleteFileA
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
HeapReAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
GetModuleHandleW
ExitProcess
DecodePointer
CreateProcessA
DuplicateHandle
GetFileType
CreateFileW
GetDriveTypeW
FindFirstFileExW
MoveFileA
MoveFileW
GetFileAttributesW
DeleteFileW
ExitThread
ResumeThread
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FatalAppExitA
IsProcessorFeaturePresent
WriteFile
GetConsoleCP
GetConsoleMode
HeapCreate
HeapDestroy
ReadFile
GetStdHandle
GetModuleFileNameW
SetHandleCount
FindFirstFileW
SetFilePointer
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetCurrentProcessId
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
GetCurrentDirectoryW
SetCurrentDirectoryW
SetConsoleCtrlHandler
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
SetStdHandle
CreatePipe
GetExitCodeProcess
SetEndOfFile
GetProcessHeap
GetFullPathNameW
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapSize
FormatMessageA
GetTimeZoneInformation
GetLocalTime
GetModuleHandleA
GetCurrentProcess
GetProcessTimes
GetTickCount
CreateMutexA
GetLastError
WaitForSingleObject
ReleaseMutex
RaiseException
GetDateFormatA
GetTimeFormatA
LocalFileTimeToFileTime
SetFileTime
UnlockFile
LockFile
SystemTimeToTzSpecificLocalTime
SetConsoleTitleA
ReleaseSemaphore
OpenSemaphoreA
CreateSemaphoreA
SearchPathA
GetFileSize
LocalFree
LocalAlloc
CloseHandle
SetHandleInformation
SetErrorMode
GetEnvironmentVariableW
GetEnvironmentVariableA
GetCommandLineW
WideCharToMultiByte
MultiByteToWideChar
GetVersion
GetSystemDirectoryA
GetWindowsDirectoryA
GetEnvironmentStrings
lstrlenA
FreeEnvironmentStringsA
GetVersionExA
LoadLibraryA
GetProcAddress
GetStartupInfoW
SystemTimeToFileTime
GetSystemTime
DeviceIoControl
GetPrivateProfileIntA
GetPrivateProfileStringA
FreeLibrary

user32

SetWindowTextA
ShowWindow
MoveWindow
ScreenToClient
SetFocus
wsprintfA
GetFocus
DialogBoxIndirectParamA
GetWindowLongA
GetParent
EndDialog
GetDlgItemTextA
GetDlgItemTextW
SetDlgItemTextA
MessageBeep
GetClientRect
MessageBoxA
GetActiveWindow
GetSystemMetrics
EnableWindow
GetWindowRect
GetDlgItem
CreateDialogIndirectParamA
SendMessageA

netapi32

Netbios

advapi32

RegSetValueExA
DeregisterEventSource
RegisterEventSourceA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
GetUserNameW
GetUserNameA
RegSetValueExW
ReportEventA
RegQueryValueExW
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA

comdlg32

GetOpenFileNameA

comctl32

ord17

wsock32

WSASetLastError
htons
setsockopt
inet_ntoa
send
recv
closesocket
socket
connect
select
__WSAFDIsSet
getsockname
WSAStartup
inet_addr
gethostname
ntohl
getsockopt
ntohs
getservbyport
getprotobyname
sendto
recvfrom
listen
bind
accept
shutdown
gethostbyaddr
gethostbyname
WSACleanup
htonl
WSAGetLastError
getservbyname
ioctlsocket

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
VariantInit
SysStringLen
VariantClear

ole32

CoInitialize
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitializeEx

rpcrt4

UuidCreate

wintrust

WinVerifyTrust

crypt32

CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertGetNameStringA
CryptDecodeObject

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 756KB - Virtual size: 755KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 198KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_dir
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_mar
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7feb0524781e5ef7bff48aff3943e91

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

netapi32

advapi32

comdlg32

comctl32

wsock32

oleaut32

ole32

rpcrt4

wintrust

crypt32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.textidx Size: 756KB - Virtual size: 755KB

CONST Size: 512B - Virtual size: 80B

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 198KB - Virtual size: 526KB

.fnp_dir Size: 512B - Virtual size: 100B

.fnp_mar Size: 512B - Virtual size: 1B

.rsrc Size: 1024B - Virtual size: 864B

.reloc Size: 78KB - Virtual size: 77KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.textidx
Size: 756KB - Virtual size: 755KB

CONST
Size: 512B - Virtual size: 80B

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 198KB - Virtual size: 526KB

.fnp_dir
Size: 512B - Virtual size: 100B

.fnp_mar
Size: 512B - Virtual size: 1B

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 78KB - Virtual size: 77KB