2024-03-12_3ce05a8441d7757094b1d912d620401e_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-12_3ce05a8441d7757094b1d912d620401e_mafia
Size

252KB
MD5

3ce05a8441d7757094b1d912d620401e
SHA1

a4ff51e8fe33a66a4014f03df949b87443606b51
SHA256

8e097825896cdb60d3e063ab144d0f63a8bfe1a2c7efa1b63feada56fd1a2cf4
SHA512

eeb9e556878e50cc858a39f4a9a0c99f8a825f4967e866237f407452da71dcf7e2b0b71e1ff5e7f499207e628d7a55f32cfa83aa9117660a06a20881191df04d
SSDEEP

3072:V3p4g3IhYkZvO20dwcI0yaVH94Ooohu1g1LVqPhRS5nlNDK:V3p4gYOk8nwtqH944hJ1LVqmll1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-12_3ce05a8441d7757094b1d912d620401e_mafia

Files

2024-03-12_3ce05a8441d7757094b1d912d620401e_mafia
.exe windows:5 windows x86 arch:x86

145011f09cdb1046e8c6a93b4976eccb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

connect
closesocket
htons
gethostbyname
send
recv
accept
listen
bind
htonl
ioctlsocket
__WSAFDIsSet
select
WSAIoctl
WSASocketA
inet_ntoa
gethostname
WSARecv
socket
inet_addr
WSAStartup

wininet

InternetOpenUrlA
InternetSetCookieA
HttpSendRequestA
InternetCloseHandle
HttpQueryInfoA
InternetConnectA
InternetSetOptionA
InternetQueryOptionA
HttpOpenRequestA
InternetReadFile
InternetGetConnectedState
HttpAddRequestHeadersA
InternetOpenA

shlwapi

StrStrIA
PathIsDirectoryA

kernel32

GetOEMCP
GetACP
GetCPInfo
GetLocaleInfoW
LoadLibraryW
HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
VirtualFree
lstrcmpiA
VirtualAlloc
lstrlenA
ExitProcess
Sleep
CreateThread
GetCommandLineA
lstrcpyA
GetLastError
CreateMutexA
OpenMutexA
CloseHandle
WriteFile
CreateFileA
DeleteFileA
GetStdHandle
AllocConsole
ExpandEnvironmentStringsA
lstrcatA
IsValidCodePage
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
GetFileSize
MapViewOfFile
CreateFileMappingA
RtlUnwind
InterlockedExchange
HeapSize
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
CreateFileW
FlushFileBuffers
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
GetConsoleCP
HeapReAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
HeapCreate
IsProcessorFeaturePresent
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EnumSystemLocalesA
GetVersionExA
SetThreadPriority
GetModuleHandleW
SetHandleCount
GetCurrentProcess
IsValidLocale
ExitThread
ResumeThread
TerminateProcess
GetDriveTypeA
GetLogicalDrives
lstrcmpA
GetTickCount
ReadFile
SetFilePointer
GetTempPathA
GetFileAttributesExA
GetSystemTimeAsFileTime
CreateEventA
TerminateThread
WaitForSingleObject
SetEvent
CreateProcessA
GetTempFileNameA
IsBadReadPtr
UnmapViewOfFile
WideCharToMultiByte
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
IsBadStringPtrA
GetWindowsDirectoryA
GetPrivateProfileIntA
lstrlenW
LocalFree
DeleteCriticalSection
InitializeCriticalSection
OpenFileMappingA
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetVersion
GetModuleHandleA
GetCurrentProcessId
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
RaiseException
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer

user32

wsprintfA

advapi32

RegOpenKeyExA
RegCloseKey
RegEnumKeyExA
GetCurrentHwProfileA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA

shell32

SHGetFolderPathA

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance

dnsapi

DnsFree
DnsQuery_A

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

145011f09cdb1046e8c6a93b4976eccb

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wininet

shlwapi

kernel32

user32

advapi32

shell32

ole32

dnsapi

Sections

.text Size: 188KB - Virtual size: 187KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 26KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 188KB - Virtual size: 187KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 26KB

.reloc
Size: 11KB - Virtual size: 11KB