2024-03-13_1ac69f661c8cd72692d21a0312625d5e_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-13_1ac69f661c8cd72692d21a0312625d5e_mafia
Size

523KB
MD5

1ac69f661c8cd72692d21a0312625d5e
SHA1

4460b2fad8a791e5f8092f04dfe3b74b7f629cbd
SHA256

55f8d8912ff912e253e7fef8b7ef118a84ac5b0e74ed5c4ebd5b2e3650e95cf1
SHA512

93e06c1aa0a2beff535637c0c624cd2cb22fe4aea1234e5a64d6afa69cb261149662901737855a449c04d8a53b3487fe8c90ae53e05665b05db9c21cbfb1e54f
SSDEEP

12288:6yumvouOBnr4afKXjlhJNY3x8I2sBc8fQrUqJdW+SMfMNMfMUMxpfMM5gl:11NYB8I4rFdWjMfMNMfMUMxpfM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-13_1ac69f661c8cd72692d21a0312625d5e_mafia

Files

2024-03-13_1ac69f661c8cd72692d21a0312625d5e_mafia
.exe windows:5 windows x86 arch:x86

de84c69ee24efdaa80d7782916803421

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\CCNet_Build\CS\BinRelease\DTMonitorServer.pdb

Imports

kernel32

InterlockedIncrement
LocalFree
MultiByteToWideChar
SetEvent
CreateProcessA
GetCurrentThreadId
InterlockedDecrement
SetLastError
GetLastError
InitializeCriticalSectionAndSpinCount
lstrlenW
WaitForMultipleObjects
GetTickCount
CreateEventA
CreateThread
GetProcAddress
GetModuleHandleA
lstrlenA
lstrcmpiA
GetModuleFileNameA
GetModuleHandleW
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
Sleep
GetCommandLineA
GetCurrentProcess
LCMapStringW
GetStartupInfoW
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
LoadLibraryW
GetConsoleMode
GetConsoleCP
SetFilePointer
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FatalAppExitA
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
FlushInstructionCache
WideCharToMultiByte
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateMutexA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
OutputDebugStringA
ExitProcess
HeapSize
HeapReAlloc
GetLocaleInfoW
GetModuleFileNameW
GetStdHandle
WriteFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentThread
TlsFree
HeapSetInformation
TlsSetValue
TlsGetValue
TlsAlloc
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
DecodePointer
EncodePointer
InitializeCriticalSection
InterlockedExchange
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
HeapCreate
HeapDestroy
GetCPInfo

user32

UnregisterClassA
SetTimer
GetClassInfoExA
LoadCursorA
DefWindowProcA
PostMessageA
CreateWindowExA
TrackPopupMenu
GetCursorPos
SetForegroundWindow
InsertMenuItemA
EnableMenuItem
SetWindowLongA
RegisterClassExA
GetMessageA
DispatchMessageA
CallWindowProcA
GetWindowLongA
PostThreadMessageA
CharNextW
CharNextA
LoadIconA
LoadMenuA
GetSubMenu
GetMenuItemCount
GetMenuItemID
RemoveMenu

advapi32

RegCreateKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA

shell32

Shell_NotifyIconA

ole32

CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoSuspendClassObjects
StringFromGUID2
CoUninitialize
CoResumeClassObjects
OleRun
CLSIDFromString
CoInitializeEx

oleaut32

VariantChangeType
SafeArrayGetElement
SafeArrayDestroy
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
VariantClear
VariantInit
VarBstrCmp
SysStringLen
VarBstrCat
SysFreeString
CreateErrorInfo
GetErrorInfo
SetErrorInfo

shlwapi

PathFileExistsA

Sections

.text
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de84c69ee24efdaa80d7782916803421

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 390KB - Virtual size: 390KB

.rdata Size: 78KB - Virtual size: 77KB

.data Size: 14KB - Virtual size: 23KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 390KB - Virtual size: 390KB

.rdata
Size: 78KB - Virtual size: 77KB

.data
Size: 14KB - Virtual size: 23KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 23KB - Virtual size: 23KB