2024-03-13_d704fd440801c4300e4a44f3a3d1d510_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-13_d704fd440801c4300e4a44f3a3d1d510_mafia
Size

4.6MB
MD5

d704fd440801c4300e4a44f3a3d1d510
SHA1

9bd0da1510140746cc720f4d1581cc87a5e885b1
SHA256

c2c472ae5be280aaca9e4f109b9ce347f7979367c085fd342cde327e0dec7f34
SHA512

e6feb22ec2b3b24628d9a6befd91be0ff5a5ee37d35f0ed0651c6ae13b6dd7389240d91642c9ef2212bde3f3e51dccac9c79515c3027c18c01095aff1c80dfc8
SSDEEP

98304:ZEU4ZRBkz9ijKuihQusapvkaBewPAd+uqzUxLBp84Q:94ZRBUHCN/+uqzUK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-13_d704fd440801c4300e4a44f3a3d1d510_mafia

Files

2024-03-13_d704fd440801c4300e4a44f3a3d1d510_mafia
.exe windows:5 windows x86 arch:x86

28f40b88c3e42ee16410c61fa8a889ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\NAD_WORK\[solution]\SISS-DLP\SOURCE\Client\Dlp_Client\Release\SissClient.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
CompareStringW
LCMapStringW
WriteConsoleW
IsProcessorFeaturePresent
GetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetHandleCount
GetTimeZoneInformation
GetStringTypeW
IsValidCodePage
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapQueryInformation
CreateFileW
HeapSize
ExitProcess
GetFileType
SetStdHandle
VirtualQuery
VirtualAlloc
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitThread
DecodePointer
EncodePointer
GetFileAttributesW
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
FindResourceExW
VirtualProtect
SearchPathA
GetProfileIntA
GetNumberFormatA
GetTempPathA
GetTempFileNameA
SetErrorMode
GetACP
GetOEMCP
GetCPInfo
GlobalFlags
GetSystemDirectoryW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
GetModuleHandleW
InterlockedExchange
GetFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
lstrcmpA
FileTimeToSystemTime
GetFullPathNameA
FindFirstFileA
FindClose
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
lstrcmpiA
GetThreadLocale
SuspendThread
ResumeThread
SetThreadPriority
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
FindResourceA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryW
lstrcmpW
GlobalSize
lstrlenW
MulDiv
HeapReAlloc
HeapCreate
GetSystemInfo
CopyFileW
CreateMutexA
ActivateActCtx
GetModuleHandleA
DeactivateActCtx
SetEnvironmentVariableA
HeapFree
LocalFree
DuplicateHandle
GetEnvironmentVariableA
TerminateProcess
GetUserDefaultLangID
MoveFileA
GetCurrentDirectoryA
QueryDosDeviceA
GetTickCount
GetShortPathNameA
GetComputerNameA
lstrcpyA
GetCurrentProcess
ProcessIdToSessionId
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
IsBadCodePtr
DeviceIoControl
CreateDirectoryA
IsBadWritePtr
ReadFile
GetFileSize
WriteFile
SetEndOfFile
SetFileAttributesA
GetFileAttributesA
SetFileAttributesW
CreateDirectoryW
CreateFileA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetDriveTypeA
GetLogicalDrives
CopyFileA
GetVersionExA
GetCurrentThread
TerminateThread
GetCurrentProcessId
MultiByteToWideChar
InterlockedIncrement
FormatMessageA
LocalAlloc
InterlockedDecrement
IsBadReadPtr
LeaveCriticalSection
EnterCriticalSection
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
CreateFileMappingW
CreateEventW
DeleteFileA
GetSystemDirectoryA
GetProcessHeap
HeapAlloc
SetEvent
UnmapViewOfFile
MapViewOfFile
WaitForSingleObject
CreateThread
CreateFileMappingA
CreateEventA
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GetLastError
SetLastError
GetVersion
Sleep
GetWindowsDirectoryA
CloseHandle
CreateProcessA
GetModuleFileNameA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA

user32

TranslateAcceleratorA
FrameRect
RegisterClipboardFormatA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetIconInfo
HideCaret
InvertRect
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFrameControl
DrawIconEx
SetClassLongA
DestroyAcceleratorTable
SetParent
IsClipboardFormatAvailable
DestroyIcon
InvalidateRgn
CopyAcceleratorTableA
CharNextA
WaitMessage
UnregisterClassA
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsZoomed
GetAsyncKeyState
NotifyWinEvent
SetCapture
GetSystemMenu
LoadMenuW
DeleteMenu
CopyImage
RealChildWindowFromPoint
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
GetSysColorBrush
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
CharUpperA
DestroyMenu
GetMenuItemInfoA
GetMessageA
TranslateMessage
IntersectRect
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
IsWindowEnabled
MoveWindow
SetWindowTextA
InsertMenuItemA
CheckDlgButton
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetForegroundWindow
EnableWindow
GetWindowRect
SystemParametersInfoA
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
ValidateRect
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
MapVirtualKeyA
GetKeyNameTextA
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
CharUpperBuffA
PostThreadMessageA
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
CreateMenu
GetUpdateRect
GetDoubleClickTime
IsCharLowerA
MapVirtualKeyExA
CopyRect
DrawStateA
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
FlashWindow
MessageBeep
LoadImageA
RegisterWindowMessageA
SubtractRect
DestroyCursor
GetWindowRgn
IsDialogMessageA
SendMessageA
LoadIconW
GetSysColor
GetWindowLongA
GetCapture
GetCursorPos
WindowFromPoint
DrawEdge
OffsetRect
DrawFocusRect
LoadBitmapW
SetWindowRgn
GetDC
ReleaseDC
ClientToScreen
InvalidateRect
ReleaseCapture
GetParent
GetNextDlgGroupItem
PostMessageA
RedrawWindow
UpdateWindow
GetClientRect
FillRect
SetCursor
IsWindow
KillTimer
SetTimer
LoadCursorA
CopyIcon
IsRectEmpty
InflateRect
LoadIconA
CreatePopupMenu
AppendMenuA
SetForegroundWindow
FindWindowA
GetWindow
GetClassNameA
GetSystemMetrics
LoadBitmapA
SetRect
ScreenToClient
PtInRect
PostQuitMessage
GetWindowTextLengthA
GetWindowTextA
GetWindowThreadProcessId
IsWindowVisible
SetWindowPos
IsIconic
DrawIcon
GetDesktopWindow
ShowWindow
GetLastInputInfo

gdi32

EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceA
SetPixelV
GetWindowExtEx
GetViewportExtEx
SetPixel
SetDIBColorTable
OffsetRgn
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
Polygon
Ellipse
Polyline
CreatePolygonRgn
GetRgnBox
GetTextColor
GetBkColor
CreateRoundRectRgn
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
DPtoLP
GetMapMode
SetRectRgn
CreateHatchBrush
GetObjectType
SelectPalette
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
Rectangle
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
PatBlt
CreateRectRgnIndirect
CreateDCA
CopyMetaFileA
GetDeviceCaps
CreateEllipticRgn
ExtCreateRegion
CreateDIBSection
CreatePen
GetStockObject
DeleteObject
GetObjectA
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
StretchBlt
DeleteDC
SelectClipRgn
GetPixel
CreateRectRgn
CombineRgn
CreateSolidBrush
CreateFontIndirectA
GetViewportOrgEx
SetViewportOrgEx
GetTextExtentPoint32A
GetTextMetricsA

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

AdjustTokenPrivileges
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
DuplicateTokenEx
ImpersonateSelf
OpenThreadToken
GetUserNameA
SetThreadToken
SetEntriesInAclA
AllocateAndInitializeSid
LookupPrivilegeValueA
SetSecurityInfo
ControlService
DeleteService
CloseServiceHandle
OpenServiceA
OpenSCManagerA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
RegDeleteValueA
RegFlushKey
RegQueryValueExA
RegOpenKeyA

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
SHGetFileInfoA
SHGetSpecialFolderLocation
ord2
SHGetPathFromIDListA
DragQueryFileA
DragFinish
SHAppBarMessage
ShellExecuteA
SHBrowseForFolderA
SHGetMalloc
SHGetDesktopFolder

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17
ImageList_GetIconSize

shlwapi

PathIsNetworkPathA
PathRemoveFileSpecW
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathCompactPathA

ole32

ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoInitializeEx
CLSIDFromString
CoCreateGuid
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
CoTaskMemFree
CoUninitialize
CoInitialize
OleRun
CoCreateInstance

oleaut32

SysAllocString
SysAllocStringLen
SafeArrayDestroy
SysStringLen
OleCreateFontIndirect
VariantChangeType
VariantCopy
VariantInit
SysAllocStringByteLen
SysFreeString
VariantClear
VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
GetErrorInfo
VarBstrFromDate

oledlg

ord8

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipFree
GdipAlloc

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ws2_32

WSAEventSelect
connect
WSAEnumNetworkEvents
closesocket
shutdown
socket
WSACloseEvent
WSACreateEvent
WSAGetLastError
send
gethostname
WSACleanup
gethostbyname
WSAStartup
inet_ntoa
inet_addr
recv
htons
WSAWaitForMultipleEvents

mpr

WNetGetUniversalNameA

iphlpapi

GetAdaptersInfo

netapi32

NetApiBufferFree
NetShareDel
NetShareEnum

wininet

HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntry
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
InternetOpenA

userenv

GetUserProfileDirectoryA

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28f40b88c3e42ee16410c61fa8a889ec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

version

ws2_32

mpr

iphlpapi

netapi32

wininet

userenv

oleacc

imm32

winmm

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 360KB - Virtual size: 360KB

.data Size: 26KB - Virtual size: 56KB

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 203KB - Virtual size: 203KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 360KB - Virtual size: 360KB

.data
Size: 26KB - Virtual size: 56KB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 203KB - Virtual size: 203KB