2024-03-14_61e8b7f7a42e60b60f4095a716395d0e_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-14_61e8b7f7a42e60b60f4095a716395d0e_mafia
Size

1004KB
MD5

61e8b7f7a42e60b60f4095a716395d0e
SHA1

8974492b61808f4893d8e27e01b8968353888b1e
SHA256

80aec610a711d62b7ba167f6dd051c81b4f4bfb6f90811415b70fbe1596fe8fd
SHA512

29fa4b32717426d8fd011aa7e9875c198bf95098787851d4304f9ef68c757bfe70a0ddbad2f9c3d8a6d5090290b2e496913a6804978cff7c8b13a3134de0adaa
SSDEEP

24576:/3GeAxHmA7QGsvF54e08MG5VBxwkqd2LZjW1xqS73k1hNh:/3AlbQGs34e08MG5Gkq+j6oi4h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-14_61e8b7f7a42e60b60f4095a716395d0e_mafia

Files

2024-03-14_61e8b7f7a42e60b60f4095a716395d0e_mafia
.exe windows:5 windows x86 arch:x86

b8086f6290816fb617f882601f009ecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Daten\Helge\Programmierung\SetACL3\Source\SetACL.exe\Win32\Release\SetACL.pdb

Imports

secur32

GetUserNameExW

version

VerQueryValueW

activeds

ord13

kernel32

FindClose
CreateFileW
InterlockedIncrement
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
Sleep
GetCommandLineW
HeapSetInformation
RtlUnwind
RaiseException
GetCPInfo
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
FindFirstFileW
IsProcessorFeaturePresent
HeapCreate
GetStdHandle
GetLocaleInfoW
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
CompareStringW
SetEnvironmentVariableW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleW
SetEndOfFile
ReadFile
SetEvent
ResetEvent
ReleaseMutex
CreateEventW
CreateMutexW
FindNextFileW
MoveFileExW
WriteFile
SetFilePointerEx
GetFileSizeEx
GetCurrentThreadId
GetLocalTime
WaitForSingleObject
CreateThread
CompareFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
LocalFree
FormatMessageW
LoadLibraryExW
InterlockedDecrement
LoadLibraryW
GetModuleFileNameW
GetVersionExW
GetComputerNameW
FreeResource
GetUserDefaultLangID
LockResource
LoadResource
FindResourceW
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
GetCurrentProcess
GetProcAddress
GetLastError
GetModuleHandleW
CreateDirectoryW
GetFileAttributesW
DeleteFileW

user32

LoadStringW

advapi32

LookupAccountNameW
ConvertSidToStringSidW
LookupAccountSidW
MapGenericMask
GetSecurityDescriptorLength
AddAccessAllowedAce
AddAce
InitializeAcl
IsValidAcl
DeleteAce
MakeSelfRelativeSD
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetNamedSecurityInfoW
SetSecurityInfo
IsValidSecurityDescriptor
GetNamedSecurityInfoW
GetKernelObjectSecurity
ConvertStringSidToSidW
EqualSid
GetAce
GetAclInformation
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorControl
SetEntriesInAclW
RegCreateKeyExW
MakeAbsoluteSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
RegCloseKey
RegOpenKeyExW
RegConnectRegistryW
RegEnumKeyExW
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

ole32

CoCreateInstance
CoInitialize
CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
CoQueryProxyBlanket

oleaut32

SysAllocStringLen
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
VariantInit
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SysAllocString
SysFreeString
SysAllocStringByteLen

netapi32

DsGetDcNameW
NetShareSetInfo
NetApiBufferFree
NetDfsGetClientInfo
NetShareGetInfo

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

Sections

.text
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 596KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b8086f6290816fb617f882601f009ecd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

secur32

version

activeds

kernel32

user32

advapi32

ole32

oleaut32

netapi32

mpr

Sections

.text Size: 323KB - Virtual size: 323KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 596KB - Virtual size: 600KB

.text
Size: 323KB - Virtual size: 323KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 596KB - Virtual size: 600KB