2024-03-14_64cbfda19b008f70258b561846bcef8e_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-14_64cbfda19b008f70258b561846bcef8e_mafia
Size

337KB
MD5

64cbfda19b008f70258b561846bcef8e
SHA1

a83a8df15017b909e0df3d6fce4bca8f5289b3ad
SHA256

a183de02c4b6021e2280b478ef658bf03cacef757a752b6c5b064c4199434855
SHA512

d02a660f24eaf7b70161d007838e2e225491bde3ccc781c147ac86ee576a1caf51b2be2c8e14cfdd9d2db731ec62a11627bda78c436da523e463f9c7dd25f9c3
SSDEEP

6144:Axh2v6dk4q0VeAp0V0k1zfFJTBJUNn8ZF:AxJSBUeA6V0k1zfFJTrUNqF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-14_64cbfda19b008f70258b561846bcef8e_mafia

Files

2024-03-14_64cbfda19b008f70258b561846bcef8e_mafia
.exe windows:5 windows x86 arch:x86

2d27234a841becb5089f0fb9204e161d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WORK\SpecLab\Builds\UniBuild\Work\Helpers\minidumper\Release\minidumper.pdb

Imports

kernel32

LeaveCriticalSection
RaiseException
EnterCriticalSection
GetCurrentThreadId
ExitProcess
FlushInstructionCache
SetLastError
QueueUserWorkItem
CreateFileW
GetCurrentProcessId
OpenProcess
DeleteFileW
lstrlenW
GetModuleFileNameW
LoadLibraryW
LocalFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
lstrlenA
VirtualProtect
LoadLibraryExW
LocalHandle
LocalFlags
LocalUnlock
SetEndOfFile
WriteConsoleW
CreateFileA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
ReadFile
FindResourceExW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetStdHandle
WriteFile
HeapCreate
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
GetProcAddress
FormatMessageW
CloseHandle
lstrcmpiW
Process32NextW
Process32FirstW
GetCurrentProcess
CreateToolhelp32Snapshot
RtlUnwind
GetFileType
SetStdHandle
GetStartupInfoW
HeapSetInformation
GetCommandLineW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InitializeCriticalSection
Sleep
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
GetFileTime
GetLastError
FileTimeToDosDateTime
FileTimeToLocalFileTime

user32

GetClientRect
GetMonitorInfoW
GetWindowRect
MapWindowPoints
GetWindowLongW
MonitorFromWindow
SetWindowPos
GetParent
ShowWindow
CreateDialogParamW
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
UnregisterClassA
CharNextW
PostMessageW
DestroyWindow
SetWindowLongW
DialogBoxParamW
SetDlgItemTextW
GetDlgItemTextW
IsDlgButtonChecked
PostQuitMessage
GetActiveWindow
InvalidateRect
CheckRadioButton
GetDlgItem
EnableWindow
CheckDlgButton
SendMessageW
GetSystemMetrics
LoadImageW
IsDialogMessageW
MessageBoxW
EndDialog
GetWindow

advapi32

RegDeleteValueW
LookupPrivilegeValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken

shell32

SHBrowseForFolderW
CommandLineToArgvW
SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHCreateDirectoryExW
ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarUI4FromStr

shlwapi

PathAddBackslashW
PathFindFileNameW
StrRChrW
PathIsDirectoryW

dbghelp

MiniDumpWriteDump

comctl32

InitCommonControlsEx

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d27234a841becb5089f0fb9204e161d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

dbghelp

comctl32

Sections

.text Size: 183KB - Virtual size: 182KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 88KB - Virtual size: 87KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 183KB - Virtual size: 182KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 88KB - Virtual size: 87KB

.reloc
Size: 13KB - Virtual size: 13KB