2024-03-15_076b92a31b1e690186636d7bf5d9ce84_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-15_076b92a31b1e690186636d7bf5d9ce84_mafia
Size

3.7MB
MD5

076b92a31b1e690186636d7bf5d9ce84
SHA1

4d73dcde6da9ef2ae34c695fe83576886231eb3f
SHA256

326ec29c495db13c7421df82b1d3eca4699715f8f91c1b0dd387ff987d510b62
SHA512

9ed64b8170d5b37ed8caf63f91e92eadc8a35049b4b43f8613ed05e526852ba2eea91a5fbc014ee8106c1c3926c0ee6c23073c917f18378960a343579bbe1dac
SSDEEP

98304:T7dx1CyP6Rn919m9teu5J3AUbNwKQzk3I58:tCyPs919mDeu5J3VwE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-15_076b92a31b1e690186636d7bf5d9ce84_mafia

Files

2024-03-15_076b92a31b1e690186636d7bf5d9ce84_mafia
.exe windows:5 windows x86 arch:x86

25f93664f031bee3045d9b495a57d10f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

PropVariantClear
CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA
ShellExecuteA

gdi32

GetStockObject
BitBlt
DeleteDC
SelectObject
CreateCompatibleDC
GetObjectA
GetDeviceCaps

user32

ScreenToClient
GetSystemMetrics
ShowWindow
DefWindowProcA
CreateWindowExA
GetWindowLongA
UnregisterClassA
InvalidateRect
BeginPaint
LoadIconA
LoadBitmapA
RegisterClassExA
GetWindowRect
DestroyWindow
ToUnicode
ClipCursor
GetDC
TranslateMessage
SetWindowLongA
DispatchMessageA
GetCursorPos
ReleaseDC
PeekMessageA
GetKeyboardState
GetClientRect
ClientToScreen
LoadCursorA
SetCursor
SetWindowPos
EnumDisplaySettingsA
PostThreadMessageA
GetMessageA
SetWindowTextA
ShowCursor
SetCursorPos

winmm

waveInGetDevCapsA
waveOutGetNumDevs
waveOutPrepareHeader
waveInStop
waveInStart
joyGetPosEx
timeGetTime
waveOutOpen
waveInUnprepareHeader
waveOutUnprepareHeader
waveOutGetDevCapsA
waveInGetNumDevs
waveInReset
waveInAddBuffer
waveInOpen
waveInPrepareHeader
waveOutWrite
waveInClose
waveOutClose

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx
D3DXSaveSurfaceToFileA
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileInMemoryEx

wsock32

WSAGetLastError
send
gethostbyname
gethostbyaddr
closesocket
WSASetLastError
getservbyname
socket
WSACleanup
getservbyport
setsockopt
shutdown
ntohs
htons
htonl
ioctlsocket
WSAStartup
inet_addr
connect
recv

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
WriteConsoleW
SetEndOfFile
CompareStringW
GetTimeZoneInformation
FlushFileBuffers
GetExitCodeProcess
CreatePipe
GetCurrentProcessId
LCMapStringW
LoadLibraryW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetProcessHeap
GetLocaleInfoW
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
SetLastError
GetCPInfo
SetFilePointer
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
ReadFile
InitializeCriticalSectionAndSpinCount
HeapSize
GetFileAttributesA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
GetStdHandle
WriteFile
HeapCreate
IsProcessorFeaturePresent
SetEnvironmentVariableA
CreateFileW
GetLocaleInfoA
QueryPerformanceCounter
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
MoveFileA
GetCurrentProcess
DuplicateHandle
CreateProcessA
RtlUnwind
ExitProcess
GetModuleHandleW
HeapReAlloc
ResumeThread
CreateDirectoryA
DecodePointer
EncodePointer
DeleteFileA
HeapAlloc
HeapFree
TlsFree
TlsAlloc
SetThreadPriority
TlsSetValue
GetCurrentThread
TlsGetValue
SetEvent
ResetEvent
CreateEventA
WaitForSingleObjectEx
CreateThread
GetExitCodeThread
ExitThread
DebugBreak
DeleteCriticalSection
IsDebuggerPresent
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
InterlockedExchange
IsBadWritePtr
LeaveCriticalSection
GetModuleFileNameA
GetLastError
FormatMessageA
GetCurrentDirectoryA
WideCharToMultiByte
Sleep
MultiByteToWideChar
FindFirstFileA
FindClose
GetLocalTime
FindNextFileA
VirtualQuery
CopyFileA
QueryPerformanceFrequency
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
RaiseException
GetSystemInfo
GetCurrentThreadId
CloseHandle
GetTickCount
GetModuleHandleA
GetVersionExA
FreeLibrary
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
GlobalMemoryStatusEx
CreateFileA
ReadDirectoryChangesW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 687KB - Virtual size: 687KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 714KB - Virtual size: 713KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25f93664f031bee3045d9b495a57d10f

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shell32

gdi32

user32

winmm

d3d9

d3dx9_43

wsock32

kernel32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 687KB - Virtual size: 687KB

.data Size: 42KB - Virtual size: 4.6MB

.rsrc Size: 714KB - Virtual size: 713KB

.reloc Size: 166KB - Virtual size: 165KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 687KB - Virtual size: 687KB

.data
Size: 42KB - Virtual size: 4.6MB

.rsrc
Size: 714KB - Virtual size: 713KB

.reloc
Size: 166KB - Virtual size: 165KB