2024-03-15_3bf7eb42eda112aa92f598ba6d5a711c_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-15_3bf7eb42eda112aa92f598ba6d5a711c_mafia
Size

2.0MB
MD5

3bf7eb42eda112aa92f598ba6d5a711c
SHA1

ae265265c3fd36c5fcf150a7e722c6c12c151e69
SHA256

71cfcf09b9e109db3ede971781107a24bb3e19c9be9b4cc556f3fc515279213b
SHA512

6566d776d08ce71131c5aa514eb412e373ffe6b12833fd4d6411b389952e7467a24a052600bdb2f487b674ba5e57ef205b337426cb960d93a6011fa657a70318
SSDEEP

49152:4zT8dHkC1jE7oax7rf/0JlITTT+FlrcmqzP9yTfg9N0mjNzeutBn9iuJTZ4Ol:rE7oax3/0sz+FlomqP9yTfgv1zfn9iuJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-15_3bf7eb42eda112aa92f598ba6d5a711c_mafia

Files

2024-03-15_3bf7eb42eda112aa92f598ba6d5a711c_mafia
.exe windows:5 windows x86 arch:x86

0dc73f8be6d069967cb139ba2ba24d11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\YAN\Documents\개발 프로젝트\OneWay\FileAgent\OneWayFileRecvProgram\Release\OneWayFileRecvProgram.pdb

Imports

kernel32

CompareStringW
GetVersionExW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
CreateActCtxW
ReleaseActCtx
InterlockedDecrement
FileTimeToSystemTime
GlobalAlloc
SetThreadPriority
SuspendThread
lstrcmpA
CreateMutexW
ReleaseMutex
InterlockedExchange
GetLocaleInfoW
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetCurrentThread
lstrcpyW
GetPrivateProfileIntW
GetPrivateProfileStringW
FileTimeToLocalFileTime
GlobalReAlloc
InterlockedIncrement
LocalAlloc
TlsGetValue
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalGetAtomNameW
GetThreadLocale
GlobalFlags
GetCurrentDirectoryW
lstrcmpiW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetTempFileNameW
GetTempPathW
GetWindowsDirectoryW
GetNumberFormatW
GetTickCount
GetProfileIntW
SearchPathW
SetErrorMode
GetFileAttributesExW
GetFileSizeEx
lstrcmpW
VirtualProtect
GetUserDefaultLCID
FindResourceExW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetSystemTimeAsFileTime
HeapFree
DecodePointer
EncodePointer
HeapAlloc
GetDriveTypeA
FindFirstFileExA
GetTimeZoneInformation
RtlUnwind
RaiseException
HeapReAlloc
ExitThread
ExitProcess
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
HeapQueryInformation
SetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetStringTypeW
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
GetDriveTypeW
GetProcessHeap
SetEnvironmentVariableA
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
GlobalFree
CopyFileW
GetFileTime
GlobalSize
GetFileSize
ResumeThread
CreateThread
RemoveDirectoryW
SetEvent
ResetEvent
MoveFileW
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
ActivateActCtx
GetModuleHandleW
DeactivateActCtx
SetLastError
CreateEventW
CreateSemaphoreW
LoadLibraryExW
GetSystemDirectoryW
LoadLibraryW
DeleteFileW
FindNextFileW
GetModuleFileNameW
WritePrivateProfileStringW
FreeLibrary
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
GetLocalTime
GetProcAddress
GetFileAttributesW
CreateDirectoryW
Sleep
FindClose
FindFirstFileW
lstrlenA
GetLastError
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource

user32

GetMenuItemInfoW
DestroyMenu
SystemParametersInfoW
IsRectEmpty
SetRectEmpty
IntersectRect
OpenClipboard
CopyImage
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
DestroyIcon
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
OffsetRect
DeleteMenu
SetWindowRgn
SetCapture
WindowFromPoint
ReleaseCapture
MessageBeep
NotifyWinEvent
GetAsyncKeyState
IsZoomed
CharUpperW
UnionRect
EnableScrollBar
UpdateLayeredWindow
MonitorFromPoint
IsMenu
CreatePopupMenu
SetMenuDefaultItem
GetMenuDefaultItem
UnregisterClassW
WaitMessage
CharNextW
CopyAcceleratorTableW
SetRect
InvalidateRgn
GetNextDlgGroupItem
DrawEdge
DrawFrameControl
DrawFocusRect
DrawIconEx
SetParent
DestroyAcceleratorTable
SetClassLongW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
SetCursorPos
BringWindowToTop
LockWindowUpdate
InvertRect
HideCaret
GetIconInfo
RegisterClipboardFormatW
FrameRect
TranslateAcceleratorW
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
CopyIcon
CharUpperBuffW
PostThreadMessageW
GetDoubleClickTime
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
IsCharLowerW
MapVirtualKeyExW
SubtractRect
DestroyCursor
GetWindowRgn
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
TranslateMessage
InflateRect
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowLongW
SetWindowLongW
SetWindowPos
PtInRect
GetWindow
MapVirtualKeyW
GetKeyNameTextW
ReleaseDC
GetDC
CopyRect
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetClassNameW
LoadBitmapW
InvalidateRect
UpdateWindow
FillRect
DrawStateW
EnableWindow
SendMessageW
LoadIconW
GetSystemMenu
AppendMenuW
GetClientRect
IsIconic
GetSystemMetrics
DrawIcon
PostMessageW
SetTimer
KillTimer
IsWindow
GetParent
LoadMenuW
GetCursorPos
EndPaint
ShowOwnedPopups
SetCursor
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMessageW
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetFileInfoW
ShellExecuteW
SHAppBarMessage
DragFinish
DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation

oleaut32

VariantChangeType
VariantInit
SysAllocString
SysStringLen
VariantClear
SysAllocStringLen
SysFreeString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect

libcurl

curl_global_init
curl_easy_setopt
curl_slist_append
curl_easy_perform
curl_slist_free_all
curl_easy_cleanup
curl_global_cleanup
curl_easy_strerror
curl_easy_init

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize
ImageList_Create
InitCommonControlsEx

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathRemoveFileSpecW

oledlg

OleUIBusyW

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDrawImageI
GdipGetImageWidth

ws2_32

setsockopt
inet_addr
htons
bind
listen
ioctlsocket
select
accept
closesocket
getpeername
inet_ntoa
recv
WSAGetLastError
WSAStartup
WSACleanup
socket

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

gdi32

GetTextExtentPoint32W
SetDIBColorTable
RealizePalette
CreateCompatibleBitmap
CombineRgn
StretchBlt
SetPixel
CreateDIBSection
CreateDIBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
SetRectRgn
GetMapMode
DPtoLP
CreateRoundRectRgn
GetBkColor
GetTextColor
GetRgnBox
CreateSolidBrush
GetObjectW
GetStockObject
GetDeviceCaps
CopyMetaFileW
CreateDCW
CreateRectRgnIndirect
PatBlt
SetTextColor
SetBkColor
CreateBitmap
CreateFontIndirectW
RestoreDC
SetBkMode
SetPolyFillMode
CreateHatchBrush
CreatePen
SetROP2
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
GetObjectType
SelectPalette
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SaveDC
DeleteObject
SetPixelV
GetTextFaceW
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
SetPaletteEntries
ExtFloodFill
EnumFontFamiliesExW
OffsetRgn
GetSystemPaletteEntries
GetNearestPaletteIndex
RectVisible
TextOutW
ExtTextOutW
Escape
CreateEllipticRgn
CreatePolygonRgn
GetPaletteEntries
CreatePalette
Polyline
Ellipse
Polygon
Rectangle
SelectObject

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

comdlg32

GetFileTitleW

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
CreateILockBytesOnHGlobal
RegisterDragDrop
CoLockObjectExternal
StgCreateDocfileOnILockBytes
CoRevokeClassObject
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
CoGetClassObject
CoUninitialize
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
RevokeDragDrop
OleGetClipboard

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0dc73f8be6d069967cb139ba2ba24d11

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

oleaut32

libcurl

msimg32

comctl32

shlwapi

oledlg

gdiplus

ws2_32

oleacc

imm32

winmm

gdi32

winspool.drv

comdlg32

ole32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 321KB - Virtual size: 321KB

.data Size: 27KB - Virtual size: 60KB

.rsrc Size: 89KB - Virtual size: 88KB

.reloc Size: 180KB - Virtual size: 180KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 321KB - Virtual size: 321KB

.data
Size: 27KB - Virtual size: 60KB

.rsrc
Size: 89KB - Virtual size: 88KB

.reloc
Size: 180KB - Virtual size: 180KB