2024-03-15_9a44d95dfea01f715527fa7684f6d651_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-15_9a44d95dfea01f715527fa7684f6d651_mafia
Size

1.2MB
MD5

9a44d95dfea01f715527fa7684f6d651
SHA1

289d2cbea9507e6cea25b8d031dac0545d847337
SHA256

7f33238fcf0e560c0bb6db6a8a3ed1a8973b3806ed7bf2bc3f40f237fa4fcea3
SHA512

2445b22131fe01962a813f741926f762e14c87d9487d7b0c8019ff7b834c949349ad145298aee5ead943187d270c710076226f055e50e0a6f8f1875ce4f5244c
SSDEEP

24576:gC5RyML6ftr5qmMjU3P/DnfZ/QioedTKTrQWBwMdEx:Xmd5HMjUf/DfZogZKTcWBwOc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-15_9a44d95dfea01f715527fa7684f6d651_mafia

Files

2024-03-15_9a44d95dfea01f715527fa7684f6d651_mafia
.exe windows:5 windows x86 arch:x86

c5d9854741d4c5249cb5eee154dd85e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\clientci\workspace\browser_bdupdate_m21_release_BRANCH_compile\bdupdate\output\bdupdate.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

gethostname
WSAGetLastError
WSAStartup
getnameinfo
freeaddrinfo
getaddrinfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

imm32

ImmDisableIME

wtsapi32

WTSQueryUserToken

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

kernel32

GetCurrentProcess
HeapAlloc
GetProcessHeap
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
Thread32Next
ResumeThread
SuspendThread
OpenThread
GetCurrentProcessId
Thread32First
CreateToolhelp32Snapshot
VirtualQuery
IsBadWritePtr
lstrcpyW
lstrlenW
DeleteCriticalSection
SetEnvironmentVariableW
SetLastError
GetFullPathNameW
SetCurrentDirectoryW
SetUnhandledExceptionFilter
GetCommandLineW
CreateMutexW
OutputDebugStringW
GetSystemTime
FreeConsole
GetConsoleScreenBufferInfo
GetStdHandle
AllocConsole
WriteConsoleW
SetConsoleTextAttribute
GetPrivateProfileIntW
Sleep
ReleaseMutex
GetModuleHandleW
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
TerminateProcess
SetProcessAffinityMask
InterlockedIncrement
lstrcmpiW
LoadLibraryExW
OpenFileMappingW
GetPrivateProfileStringW
WritePrivateProfileStringW
ExitProcess
GetModuleFileNameW
OpenMutexW
GetExitCodeProcess
WTSGetActiveConsoleSessionId
FlushInstructionCache
CopyFileW
RemoveDirectoryW
GetFileAttributesExW
CompareStringW
MulDiv
lstrlenA
lstrcmpW
GlobalUnlock
GlobalLock
QueueUserWorkItem
InterlockedExchangeAdd
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
SetFilePointerEx
SetFileValidData
HeapDestroy
HeapReAlloc
HeapSize
InterlockedCompareExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
EncodePointer
DecodePointer
InterlockedExchange
RtlUnwind
GetTempPathW
GetConsoleMode
ExitThread
CreateThread
UnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatW
GetDateFormatW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
SetStdHandle
CreateProcessW
GetVersionExW
CreateEventW
WaitForMultipleObjects
SetThreadPriority
GetLocaleInfoW
FlushFileBuffers
SetEvent
ResetEvent
WaitForSingleObject
TerminateThread
OpenProcess
LocalFree
FormatMessageW
LoadLibraryW
GetProcAddress
DeleteFileW
FreeLibrary
SetEndOfFile
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableA
GetLastError
TlsFree
DosDateTimeToFileTime
SetFileAttributesW
TlsSetValue
TlsGetValue
GetCurrentThreadId
DeviceIoControl
GlobalAlloc
GlobalFree
GetVolumeInformationA
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
TlsAlloc
GetTickCount
UnmapViewOfFile
GetLocalTime
CreateFileMappingW
MapViewOfFile
GetFileSize
WriteFile
SetFileTime
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
WideCharToMultiByte
MultiByteToWideChar
LocalFileTimeToFileTime
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileW
SetFilePointer
lstrcpynW
FindFirstFileW
FindNextFileW
FindClose
GetConsoleCP
MoveFileExW
OpenEventW

user32

DialogBoxParamW
CreateDialogParamW
IsWindowVisible
GetClassNameW
GetSysColor
GetFocus
OffsetRect
GetCapture
ReleaseCapture
ReleaseDC
GetDC
SetCursor
DrawFocusRect
FillRect
PtInRect
GetDlgCtrlID
SetCapture
IsWindowEnabled
UpdateWindow
GetWindowTextLengthW
MoveWindow
ClientToScreen
InvalidateRgn
IsChild
DestroyAcceleratorTable
GetSystemMetrics
SetParent
SetLayeredWindowAttributes
EqualRect
GetWindowTextW
SetRectEmpty
AttachThreadInput
SetActiveWindow
IsIconic
ScreenToClient
BringWindowToTop
GetPropW
MessageBoxW
PeekMessageW
LoadIconW
LoadStringW
SetFocus
GetForegroundWindow
GetAsyncKeyState
CreateWindowExW
CallWindowProcW
RegisterClassExW
LoadCursorW
GetClassInfoExW
CreatePopupMenu
InsertMenuW
GetCursorPos
SetForegroundWindow
EnableWindow
CreateAcceleratorTableW
KillTimer
CopyRect
TrackPopupMenu
DestroyMenu
GetDlgItem
EndDialog
RegisterWindowMessageW
EndPaint
BeginPaint
DrawTextW
LoadImageW
CharNextW
SetPropW
SetWindowTextW
RedrawWindow
SetWindowRgn
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
AdjustWindowRectEx
InvalidateRect
GetClientRect
SetWindowPos
GetMenu
GetWindowLongW
SetWindowLongW
ShowWindow
PostMessageW
GetWindowThreadProcessId
SetTimer
AllowSetForegroundWindow
IsWindow
SendMessageW
DestroyWindow
DestroyIcon
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetDesktopWindow
wsprintfW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsRectEmpty
UnregisterClassA
DefWindowProcW

gdi32

CreateCompatibleDC
StretchBlt
SelectObject
SetBkMode
SetTextColor
SetBkColor
ExtTextOutW
DPtoLP
GetObjectW
CreateBrushIndirect
CreateFontIndirectW
GetStockObject
CreateCompatibleBitmap
GetDeviceCaps
CreateSolidBrush
GetCurrentObject
GetTextMetricsW
DeleteObject
DeleteDC
CreatePolygonRgn
BitBlt

advapi32

RegOpenKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
InitializeSecurityDescriptor
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
RegCreateKeyW
CreateServiceW
ChangeServiceConfig2W
ControlService
SetSecurityDescriptorDacl
DeleteService
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetServiceObjectSecurity
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
OpenProcessToken
GetTokenInformation
SetServiceStatus
GetNamedSecurityInfoW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
LookupAccountSidW
GetExplicitEntriesFromAclW
SetSecurityInfo
SetEntriesInAclW
GetSecurityInfo
StartServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
CreateProcessAsUserW
DuplicateTokenEx
QueryServiceStatusEx
CryptReleaseContext
CryptDecrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
SetNamedSecurityInfoW
RegCreateKeyExW

shell32

SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
SHFileOperationW
CommandLineToArgvW
Shell_NotifyIconW
ord165

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid
CLSIDFromProgID
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
StringFromCLSID
OleUninitialize
CoUninitialize

oleaut32

SysAllocString
VariantInit
VarUI4FromStr
VarBstrCmp
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysFreeString
SysAllocStringLen
SysStringLen
DispCallFunc

shlwapi

PathFileExistsW
StrStrW
SHGetValueW
PathRemoveFileSpecW

comctl32

_TrackMouseEvent

msimg32

GradientFill
AlphaBlend

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeleteGraphics
GdipCreateFromHDC
GdipLoadImageFromFile
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDeleteFont
GdipDeleteStringFormat
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDrawString
GdipCreateSolidFill
GdipDeleteBrush
GdipDeleteFontFamily

iphlpapi

GetAdaptersInfo

rpcrt4

RpcStringFreeW
UuidToStringW

wininet

HttpOpenRequestA
InternetConnectA
InternetSetOptionA
InternetOpenA
InternetQueryOptionW
InternetSetOptionW
InternetOpenW
InternetSetStatusCallbackW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
InternetErrorDlg
HttpEndRequestW
HttpQueryInfoW
HttpAddRequestHeadersA
InternetReadFileExA
InternetCloseHandle
InternetGetLastResponseInfoW
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA

Exports

Exports

?XNetDownloadFile@@YAPAXPAXPAVIXNetDownloadStatusCallback@@PB_W2W4XnetMethodType@@22@Z
?XNetHttpRequest@@YAPAXPAXP6AX0H0KPB_W@Z1W4XnetMethodType@@11K@Z
?XNetInit@@YAHXZ
?XNetStop@@YAHPAX@Z
?XNetUninit@@YAHXZ

Sections

.text
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 326KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5d9854741d4c5249cb5eee154dd85e2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

userenv

wintrust

crypt32

imm32

wtsapi32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

iphlpapi

rpcrt4

wininet

Exports

Exports

Sections

.text Size: 675KB - Virtual size: 675KB

.rdata Size: 153KB - Virtual size: 153KB

.data Size: 23KB - Virtual size: 33KB

.rsrc Size: 326KB - Virtual size: 325KB

.reloc Size: 52KB - Virtual size: 52KB

.text
Size: 675KB - Virtual size: 675KB

.rdata
Size: 153KB - Virtual size: 153KB

.data
Size: 23KB - Virtual size: 33KB

.rsrc
Size: 326KB - Virtual size: 325KB

.reloc
Size: 52KB - Virtual size: 52KB