2024-03-15_dd38244e85d3fe48cb596e7f62b269e6_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-15_dd38244e85d3fe48cb596e7f62b269e6_mafia
Size

3.9MB
MD5

dd38244e85d3fe48cb596e7f62b269e6
SHA1

ff913ad63d6613945700457f0a67b249cefd2122
SHA256

ace1fa42c38fd7a49d046864c4203b943261afbc2ecc152b5debc79757ac3b03
SHA512

b81441395aa4da1b11cb711a060a310157a957d9ece9214534a6302621d7683e32b3cece780b701aa74f821c66d69b149851d3d26715dd330973e8cb0df982c0
SSDEEP

98304:jimtJcMwFtJhNO51FwAfpxxzBs7oTyQobdYIpuu9JC4j8//acKMPo:jim/cGtZyFYVuC4MacKMP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-15_dd38244e85d3fe48cb596e7f62b269e6_mafia

Files

2024-03-15_dd38244e85d3fe48cb596e7f62b269e6_mafia
.exe windows:5 windows x86 arch:x86

c0b9af1a2e4a5fa7997766cb80ab21ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

M:\ik_br\Hermes\distribution\Hermes\ReleaseU\DXP SyncML.pdb

Imports

kernel32

ReleaseActCtx
ActivateActCtx
lstrcmpA
lstrlenA
CreateSemaphoreW
ReleaseSemaphore
FileTimeToLocalFileTime
GetStringTypeExW
GlobalAlloc
MoveFileW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
TlsGetValue
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
CompareStringW
GlobalGetAtomNameW
GetAtomNameW
GetFileAttributesExW
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetFileTime
SetErrorMode
lstrcmpW
GlobalFlags
SetThreadPriority
ResumeThread
SuspendThread
GlobalAddAtomW
GetVersionExW
GlobalDeleteAtom
GlobalFindAtomW
FreeResource
InterlockedExchange
GetLocaleInfoW
CompareStringA
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetCurrentThread
GetSystemDirectoryW
lstrcpyW
GetWindowsDirectoryW
GetNumberFormatW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetTempFileNameW
GetTempPathW
GetTickCount
GetProfileIntW
SearchPathW
VirtualProtect
GetUserDefaultLCID
ReplaceFileW
GetDiskFreeSpaceW
FindResourceExW
LocalUnlock
LocalLock
RtlUnwind
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
HeapAlloc
CreateActCtxW
VirtualAlloc
VirtualQuery
GetTimeFormatW
GetDateFormatW
HeapSetInformation
GetStartupInfoW
FindFirstFileExA
FindNextFileA
FindFirstFileExW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
SetStdHandle
GetFileType
HeapQueryInformation
HeapSize
ExitThread
ExitProcess
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
LCMapStringW
GetStdHandle
HeapCreate
HeapDestroy
GetStringTypeW
FatalAppExitA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
WriteConsoleW
SetCurrentDirectoryW
GetDriveTypeW
GetFullPathNameA
GetProcessHeap
SetEnvironmentVariableA
GlobalLock
GlobalUnlock
MulDiv
SetLastError
CopyFileW
GetFileAttributesW
SetFileAttributesW
GetCurrentProcessId
GetVersion
GetSystemInfo
GetCurrentProcess
GetComputerNameW
GetCurrentDirectoryW
CreateDirectoryW
LocalFree
CreateToolhelp32Snapshot
Process32First
Process32Next
GetTimeZoneInformation
OpenMutexW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetLocalTime
SystemTimeToFileTime
CreateFileW
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryW
DeleteFileW
ReleaseMutex
CreateMutexW
FormatMessageW
LocalAlloc
DeactivateActCtx
GlobalFree
HeapFree
GlobalSize
QueryPerformanceFrequency
WaitForMultipleObjects
ResetEvent
GetCommandLineW
GetCurrentThreadId
Sleep
CreateEventW
CreateThread
WaitForSingleObject
CloseHandle
SetEvent
LoadLibraryExW
FreeLibrary
InterlockedIncrement
GetModuleFileNameW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
lstrlenW
WideCharToMultiByte
GetSystemTime
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
GetThreadLocale
SizeofResource
CreateFileA

user32

GetIconInfo
LoadImageW
SetTimer
KillTimer
GetNextDlgGroupItem
DrawIconEx
EndDialog
CreateDialogIndirectParamW
ShowOwnedPopups
DeleteMenu
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
WindowFromPoint
SetClassLongW
LoadMenuW
GetSystemMenu
DrawStateW
DrawEdge
DrawFrameControl
CopyAcceleratorTableW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
SetRect
SetCursorPos
BringWindowToTop
LockWindowUpdate
GetKeyNameTextW
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
IsCharLowerW
MapVirtualKeyExW
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
TranslateAcceleratorW
InsertMenuItemW
GetMenuBarInfo
ReuseDDElParam
UnpackDDElParam
WaitMessage
GetDialogBaseUnits
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
InSendMessage
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
SendNotifyMessageW
FrameRect
GetUpdateRect
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
SubtractRect
EnumChildWindows
MapDialogRect
DrawIcon
DestroyCursor
WindowFromDC
GetWindowRgn
GetDCEx
GetTabbedTextExtentW
InvertRect
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetWindowPos
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowLongW
IsWindow
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
OffsetRect
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GetScrollPos
SetScrollPos
SetFocus
GetFocus
GetDesktopWindow
RealChildWindowFromPoint
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
UnregisterClassW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
GetWindowTextLengthW
GetWindowTextW
CharUpperW
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetMessageW
DispatchMessageW
GetSystemMetrics
CharNextW
ReleaseCapture
GetAsyncKeyState
SetCapture
InvalidateRect
MapVirtualKeyW
IsRectEmpty
CreatePopupMenu
GetMenuDefaultItem
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
PostQuitMessage
IsIconic
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetNextDlgTabItem
MessageBeep
NotifyWinEvent
SetCursor
EnableScrollBar
HideCaret
SendDlgItemMessageW
DrawFocusRect
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
CallNextHookEx
SetMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
RedrawWindow
UpdateWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
IntersectRect
InflateRect
CopyRect
DestroyIcon
TranslateMessage
SetWindowsHookExW
PostThreadMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
TrackPopupMenu

advapi32

RegConnectRegistryW
GetFileSecurityW
RegEnumKeyW
RegQueryValueW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegFlushKey
RegGetKeySecurity
RegLoadKeyW
RegNotifyChangeKeyValue
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetKeySecurity
RegUnLoadKeyW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueW
RegEnumKeyExW
SetFileSecurityW

ole32

CreateFileMoniker
StgOpenStorage
StgIsStorageFile
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleSetMenuDescriptor
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
PropVariantCopy
StgCreateDocfileOnILockBytes
OleSave
WriteClassStm
OleSaveToStream
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
CreateILockBytesOnHGlobal
OleLoad
GetHGlobalFromILockBytes
OleSetContainedObject
OleCreateFromFile
OleCreateLinkToFile
OleGetIconOfClass
CreateItemMoniker
CreateGenericComposite
OleRegEnumVerbs
OleRegGetMiscStatus
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleQueryCreateFromData
OleQueryLinkFromData
OleIsRunning
GetRunningObjectTable
CoGetMalloc
CreateOleAdviseHolder
CreateDataAdviseHolder
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfile
CoDisconnectObject
CLSIDFromString
OleDuplicateData
CoTreatAsClass
ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CLSIDFromProgID
CoCreateGuid
StringFromCLSID
OleRun
CoUnmarshalInterface
CoInitializeEx
CoReleaseMarshalData
CreateStreamOnHGlobal
CoMarshalInterface
CoInitialize
CoUninitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
OleCreate
CoTaskMemAlloc

oleaut32

SysReAllocStringLen
VarDateFromStr
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayGetUBound
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VarCyFromStr
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate
SafeArrayGetLBound
SafeArrayGetDim
VariantClear
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayRedim
SafeArrayGetElemsize
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VariantInit
VariantCopy
GetErrorInfo
SetErrorInfo
LoadRegTypeLi
CreateErrorInfo
SafeArrayPutElement
SafeArrayCreate
VarBstrCmp
VariantChangeType
VarBstrFromDate
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCopy

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Remove
ImageList_DrawEx

shlwapi

PathFileExistsW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathRemoveExtensionW
PathRemoveFileSpecW
PathStripToRootW

oledlg

OleUIBusyW

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipGetImagePaletteSize

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

gdi32

CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetLayout
GetLayout
SetMapperFlags
SetTextCharacterExtra
SelectClipPath
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextJustification
GetObjectW
DeleteMetaFile
CloseMetaFile
CreateMetaFileW
GetTextFaceW
GetTextAlign
GetStretchBltMode
GetROP2
GetPolyFillMode
GetBkMode
GetNearestColor
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCW
GetDeviceCaps
RoundRect
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
Rectangle
SetPixel
StretchBlt
GetDIBits
SetDIBColorTable
Polygon
Ellipse
Polyline
CreateEllipticRgn
GetTextColor
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
GetCurrentObject
StretchDIBits
CreateFontW
GetCharWidthW
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
GetBkColor
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
CreateCompatibleBitmap
CreateDIBitmap
GetTextExtentPoint32W
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateFontIndirectW
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
CreateHatchBrush
CreateSolidBrush
StartDocW
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
CreateBitmap
CreateCompatibleDC
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CopyMetaFileW

winspool.drv

DocumentPropertiesW
OpenPrinterW
GetJobW
ClosePrinter

comdlg32

GetFileTitleW

shell32

ShellExecuteExW
SHAppBarMessage
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHGetMalloc
SHAddToRecentDocs
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
ExtractIconW
SHGetFileInfoW
SHFileOperationW
ShellExecuteW
SHGetFolderPathW

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 804KB - Virtual size: 803KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0b9af1a2e4a5fa7997766cb80ab21ab

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

version

rpcrt4

msimg32

comctl32

shlwapi

oledlg

oleacc

gdiplus

imm32

winmm

gdi32

winspool.drv

comdlg32

shell32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 804KB - Virtual size: 803KB

.data Size: 46KB - Virtual size: 79KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 227KB - Virtual size: 227KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 804KB - Virtual size: 803KB

.data
Size: 46KB - Virtual size: 79KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 227KB - Virtual size: 227KB