2024-03-26_401bd3f275a1e810f46d0c29973f6f87_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-26_401bd3f275a1e810f46d0c29973f6f87_mafia
Size

13.8MB
MD5

401bd3f275a1e810f46d0c29973f6f87
SHA1

1ce61f6fc05880f1dcc8889a2111a4105c0f970b
SHA256

38aa2afad49641583fcaedb70e2119542c0b5fb417e379c28f4f6c0a8ccd6a37
SHA512

02e32b3198d28c183b56d46f79ad7d129c86bedae0ff2ebc980389735c0bcf98cd93cfa1d57313fef561331942309192de80bae03e681a3102b97882de42e8a4
SSDEEP

196608:qBnNkSdcIzZSAB6jgszucRwF9JGaiPoOWO3bx0Qpr2BjwFYCKojDt52EEVM4Iry8:yNkSCIhw0H2ahOWO6RtoDH25n8cM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-26_401bd3f275a1e810f46d0c29973f6f87_mafia

Files

2024-03-26_401bd3f275a1e810f46d0c29973f6f87_mafia
.exe windows:5 windows x86 arch:x86

64bd2f61d29bcb2836aa2bc026b08e07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Build Sources\ZIPReader 14.00.0010\PKZIP\ZIPReader0\Win32\Unicode Release\ZipReader0.pdb

Imports

crypt32

CryptVerifyMessageSignature
CertCompareCertificate
CertGetCRLFromStore
CertFindCertificateInStore
CertCompareCertificateName
CertFreeCRLContext
CertDeleteCRLFromStore
CertGetEnhancedKeyUsage
CertStrToNameA
CryptHashPublicKeyInfo
CertCreateCertificateContext
CryptImportPublicKeyInfo
CertNameToStrW
CertGetCertificateChain
PFXExportCertStoreEx
CryptGetMessageSignerCount
CertCloseStore
CertFreeCertificateChain
CryptDecodeObject
CertGetNameStringW
CertGetIntendedKeyUsage
CertGetCertificateContextProperty
CertSetCertificateContextProperty
CryptAcquireCertificatePrivateKey
CryptVerifyCertificateSignature
CertFindCertificateInCRL
CertEnumCertificatesInStore
CertOpenStore
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgGetParam
CryptMsgClose
CertAddCertificateContextToStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertDuplicateCRLContext
CertEnumCRLsInStore
CertAddCRLContextToStore
CertSaveStore
CryptSignMessage
CryptDecodeMessage

wldap32

ord73
ord145
ord219
ord13
ord167
ord79
ord142
ord147
ord301
ord127
ord27
ord26
ord41
ord208
ord118
ord216
ord14

wininet

HttpSendRequestW
InternetSetOptionW
HttpOpenRequestW
InternetConnectW
HttpQueryInfoW
InternetAttemptConnect
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetCrackUrlW
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle
InternetOpenW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

LocalFree
LocalAlloc
GetCurrentThread
SystemTimeToFileTime
GetSystemTime
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFullPathNameW
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
HeapFree
HeapAlloc
GetProcessHeap
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTimeAsFileTime
DeleteFileA
SetFileAttributesA
SetFileAttributesW
RemoveDirectoryA
RemoveDirectoryW
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileA
DeviceIoControl
CreateFileW
WaitNamedPipeW
CreateDirectoryW
CreateDirectoryA
GetShortPathNameA
GetShortPathNameW
GetFullPathNameA
SetFileTime
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetDriveTypeA
GetDriveTypeW
GetVolumeInformationA
GetVolumeInformationW
SetVolumeLabelA
SetVolumeLabelW
MoveFileA
MoveFileExA
MoveFileW
MoveFileExW
SetEndOfFile
WriteFile
GetLocalTime
FlushFileBuffers
SetFilePointer
GetFileInformationByHandle
GetFileType
FindFirstFileA
FindNextFileA
GetStringTypeA
SetNamedPipeHandleState
VirtualAlloc
VirtualFree
CreateSemaphoreW
ReleaseSemaphore
CompareFileTime
GetLocaleInfoW
GetUserDefaultUILanguage
GetLocaleInfoA
GetDateFormatA
GetDateFormatW
GetNumberFormatA
GetNumberFormatW
GetCPInfo
IsDBCSLeadByte
GetStdHandle
ExpandEnvironmentStringsA
SetConsoleCtrlHandler
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FlushConsoleInputBuffer
SetEnvironmentVariableA
SetEnvironmentVariableW
CreateProcessA
GetExitCodeProcess
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
LCMapStringW
GetTimeZoneInformation
GetStringTypeW
GetConsoleCP
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindResourceExW
lstrcpyW
WideCharToMultiByte
SetErrorMode
OutputDebugStringA
HeapCreate
InterlockedCompareExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
InterlockedPopEntrySList
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
GetConsoleMode
DecodePointer
EncodePointer
ExitThread
ExitProcess
HeapSetInformation
GetStartupInfoW
SetConsoleMode
ReadConsoleInputA
WriteConsoleW
VirtualQuery
GetSystemInfo
VirtualProtect
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
FindResourceW
MultiByteToWideChar
lstrlenA
GetCurrentThreadId
LockResource
LoadResource
lstrlenW
lstrcmpW
MulDiv
lstrcpynW
GetTickCount
InitializeCriticalSection
GetVersion
GetModuleHandleA
LoadLibraryA
GetVersionExA
FindFirstFileW
FindClose
FindNextFileW
GetWindowsDirectoryW
GetCommandLineW
LoadLibraryExW
CreateThread
Sleep
lstrcmpiW
CompareStringW
GetModuleHandleW
SetThreadPriority
WaitForSingleObject
SetEvent
ResetEvent
CloseHandle
InterlockedExchange
CreateEventW
CreateProcessW
DeleteFileW
GetVersionExW
GetProcAddress
FreeLibrary
GetSystemDirectoryW
GetFileAttributesW
LoadLibraryW
SizeofResource
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GlobalHandle
GlobalFree
GlobalLock
GlobalUnlock
SetLastError
GetModuleFileNameW
ReadFile

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
CharToOemBuffA
OemToCharBuffA
CharLowerW
CharToOemA
OemToCharA
SetRect
GetIconInfo
RegisterClipboardFormatW
CallNextHookEx
GetMenuInfo
SetMenuInfo
CopyRect
GetWindowModuleFileNameW
FindWindowW
RemoveMenu
GetSysColorBrush
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
DrawEdge
SetParent
LoadIconW
GetKeyState
GetClassLongW
DestroyMenu
SetMenuDefaultItem
InsertMenuItemW
CheckMenuItem
CreatePopupMenu
SetScrollInfo
ScrollWindowEx
GetScrollRange
GetScrollPos
InflateRect
ChildWindowFromPoint
DrawFrameControl
DrawIconEx
MessageBeep
GetTopWindow
AdjustWindowRectEx
KillTimer
SetTimer
GetMenu
GetWindowTextA
GetMessagePos
IsDlgButtonChecked
CheckDlgButton
GetWindowDC
SetWindowsHookExW
UnhookWindowsHookEx
GetDialogBaseUnits
SystemParametersInfoW
SystemParametersInfoA
GetWindowPlacement
DestroyIcon
InsertMenuW
GetCapture
GetCursorPos
SetCursor
DrawFocusRect
PtInRect
GetDlgCtrlID
IsWindowEnabled
UpdateWindow
SetRectEmpty
LoadStringW
GetDlgItemTextW
EnableWindow
GetSystemMenu
CharUpperW
PostThreadMessageW
OffsetRect
LoadBitmapW
DrawTextW
GetMenuItemInfoW
SetMenuItemInfoW
GetMenuItemCount
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetSystemMetrics
LoadImageW
LoadMenuW
GetSubMenu
EnableMenuItem
TrackPopupMenuEx
IsDialogMessageW
MessageBoxW
SetScrollRange
SetScrollPos
PostQuitMessage
SetForegroundWindow
IsWindowVisible
ShowWindow
DrawIcon
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
PostMessageW
DialogBoxIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
CreateAcceleratorTableW
RegisterClassExW
GetClassInfoExW
IsWindow
SetFocus
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
DestroyWindow
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
CharNextW
GetSysColor
SendMessageW
SetWindowContextHelpId
GetWindow
SetWindowPos
CreateWindowExW
MapDialogRect
DefWindowProcW
SetDlgItemTextW
SendDlgItemMessageW
SetWindowTextW
GetWindowLongW
SetWindowLongW
EndDialog
LoadCursorW
UnregisterClassA

gdi32

GetDIBits
CreateDIBSection
Rectangle
LPtoDP
LineTo
MoveToEx
SetWindowOrgEx
CombineRgn
CreateRectRgnIndirect
ExcludeClipRect
SetViewportOrgEx
GetCurrentObject
CreatePen
RoundRect
SetBkColor
ExtTextOutW
GetTextMetricsW
GetTextExtentPoint32W
GetClipBox
SetTextColor
DeleteObject
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectW
GetStockObject
CreateFontIndirectW
DPtoLP
SetBkMode

comdlg32

GetOpenFileNameW

advapi32

SetFileSecurityW
OpenThreadToken
OpenProcessToken
DuplicateToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
FreeSid
RegCreateKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
CryptEncrypt
CryptGenKey
CryptDeriveKey
CryptGetKeyParam
CryptSetKeyParam
CryptDecrypt
CryptExportKey
CryptDestroyKey
CryptGetUserKey
CryptContextAddRef
CryptReleaseContext
CryptDestroyHash
CryptAcquireContextW
CryptHashData
CryptGetHashParam
CryptSetHashParam
CryptCreateHash
CryptGenRandom
CryptAcquireContextA
CryptSignHashW
CryptVerifySignatureW
CryptImportKey
RegQueryValueExA
RegOpenKeyExA
LookupPrivilegeValueW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetFileSecurityA
CryptGetProvParam
AdjustTokenPrivileges

shell32

ShellExecuteW
SHGetFolderPathW
SHGetMalloc
ShellExecuteExW
ord19
ord25
SHBindToParent
ExtractIconExW
SHGetSpecialFolderLocation
ord21
ord18
SHGetFolderLocation
SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDListW
ord155
DragQueryFileW
DragFinish
SHFileOperationW
SHChangeNotify
SHGetFileInfoW

ole32

CoAddRefServerProcess
CoTaskMemFree
ReleaseStgMedium
RegisterDragDrop
CoCreateGuid
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoUninitialize
CoInitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoReleaseServerProcess
CoCreateInstance

oleaut32

SysStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
DispCallFunc
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString
SafeArrayCreate
SafeArrayPutElement

shlwapi

SHDeleteEmptyKeyW
SHDeleteKeyW
SHRegGetPathW
StrRetToBSTR
ord174
SHRegGetBoolUSValueW

comctl32

_TrackMouseEvent
ImageList_AddMasked
ImageList_Draw
ImageList_Create

msimg32

AlphaBlend
GradientFill

urlmon

CoInternetGetSession

Exports

Exports

?pkAdjustSearchResults@@YAKPAVPKActionDetails@@KPAXKPBG@Z
?pkAskForDisk@@YAKK_NPBGAAVPKString@@PAXK1@Z
?pkAskForPassword@@YAKPBG0KHAAVPKBuffer@@PAXK0@Z
?pkAskForPassword@@YAKPBG0KPAVPKPasswordCheck@@AAVPKBuffer@@PAXK0@Z
?pkAskForPasswordOrRecipients@@YAKABVPKString@@K_NV?$PKPtr@VPKCertificate@@V1@@@AAVPKBuffer@@3V?$PKPtr@VPKLDAPSearch@@V1@@@KPBGPAXK5@Z
?pkAskForPasswordOrRecipients@@YAKABVPKString@@K_NV?$PKPtr@VPKCertificate@@V1@@@HAAVPKBuffer@@3V?$PKPtr@VPKLDAPSearch@@V1@@@KPBGPAXK5@Z
?pkAskForPasswordOrRecipientsLDAP@@YAKABVPKString@@K_NPAVPKCertificateStore@@AAVPKBuffer@@3V?$PKPtr@VPKLDAPSearch@@V1@@@KPBGPAXK5@Z
?pkAskForPasswordOrRecipientsLDAP@@YAKABVPKString@@K_NPAVPKCertificateStore@@HAAVPKBuffer@@3V?$PKPtr@VPKLDAPSearch@@V1@@@KPBGPAXK5@Z
?pkAskToAssociate@@YAKPBGPAPBGKPA_N2AA_NPAXK0@Z
?pkBrowseForArchive@@YAKAAVPKString@@PAKPA_KKKPBG33PAUHWND__@@@Z
?pkBrowseForFile@@YAKAAVPKString@@PAKKAAVPKBuffer@@PAPBGKPBG44PAUHWND__@@@Z
?pkBrowseForFolder@@YAKAAVPKString@@KPBG1PAX@Z
?pkCenterWindow@@YAKPAUHWND__@@0@Z
?pkCheckForNewVersion@@YAKAAVPKBuffer@@0GAAVPKString@@0K@Z
?pkCheckForNewVersionDownload@@YAKAAVPKBuffer@@0GAAVPKString@@10KK@Z
?pkCmnDlgEnd@@YAKXZ
?pkCmnDlgInit@@YAKPAG0@Z
?pkConfirmReplace@@YAKPBGABVPKStat@@1W4FILTER_ACTION@PKItemFilterListener@@AAVPKString@@PAXK0@Z
?pkCreateProgressListener@@YA?AV?$PKPtr@VPKCmnProgressListener@@V1@@@K_K@Z
?pkDisplayAbout@@YAKAAVPKBuffer@@0KPBGPAX@Z
?pkDisplayAboutWithNVC@@YAKAAVPKBuffer@@0KPBG00G0KKPAX@Z
?pkDisplayAboutWithNVC@@YAKAAVPKBuffer@@0KPBG00G0KPAX@Z
?pkDisplayActionDetails@@YAKPAVPKActionDetails@@PAXKPBG@Z
?pkDisplayCertificateProperties@@YAKPAVPKCertificate@@KPAXKPBG@Z
?pkDisplayCertificateStrictCheck@@YAKAA_NAAKKPAXKPBG@Z
?pkDisplayCommandDialog@@YAKPBG000KKPAPBGPB_N0PA_NPAXK0@Z
?pkDisplayMessage@@YAKPBG0KPAXK0@Z
?pkDisplayMessageWithURL@@YAKPBG00PAX@Z
?pkDisplayNag@@YAKKPBG000PAXK0@Z
?pkDisplayNagEx@@YAKPAU_PKCustomNagStruct@@PAXKPBG@Z
?pkDisplayProgress@@YAKPAVCPKAction@@KPAX1KPBG@Z
?pkDisplayProperties@@YAKPAVPKExtractArchiveFile@@PAVCPKPropertiesOptions@@PAVPKArchiveItemSet@@_NPAX@Z
?pkDownloadNewVersion@@YAK_KAAVPKString@@AAVPKBuffer@@2G2KKPAX@Z
?pkExportCertPKCS12@@YAKPAVPKSession@@PAVPKCertificate@@PBG2KPAXK2K2@Z
?pkGetCertKeyUsageString@@YAKAAVPKString@@PAVPKCertificate@@@Z
?pkGetCertificates@@YAKAAVPKBuffer@@V?$PKPtr@VPKLDAPSearch@@V1@@@KPBG2PAXK2K2@Z
?pkGetDocFile@@YAPBGPAGKPBG1@Z
?pkGetExtractLocationAndOptions@@YAKPBVPKArchiveFolder@@PBVPKArchiveItemSet@@PAVCPKExtractOptions@@PAX@Z
?pkGetFileSelectionTest@@YAKPBVPKArchiveFolder@@PBVPKArchiveItemSet@@AA_NKPAXKPBG@Z
?pkGetFilesToCompress@@YAKPAVCPKAddOptions@@PAPAUIDataObject@@KKPAU2@PAX@Z
?pkGetTypesToAssociate@@YAKPAPBGKPA_N1PAXKPBG@Z
?pkGetTypesToAssociate@@YAKPAPBGKPA_N1PAXKPBGK@Z
?pkHorizCenterDlgItem@@YAKPAVCWindow@ATL@@I@Z
?pkIsInSpecialFolder@@YAKPBG@Z
?pkIsRSA@@YA_NXZ
?pkIsSECURE@@YA_NXZ
?pkMakeDestinationFromArchive@@YAKPBGAAVPKString@@@Z
?pkMakeFileFilter@@YAKPAXAAVPKBuffer@@GQAG22PAPAPBG@Z
?pkQueryLDAPServers@@YAKKV?$PKPtr@VPKLDAPSearch@@V1@@@AAV?$PKPtr@VPKCertificateStore@@V1@@@PAXKPBG@Z
?pkRemoveDefaultListeners@@YAKPAVPKArchiveContext@@@Z
?pkScheduleNextTask@@YAK_KPBG@Z
?pkScheduleTask@@YAK_KPBG11111GGAAVPKDate@@2PAXK1@Z
?pkSetDefaultListenerPassword@@YAKPAVPKArchiveContext@@AAVPKBuffer@@K@Z
?pkSetDefaultListenerRecipient@@YAKPAVPKArchiveContext@@V?$PKPtr@VPKCertificate@@V1@@@@Z
?pkSetDefaultListeners@@YAKPAVPKArchiveContext@@PAU_PKDefaultListenerStruct@@PAXPAKKPBG@Z
pkGetLocale
pkSetLocale

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 395KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64bd2f61d29bcb2836aa2bc026b08e07

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

wldap32

wininet

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

urlmon

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 395KB - Virtual size: 394KB

.data Size: 51KB - Virtual size: 91KB

.rsrc Size: 7.5MB - Virtual size: 7.5MB

.reloc Size: 155KB - Virtual size: 154KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 395KB - Virtual size: 394KB

.data
Size: 51KB - Virtual size: 91KB

.rsrc
Size: 7.5MB - Virtual size: 7.5MB

.reloc
Size: 155KB - Virtual size: 154KB