2024-03-27_880a079406d7fef014b94a9e56f3445e_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-27_880a079406d7fef014b94a9e56f3445e_mafia
Size

12.2MB
MD5

880a079406d7fef014b94a9e56f3445e
SHA1

65aa70cd9c134e160503d7a99bd3c5a67f823780
SHA256

00416ba7448075cbe00f658f10dd33199d38a5b066530c3dc52482d696181692
SHA512

e270bb532b3c487a18a440f746ab55c76679a34dc71d8f7f391a94fd83cc1af2f3a81534301f4d782ffe4b2648fb91929eede168eb4678b58de9f2c5a96ec58e
SSDEEP

98304:7R2wLw8eSILoY0gvhVmwPmNLn+E3Ifk4snZ5y/RWFWs9UQUH1iBYNj6gZ1Z0rqqA:N22ILoYvhD2+E3F4sZsiBkuu1ZOmv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-27_880a079406d7fef014b94a9e56f3445e_mafia

Files

2024-03-27_880a079406d7fef014b94a9e56f3445e_mafia
.exe windows:5 windows x86 arch:x86

9d31cb1bdf8e8ccbc2b35c77a40e5fb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl

bugtrap

BT_SetAppVersion
BT_InstallSehFilter
BT_SetAppName
BT_GetLogFileName
BT_OpenLogFile
BT_SetFlags
BT_SetDumpType
BT_SetSupportServer
BT_AddLogFile
BT_InsLogEntry

comdlg32

GetSaveFileNameA
GetOpenFileNameA

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

dsound

DirectSoundCreate8

gdi32

SelectObject
GetTextExtentPoint32A
GetDeviceCaps
CreateCompatibleDC
GetTextExtentPointA
DeleteDC
DeleteObject
Rectangle
GetDIBits
GetPixel
SetPixel
CreateFontA
CreateCompatibleBitmap
SetBkMode
SetTextColor
CreateDIBSection
ExtTextOutA
SetStretchBltMode
GetDIBColorTable
SetBkColor
BitBlt
TextOutA
StretchBlt
CreateSolidBrush
GetStockObject
GetObjectA

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetDefaultIMEWnd
ImmGetCandidateListA
ImmGetConversionStatus
ImmGetOpenStatus
ImmSetOpenStatus
ImmSetConversionStatus
ImmGetContext
ImmIsIME

kernel32

SizeofResource
LockResource
MultiByteToWideChar
GlobalAlloc
GlobalFree
CreateFileA
WriteFile
GetModuleHandleW
SetLastError
GetModuleFileNameW
lstrcpyW
lstrcatW
lstrlenW
LoadLibraryW
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetProcAddress
GetLastError
WideCharToMultiByte
GetSystemDefaultLangID
FreeLibrary
FormatMessageA
LocalFree
lstrlen
GetVersionExA
GetModuleHandleA
GetSystemInfo
GlobalMemoryStatusEx
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateEventA
WaitForSingleObjectEx
SetEvent
GetLocalTime
CopyFileA
SetThreadAffinityMask
GetCurrentThread
GlobalLock
GlobalUnlock
ResetEvent
InterlockedDecrement
GetPrivateProfileIntA
CreateToolhelp32Snapshot
LoadResource
OpenProcess
TerminateProcess
GetExitCodeProcess
FindResourceA
Module32First
Module32Next
ReadFile
lstrcat
lstrcpy
lstrcmpi
lstrcpyn
GetFileSize
CompareFileTime
GetFileTime
GetDiskFreeSpaceExA
DeleteFileA
FindResourceW
FindResourceExW
SetCurrentDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetCPInfo
HeapReAlloc
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetFileAttributesA
CreateThread
ExitThread
MoveFileA
GetFullPathNameA
GetDriveTypeW
HeapAlloc
CreateDirectoryA
SetEnvironmentVariableA
HeapFree
ExitProcess
GetStdHandle
GetFileType
WriteConsoleW
GetCurrentThreadId
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
InterlockedCompareExchange
DecodePointer
EncodePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
InterlockedIncrement
Sleep
MulDiv
GetCurrentDirectoryA
GetTickCount
GetSystemTime
OutputDebugStringA
CloseHandle
Process32Next
SetConsoleCtrlHandler
GetACP
GetOEMCP
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
TlsAlloc
TlsGetValue
IsValidCodePage
FatalAppExitA
GetLocaleInfoW
HeapCreate
HeapDestroy
TlsSetValue
TlsFree
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
LockResource
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFilePointer
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
CreateProcessA
CreateFileW
SetEndOfFile
GetProcessHeap
CompareStringW
Process32First
LCMapStringW
VirtualProtect
Sleep

oleaut32

SysStringByteLen
SysFreeString
OleLoadPicture
CreateErrorInfo
GetErrorInfo
VariantClear
SysAllocString
VariantChangeType
VariantInit
SetErrorInfo
SysAllocStringByteLen

shell32

ShellExecuteA

user32

LoadAcceleratorsA
TranslateAccelerator
DrawMenuBar
RedrawWindow
ClientToScreen
GetForegroundWindow
AdjustWindowRectEx
SystemParametersInfoA
GetScrollInfo
EnableWindow
GetWindowTextA
SetForegroundWindow
CopyImage
SetParent
SetCapture
ReleaseCapture
PeekMessageA
UnregisterClassA
DestroyWindow
LoadImageA
DispatchMessageA
TranslateMessage
GetMessageA
RegisterClassExA
LoadCursorA
EndPaint
BeginPaint
LoadStringA
ShowWindow
MoveWindow
GetDesktopWindow
CreateDialogParamA
GetSystemMetrics
SetMenu
SetWindowLongA
SetWindowPos
GetWindowLongA
GetWindowRect
FindWindowA
CheckMenuItem
GetMenu
DefWindowProcA
PostQuitMessage
KillTimer
ActivateKeyboardLayout
UpdateWindow
LoadMenuA
CreateWindowExA
AdjustWindowRect
RegisterClassA
LoadIconA
DestroyCursor
SetCursor
GetKeyboardLayout
EndDialog
GetDlgItem
DialogBoxParamA
PostMessageA
wsprintfA
GetAsyncKeyState
SendMessageA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetKeyState
MessageBoxA
SetWindowTextA
PtInRect
SetRect
GetClientRect
ScreenToClient
GetCursorPos
ReleaseDC
GetDC
SetTimer

wininet

InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoA
InternetOpenUrlA
InternetCloseHandle
InternetOpenA

winmm

timeGetTime
mmioDescend
mmioRead
mmioAscend
mmioCreateChunk
mmioOpenA
mmioClose
mmioSetInfo
mmioSeek
mmioGetInfo
mmioAdvance
mciSendCommandA
mmioWrite

ws2_32

socket
getsockopt
setsockopt
closesocket
send
WSACleanup
WSAStartup
inet_ntoa
gethostbyname
gethostname
htons
inet_addr
connect
WSAGetLastError
select
__WSAFDIsSet
recv
ioctlsocket

ijl11

ijlFree
ijlWrite
ijlInit

ole32

CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize

Sections

Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Tut4you
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wgbbzgnw
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdikadnh
Size: 4KB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PE_ADS
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9d31cb1bdf8e8ccbc2b35c77a40e5fb7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bugtrap

comdlg32

ddraw

dsound

gdi32

imm32

kernel32

oleaut32

shell32

user32

wininet

winmm

ws2_32

ijl11

ole32

Sections

Size: 7.6MB - Virtual size: 7.6MB

.rsrc Size: 9KB - Virtual size: 12KB

.Tut4you Size: 4KB - Virtual size: 4KB

Size: 3.1MB - Virtual size: 3.1MB

wgbbzgnw Size: 1.4MB - Virtual size: 1.4MB

rdikadnh Size: 4KB - Virtual size: 6.4MB

PE_ADS Size: 41KB - Virtual size: 44KB

.rsrc
Size: 9KB - Virtual size: 12KB

.Tut4you
Size: 4KB - Virtual size: 4KB

wgbbzgnw
Size: 1.4MB - Virtual size: 1.4MB

rdikadnh
Size: 4KB - Virtual size: 6.4MB

PE_ADS
Size: 41KB - Virtual size: 44KB