2024-03-28_e6f8a40b36a47a8035a15f9864ee2171_mafia_sakula

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-28_e6f8a40b36a47a8035a15f9864ee2171_mafia_sakula
Size

562KB
MD5

e6f8a40b36a47a8035a15f9864ee2171
SHA1

1a4afd0bca93c237b5feafaa8c5a94c1c79b90a4
SHA256

947298bc4108fbed1b3976e86eaa546e5aa4afcb260232f6b98a6d6265aa74e1
SHA512

b3550c262e9cd1b679b545540ec0524b0eec0a95794d1e05c2705bbfa7682c2da13d2b132f8e2aefc6e0e2685aca0e70d94f5c582d5e6b02cedcd11a27d849c9
SSDEEP

12288:KtrpKcdgCqDlbUHWQiRLT/x6fNKhet8qpIC2SOdVuXpTrNLhL:EgcqCo2C34GGIaOdg5TrB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-28_e6f8a40b36a47a8035a15f9864ee2171_mafia_sakula

Files

2024-03-28_e6f8a40b36a47a8035a15f9864ee2171_mafia_sakula
.exe windows:5 windows x86 arch:x86

e208157c5dae13442924a207a67ddba6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\cygwin\home\Administrator\6.3.0build27\EliseServiceContainer\Win32\Release\EliseServiceContainer.pdb

Imports

iphlpapi

GetAdaptersInfo

psapi

GetProcessMemoryInfo

mswsock

GetAcceptExSockaddrs
AcceptEx

kernel32

GetDriveTypeA
FindClose
GetDriveTypeW
QueryPerformanceFrequency
SetCriticalSectionSpinCount
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetSystemInfo
GetTempPathA
GetComputerNameA
CloseHandle
GetCurrentProcess
RaiseException
GetCurrentThreadId
SetThreadAffinityMask
GetCurrentThread
WaitForSingleObject
SwitchToThread
Sleep
QueryPerformanceCounter
GetCurrentProcessId
ExitProcess
GetProcessWorkingSetSize
SetProcessAffinityMask
GetProcessTimes
TerminateProcess
GetLastError
ReadFile
WriteFile
GetPriorityClass
GetModuleFileNameA
GetFullPathNameA
SetHandleInformation
FormatMessageA
GetProcAddress
LoadLibraryA
GetLocalTime
CreateFileA
SetUnhandledExceptionFilter
GetModuleHandleA
GetNumaProcessorNode
GetProcessAffinityMask
GetNumaNodeProcessorMask
CreateSemaphoreA
ReleaseSemaphore
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
FindFirstFileExA
MultiByteToWideChar
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
ExitThread
CreateThread
GetSystemTimeAsFileTime
SetEnvironmentVariableA
GetCPInfo
LCMapStringW
GetModuleHandleW
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
GetTickCount
IsProcessorFeaturePresent
GetLocaleInfoW
UnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
HeapSize
VirtualQuery
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
FreeLibrary
LoadLibraryW
SetStdHandle
WriteConsoleW
CompareStringW
CreateFileW
SetEndOfFile
GetProcessHeap
GetCurrentDirectoryW
GetFileInformationByHandle
WideCharToMultiByte
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeZoneInformation
ResetEvent
SetEvent
CreateEventA
PeekNamedPipe

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidA

ws2_32

setsockopt
socket
WSAGetLastError
WSASend
WSARecv
recv
getsockname
listen
bind
WSAStartup
inet_addr
gethostbyname
ntohs
htons
select
send
connect
closesocket

Sections

.text
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e208157c5dae13442924a207a67ddba6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

psapi

mswsock

kernel32

advapi32

ws2_32

Sections

.text Size: 408KB - Virtual size: 408KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 10KB - Virtual size: 19KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 408KB - Virtual size: 408KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 10KB - Virtual size: 19KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 30KB - Virtual size: 29KB