2024-04-08_203dc83dd3747b38f212b828649b3668_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-08_203dc83dd3747b38f212b828649b3668_mafia
Size

5.3MB
MD5

203dc83dd3747b38f212b828649b3668
SHA1

5059ed589174027e6b1e6caedd0cda3652813772
SHA256

13b7c2239468e846b597777d6c8ebae760ba0c9db3467ad38f820101e48d037e
SHA512

c4f08228df27eb4d90c7125f30401b2811bb285ce6d4c97c5c17638b3b75bcdc3ee6cdaf806ade34525dea8a120366cd2ba48f3394c1024675deb8fce09ec5c3
SSDEEP

98304:qjjwm7DRP3nMo2CO8c9PF9MHYU8bE0uMiIVzP2W5Hq1FYFTxsuovQVmc+GAW+uNH:qnwm7DRP3nMo2CO8UF9MHYU8bE0uMiIN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-08_203dc83dd3747b38f212b828649b3668_mafia

Files

2024-04-08_203dc83dd3747b38f212b828649b3668_mafia
.exe windows:5 windows x86 arch:x86

8dc3401a50c455f8d608305e2750b0bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

RealizePalette
SetTextAlign
GetGlyphOutlineA
PtInRegion
CreatePolygonRgn
SetTextColor
GetDeviceCaps
GetPaletteEntries
CreateEllipticRgn
SetGraphicsMode
GetCharABCWidthsA
GetTextCharsetInfo
CreateDIBSection
GetCharABCWidthsFloatW
GetTextExtentPoint32W
GdiFlush
GetObjectW
SelectClipRgn
GetTextMetricsA
GetTextMetricsW
CreateRectRgn
DeleteObject
SelectPalette
BitBlt
EnumFontFamiliesExA
GetTextFaceW
CreateFontIndirectA
GetCharABCWidthsW
CreatePalette
EnumFontFamiliesExW
CreateCompatibleDC
GetFontData
SelectObject
SetWorldTransform
CreateCompatibleBitmap
CombineRgn
DeleteDC
ExtCreateRegion
SetBkMode
OffsetRgn
GetRegionData
ExtTextOutW
EqualRgn
GetStockObject
GetRgnBox
GetObjectA
GetDIBits
CreateBitmap
CreateFontIndirectW
GetTextFaceA
GetGlyphOutlineW
GetOutlineTextMetricsA

oleaut32

VariantInit
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocString

imm32

ImmAssociateContext
ImmSetCandidateWindow
ImmGetDefaultIMEWnd
ImmGetCompositionStringA
ImmNotifyIME
ImmReleaseContext
ImmGetCompositionStringW
ImmSetCompositionFontW
ImmSetCompositionFontA
ImmSetCompositionWindow
ImmGetContext

winmm

PlaySoundW
PlaySoundA

ws2_32

gethostname
ioctlsocket
__WSAFDIsSet
select
recvfrom
sendto
htonl
listen
accept
WSAResetEvent
WSACloseEvent
WSASetLastError
connect
socket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAEnumNetworkEvents
recv
WSAEventSelect
WSACreateEvent
getaddrinfo
WSAIoctl
WSAWaitForMultipleEvents
freeaddrinfo
WSAStartup
WSACleanup
WSAGetLastError
send
closesocket
WSAAsyncSelect

ole32

CoTaskMemFree
OleGetClipboard
CoLockObjectExternal
CoGetMalloc
CoCreateInstance
CoUninitialize
RegisterDragDrop
CoInitialize
CoCreateGuid
StringFromGUID2
OleInitialize
ReleaseStgMedium
OleUninitialize
RevokeDragDrop
OleSetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard

user32

SetParent
PostMessageW
CharNextExA
RegisterWindowMessageW
GetDC
SetWindowLongA
UnhookWindowsHookEx
BeginPaint
PeekMessageA
DefWindowProcW
UnregisterClassA
GetCursorPos
LoadCursorW
IsZoomed
SendMessageA
GetWindowRect
MapVirtualKeyW
ScrollWindowEx
GetClassInfoA
GetKeyboardLayout
MoveWindow
InvalidateRect
ReleaseCapture
SetCaretBlinkTime
DestroyCursor
UnregisterClassW
IsWindowVisible
SetDoubleClickTime
EndPaint
ToUnicode
MapVirtualKeyA
CreateWindowExA
DestroyWindow
SetForegroundWindow
SetWindowPlacement
GetDoubleClickTime
GetMenu
GetActiveWindow
DefWindowProcA
GetWindowLongW
LoadImageW
SystemParametersInfoW
GetDesktopWindow
CreateWindowExW
HideCaret
TranslateMessage
MsgWaitForMultipleObjectsEx
IsChild
SetClipboardViewer
GetClipboardFormatNameW
SetCursor
RegisterClipboardFormatW
ScreenToClient
SetWindowPos
LoadIconW
GetSysColorBrush
ChangeClipboardChain
InvalidateRgn
GetKeyState
DestroyIcon
SetWindowRgn
PostMessageA
GetKeyboardState
RegisterClassW
PeekMessageW
CreateIconIndirect
SetFocus
SetCapture
IsIconic
SetCaretPos
GetSystemMenu
SetMenuItemInfoW
GetParent
WindowFromPoint
DispatchMessageA
KillTimer
UpdateWindow
GetClipboardFormatNameA
RegisterClipboardFormatA
ToAscii
SendMessageW
DrawIconEx
MessageBeep
LoadCursorA
LoadIconA
GetClassInfoW
ReleaseDC
SetWindowTextW
GetFocus
ClipCursor
GetClientRect
TrackPopupMenuEx
GetWindowPlacement
GetKeyboardLayoutList
ValidateRgn
AdjustWindowRectEx
SetTimer
GetSysColor
ClientToScreen
SetWindowTextA
SetWindowLongW
SetCursorPos
EnableMenuItem
ShowWindow
GetWindowLongA
CreateCursor
SystemParametersInfoA
GetIconInfo
RegisterClassA
GetWindowRgn
GetSystemMetrics
GetCaretBlinkTime
DestroyCaret
RegisterWindowMessageA
GetUpdateRect
CreateCaret
DispatchMessageW

advapi32

RegCreateKeyExA
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
CryptDestroyHash
RegDeleteKeyW
RegQueryInfoKeyW
CryptCreateHash
CryptImportKey
CryptAcquireContextA
RegSetValueExA
CryptReleaseContext
RegEnumKeyExW
RegCloseKey
CryptEncrypt
RegDeleteKeyA
RegQueryValueExA
RegEnumKeyExA
CryptGenRandom
RegQueryValueExW
CryptGetHashParam
RegEnumValueA
RegFlushKey
RegEnumValueW
RegOpenKeyExA
RegOpenKeyExW
CryptHashData
RegQueryInfoKeyA
CryptDestroyKey
RegDeleteValueA

shell32

ShellExecuteA
ShellExecuteW

kernel32

GlobalSize
lstrcmpW
MoveFileExA
SleepEx
GetFileAttributesA
CreateSemaphoreA
GetLogicalDrives
CreateFileA
GetFileAttributesExA
GetDriveTypeA
GetModuleHandleW
GetFullPathNameW
SetThreadPriority
GetTimeFormatW
GetLocalTime
InterlockedDecrement
GetVersionExA
GetCurrentThreadId
ResumeThread
FindNextFileA
SetCurrentDirectoryW
GetThreadPriority
GetOEMCP
TlsSetValue
SetErrorMode
HeapSetInformation
EnterCriticalSection
UnmapViewOfFile
PeekNamedPipe
GetEnvironmentVariableA
QueryPerformanceFrequency
GetFileTime
TlsAlloc
MapViewOfFile
LoadLibraryA
ExitProcess
GetTimeFormatA
GetCurrentProcessId
ReadFile
FindNextFileW
GetLastError
InterlockedExchange
GetDateFormatW
GetConsoleCP
GetStartupInfoW
UnhandledExceptionFilter
GetDateFormatA
GetFileType
SetEnvironmentVariableA
GetCPInfo
GetStringTypeW
CloseHandle
FormatMessageW
CreateEventA
CopyFileW
LCMapStringW
MoveFileW
GetProcessHeap
TlsFree
GetCurrentThread
GetCommandLineA
GlobalLock
ResetEvent
WriteFile
HeapSize
LocalFree
MoveFileA
GetEnvironmentStringsW
GetUserDefaultLangID
SystemTimeToTzSpecificLocalTime
GetProcAddress
SystemTimeToFileTime
CreateEventW
Sleep
GetLocaleInfoA
RaiseException
FreeLibrary
GetTickCount64
GetTickCount
GetSystemTimeAsFileTime
HeapAlloc
LeaveCriticalSection
CreateFileMappingW
DeleteCriticalSection
ExitThread
CreateFileMappingA
WaitForMultipleObjects
SetEndOfFile
EnumSystemLocalesA
GetModuleFileNameW
GetUserDefaultLCID
FileTimeToLocalFileTime
CreateDirectoryA
InterlockedIncrement
TlsGetValue
VerifyVersionInfoW
InitializeCriticalSectionAndSpinCount
OpenFileMappingW
VirtualQuery
WideCharToMultiByte
GetCommandLineW
GetCurrentProcess
IsValidLocale
GetFullPathNameA
DuplicateHandle
RtlUnwind
FreeEnvironmentStringsW
CreateFileW
SetFileAttributesA
CopyFileA
SetUnhandledExceptionFilter
GetDriveTypeW
SetCurrentDirectoryA
FindFirstFileExA
GetModuleHandleA
IsValidCodePage
SetEvent
FlushFileBuffers
GetFileAttributesW
CreateDirectoryW
DecodePointer
IsProcessorFeaturePresent
FileTimeToSystemTime
VerSetConditionMask
WriteConsoleW
SetHandleCount
TerminateThread
SetStdHandle
FindClose
GlobalAlloc
IsDebuggerPresent
GetCurrentDirectoryA
GetCurrentDirectoryW
FindFirstFileW
CompareStringW
WaitForSingleObject
ExpandEnvironmentStringsA
EncodePointer
CreateProcessW
OutputDebugStringA
HeapFree
HeapCreate
GetFileAttributesExW
SetFileAttributesW
TerminateProcess
DeleteFileW
CreateProcessA
CreateSemaphoreW
GetSystemDirectoryA
QueryPerformanceCounter
GetStdHandle
ReleaseSemaphore
GetACP
LoadLibraryW
GetTimeZoneInformation
FormatMessageA
SetFilePointer
HeapReAlloc
GetFileSize
GlobalUnlock
SetLastError
GetSystemInfo
DeleteFileA
RemoveDirectoryA
RemoveDirectoryW
MultiByteToWideChar
GetConsoleMode
GetModuleFileNameA
InitializeCriticalSection
OutputDebugStringW
GetFileSizeEx
GetFileInformationByHandle
OpenFileMappingA
CreateThread
FindFirstFileA
GetLocaleInfoW

crypt32

CertCreateCertificateChainEngine
CertGetCertificateChain
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptQueryObject
CertFindExtension
CertFreeCertificateContext
CryptStringToBinaryA
CertFindCertificateInStore
CertFreeCertificateChain

wldap32

ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord41
ord46
ord60
ord50
ord143
ord217
ord211
ord22
ord45

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8dc3401a50c455f8d608305e2750b0bf

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

oleaut32

imm32

winmm

ws2_32

ole32

user32

advapi32

shell32

kernel32

crypt32

wldap32

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 28KB - Virtual size: 49KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 203KB - Virtual size: 202KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 28KB - Virtual size: 49KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 203KB - Virtual size: 202KB