2024-04-09_6d25a19553b2785d36a26b4c42f95bea_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-09_6d25a19553b2785d36a26b4c42f95bea_mafia
Size

522KB
MD5

6d25a19553b2785d36a26b4c42f95bea
SHA1

ea27a46f64f760c272b2511f0c1729fcb5f6087f
SHA256

dc5d16e449d4333a44b4dd601e59fad68cfab41ccecde09719e43bbf28f55e7c
SHA512

782e1cdea8e1daacf5f6832d873c6cf83b3fb09125a35cbe65cca8038f834aac9ad560eaf63483aaec3b6a848297773baf8d5be0127286a10b00f3db68ebcbfb
SSDEEP

6144:Frq3taL27WW0SYl0QIqUmEzm0T8nHuhv/H9P:Frq3taq/0So0QIAim0TPhn9P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-09_6d25a19553b2785d36a26b4c42f95bea_mafia

Files

2024-04-09_6d25a19553b2785d36a26b4c42f95bea_mafia
.exe windows:5 windows x86 arch:x86

d4f182bbecca7f40d6fc9db847fc8e32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\derek\drmemory\build_package\build_drmemory-release-32\dynamorio\bin32\drconfig.pdb

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
InitiateSystemShutdownW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
LookupAccountNameW
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegSetKeySecurity
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegOpenKeyW
CloseEventLog
ReadEventLogW
GetOldestEventLogRecord
GetNumberOfEventLogRecords
NotifyChangeEventLog
OpenEventLogW
ClearEventLogW
GetSecurityInfo

drconfiglib

dr_nudge_all
dr_nudge_pid
dr_nudge_process
dr_syswide_is_on
dr_registered_process_iterator_start
dr_registered_process_iterator_hasnext
dr_registered_process_iterator_stop
dr_register_syswide
dr_unregister_syswide
dr_registered_process_iterator_next
dr_client_iterator_start
dr_client_iterator_hasnext
dr_client_iterator_next
dr_client_iterator_stop
dr_num_registered_clients
dr_register_client
dr_process_is_registered
dr_register_process
dr_get_config_dir
dr_unregister_process

kernel32

GetDriveTypeW
SetCurrentDirectoryW
GetCurrentDirectoryW
CompareStringW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileA
HeapReAlloc
HeapSize
SetEndOfFile
SetStdHandle
LCMapStringW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentProcess
GetLastError
GetCurrentThread
FindClose
FindFirstFileW
MoveFileExW
MoveFileW
DeleteFileW
LocalFree
GetProcAddress
GetModuleHandleW
GetShortPathNameW
GetSystemDirectoryW
CloseHandle
CreateDirectoryW
RemoveDirectoryW
FindNextFileW
LocalAlloc
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
CopyFileW
ExpandEnvironmentStringsW
FormatMessageW
LoadLibraryExW
CreateEventW
CreateThread
ReadProcessMemory
OpenProcess
TerminateProcess
SleepEx
ResumeThread
GetThreadContext
VirtualFreeEx
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
CreateRemoteThread
CreateFileW
GetCurrentProcessId
HeapFree
HeapAlloc
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentVariableW
GetFullPathNameW
LoadLibraryW
FreeLibrary
SetFilePointer
ReadFile
GetFileAttributesW
SetEnvironmentVariableW
ExitProcess
DecodePointer
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
GetCommandLineA
HeapSetInformation
GetStringTypeW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FatalAppExitA
EncodePointer
SetConsoleCtrlHandler
InterlockedExchange
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStartupInfoW
Sleep
RtlUnwind
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameA
GetFullPathNameA

Sections

.text
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4f182bbecca7f40d6fc9db847fc8e32

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

drconfiglib

kernel32

Sections

.text Size: 404KB - Virtual size: 404KB

.rdata Size: 89KB - Virtual size: 89KB

.data Size: 5KB - Virtual size: 14KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 404KB - Virtual size: 404KB

.rdata
Size: 89KB - Virtual size: 89KB

.data
Size: 5KB - Virtual size: 14KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB