2024-04-08_4a989ce24e39dabc7ca5707964deca77_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-08_4a989ce24e39dabc7ca5707964deca77_mafia
Size

4.6MB
MD5

4a989ce24e39dabc7ca5707964deca77
SHA1

20d93cb1efcb5b74ecf279828f762e9e9ad517f6
SHA256

f96f31a9bfa54b15b0c1a58805cf94c09caf7e8231e3911383b2841df748b30f
SHA512

cbb57e68fd27d190e26ed7a9bd0cc478d1c3b566600744971fb0c2285409c6b06fa2b1ed0d0dc4b7a0138deb11f52e4fee664b25efbebfd55f48b8349c500a31
SSDEEP

98304:uDHjjTN/1RSNhxo4f5PIK9lKtlra/LtX0gnbO+q0MW:gjjR9IL24WK9lK2Jkgf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-08_4a989ce24e39dabc7ca5707964deca77_mafia

Files

2024-04-08_4a989ce24e39dabc7ca5707964deca77_mafia
.exe windows:5 windows x86 arch:x86

595f89c4f248fcbb5c02ba2604718463

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\buildagent_prod\workspace\4800\Installer\AMT\Release\Setup.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

LoadLibraryW
GetVersion
WaitForSingleObject
GetEnvironmentVariableW
GetSystemPowerStatus
GetTempPathW
GetTempFileNameW
CreateDirectoryW
MoveFileW
MoveFileExW
ExpandEnvironmentStringsW
GetFileSize
SizeofResource
GetFileAttributesW
IsWow64Process
GetCurrentProcess
MultiByteToWideChar
CreateProcessW
GetExitCodeProcess
GetCurrentDirectoryW
GetDriveTypeW
GetProcAddress
EnumResourceLanguagesW
FreeLibrary
GetLocaleInfoW
GetUserDefaultLangID
GetUserDefaultUILanguage
LoadLibraryExW
GetNativeSystemInfo
VerSetConditionMask
VerifyVersionInfoW
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
OpenMutexW
ReleaseMutex
CreateMutexW
MulDiv
SetStdHandle
GetConsoleMode
GetConsoleCP
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
DeleteFileW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
HeapSize
IsProcessorFeaturePresent
HeapCreate
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCPInfo
RtlUnwind
RaiseException
CreateThread
GetCurrentThreadId
ExitThread
GetStartupInfoW
HeapSetInformation
HeapFree
HeapAlloc
DecodePointer
EncodePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RemoveDirectoryW
CopyFileW
SetFileAttributesW
GetModuleFileNameW
LocalAlloc
lstrlenW
InterlockedDecrement
LocalFree
FormatMessageW
ExitProcess
LockResource
LoadResource
GetModuleHandleW
LoadLibraryA
FindResourceW
GetLocalTime
SetFilePointer
GetTickCount
GetCommandLineW
GetVersionExW
FindClose
FindNextFileW
FindFirstFileW
DeviceIoControl
ReadFile
WriteFile
Sleep
CreateFileW
GetLastError
CloseHandle
GetStringTypeW
WideCharToMultiByte
InterlockedExchange
InterlockedCompareExchange
InterlockedIncrement
WriteConsoleW
FlushFileBuffers

user32

InflateRect
SetClassLongW
SetCursor
wsprintfW
MapDialogRect
SetFocus
OffsetRect
CallWindowProcW
AdjustWindowRectEx
SetRectEmpty
CopyRect
MapWindowPoints
GetSystemMetrics
GetClassNameW
ReleaseDC
DrawTextW
GetDC
GetWindowTextLengthW
LoadStringW
ExitWindowsEx
MessageBoxW
MoveWindow
MessageBoxIndirectW
FillRect
SetRect
GetWindowLongW
EnableWindow
LoadImageW
SetDlgItemTextW
InvalidateRect
SendMessageW
GetParent
CreateWindowExW
EndDialog
SetWindowTextW
GetWindowTextW
GetWindow
GetDlgItem
GetClientRect
SetWindowPos
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
DestroyWindow
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
ShowWindow
SetWindowLongW
CreateDialogIndirectParamW
LoadCursorW

gdi32

GetTextMetricsW
GetDeviceCaps
DeleteObject
DeleteDC
StretchBlt
BitBlt
SelectObject
CreateCompatibleDC
SetBkMode
SetTextColor
GetObjectW
CreateFontW
GetStockObject

advapi32

LookupPrivilegeValueW
RegQueryValueExW
RegCloseKey
RegSetValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
RegDeleteKeyW
AdjustTokenPrivileges
RegOpenKeyExW
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCreateKeyExW

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHGetFolderLocation
SHFileOperationW
CommandLineToArgvW
ShellExecuteW
SHCreateDirectoryExW
SHBrowseForFolderW

ole32

OleRun
CoCreateInstance
CoInitialize

oleaut32

GetErrorInfo
SysFreeString
SysStringLen
VariantInit
VariantCopy
VariantClear
SysAllocString

shlwapi

PathMatchSpecW
PathGetCharTypeW
PathStripToRootW
PathIsUNCW
PathCombineW
PathIsRelativeW
PathFileExistsW
PathRemoveArgsW
PathGetArgsW
PathQuoteSpacesW
PathFindFileNameW
PathRemoveExtensionW
PathFindExtensionW
PathRemoveFileSpecW
PathAppendW
PathSkipRootW

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupOpenInfFileW
SetupCloseInfFile
SetupFindNextLine
SetupGetStringFieldW
SetupGetLineTextW
SetupFindFirstLineW

cabinet

ord23
ord22
ord20

Sections

.text
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

595f89c4f248fcbb5c02ba2604718463

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

setupapi

cabinet

Sections

.text Size: 269KB - Virtual size: 269KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 7KB - Virtual size: 17KB

.rsrc Size: 4.3MB - Virtual size: 4.3MB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 269KB - Virtual size: 269KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 7KB - Virtual size: 17KB

.rsrc
Size: 4.3MB - Virtual size: 4.3MB

.reloc
Size: 27KB - Virtual size: 27KB