2024-04-10_69ddc235bc220e3533f14d0febb905b9_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-10_69ddc235bc220e3533f14d0febb905b9_mafia
Size

9.8MB
MD5

69ddc235bc220e3533f14d0febb905b9
SHA1

8986cfa436b68be6076e2e4f528db524ea891e40
SHA256

bf82debdcdaf32903a23d43d0acebfc57cd2a99bf16561aceaf874da51e79ff6
SHA512

ff63817bec358a0c65f724d1446ad73effd27dbaea43c65087d4faa221518f70138c32522ad94ca427beb2a86c31a2e02723b6f526a82906051ffb5ce6087817
SSDEEP

196608:yr0zEeRrX3XS4i9KAdXOlC46Ycad8VFfXWpkprX13AcDt:1rri4fAdelWrq8bXuk9XdpDt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-10_69ddc235bc220e3533f14d0febb905b9_mafia

Files

2024-04-10_69ddc235bc220e3533f14d0febb905b9_mafia
.exe windows:5 windows x86 arch:x86

8d1c7b9cc04b04aef60322e3dceb059a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

IIDFromString
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

shell32

SHGetFolderPathW
CommandLineToArgvW
SHGetFolderPathA

user32

CharNextA
wsprintfA
LoadStringA
MessageBoxA
DispatchMessageA
MsgWaitForMultipleObjectsEx
IsWindowUnicode
PeekMessageA
TranslateMessage
GetMessageW
DispatchMessageW
GetMessageA

kernel32

UnhandledExceptionFilter
LCMapStringW
RtlUnwind
GetCPInfo
HeapReAlloc
SetStdHandle
FindFirstFileExW
GetDriveTypeW
FileTimeToLocalFileTime
GetFullPathNameW
CreateDirectoryW
GetConsoleMode
GetConsoleCP
GetFileType
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
VirtualQuery
GetSystemInfo
GetCommandLineW
FindResourceA
lstrlenA
GetModuleHandleExA
FreeLibrary
LoadResource
InterlockedIncrement
InterlockedDecrement
SetEvent
GetCommandLineA
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
SizeofResource
CreateEventA
SetDllDirectoryA
IsDBCSLeadByte
MultiByteToWideChar
lstrlenW
RaiseException
GetLastError
lstrcmpiA
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
DeleteCriticalSection
CloseHandle
CreateThread
LockResource
DeleteFileA
CreateFileA
WriteFile
GetSystemDirectoryA
lstrcatA
SetUnhandledExceptionFilter
GetTempPathA
GetTickCount
GetCurrentProcessId
LocalFree
ReadFile
FileTimeToSystemTime
GetNativeSystemInfo
GetCurrentProcess
GetSystemWow64DirectoryA
MoveFileExA
GetFileAttributesA
FindFirstFileA
RemoveDirectoryA
FindClose
FindNextFileA
Sleep
FormatMessageW
GetLocalTime
GetCurrentThreadId
PeekNamedPipe
SetHandleInformation
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
TerminateProcess
CreatePipe
GetSystemDefaultUILanguage
GetThreadLocale
GetUserDefaultUILanguage
ExitProcess
GetLocaleInfoA
FormatMessageA
OpenProcess
LoadLibraryA
LocalAlloc
LoadLibraryExW
GetModuleHandleExW
LoadLibraryW
CreateFileW
IsDebuggerPresent
SetFilePointerEx
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
IsProcessorFeaturePresent
HeapCreate
GetStdHandle
GetModuleFileNameW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapSize
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
SetEndOfFile
GetProcessHeap
WriteConsoleW
FlushFileBuffers
GetCurrentDirectoryW
GetFileInformationByHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
CompareStringW
SetEnvironmentVariableA
CreateDirectoryA
HeapAlloc
VirtualProtect
VirtualAlloc
GetModuleHandleW
HeapFree

advapi32

RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryInfoKeyW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
GetWindowsAccountDomainSid
CopySid
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegDeleteKeyA

oleaut32

GetErrorInfo
SysFreeString
VarUI4FromStr

shlwapi

PathAppendA

crypt32

CryptProtectData
CryptUnprotectData
CryptBinaryToStringA
CryptStringToBinaryA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW

msi

ord117
ord141
ord168
ord160
ord158
ord115
ord159
ord87
ord8
ord44
ord204
ord91
ord189
ord67
ord31
ord137

Sections

.text
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187.5MB - Virtual size: 187.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d1c7b9cc04b04aef60322e3dceb059a

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shell32

user32

kernel32

advapi32

oleaut32

shlwapi

crypt32

version

msi

Sections

.text Size: 356KB - Virtual size: 356KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 187.5MB - Virtual size: 187.5MB

.reloc Size: 182KB - Virtual size: 182KB

.text
Size: 356KB - Virtual size: 356KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 187.5MB - Virtual size: 187.5MB

.reloc
Size: 182KB - Virtual size: 182KB