2024-04-11_9eaa4ecd8e44c9acd3779fcb56893b78_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-11_9eaa4ecd8e44c9acd3779fcb56893b78_mafia
Size

1.3MB
MD5

9eaa4ecd8e44c9acd3779fcb56893b78
SHA1

3b763a890c18ed0e5801b03591a59ddd004897bd
SHA256

bacec0d7b2041a237963c6a1d9a193cb210d12a0b00574806a3458c3c87f28dc
SHA512

f4525ef4c4d4b749a12fb965eab4bffc66d82fa2b77022b67ac16c03000f39127f4effdddc18e2f986bdf6a56a3dd686d1238928e620569e252151ca7ef00334
SSDEEP

24576:hLcHiGt2c+SdRPP6X2LjylctLmCy3LQA4F8U1rWNivf9hpEaViqt:iht2/SdRPP6wulYAw1KNQEY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-04-11_9eaa4ecd8e44c9acd3779fcb56893b78_mafia

Files

2024-04-11_9eaa4ecd8e44c9acd3779fcb56893b78_mafia
.exe windows:5 windows x86 arch:x86

4835d3a8771244d246f2f717aaee55ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\git\binaries\Installer\Release\ZonaRunner.pdb

Imports

gdiplus

GdiplusStartup

wininet

InternetSetCookieW
InternetCrackUrlW
HttpOpenRequestW
HttpQueryInfoW
HttpAddRequestHeadersW
InternetSetOptionW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetQueryOptionW
InternetOpenW
InternetCloseHandle

kernel32

OpenProcess
TerminateProcess
GetLastError
CloseHandle
GetCurrentProcessId
GetSystemDefaultLangID
ExitProcess
GetCommandLineW
GetEnvironmentVariableW
FindFirstFileW
FindResourceW
FreeLibrary
LoadResource
CreateDirectoryW
WaitForSingleObject
GetModuleHandleW
WriteFile
GetSystemDirectoryW
LoadLibraryW
SizeofResource
GetVersionExW
CreateFileW
GetProcAddress
FindClose
LockResource
RemoveDirectoryW
FindNextFileW
GetShortPathNameW
GetWindowsDirectoryW
DeleteFileW
SetFileAttributesW
GetTempFileNameW
SetFilePointer
GetDriveTypeW
CreateProcessW
SystemTimeToFileTime
GetCurrentProcess
GlobalLock
GlobalAlloc
WideCharToMultiByte
Sleep
GetExitCodeProcess
GetFileAttributesW
ReadFile
GetModuleFileNameW
MultiByteToWideChar
GlobalUnlock
GetTempPathW
GetFileSizeEx
SetLastError
GlobalFree
Process32FirstW
LocalAlloc
CreatePipe
Process32NextW
CreateToolhelp32Snapshot
IsValidCodePage
GetSystemTime
ExpandEnvironmentStringsW
GetUserDefaultLangID
CreateMutexW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileSize
FormatMessageW
GetExitCodeThread
SetFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetTickCount
InterlockedDecrement
lstrlenW
SetConsoleCtrlHandler
GlobalMemoryStatusEx
HeapCreate
GetLocaleInfoW
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CompareStringW
LCMapStringW
RtlUnwind
GetCPInfo
FlushFileBuffers
RaiseException
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileExW
GetSystemTimeAsFileTime
HeapReAlloc
GetStartupInfoW
HeapSetInformation
SetCurrentDirectoryW
SetEnvironmentVariableW
GetFullPathNameW
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
SetStdHandle
CreateFileA
GetUserDefaultLCID
TlsSetValue
TlsFree
GetCurrentThreadId
CreateThread
DeleteCriticalSection
GetFileType
QueryPerformanceCounter
HeapSize
GetConsoleCP
GetConsoleMode
GetACP
FreeResource
GetOEMCP
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEndOfFile
GetProcessHeap
GetTimeZoneInformation
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
LocalFree
SetHandleCount

user32

TranslateMessage
GetMessageW
TranslateAcceleratorW
PostQuitMessage
LoadAcceleratorsW
LoadIconW
DispatchMessageW
UpdateWindow
EnableWindow
SetWindowTextW
GetClientRect
SendMessageW
EndPaint
GetWindowRect
LoadCursorW
BeginPaint
GetClassInfoW
RegisterClassExW
GetWindowLongW
SetWindowLongW
CreateWindowExW
DefWindowProcW
wsprintfW
GetDesktopWindow
SetTimer
SetActiveWindow
KillTimer
EnumWindows
BringWindowToTop
GetWindowTextW
GetClassNameW
SetWindowPos
ShowWindow
GetSystemMetrics
SwitchToThisWindow
GetWindowThreadProcessId
DestroyWindow

gdi32

SetTextColor
SetBkMode
SetTextAlign
TextOutW
SelectObject
CreateFontW

advapi32

RegSetValueExW
RegCloseKey
RegQueryValueExW
EqualSid
RegCreateKeyExW
GetTokenInformation
OpenProcessToken
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegOpenKeyExW
RegEnumKeyExW

shell32

CommandLineToArgvW
ShellExecuteW
SHCreateDirectoryExW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteExW

ole32

CoCreateGuid
StringFromGUID2

shlwapi

StrToIntW
PathRemoveFileSpecW
wnsprintfW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 828KB - Virtual size: 827KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4835d3a8771244d246f2f717aaee55ac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

version

Sections

.text Size: 378KB - Virtual size: 377KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 14KB - Virtual size: 23KB

.rsrc Size: 828KB - Virtual size: 827KB

.reloc Size: 26KB - Virtual size: 25KB

.zero Size: 4KB - Virtual size: 3KB

.text
Size: 378KB - Virtual size: 377KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 14KB - Virtual size: 23KB

.rsrc
Size: 828KB - Virtual size: 827KB

.reloc
Size: 26KB - Virtual size: 25KB

.zero
Size: 4KB - Virtual size: 3KB