2024-04-11_71fae60178ec226b80561c43daa7d34c_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-11_71fae60178ec226b80561c43daa7d34c_mafia
Size

1.1MB
MD5

71fae60178ec226b80561c43daa7d34c
SHA1

3b7cc9126638e7f1e21a7bb63a30e9180a0bf693
SHA256

0195f883a64a6a7aa72d2d983cd06a34e4a8fd738df3f7780feea81f04ff0d73
SHA512

af8f9ab5f031f9fa5bc3215aa23076b0ced5f58ffdb5a52ba7600a269c9ebeaeac6a81d3112b4df85b8a92eb3981df6306617bb882fa349e473ba7127113fda7
SSDEEP

24576:r0OS2xxr/4P63I1xWHUCPm2RIXPMDlzQBiNdvDDQHFOuYtGTYh8UEvm1c:YyrFqpv2RIXPMDuBwdvXgFOsTM8U6ic

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-11_71fae60178ec226b80561c43daa7d34c_mafia

Files

2024-04-11_71fae60178ec226b80561c43daa7d34c_mafia
.exe windows:5 windows x86 arch:x86

fe916e046eabea9bca02bcbafe4844bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\DC_NATIVE_11_3_2400_12_1_meaap_crash\dc_native\native\agent\Release\meaap.pdb

Imports

psapi

GetModuleFileNameExA

winhttp

WinHttpOpen
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpConnect
WinHttpSetCredentials
WinHttpQueryOption
WinHttpWriteData
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpSetOption
WinHttpReceiveResponse
WinHttpCloseHandle

dcagenthttp

AgentSendRequestEx

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile
LoadUserProfileA

wtsapi32

WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSFreeMemory

wsock32

WSACleanup
WSAGetLastError
WSAStartup

iphlpapi

GetAdaptersInfo

netapi32

NetGetJoinInformation
NetApiBufferFree
DsGetDcNameA

crypt32

CertCloseStore
CertDeleteCertificateFromStore
CertNameToStrW
CertFreeCertificateContext
CertGetNameStringA
CertFindCertificateInStore
CertVerifyTimeValidity
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertOpenStore
CryptStringToBinaryA
CertCreateCertificateContext
PFXImportCertStore
PFXVerifyPassword

dclibxml2

xmlDocGetRootElement
xmlFree
xmlNodeListGetString
xmlParseMemory
xmlTextReaderGetAttribute
xmlParseFile
xmlFreeDoc
xmlTextReaderValue
xmlTextReaderDepth
xmlTextReaderName
xmlTextReaderRead
xmlFreeTextReader
xmlStrcmp
xmlNewTextReaderFilename
xmlCleanupParser
xmlTextReaderAttributeCount

kernel32

HeapDestroy
HeapAlloc
HeapFree
GetDriveTypeA
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
GetLastError
LockResource
DeleteFileA
GetProcAddress
GetModuleHandleA
ExpandEnvironmentStringsA
WaitForSingleObject
OpenProcess
ProcessIdToSessionId
SetEnvironmentVariableA
CreateMutexA
ReleaseMutex
GetVersionExA
CloseHandle
GetCurrentProcessId
LoadLibraryA
GetCurrentProcess
Process32Next
Sleep
TerminateProcess
GetExitCodeProcess
Process32First
CreateToolhelp32Snapshot
GetFileSize
CreateFileA
FindClose
FindNextFileA
FindFirstFileA
GetTickCount
ReadFile
WriteFile
SetDllDirectoryA
InterlockedDecrement
SystemTimeToFileTime
lstrlenA
FindFirstFileExA
GetCurrentThreadId
DeleteFileW
lstrlenW
FlushFileBuffers
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateDirectoryW
CopyFileW
CreateFileW
GetLocalTime
FindFirstFileW
GetEnvironmentVariableA
GetTimeZoneInformation
GetSystemTime
GetFileSizeEx
LoadLibraryW
SetCurrentDirectoryA
GetStringTypeW
SetFilePointer
GetModuleFileNameA
ConnectNamedPipe
CreateNamedPipeA
SetCurrentDirectoryW
CreateProcessA
SetLastError
GetCurrentDirectoryW
FileTimeToLocalFileTime
GetSystemDirectoryA
CopyFileA
FreeLibrary
DeleteTimerQueue
CreateTimerQueue
CreateTimerQueueTimer
CreateDirectoryA
GetLocaleInfoA
CreateThread
GetSystemInfo
GetComputerNameExW
LocalFree
FormatMessageA
FormatMessageW
GlobalFree
GlobalAlloc
DisconnectNamedPipe
lstrcmpW
QueryPerformanceCounter
SuspendThread
ResumeThread
GetFileAttributesExA
GetFullPathNameA
LocalAlloc
InterlockedIncrement
GetProcessHeap
HeapSize
HeapReAlloc
GetCPInfo
ExitThread
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DecodePointer
InitializeCriticalSection
GetLocaleInfoW
GetCommandLineA
HeapSetInformation
RtlUnwind
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
RaiseException
DeleteCriticalSection
MoveFileExA
LocalLock
LocalUnlock
ExitProcess
LCMapStringW
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameW
SetHandleCount
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
WriteConsoleW
GetDriveTypeW
VirtualQuery
MultiByteToWideChar

user32

wsprintfW
MessageBoxA

advapi32

RegEnumValueA
LookupPrivilegeNameA
GetTokenInformation
LookupAccountSidA
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
LookupPrivilegeValueA
CreateProcessAsUserW
LogonUserA
CreateProcessAsUserA
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
RegEnumKeyA
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExA
RegSetValueExW
CloseServiceHandle
ControlService
CryptAcquireContextA
CryptGetUserKey
CryptGenKey
CryptReleaseContext
CryptDestroyKey
RegOpenKeyA
RegCloseKey
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA

shell32

SHCreateDirectoryExA
SHCreateDirectoryExW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantInit
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocString
VariantClear

odbc32

ord43
ord39
ord36
ord29
ord18
ord8
ord4
ord13
ord26
ord72
ord48
ord49
ord3
ord11
ord19
ord12
ord16
ord20
ord2
ord1
ord9
ord41
ord31

shlwapi

StrStrIA
StrTrimA
PathFindExtensionA

Sections

.text
Size: 774KB - Virtual size: 774KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe916e046eabea9bca02bcbafe4844bc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

winhttp

dcagenthttp

userenv

wtsapi32

wsock32

iphlpapi

netapi32

crypt32

dclibxml2

kernel32

user32

advapi32

shell32

ole32

oleaut32

odbc32

shlwapi

Sections

.text Size: 774KB - Virtual size: 774KB

.rdata Size: 193KB - Virtual size: 193KB

.data Size: 52KB - Virtual size: 62KB

.rsrc Size: 1024B - Virtual size: 932B

.reloc Size: 69KB - Virtual size: 68KB

.text
Size: 774KB - Virtual size: 774KB

.rdata
Size: 193KB - Virtual size: 193KB

.data
Size: 52KB - Virtual size: 62KB

.rsrc
Size: 1024B - Virtual size: 932B

.reloc
Size: 69KB - Virtual size: 68KB