2024-04-11_6e8f0c36d5c2ff93064ae6fa82f60028_mafia_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-11_6e8f0c36d5c2ff93064ae6fa82f60028_mafia_revil
Size

4.5MB
MD5

6e8f0c36d5c2ff93064ae6fa82f60028
SHA1

67b31e4cab41b5e7ae94b5f68e081e6925a7186a
SHA256

c1bb6c15c2cdd462a8bdeb1f70694ba3185863b2379df1725f58bd96ccfd9f60
SHA512

f950016d9e10549fe0af8fdbb0a7a5ed080031c75026c4ac35df2b2ccfb85feab7d9d2e1eace36eb75e9b8eb24a9906e15e4db16958997a6913c121501f560f1
SSDEEP

49152:B6dD4yxAefLyKNuJ+tdgoZn4XklCOmVGwR1NK7SYLeCzPypkGNxrBbTgNE5Tmj:B6dwPOzRZn4XklVi7R1m9eoduxrBb2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-11_6e8f0c36d5c2ff93064ae6fa82f60028_mafia_revil

Files

2024-04-11_6e8f0c36d5c2ff93064ae6fa82f60028_mafia_revil
.exe windows:5 windows x86 arch:x86

ce6b6caae6d1131837825c941064de4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetLongPathNameW
CreateFileW
GetFileAttributesExW
MapViewOfFile
CreateFileMappingA
SetEndOfFile
SetFilePointerEx
MapViewOfFileEx
GetSystemTimeAsFileTime
GetTimeZoneInformation
CreateProcessA
TerminateProcess
ResetEvent
OpenEventA
GetExitCodeProcess
WaitForMultipleObjects
GetCommandLineA
GetModuleFileNameA
CreateThread
TlsAlloc
TlsSetValue
GetEnvironmentVariableA
GetModuleHandleA
GetSystemInfo
GetVersionExA
SetEvent
CreateEventA
SetConsoleCtrlHandler
FreeConsole
OpenMutexA
SetEnvironmentVariableA
CreateIoCompletionPort
GetQueuedCompletionStatus
RemoveDirectoryA
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
WriteConsoleW
DecodePointer
ExitProcess
HeapAlloc
HeapFree
ReadConsoleW
ReadConsoleA
FindNextFileA
FindFirstFileA
UnmapViewOfFile
SetFileTime
WriteFile
ReadFile
FormatMessageA
Sleep
SwitchToThread
InterlockedCompareExchange
CreateFileA
SetLastError
GetFileInformationByHandle
InterlockedExchangeAdd
CreateDirectoryA
DeleteFileA
GetConsoleMode
LoadLibraryW
GetProcessHeap
GetDriveTypeW
RaiseException
CompareStringW
HeapSize
GetCurrentDirectoryW
PeekNamedPipe
GetFullPathNameA
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleCP
GetStartupInfoW
SetHandleCount
SetFilePointer
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
GetLocaleInfoW
IsProcessorFeaturePresent
GetCurrentProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
EncodePointer
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapReAlloc
HeapSetInformation
RtlUnwind
GetDateFormatA
SetStdHandle
GetCurrentThreadId
LoadLibraryA
GetProcAddress
MoveFileA
GetCurrentProcessId
CreateMutexA
ConvertThreadToFiber
ConvertFiberToThread
GetEnvironmentVariableW
GetACP
GetFileType
GetVersion
GetModuleHandleW
GetSystemDirectoryA
GetModuleHandleExW
MultiByteToWideChar
FindFirstFileW
FindNextFileW
WideCharToMultiByte
CreateFiber
SwitchToFiber
DeleteFiber
TlsFree
TlsGetValue
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
SystemTimeToFileTime
VirtualAlloc
VirtualFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTime
WaitForSingleObject
ReleaseMutex
CloseHandle
FreeLibrary
GetCurrentDirectoryA
GetLastError
SetConsoleMode
GetStdHandle
GetTimeFormatA

user32

MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
CharToOemBuffA

lua51

luaL_optnumber
luaL_loadfile
lua_tothread
lua_iscfunction
luaL_findtable
lua_load
lua_setfenv
lua_atpanic
lua_resume
lua_xmove
luaL_newstate
luaL_openlibs
lua_pcall
lua_gc
lua_close
lua_checkstack
lua_newthread
luaL_gsub
luaL_buffinit
lua_call
luaL_pushresult
lua_replace
lua_isnumber
lua_tointeger
lua_concat
lua_pushstring
luaL_unref
luaL_loadbuffer
luaL_ref
luaL_checknumber
lua_setmetatable
lua_pushlightuserdata
luaL_checktype
lua_rawgeti
lua_tonumber
luaL_checklstring
lua_yield
lua_createtable
lua_pushboolean
lua_pushlstring
lua_pushvalue
lua_rawget
lua_rawset
lua_insert
lua_rawseti
lua_objlen
lua_pushnumber
lua_pushnil
lua_next
lua_isstring
lua_pushcclosure
luaL_checkinteger
lua_remove
lua_pushinteger
lua_setfield
lua_getstack
lua_getinfo
lua_gettop
lua_type
lua_tolstring
lua_toboolean
luaL_callmeta
lua_newuserdata
luaL_argerror
lua_typename
lua_pushfstring
luaL_error
lua_getfield
lua_touserdata
lua_settop
luaL_addlstring

advapi32

ReportEventW
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
CryptGetUserKey
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptGetProvParam
CryptDecrypt
RegisterEventSourceW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CryptEnumProvidersW
CryptDestroyKey

ws2_32

WSAStartup
WSAIoctl
WSASend
WSAGetOverlappedResult
WSARecv
ioctlsocket
WSADuplicateSocketA
accept
connect
gethostname
WSASocketW
setsockopt
bind
closesocket
listen
getsockname
__WSAFDIsSet
getsockopt
getaddrinfo
freeaddrinfo
htons
ntohs
ntohl
htonl
WSASocketA
select
recv
shutdown
WSACleanup
inet_addr
inet_ntoa
socket
gethostbyname
gethostbyaddr
send
getservbyname
WSASetLastError
WSAGetLastError
getservbyport

crypt32

CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertCloseStore

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 864KB - Virtual size: 864KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 810KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dtors
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_a
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_i
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_l
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_f
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_l
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_p
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_p
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_r
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_s
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stab
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce6b6caae6d1131837825c941064de4d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

lua51

advapi32

ws2_32

crypt32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 864KB - Virtual size: 864KB

.data Size: 118KB - Virtual size: 810KB

.dtors Size: 512B - Virtual size: 4B

.debug_a Size: 18KB - Virtual size: 17KB

.debug_i Size: 182KB - Virtual size: 182KB

.debug_l Size: 37KB - Virtual size: 36KB

.debug_f Size: 24KB - Virtual size: 23KB

.debug_l Size: 134KB - Virtual size: 134KB

.debug_p Size: 9KB - Virtual size: 8KB

.debug_p Size: 15KB - Virtual size: 14KB

.debug_a Size: 1024B - Virtual size: 1024B

.debug_r Size: 6KB - Virtual size: 6KB

.debug_s Size: 2KB - Virtual size: 1KB

.stab Size: 5KB - Virtual size: 5KB

.stabstr Size: 33KB - Virtual size: 33KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 185KB - Virtual size: 185KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 864KB - Virtual size: 864KB

.data
Size: 118KB - Virtual size: 810KB

.dtors
Size: 512B - Virtual size: 4B

.debug_a
Size: 18KB - Virtual size: 17KB

.debug_i
Size: 182KB - Virtual size: 182KB

.debug_l
Size: 37KB - Virtual size: 36KB

.debug_f
Size: 24KB - Virtual size: 23KB

.debug_l
Size: 134KB - Virtual size: 134KB

.debug_p
Size: 9KB - Virtual size: 8KB

.debug_p
Size: 15KB - Virtual size: 14KB

.debug_a
Size: 1024B - Virtual size: 1024B

.debug_r
Size: 6KB - Virtual size: 6KB

.debug_s
Size: 2KB - Virtual size: 1KB

.stab
Size: 5KB - Virtual size: 5KB

.stabstr
Size: 33KB - Virtual size: 33KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 185KB - Virtual size: 185KB