2024-04-15_517ee37b24d21d3ce807e180b8b19faf_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-15_517ee37b24d21d3ce807e180b8b19faf_mafia
Size

2.6MB
MD5

517ee37b24d21d3ce807e180b8b19faf
SHA1

061d98cd2bb01a45d279d089dd977685ff5afca6
SHA256

df5a6a51c7cdcb63e51b82760c0dba4aa11af10878b560a2d37aa741ee7af7aa
SHA512

0f268bdc1154e0f78b87b5a6d2ef8086faf692d60384e3e6a32ae395ac308374505c202192763a96519823592d11a9bae82cc37645b7194d053071605f755a7b
SSDEEP

49152:AQwlUz6s+MuuF0r19j4H6ZGTzPrpt6NngSTsb73lpQNBB1wMNC0sjHb9wkkZS1UO:NxLuuF89j4H6ZG6NngSTsbJmBwMlsjHw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-15_517ee37b24d21d3ce807e180b8b19faf_mafia

Files

2024-04-15_517ee37b24d21d3ce807e180b8b19faf_mafia
.exe windows:5 windows x86 arch:x86

c1286cc0ab144b7b11272c2ba3bec8b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
IsProcessorFeaturePresent
GetStringTypeW
GetLocaleInfoA
EnumSystemLocalesA
GetCPInfo
GetConsoleCP
GetConsoleMode
LCMapStringW
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
HeapDestroy
HeapCreate
TerminateProcess
IsDebuggerPresent
QueryPerformanceCounter
UnhandledExceptionFilter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
VirtualQuery
VirtualAlloc
HeapSize
HeapQueryInformation
ExitProcess
GetFileType
SetStdHandle
RaiseException
CreateThread
ExitThread
RtlUnwind
DecodePointer
EncodePointer
HeapReAlloc
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
GetStartupInfoW
HeapSetInformation
GetCommandLineW
SetErrorMode
GetNumberFormatW
GetWindowsDirectoryW
SearchPathW
GetProfileIntW
GetTickCount
GetFileSizeEx
LocalFileTimeToFileTime
GetFileAttributesExW
GetShortPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
MoveFileW
lstrcmpiW
GetStringTypeExW
Sleep
GetFileSize
CreateFileW
SetFilePointer
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalSize
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
CompareStringA
GetLocaleInfoW
LoadLibraryExW
lstrlenA
lstrcmpA
ReleaseMutex
CreateMutexW
GetDiskFreeSpaceW
GetFullPathNameW
GetTempFileNameW
GetFileTime
SetFileTime
ReplaceFileW
GetFileAttributesW
GetUserDefaultLCID
GetThreadLocale
SystemTimeToFileTime
VirtualProtect
GlobalGetAtomNameW
InterlockedExchange
GetCurrentDirectoryW
CreateEventW
SuspendThread
SetEvent
ReleaseActCtx
CreateActCtxW
lstrcpyW
GetSystemDirectoryW
lstrlenW
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
lstrcmpW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GlobalFree
ReadProcessMemory
FreeLibrary
ReadFile
MulDiv
WriteFile
CreateFileA
GetTempPathA
GlobalUnlock
GlobalLock
GlobalAlloc
CopyFileW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
QueryFullProcessImageNameW
GetComputerNameExW
GetProcessId
CreateProcessW
Wow64EnableWow64FsRedirection
GetExitCodeThread
WaitForSingleObject
CreateDirectoryW
GetTempPathW
GetSystemInfo
GetNativeSystemInfo
GetCurrentProcess
IsWow64Process
GetModuleFileNameW
GetVersionExW
FormatMessageW
GetCurrentProcessId
GetExitCodeProcess
OpenProcess
ResumeThread
SetThreadPriority
SetWaitableTimer
CreateWaitableTimerW
CancelWaitableTimer
SetThreadExecutionState
GetTickCount64
GetLocalTime
InterlockedDecrement
InterlockedIncrement
GetSystemPowerStatus
ActivateActCtx
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
DeactivateActCtx
SetLastError
WideCharToMultiByte
MultiByteToWideChar
LocalFree
FindResourceExW
CloseHandle
FindResourceW
LoadResource
LockResource
SizeofResource
IsValidLocale

user32

BringWindowToTop
TranslateAcceleratorW
MapVirtualKeyW
GetKeyNameTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
IsMenu
SetCursor
ReleaseCapture
UpdateLayeredWindow
EnableScrollBar
SetCapture
UnionRect
DestroyAcceleratorTable
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
SetParent
IsZoomed
GetMenuState
CheckMenuItem
AppendMenuW
CreatePopupMenu
GetMenuStringW
DestroyMenu
GetMenuItemInfoW
DrawIconEx
SetWindowRgn
DrawFrameControl
DrawEdge
DrawStateW
IntersectRect
IsWindowEnabled
MoveWindow
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetSysColorBrush
SetLayeredWindowAttributes
EnumDisplayMonitors
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetIconInfo
MonitorFromPoint
DrawIcon
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
InsertMenuItemW
GetFocus
SetFocus
GetWindowTextLengthW
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetParent
PostMessageW
SetTimer
KillTimer
SendMessageW
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
RedrawWindow
ValidateRect
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
CallWindowProcW
GetMenu
SetWindowPos
FlashWindowEx
GetActiveWindow
GetForegroundWindow
MessageBeep
ModifyMenuW
GetSystemMenu
LockWindowUpdate
SetWindowTextW
OffsetRect
InflateRect
LoadAcceleratorsW
DestroyIcon
ReuseDDElParam
UnpackDDElParam
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
GetNextDlgGroupItem
CopyImage
InvertRect
HideCaret
DeleteMenu
CharUpperW
GetUpdateRect
CopyIcon
FrameRect
SetWindowLongW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnumWindows
GetWindowModuleFileNameW
GetMessageW
SystemParametersInfoW
LoadCursorW
InsertMenuW
PostQuitMessage
ShowOwnedPopups
RemoveMenu
RealChildWindowFromPoint
CopyAcceleratorTableW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
SetMenuDefaultItem
GetMenuDefaultItem
GetDoubleClickTime
UnregisterClassW
IsClipboardFormatAvailable
WaitMessage
RegisterClipboardFormatW
GetDialogBaseUnits
EnumChildWindows
CharUpperBuffW
InvalidateRect
UpdateWindow
GetWindowRect
GetDesktopWindow
GetClientRect
SubtractRect
CreateMenu
IsCharLowerW
MapVirtualKeyExW
GetWindowRgn
RemovePropW
SetRectEmpty
GetDC
ReleaseDC
FindWindowExW
GetSystemMetrics
SetRect
GetSysColor
DrawFocusRect
TrackMouseEvent
PtInRect
ScreenToClient
LoadMenuW
GetSubMenu
EnableWindow
SetForegroundWindow
GetClassInfoW
LoadIconW
IsWindowVisible
CopyRect
MapDialogRect
SetCursorPos
GetWindow
GetClassNameW
GetDlgCtrlID
ShowWindow
LoadBitmapW
IsRectEmpty
GetCursorPos
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetWindowTextW
WindowFromPoint
LoadImageW
GetWindowLongW
IsIconic
PostThreadMessageW
IsWindow
PeekMessageW
TranslateMessage
DispatchMessageW
FindWindowW
GetWindowThreadProcessId
MessageBoxW
DefWindowProcW
DestroyCursor

gdi32

CreateDCW
OffsetRgn
GetRgnBox
Rectangle
SetPixel
SetDIBColorTable
GetDIBits
RealizePalette
StretchBlt
EnumFontFamiliesExW
CreatePalette
GetPaletteEntries
RoundRect
GetNearestPaletteIndex
GetSystemPaletteEntries
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
CopyMetaFileW
LPtoDP
ExtFloodFill
SetPaletteEntries
GetTextFaceW
SetPixelV
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateRoundRectRgn
CreateDIBSection
Polygon
Ellipse
Polyline
GetTextColor
GetBkColor
CreatePolygonRgn
CreateEllipticRgn
DPtoLP
CombineRgn
SetRectRgn
GetTextCharsetInfo
EnumFontFamiliesW
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateDIBitmap
CreateSolidBrush
CreatePen
GetObjectType
SelectPalette
CreateCompatibleDC
CreateBitmap
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
GetViewportOrgEx
GetStockObject
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
GetTextMetricsW
GetDeviceCaps
PatBlt
CreateHatchBrush
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
ScaleViewportExtEx

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

CloseServiceHandle
CryptDecrypt
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
RegOpenKeyExW
RegEnumValueW
RegSetValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
GetFileSecurityW
SetFileSecurityW
CryptEncrypt
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
GetUserNameW
RegDeleteKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetKnownFolderPath
ShellExecuteExW
ShellExecuteA
SHBrowseForFolderW
SHGetNameFromIDList
DragFinish
DragQueryFileW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
SHGetFileInfoW
SHAppBarMessage
ExtractIconW

comctl32

ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ImageList_GetImageCount
ImageList_Destroy
ImageList_DrawEx

shlwapi

PathUnquoteSpacesW
PathRemoveArgsW
SHDeleteKeyW
StrToIntW
SHDeleteValueW
SHGetValueW
PathCompactPathExW
StrRStrIW
PathGetArgsW
PathFileExistsW
PathIsDirectoryW
PathRemoveBlanksW
StrCmpIW
StrCpyW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
SHSetValueW
StrStrIW

ole32

StringFromCLSID
ReleaseStgMedium
OleDuplicateData
OleLockRunning
CoInitializeEx
DoDragDrop
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayCopy
SysAllocString
VariantClear
VariantInit
VarDateFromStr
SysFreeString
SysStringLen
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SafeArrayAccessData
VariantCopy
VarBstrFromDate
SafeArrayGetUBound
SafeArrayGetLBound
VarUdateFromDate

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

psapi

EnumProcesses

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

powrprof

PowerGetActiveScheme
PowerReadDCValue
CallNtPowerInformation
SetSuspendState
PowerReadFriendlyName
PowerReadACValue

wtsapi32

WTSRegisterSessionNotification
WTSQuerySessionInformationW
WTSFreeMemory

winmm

mciSendStringW
PlaySoundW

xmllite

CreateXmlReader

ws2_32

socket
gethostbyname
htons
connect
recv
__WSAFDIsSet
select
closesocket
WSAStartup
WSACleanup
WSAGetLastError
inet_addr
send

pdh

PdhRemoveCounter
PdhCollectQueryData
PdhExpandWildCardPathW
PdhOpenQueryW
PdhGetFormattedCounterValue
PdhAddCounterW
PdhCloseQuery

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1286cc0ab144b7b11272c2ba3bec8b8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

psapi

version

powrprof

wtsapi32

winmm

xmllite

ws2_32

pdh

oleacc

imm32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 412KB - Virtual size: 412KB

.data Size: 27KB - Virtual size: 66KB

.rsrc Size: 305KB - Virtual size: 305KB

.reloc Size: 205KB - Virtual size: 204KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 412KB - Virtual size: 412KB

.data
Size: 27KB - Virtual size: 66KB

.rsrc
Size: 305KB - Virtual size: 305KB

.reloc
Size: 205KB - Virtual size: 204KB