2024-04-16_208ea47f0ec785c44efe5cea0a1eba8e_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-16_208ea47f0ec785c44efe5cea0a1eba8e_mafia
Size

1007KB
MD5

208ea47f0ec785c44efe5cea0a1eba8e
SHA1

f476f78db7bee0400dbe44c6ea4098cf1a57c5f7
SHA256

9891e84e10939d933ab1d8f5d9f058689adc5e3dea72819069fc5ce204ffb708
SHA512

7dccbaf9112edfed244098ba60eceed9b3572585ccd3bf3bec2f1a84bd0bea350f612c1585fa0cca7f10e246661a93427ab2132a1c156b5c0546ded72cbd9873
SSDEEP

24576:HCR9YLcKK6n+shtEYecKhXkdUUTjtKkOYs:i0KkEiKBkeU1KkOYs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-16_208ea47f0ec785c44efe5cea0a1eba8e_mafia

Files

2024-04-16_208ea47f0ec785c44efe5cea0a1eba8e_mafia
.exe windows:5 windows x86 arch:x86

184e57ccc185dd14f1d50ed47093fed3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\项目\web_mon\trunk\src\detector\vsproject\Release\Detector.pdb

Imports

ws2_32

WSARecv
WSAStartup
inet_addr
WSAStringToAddressA
htons
WSARecvFrom
ntohs
WSASendTo
ntohl
WSAAddressToStringA
ioctlsocket
WSAIoctl
connect
htonl
getaddrinfo
WSACleanup
WSASocketW
WSASend
select
WSAGetLastError
getsockname
setsockopt
bind
freeaddrinfo
__WSAFDIsSet
WSASetLastError
closesocket
getsockopt
listen
accept

kernel32

FormatMessageA
LocalFree
SetEnvironmentVariableA
CompareStringW
CreateFileW
SetStdHandle
GetTimeZoneInformation
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
InterlockedIncrement
InterlockedDecrement
CreateEventA
SetEvent
LeaveCriticalSection
InterlockedExchange
GetLastError
EnterCriticalSection
InterlockedExchangeAdd
PostQueuedCompletionStatus
TlsAlloc
CloseHandle
TlsGetValue
SetWaitableTimer
GetQueuedCompletionStatus
VerSetConditionMask
WaitForSingleObject
InterlockedCompareExchange
SleepEx
TlsSetValue
TerminateThread
InitializeCriticalSectionAndSpinCount
Sleep
GetSystemTimeAsFileTime
VerifyVersionInfoA
SetLastError
QueueUserAPC
WaitForMultipleObjects
CreateIoCompletionPort
DeleteCriticalSection
CreateWaitableTimerA
GetProcessHeap
ReleaseSemaphore
WaitForMultipleObjectsEx
HeapAlloc
HeapFree
CreateSemaphoreA
OpenEventA
WaitForSingleObjectEx
ResetEvent
GetCurrentProcessId
CreateFileA
SetUnhandledExceptionFilter
GetCurrentProcess
LoadLibraryA
GetModuleFileNameA
FatalAppExitA
GetCurrentThreadId
WriteProcessMemory
InitializeCriticalSection
ResumeThread
TlsFree
GetProcAddress
GetACP
WideCharToMultiByte
EncodePointer
DecodePointer
MultiByteToWideChar
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
ExitThread
CreateThread
GetCommandLineA
HeapSetInformation
RtlUnwind
RaiseException
GetCPInfo
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
LoadLibraryW
WriteFile
GetLocaleInfoW
HeapSize
HeapCreate

iphlpapi

IcmpSendEcho
IcmpCreateFile
GetNetworkParams
IcmpCloseHandle

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

184e57ccc185dd14f1d50ed47093fed3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

iphlpapi

dbghelp

Sections

.text Size: 752KB - Virtual size: 752KB

.rdata Size: 139KB - Virtual size: 138KB

.data Size: 50KB - Virtual size: 60KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 62KB - Virtual size: 61KB

.text
Size: 752KB - Virtual size: 752KB

.rdata
Size: 139KB - Virtual size: 138KB

.data
Size: 50KB - Virtual size: 60KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 62KB - Virtual size: 61KB