2024-04-17_da524e58d1b20542ab4f6c4ff77f96a2_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-17_da524e58d1b20542ab4f6c4ff77f96a2_mafia
Size

1.4MB
MD5

da524e58d1b20542ab4f6c4ff77f96a2
SHA1

45ab8bb1093b620b49467063ed319b05145097da
SHA256

101049c9ca951bb72b418d5567189f5bc05b55be286aff52e15989e59d0d04b6
SHA512

5156128bdd5a8cc016e594983ac0506a603d158e25c8a4a8922b23a2e07db8a58fc17bfa142f63933234c97ecb301f2a8c9b14cb994f2d7906ca52c314016f0a
SSDEEP

24576:/joCXlXROLnF+/AhOuVlTsAmv34udNqmB7qkmtHCFzfb6RXnTAr0VGQ:roCxsF2uVloAWPqINmtHCh6RXTAr0n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-17_da524e58d1b20542ab4f6c4ff77f96a2_mafia

Files

2024-04-17_da524e58d1b20542ab4f6c4ff77f96a2_mafia
.exe windows:5 windows x86 arch:x86

aeb1e20769bfc3a8140fb1e2b0b4f177

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\7fc478d6cec0a305\windowsui\activeEchoSync\Release\AcronisAccessClient.pdb

Imports

kernel32

LoadLibraryA
LockResource
GetShortPathNameW
CloseHandle
GetFileInformationByHandle
LocalFree
GetVolumeInformationW
TerminateThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetLastError
LocalAlloc
SetEvent
CopyFileW
lstrlenW
GetTempPathW
CreateEventW
DeleteFileW
GetCurrentProcessId
GetTickCount
ReleaseMutex
ResetEvent
CreateMutexW
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
SystemTimeToFileTime
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
OutputDebugStringW
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
LoadLibraryW
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
ReadFile
FlushFileBuffers
HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
GetProcAddress
GetSystemTime
AreFileApisANSI
DeleteFileA
SetStdHandle
SetEnvironmentVariableA
GetConsoleMode
GetConsoleCP
IsValidLocale
GetUserDefaultLCID
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetStdHandle
IsProcessorFeaturePresent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetDateFormatA
GetTimeFormatA
GetCPInfo
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
ExitProcess
GetModuleHandleW
CreateThread
GetCurrentThreadId
ExitThread
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
FoldStringW
LCMapStringW
CompareStringW
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
GetLocaleInfoW
IsValidCodePage
IsDBCSLeadByteEx
EnumSystemLocalesA
GetLocaleInfoA
CreateEventA
CreateFileW
GetLongPathNameW
MultiByteToWideChar
GetLastError
GetDriveTypeW
GetModuleFileNameW
GetFileAttributesW
GetExitCodeProcess
FormatMessageW
SizeofResource
Sleep
WideCharToMultiByte
GetProcessHeap
GetCurrentThread
GetComputerNameW
WaitForSingleObject
CreateDirectoryW
HeapFree
GetCurrentProcess
HeapAlloc
CreateProcessW
LoadResource
FindResourceW
FindResourceExW
GetTempPathA
WriteConsoleW

user32

PostQuitMessage
GetMessageW
TranslateAcceleratorW
CopyRect
MapWindowPoints
SetWindowLongW
SystemParametersInfoW
GetWindowLongW
wsprintfW
TrackPopupMenu
IsWindowEnabled
GetParent
AnimateWindow
ScreenToClient
IsDialogMessageW
LoadMenuW
EnableMenuItem
SetMenuItemInfoW
SendMessageW
TranslateMessage
GetSubMenu
PtInRect
GetSystemMetrics
MessageBoxW
SetWindowPos
GetDesktopWindow
GetDlgItem
ReleaseDC
GetWindowTextW
GetDC
InsertMenuItemW
SetFocus
GetClientRect
SetForegroundWindow
GetWindowRect
PostMessageW
SetWindowTextW
DestroyMenu
CreateWindowExW
CreateDialogParamW
ShowWindow
LoadIconW
RegisterClassExW
RegisterWindowMessageA
FindWindowW
DialogBoxParamW
KillTimer
SetTimer
DestroyWindow
DispatchMessageW
DefWindowProcW
EnableWindow
EndDialog
InsertMenuW
CreatePopupMenu
GetCursorPos
LoadAcceleratorsW

gdi32

SelectObject
GetTextExtentPoint32W

advapi32

CloseServiceHandle
OpenProcessToken
OpenThreadToken
OpenSCManagerW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
QueryServiceStatus
LookupAccountSidW
GetTokenInformation
OpenServiceW
GetUserNameW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
ShellExecuteA
ShellExecuteExW
SHGetFolderPathW
SHFileOperationW

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoInitialize
CoSetProxyBlanket

crypt32

CryptUnprotectData
CryptProtectData

wininet

InternetOpenW
InternetQueryOptionW
DeleteUrlCacheEntryW
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
InternetSetOptionW
HttpSendRequestW
InternetSetOptionA
InternetConnectW
InternetReadFile
InternetCrackUrlW
InternetQueryDataAvailable

comctl32

InitCommonControlsEx

urlmon

URLDownloadToFileW

secur32

GetUserNameExW

shlwapi

StrDupW

python27

PyList_Append
PyErr_Fetch
PyErr_NormalizeException
Py_SetPythonHome
PyErr_Occurred
PyModule_GetDict
PyList_GetItem
Py_IsInitialized
PyString_AsString
PyList_Size
PyObject_Compare
PyErr_Restore
PyObject_Str
PySys_GetObject
PyCallable_Check
PyGILState_Ensure
PyErr_Clear
Py_Finalize
PyErr_SetInterrupt
Py_AddPendingCall
PyTuple_Size
PyTuple_GetItem
PyArg_ParseTuple
PyArg_Parse
Py_Initialize
PyGILState_Release
PyCFunction_NewEx
PyLong_AsLong
_Py_NoneStruct
PyObject_CallMethodObjArgs
Py_BuildValue
PyTuple_SetItem
PyObject_CallObject
PyTuple_New
PyString_FromString
PyDict_GetItemString
PyImport_Import

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aeb1e20769bfc3a8140fb1e2b0b4f177

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

crypt32

wininet

comctl32

urlmon

secur32

shlwapi

python27

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 142KB - Virtual size: 142KB

.data Size: 43KB - Virtual size: 53KB

.rsrc Size: 97KB - Virtual size: 96KB

.reloc Size: 51KB - Virtual size: 50KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 142KB - Virtual size: 142KB

.data
Size: 43KB - Virtual size: 53KB

.rsrc
Size: 97KB - Virtual size: 96KB

.reloc
Size: 51KB - Virtual size: 50KB