General

Malware Config

Signatures

Files

• 2024-04-18_53b164ea54e75f080cfc51c12e7a2dd1_mafia

  .exe windows:5 windows x86 arch:x86

  348d730592cc3f8d27db57a23d74ba9e

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetThreadUILanguage

  GetCurrencyFormatA

  VirtualQueryEx

  GetConsoleAliasExesW

  WaitNamedPipeW

  GetUserDefaultLangID

  QueryActCtxW

  SetHandleCount

  GlobalAlloc

  LoadLibraryW

  GetCalendarInfoA

  GetConsoleAliasExesLengthW

  GetExitCodeProcess

  FindNextVolumeW

  CreateSemaphoreA

  SetMessageWaitingIndicator

  WriteConsoleW

  GetBinaryTypeA

  GetModuleFileNameW

  GetACP

  ExitThread

  lstrlenW

  FlushInstructionCache

  EnumSystemLocalesA

  FindFirstFileExA

  HeapSize

  LocalFlags

  CreateMemoryResourceNotification

  GlobalFree

  GetLocalTime

  SetThreadPriorityBoost

  LoadLibraryA

  LocalAlloc

  TransmitCommChar

  AddAtomA

  OpenJobObjectW

  GlobalFindAtomW

  SetConsoleCursorInfo

  GetCommTimeouts

  FindNextFileW

  VirtualProtect

  CompareStringA

  GetVersion

  FindFirstVolumeW

  DeleteFileW

  WriteProcessMemory

  GetLocaleInfoA

  GetUserDefaultLCID

  FlushFileBuffers

  CloseHandle

  CreateFileW

  HeapReAlloc

  FreeEnvironmentStringsA

  SetVolumeMountPointW

  SetComputerNameW

  GetQueuedCompletionStatus

  MapViewOfFileEx

  EnumCalendarInfoW

  EndUpdateResourceW

  SetCriticalSectionSpinCount

  ClearCommError

  FreeLibrary

  GetModuleHandleExA

  GetConsoleAliasesLengthW

  lstrlenA

  GetNativeSystemInfo

  HeapUnlock

  WideCharToMultiByte

  MultiByteToWideChar

  GetCommandLineA

  HeapSetInformation

  GetStartupInfoW

  RaiseException

  DecodePointer

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  EncodePointer

  TerminateProcess

  GetCurrentProcess

  SetStdHandle

  EnterCriticalSection

  InitializeCriticalSectionAndSpinCount

  LeaveCriticalSection

  GetLastError

  GetFileType

  WriteFile

  GetConsoleCP

  GetConsoleMode

  HeapAlloc

  HeapFree

  IsProcessorFeaturePresent

  GetCPInfo

  InterlockedIncrement

  InterlockedDecrement

  GetOEMCP

  IsValidCodePage

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetModuleHandleW

  SetLastError

  GetCurrentThreadId

  GetCurrentThread

  GetProcAddress

  ExitProcess

  GetStdHandle

  GetModuleFileNameA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  DeleteCriticalSection

  HeapCreate

  HeapDestroy

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  SetFilePointer

  Sleep

  FatalAppExitA

  RtlUnwind

  LCMapStringW

  GetStringTypeW

  SetConsoleCtrlHandler

  InterlockedExchange

  GetLocaleInfoW

  IsValidLocale

  user32

  TranslateMessage

  CharUpperW

  GetCaretPos

  GetMonitorInfoW

  DlgDirListComboBoxW

  advapi32

  GetNumberOfEventLogRecords

  ReadEventLogA

  ReportEventW

  ClearEventLogA

  SetServiceStatus

  LookupPrivilegeDisplayNameA

  RegCreateKeyExA

  AccessCheckByType

  GetKernelObjectSecurity

  RegEnumKeyW

  AddAccessAllowedAceEx

  RegQueryMultipleValuesW

  RegisterEventSourceW

  SetAclInformation

  Sections

  .text

  Size: 416KB - Virtual size: 416KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 21KB - Virtual size: 20KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 9KB - Virtual size: 18.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 80KB - Virtual size: 79KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 36KB - Virtual size: 36KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ