2024-04-18_c17e0356ddfd6940d65010b5ac0d204f_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-18_c17e0356ddfd6940d65010b5ac0d204f_mafia
Size

645KB
MD5

c17e0356ddfd6940d65010b5ac0d204f
SHA1

9797a2cc35c89f50e15f7f76b501588b28b9848c
SHA256

7ad99131f6b8df5ba666defc347198680e59e9ff410fcf805565536e01e783eb
SHA512

c5bb580d3a45d1a0a1a69e3f4c3cd65f49c2af4c02995aca62e690361f977b7fc47e7a7ae11454373dd2f143b388c5d480f0cf7d980a79920b368c2f76007057
SSDEEP

12288:Qviu9Vlfc3eUvK2qAZ14dmcdAwGnbaux+6I+uC7qS9xYE9xYY:QvVXlfcTudibautIR1Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-18_c17e0356ddfd6940d65010b5ac0d204f_mafia

Files

2024-04-18_c17e0356ddfd6940d65010b5ac0d204f_mafia
.exe windows:5 windows x86 arch:x86

51bec79b190183cc057cac0c8f8a090d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
SetFileTime
WriteFile
GetFileAttributesA
CreateDirectoryA
LocalFileTimeToFileTime
lstrcpyA
lstrlenA
lstrcatA
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileA
GetProcessHeap
SetEndOfFile
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
GetTimeZoneInformation
CreateFileW
WriteConsoleW
SetFilePointer
GetCurrentDirectoryW
GetFullPathNameA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
HeapSize
GetModuleFileNameW
GetLocaleInfoW
LoadLibraryW
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
GetStartupInfoW
SetHandleCount
HeapCreate
InitializeCriticalSectionAndSpinCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FreeConsole
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
GetProcAddress
FreeLibrary
SetLastError
GetLastError
GetTickCount
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
WaitForSingleObject
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
RaiseException
RtlUnwind
HeapFree
GetModuleHandleW
ExitProcess
GetSystemTimeAsFileTime
HeapAlloc
GetCommandLineA
HeapSetInformation
LCMapStringW
GetCPInfo
HeapReAlloc
ExitThread
GetCurrentThreadId
CreateThread
GetCurrentProcessId
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
FindClose
GetDriveTypeA
FindFirstFileExA
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
DeleteFileA

user32

wsprintfA

shell32

ShellExecuteA

wldap32

ord46
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord41

ws2_32

send
recv
select
WSAIoctl
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
ioctlsocket
listen
gethostname
htonl
ntohl
WSAGetLastError

crypt32

CertFreeCertificateContext

advapi32

CryptEncrypt
CryptDestroyKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptImportKey

Sections

.text
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 138KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51bec79b190183cc057cac0c8f8a090d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

wldap32

ws2_32

crypt32

advapi32

Sections

.text Size: 400KB - Virtual size: 399KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 8KB - Virtual size: 16KB

.reloc Size: 21KB - Virtual size: 21KB

.rsrc Size: 138KB - Virtual size: 140KB

.text
Size: 400KB - Virtual size: 399KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 8KB - Virtual size: 16KB

.reloc
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 138KB - Virtual size: 140KB