2024-04-18_6fa2a0ebe743537981f7f96a97631cb9_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-18_6fa2a0ebe743537981f7f96a97631cb9_mafia
Size

5.9MB
MD5

6fa2a0ebe743537981f7f96a97631cb9
SHA1

9805734bbd7f5d2e46d544f3012ae7f2678eee25
SHA256

e01e5e90976edfc190d04d55b9cf8701c946e4cbc34ba48bb49aeb59c42b5105
SHA512

f862880a804d9f6cad6a1b220ddaaff19aafe26b7f5949131f52ea9f5ba827e26d4508ac9545ca7c2c4823d129ca9b6b3018c46c64b7f3b7c0e8d170f7993e22
SSDEEP

98304:y11D6mmlSTpackWNVaPZ/ACRN3fUX/2cVn+CT5h86fB+EA8gXw9AfuyT0RUjGzSO:S1D6mmwTEckWNVaPZ/ACRN3fUX/2cUCe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-18_6fa2a0ebe743537981f7f96a97631cb9_mafia

Files

2024-04-18_6fa2a0ebe743537981f7f96a97631cb9_mafia
.exe windows:5 windows x86 arch:x86

ac42ca9da46b2837c4399174beeb0074

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\b\build\slave\dart-editor-win-dev\build\dart\build\ReleaseX64\dart.pdb

Imports

kernel32

LeaveCriticalSection
SetEvent
CreateEventW
DeviceIoControl
CreateFileW
GetFileAttributesW
CreateDirectoryW
SetLastError
RemoveDirectoryW
WideCharToMultiByte
GetFinalPathNameByHandleW
GetFileInformationByHandle
MoveFileExW
FormatMessageW
MultiByteToWideChar
GetCommandLineW
LocalFree
GetSystemTimeAsFileTime
Sleep
SetFileAttributesW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTempPathW
LoadLibraryW
GetProcAddress
GetSystemInfo
FreeEnvironmentStringsW
GetEnvironmentStringsW
CreateNamedPipeW
GetModuleHandleW
GetCurrentProcessId
WriteFile
GetExitCodeProcess
UnregisterWait
ReadFile
TerminateProcess
RegisterWaitForSingleObject
CreateProcessW
WaitForMultipleObjects
GetFileType
GetStdHandle
CreateIoCompletionPort
PostQueuedCompletionStatus
ReadDirectoryChangesW
GetQueuedCompletionStatus
SetConsoleMode
GetConsoleMode
GetTimeZoneInformation
VirtualAlloc
VirtualFree
VirtualProtect
CreateMutexA
ReleaseMutex
SystemTimeToFileTime
GetSystemTime
GetVersionExA
CreateFileMappingA
FormatMessageA
MapViewOfFile
UnmapViewOfFile
CreateSemaphoreA
DuplicateHandle
GetCurrentThread
GetCurrentProcess
RaiseException
IsDebuggerPresent
CreateFileA
SetFilePointer
FlushFileBuffers
DeleteFileA
GetDriveTypeA
GetModuleHandleA
GetFullPathNameA
EnterCriticalSection
MoveFileA
LockFile
UnlockFile
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
OutputDebugStringA
InterlockedExchange
SetEnvironmentVariableA
GetTempPathA
QueryPerformanceCounter
GetTickCount
LoadLibraryA
GetDiskFreeSpaceA
GetVolumeInformationA
GetComputerNameA
GetLogicalDrives
GlobalMemoryStatus
InterlockedCompareExchange
AreFileApisANSI
SetEndOfFile
GetFileSize
LockFileEx
UnlockFileEx
GetFileAttributesA
GetFileAttributesExW
GetFullPathNameW
GetDiskFreeSpaceW
HeapReAlloc
HeapAlloc
HeapFree
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
ExitThread
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EncodePointer
GetProcessHeap
FileTimeToSystemTime
FileTimeToLocalFileTime
PeekNamedPipe
GetDriveTypeW
FindFirstFileExW
RtlUnwind
FindFirstFileExA
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
HeapCreate
IsProcessorFeaturePresent
GetLocaleInfoW
InterlockedIncrement
InterlockedDecrement
GetConsoleCP
GetModuleFileNameA
HeapSize
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
WriteConsoleW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
DeleteCriticalSection
InitializeCriticalSection
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
TlsSetValue
GetThreadTimes
TlsFree
TlsAlloc
GetLastError
GetCurrentThreadId
OpenThread
CloseHandle
SetFileAttributesA
TlsGetValue

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW

ws2_32

getpeername
setsockopt
socket
connect
getnameinfo
InetPtonW
listen
bind
closesocket
ioctlsocket
freeaddrinfo
getaddrinfo
WSAIoctl
shutdown
WSAGetLastError
WSARecv
getsockname
htonl
getsockopt
__WSAFDIsSet
select
sendto
recvfrom
WSAAddressToStringA
ntohs
htons
gethostname
WSASend
WSAStartup
recv
send
WSASetLastError
accept

rpcrt4

UuidToStringW
UuidCreateSequential
RpcStringFreeW

winmm

timeGetTime

iphlpapi

GetAdaptersAddresses

Exports

Exports

Dart_ActivationFrameGetLocation
Dart_ActivationFrameInfo
Dart_AddGcEpilogueCallback
Dart_AddGcPrologueCallback
Dart_Allocate
Dart_BooleanValue
Dart_CacheObject
Dart_Cleanup
Dart_CloseNativePort
Dart_CompileAll
Dart_CreateIsolate
Dart_CreateNativeWrapperClass
Dart_CreateScriptSnapshot
Dart_CreateSnapshot
Dart_CurrentIsolate
Dart_CurrentIsolateData
Dart_DebugName
Dart_DeletePersistentHandle
Dart_DeleteWeakPersistentHandle
Dart_DoubleValue
Dart_EnterIsolate
Dart_EnterScope
Dart_ErrorGetException
Dart_ErrorGetStacktrace
Dart_ErrorHasException
Dart_EvaluateExpr
Dart_ExitIsolate
Dart_ExitScope
Dart_False
Dart_GenerateScriptSource
Dart_GetActivationFrame
Dart_GetBreakpointLine
Dart_GetBreakpointURL
Dart_GetCachedObject
Dart_GetClass
Dart_GetClassFromId
Dart_GetClassInfo
Dart_GetClosureInfo
Dart_GetError
Dart_GetExceptionPauseInfo
Dart_GetField
Dart_GetGlobalVariables
Dart_GetInstanceFields
Dart_GetIsolate
Dart_GetLibraryDebuggable
Dart_GetLibraryFields
Dart_GetLibraryFromId
Dart_GetLibraryIds
Dart_GetLibraryImports
Dart_GetLibraryURL
Dart_GetLocalVariables
Dart_GetMainPortId
Dart_GetNativeArgument
Dart_GetNativeArgumentCount
Dart_GetNativeBooleanArgument
Dart_GetNativeDoubleArgument
Dart_GetNativeFieldOfArgument
Dart_GetNativeInstanceField
Dart_GetNativeInstanceFieldCount
Dart_GetNativeIntegerArgument
Dart_GetNativeIsolateData
Dart_GetNativeReceiver
Dart_GetNativeStringArgument
Dart_GetObjClass
Dart_GetObjClassId
Dart_GetPeer
Dart_GetPprofSymbolInfo
Dart_GetReceivePort
Dart_GetScriptURLs
Dart_GetStackTrace
Dart_GetStackTraceFromError
Dart_GetStaticFields
Dart_GetSupertype
Dart_GetType
Dart_GetTypeOfExternalTypedData
Dart_GetTypeOfTypedData
Dart_GetVmStatus
Dart_HandleFromPersistent
Dart_HandleFromWeakPersistent
Dart_HandleMessage
Dart_HasLivePorts
Dart_HeapProfile
Dart_IdentityEquals
Dart_InitPprofSupport
Dart_Initialize
Dart_InstanceGetType
Dart_IntegerFitsIntoInt64
Dart_IntegerFitsIntoUint64
Dart_IntegerToHexCString
Dart_IntegerToInt64
Dart_IntegerToUint64
Dart_InterruptIsolate
Dart_Invoke
Dart_InvokeClosure
Dart_InvokeConstructor
Dart_IsApiError
Dart_IsBoolean
Dart_IsClosure
Dart_IsCompilationError
Dart_IsDouble
Dart_IsError
Dart_IsExternalString
Dart_IsFatalError
Dart_IsFunction
Dart_IsInstance
Dart_IsInteger
Dart_IsLibrary
Dart_IsList
Dart_IsNull
Dart_IsNumber
Dart_IsPrologueWeakPersistentHandle
Dart_IsString
Dart_IsStringLatin1
Dart_IsType
Dart_IsTypeVariable
Dart_IsUnhandledExceptionError
Dart_IsVMFlagSet
Dart_IsVariable
Dart_IsolateMakeRunnable
Dart_LibraryId
Dart_LibraryImportLibrary
Dart_LibraryLoadPatch
Dart_LibraryUrl
Dart_ListGetAsBytes
Dart_ListGetAt
Dart_ListLength
Dart_ListSetAsBytes
Dart_ListSetAt
Dart_LoadLibrary
Dart_LoadScript
Dart_LoadScriptFromSnapshot
Dart_LoadSource
Dart_LookupLibrary
Dart_MakeExternalString
Dart_New
Dart_NewApiError
Dart_NewBoolean
Dart_NewDouble
Dart_NewExternalLatin1String
Dart_NewExternalTypedData
Dart_NewExternalUTF16String
Dart_NewInteger
Dart_NewIntegerFromHexCString
Dart_NewList
Dart_NewNativePort
Dart_NewPersistentHandle
Dart_NewPrologueWeakPersistentHandle
Dart_NewSendPort
Dart_NewStringFromCString
Dart_NewStringFromUTF16
Dart_NewStringFromUTF32
Dart_NewStringFromUTF8
Dart_NewTypedData
Dart_NewUnhandledExceptionError
Dart_NewWeakPersistentHandle
Dart_NewWeakReferenceSet
Dart_Null
Dart_ObjectEquals
Dart_ObjectIsType
Dart_OneTimeBreakAtEntry
Dart_Post
Dart_PostCObject
Dart_PropagateError
Dart_ReThrowException
Dart_RemoveBreakpoint
Dart_RemoveGcEpilogueCallback
Dart_RemoveGcPrologueCallback
Dart_RootLibrary
Dart_RunLoop
Dart_ScopeAllocate
Dart_ScriptGetSource
Dart_ScriptGetTokenInfo
Dart_SetBooleanReturnValue
Dart_SetBreakpoint
Dart_SetBreakpointAtEntry
Dart_SetBreakpointHandler
Dart_SetBreakpointResolvedHandler
Dart_SetDoubleReturnValue
Dart_SetEnvironmentCallback
Dart_SetExceptionPauseInfo
Dart_SetExceptionThrownHandler
Dart_SetField
Dart_SetIntegerReturnValue
Dart_SetIsolateEventHandler
Dart_SetLibraryDebuggable
Dart_SetLibraryTagHandler
Dart_SetMessageNotifyCallback
Dart_SetNativeInstanceField
Dart_SetNativeResolver
Dart_SetPausedEventHandler
Dart_SetPeer
Dart_SetReturnValue
Dart_SetStepInto
Dart_SetStepOut
Dart_SetStepOver
Dart_SetVMFlags
Dart_SetWeakHandleReturnValue
Dart_ShutdownIsolate
Dart_StackTraceLength
Dart_StringGetProperties
Dart_StringLength
Dart_StringStorageSize
Dart_StringToCString
Dart_StringToLatin1
Dart_StringToUTF16
Dart_StringToUTF8
Dart_ThrowException
Dart_ToString
Dart_True
Dart_TypedDataAcquireData
Dart_TypedDataReleaseData
Dart_VersionString
_Dart_ReportErrorHandle

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac42ca9da46b2837c4399174beeb0074

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

ws2_32

rpcrt4

winmm

iphlpapi

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 2.8MB - Virtual size: 2.8MB

.data Size: 47KB - Virtual size: 88KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 210KB - Virtual size: 210KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 47KB - Virtual size: 88KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 210KB - Virtual size: 210KB