2024-04-18_6490a9d63a7af7796c459ffee19de3f2_backswap_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-18_6490a9d63a7af7796c459ffee19de3f2_backswap_mafia
Size

2.0MB
MD5

6490a9d63a7af7796c459ffee19de3f2
SHA1

ab34139bc89bc9e75ed733b41a5cee9bf1f5892d
SHA256

a1db56e24a1b46ba7defe8196b2ba076d19298b16939d7e5f4c0770f62147280
SHA512

8f5c6451e75ab0bb0240a28b7a6f99113a38270d419549bbaf0443a3d4e05d7cd94b874d393292e5646c2c20e24d895f1e4e8dbf05916a8113cb046c810a8b10
SSDEEP

49152:q0hzkREU/jYA7ipScs3WO4mdwlDAOT15QrzlHRFo7bcTicEAVtbGN0ncI4U4TZM:q1YA7ipScRLNlDAU1+lHRFoPAzGN0ncI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-18_6490a9d63a7af7796c459ffee19de3f2_backswap_mafia

Files

2024-04-18_6490a9d63a7af7796c459ffee19de3f2_backswap_mafia
.exe windows:5 windows x86 arch:x86

fb0aa3da39a6b5e63f1428860cdab070

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WORK\VC通讯解码\interface_vc\第三方实验室\金域 kingmed_web\dec_kingmed_web\Release\dec_kingmed_web.pdb

Imports

kernel32

GetDriveTypeW
GetProcessHeap
SetEnvironmentVariableA
GetLocaleInfoA
GetConsoleMode
GetDateFormatA
GetTimeFormatA
InterlockedCompareExchange
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetConsoleCP
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
LCMapStringW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapCreate
SetHandleCount
FormatMessageW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapSize
HeapQueryInformation
CreateThread
ExitThread
ExitProcess
RaiseException
RtlUnwind
DecodePointer
EncodePointer
CreateDirectoryW
GetDateFormatW
GetTimeFormatW
HeapReAlloc
HeapAlloc
GetCPInfo
HeapFree
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
GetFileTime
GetFileSizeEx
GetFileAttributesExW
SetErrorMode
SearchPathW
Sleep
GetProfileIntW
GetTickCount
GetFileAttributesW
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
lstrcmpiW
GetCurrentDirectoryW
GlobalFlags
GetSystemDirectoryW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetThreadLocale
lstrlenA
GlobalGetAtomNameW
WaitForSingleObject
ResumeThread
SetThreadPriority
GetPrivateProfileIntW
lstrcpyW
lstrcmpA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
FindNextFileW
FindClose
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
GetModuleHandleW
GetProcAddress
CompareStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
lstrcmpW
GetCurrentThreadId
GetCurrentProcessId
FreeResource
FreeLibrary
ActivateActCtx
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
SetLastError
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
MulDiv
CloseHandle
CreateMutexW
WideCharToMultiByte
lstrlenW
WritePrivateProfileStringW
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GetPrivateProfileStringW
DeleteFileW
FindFirstFileW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError

user32

CopyIcon
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
FrameRect
RegisterClipboardFormatW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
LoadImageW
GetIconInfo
HideCaret
InvertRect
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongW
DestroyAcceleratorTable
SetParent
DestroyIcon
GetNextDlgGroupItem
InvalidateRgn
SetRect
CopyAcceleratorTableW
CharNextW
WaitMessage
CopyImage
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsRectEmpty
CharUpperW
IsZoomed
GetAsyncKeyState
NotifyWinEvent
MessageBeep
ReleaseCapture
WindowFromPoint
SetCapture
SetWindowRgn
DeleteMenu
OffsetRect
IntersectRect
RealChildWindowFromPoint
UnregisterClassW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
LoadCursorW
GetSysColorBrush
ShowOwnedPopups
SetCursor
GetMessageW
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
LoadMenuW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
CharUpperBuffW
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
RegisterWindowMessageW
LoadIconW
GetSystemMenu
AppendMenuW
SendMessageW
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
GetWindow
SystemParametersInfoW
DestroyMenu
PostThreadMessageW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
SubtractRect
DestroyCursor
GetMenuItemInfoW
InflateRect
CopyRect
SetWindowsHookExW
CallNextHookEx
GetFocus
GetWindowRect
PtInRect
GetSysColor
EndPaint
BeginPaint
GetWindowRgn
ShowWindow
GetWindowTextW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SetForegroundWindow
SetTimer
KillTimer
PeekMessageW
TranslateMessage
DispatchMessageW
GetCursorPos
CreatePopupMenu
InsertMenuW
EnableWindow
RemoveMenu
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuStringW
GetMenuState
DrawStateW
FillRect
UpdateWindow
InvalidateRect
LoadBitmapW
GetClassNameW
UnhookWindowsHookEx
EndDialog
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetDlgItem
GetWindowLongW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
GetDesktopWindow
MessageBoxW
GetLastActivePopup
GetWindowThreadProcessId
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ScreenToClient
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
GetKeyNameTextW

gdi32

PatBlt
DPtoLP
CreateRoundRectRgn
CreateDIBSection
GetBkColor
GetTextColor
GetRgnBox
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
GetMapMode
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetRectRgn
CombineRgn
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateDIBitmap
GetTextExtentPoint32W
CreateFontIndirectW
CreateHatchBrush
CreatePen
GetObjectType
SelectPalette
CreateCompatibleDC
CreateBitmap
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
EnumFontFamiliesExW
GetDeviceCaps
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetStockObject
GetObjectW
CreateSolidBrush
DeleteObject
CreateDCW
CopyMetaFileW
SetWindowOrgEx

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
CryptAcquireContextW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW

shell32

SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
DragQueryFileW
DragFinish
Shell_NotifyIconW
ShellExecuteW
SHGetFileInfoW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW

ole32

OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitialize
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
CoInitializeEx
CoCreateInstance
CoUninitialize
OleDuplicateData
CoTaskMemAlloc
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
CoTaskMemFree
ReleaseStgMedium

oleaut32

VarDateFromStr
VariantTimeToSystemTime
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SystemTimeToVariantTime
VariantCopy
SysAllocString
SafeArrayDestroy
VarBstrFromDate
OleCreateFontIndirect
SysStringLen
SysAllocStringByteLen
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

rmapi

?GetUnChkReport@@YGHPB_WHPA_W@Z
?SetAutoSendFlag@@YGXPB_W@Z
?UrlEncode@@YGHPB_WAAPAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?HttpPostFree@@YGHPAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?HttpPost@@YGHPB_W00AAPAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?HttpGet@@YGHPB_WAAPADAAI@Z
?HttpGet@@YGHPB_W0AAPADAAI@Z
?HttpGet@@YGHPB_WAAPAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?DecodeFinish@@YGXXZ
?GetSampleComplete@@YGHPA_WHH@Z
?AddSampleResult@@YGXPB_W000000000000000000000000000@Z
?AddSampleInfo@@YGXPB_W0000000000000@Z
?GetLabOptionComm@@YGHPA_WPB_W1H11H1@Z
?GetLabOptionDec@@YGHPA_WPB_W1H11H1@Z
?StopRecv@@YGXXZ
?DecInit@@YGXPB_WPAUHWND__@@I0@Z
?GetAutoSendItem@@YGHPA_WHPB_WH@Z

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb0aa3da39a6b5e63f1428860cdab070

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

rmapi

oleacc

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 336KB - Virtual size: 335KB

.data Size: 29KB - Virtual size: 59KB

.rsrc Size: 80KB - Virtual size: 80KB

.reloc Size: 186KB - Virtual size: 186KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 336KB - Virtual size: 335KB

.data
Size: 29KB - Virtual size: 59KB

.rsrc
Size: 80KB - Virtual size: 80KB

.reloc
Size: 186KB - Virtual size: 186KB