2024-04-19_23d389bd47d6fb824b16e0f758b7b0be_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-19_23d389bd47d6fb824b16e0f758b7b0be_mafia
Size

256KB
MD5

23d389bd47d6fb824b16e0f758b7b0be
SHA1

3eca075a1ab69f780d94800004ccdb2901327dd6
SHA256

a3e2b08c34dfbc3e7f74dcfd23cb58d8de809689c203fe3f9c6e33684be18436
SHA512

ba373fc7161d7e399fd8b40235d68d8337effd4109879c6fb46202cd9e8ed0e39a605d2ec2f92e794097ee15c9039faa98c1977c1b345175e4482a18cb18c083
SSDEEP

6144:Rg1xez7LxIOMU3XkTO8yCcXg7breImcvNlPO3fE2GXlH:gxYxIO93Xkq8yCcXCOvE2GV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-19_23d389bd47d6fb824b16e0f758b7b0be_mafia

Files

2024-04-19_23d389bd47d6fb824b16e0f758b7b0be_mafia
.exe windows:5 windows x86 arch:x86

62a60b6c05983686f27c532225ff3d4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSFreeMemory

kernel32

GetWindowsDirectoryW
GetVolumeInformationW
WideCharToMultiByte
Process32FirstW
Module32FirstW
Process32NextW
CreateToolhelp32Snapshot
CloseHandle
LoadLibraryExW
Sleep
GetModuleFileNameW
GetProcAddress
LockResource
LoadLibraryExA
SetEvent
LoadLibraryW
GetLastError
CreateEventW
FindFirstFileW
WaitForSingleObject
MoveFileA
FindNextFileW
DeleteFileW
FlushFileBuffers
WriteConsoleW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
FindResourceExW
CreateFileW
LoadLibraryA
LeaveCriticalSection
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
GetProcessHeap
HeapFree
ExitThread
GetCurrentThreadId
CreateThread
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
GetCPInfo
RtlUnwind
HeapAlloc
LCMapStringW
FreeLibrary
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
ExitProcess
WriteFile
GetStdHandle
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeW

user32

wsprintfW

advapi32

CreateProcessAsUserW
RegQueryValueExW
ChangeServiceConfig2W
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegOpenKeyExA

ole32

CoCreateGuid
StringFromGUID2

shell32

ShellExecuteW

wininet

InternetReadFile
InternetConnectW
HttpSendRequestW
InternetOpenW

Sections

.text
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62a60b6c05983686f27c532225ff3d4f

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

kernel32

user32

advapi32

ole32

shell32

wininet

Sections

.text Size: 186KB - Virtual size: 185KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 9KB - Virtual size: 17KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 186KB - Virtual size: 185KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 9KB - Virtual size: 17KB

.reloc
Size: 16KB - Virtual size: 16KB