2024-04-19_94fb172ac18b15caaf80d7ded210b9da_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-19_94fb172ac18b15caaf80d7ded210b9da_mafia
Size

4.6MB
MD5

94fb172ac18b15caaf80d7ded210b9da
SHA1

3ddaf0d8424fe4385a57d9b60e966df0c269fe1d
SHA256

9e1118690cdf01bc69aa29be6834b66fcab96c527cf90abe4d0c4675edc08fa1
SHA512

26547400a72ad5e18d34dfeda5c5007c137bb6682a2552e5ed6e1a2a45cde085a3941cc9ddd8e4ca4c2971955ce7561fdf597480fedd5b2e2ae9a92143a63760
SSDEEP

98304:CPZim9wueIL5by53hc7SNqXC8axGyBs40tcU0lRTZU0ydbyKZYxM3:SZvLeVXqSxVZdRTZU0yjGxM3

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-19_94fb172ac18b15caaf80d7ded210b9da_mafia

Files

2024-04-19_94fb172ac18b15caaf80d7ded210b9da_mafia
.exe windows:5 windows x86 arch:x86

6f61308eec9297708a32173b7fcf6884

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work\Tun2Proxy\tags\1.0.8.7\Release\SSTap.pdb

Imports

libintl3

ord51
ord49
ord35
ord27
ord26

wininet

InternetCrackUrlA
InternetCanonicalizeUrlA

libprivoxy

start_privoxy
ChangeSystemProxy
RemoveSystemProxy
is_privoxy_started

libsodiumr

sodium_init
crypto_aead_xchacha20poly1305_ietf_encrypt
crypto_aead_chacha20poly1305_ietf_decrypt
crypto_aead_chacha20poly1305_ietf_encrypt
crypto_stream_chacha20_xor_ic
crypto_stream_chacha20_ietf_xor_ic
sodium_increment
crypto_aead_xchacha20poly1305_ietf_decrypt

liveupdate

CleanUpdation
HasNewVersionReady
GetNewVersionInfo
InstallUpdation
DoUpdate

kernel32

GetUserDefaultLCID
FindResourceExW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
ExitThread
GetTimeZoneInformation
ExitProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatW
GetDateFormatW
GetFileInformationByHandle
PeekNamedPipe
GetFileType
VirtualAlloc
HeapQueryInformation
HeapSize
SetStdHandle
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
IsProcessorFeaturePresent
GetOEMCP
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEnvironmentVariableA
GetCurrentDirectoryW
GetSystemDirectoryW
GlobalFlags
LocalReAlloc
GlobalHandle
GlobalReAlloc
GlobalGetAtomNameW
GetFullPathNameW
GetVolumeInformationW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetPrivateProfileIntW
lstrcmpA
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
ReleaseActCtx
CreateActCtxW
GlobalAddAtomW
VirtualProtect
GlobalDeleteAtom
InitializeCriticalSectionAndSpinCount
lstrcmpW
SystemTimeToFileTime
IsValidCodePage
GetACP
SetThreadLocale
GetCommandLineW
GetCPInfo
GetVersion
FreeResource
GlobalSize
WinExec
lstrcatW
HeapReAlloc
SearchPathW
GetProfileIntW
GetTempPathW
HeapCreate
FileTimeToSystemTime
GetUserDefaultLangID
LocalAlloc
OpenMutexW
CreateMutexW
lstrcmpiW
lstrcpynW
HeapAlloc
GetProcessHeap
HeapFree
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
VerSetConditionMask
TerminateProcess
GetVersionExW
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
CopyFileW
GetFileAttributesW
lstrlenA
GetModuleFileNameA
CreateEventW
GetSystemDirectoryA
LoadLibraryA
WaitForMultipleObjects
GetThreadContext
SetThreadContext
ResetEvent
GetCurrentThread
DuplicateHandle
GetThreadPriority
SetThreadPriority
TlsFree
TlsAlloc
OpenProcess
TlsGetValue
TlsSetValue
InterlockedExchange
InterlockedExchangeAdd
CreateEventA
GetTempFileNameW
GetNumberFormatW
GetWindowsDirectoryW
SetErrorMode
GlobalFindAtomW
InterlockedCompareExchange
SetEvent
CancelIo
DeviceIoControl
ReadFile
CreateFileA
DeleteCriticalSection
PostQueuedCompletionStatus
SetConsoleCtrlHandler
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
CreateIoCompletionPort
GetQueuedCompletionStatus
QueryPerformanceCounter
LocalFree
FormatMessageW
InterlockedDecrement
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
GetExitCodeThread
WaitForSingleObject
CreateProcessW
CreateDirectoryW
SetUnhandledExceptionFilter
SetFilePointer
GetLocalTime
GlobalMemoryStatus
lstrcpyW
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
GetFileTime
GetFileSize
CreateFileW
GetModuleFileNameW
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
RaiseException
OutputDebugStringW
lstrlenW
WriteFile
InterlockedIncrement
FreeLibrary
GetTickCount
Sleep
ResumeThread
FindClose
FindNextFileW
FindFirstFileW
GetThreadLocale
CreateThread
CloseHandle
TerminateThread
ActivateActCtx
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
DeactivateActCtx
SetLastError
CompareStringW
MulDiv
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteFileW
GetFileSizeEx
VerifyVersionInfoW
GetFileAttributesExW
RtlUnwind

user32

InvertRect
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
TranslateAcceleratorW
PostThreadMessageW
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
IsClipboardFormatAvailable
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsRectEmpty
NotifyWinEvent
UnregisterClassW
SetLayeredWindowAttributes
EnumDisplayMonitors
CopyImage
RealChildWindowFromPoint
SetRectEmpty
CharUpperW
ShowOwnedPopups
WaitMessage
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMessageW
MapVirtualKeyW
GetKeyNameTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
SetWindowTextW
IsDialogMessageW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
HideCaret
ShowScrollBar
ValidateRect
UpdateWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
GetWindow
IntersectRect
GetWindowThreadProcessId
GetLastActivePopup
EndPaint
GetWindowRgn
GetWindowDC
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
EndDialog
GetMenuStringW
DispatchMessageW
TranslateMessage
ScreenToClient
GetAsyncKeyState
BringWindowToTop
DeleteMenu
RemoveMenu
GetSysColorBrush
CreateMenu
GetMenuState
ModifyMenuW
InsertMenuW
GetMenuItemCount
GetDesktopWindow
SystemParametersInfoW
GetMenuItemInfoW
DrawEdge
GetMenuItemID
RegisterWindowMessageW
SetRect
FrameRect
LoadMenuW
CreateIconIndirect
GetIconInfo
DrawStateW
DrawFocusRect
TrackPopupMenuEx
GetSubMenu
DestroyIcon
DestroyMenu
DestroyCursor
MessageBeep
ReleaseDC
SetCapture
ReleaseCapture
GetActiveWindow
WindowFromPoint
ClientToScreen
GetParent
GetNextDlgTabItem
SetParent
DestroyAcceleratorTable
SetClassLongW
DrawFrameControl
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
SetCursorPos
LockWindowUpdate
CopyIcon
CharUpperBuffW
IsCharLowerW
MapVirtualKeyExW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
InflateRect
GetFocus
SetWindowRgn
GetWindowLongW
IsZoomed
PtInRect
DrawIconEx
OffsetRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TranslateMDISysAccel
GetUpdateRect
GetDoubleClickTime
SubtractRect
GetScrollPos
GetClassInfoW
SendMessageA
FindWindowW
MessageBoxW
wsprintfW
wvsprintfW
GetCursorPos
CreatePopupMenu
GetKeyState
IsWindow
DrawIcon
IsIconic
SetFocus
SetForegroundWindow
SetActiveWindow
LoadIconW
LoadImageW
AppendMenuW
GetSystemMenu
InvalidateRect
EnumChildWindows
ShowWindow
IsWindowVisible
PostMessageW
KillTimer
SetTimer
GetClientRect
LoadBitmapW
GrayStringW
DrawTextExW
TabbedTextOutW
MoveWindow
GetDC
SetWindowPos
GetMonitorInfoW
MonitorFromRect
GetWindowRect
RedrawWindow
GetComboBoxInfo
LoadCursorW
SetCursor
GetSystemMetrics
FillRect
EnableWindow
SendMessageW
CopyRect
GetSysColor
DrawTextW
BeginPaint
SetMenu

gdi32

GetTextCharsetInfo
GetRgnBox
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreatePolygonRgn
CreateEllipticRgn
Polyline
Polygon
OffsetRgn
SetDIBColorTable
EnumFontFamiliesExW
EnumFontFamiliesW
SetPaletteEntries
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
SetPixelV
GetTextFaceW
SetTextAlign
MoveToEx
LineTo
StretchDIBits
CreateDIBitmap
GetCharWidthW
CombineRgn
SetRectRgn
CreateRectRgnIndirect
GetObjectType
SelectPalette
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateRectRgn
CreateCompatibleDC
LPtoDP
CreateCompatibleBitmap
GetMapMode
GetWindowExtEx
GetViewportExtEx
DPtoLP
GetBkColor
BitBlt
GetDeviceCaps
CreateFontIndirectW
GetTextExtentPoint32W
SelectClipRgn
GetTextColor
CreateSolidBrush
GetTextMetricsW
PtVisible
RectVisible
SetLayout
GetLayout
TextOutW
ExtTextOutW
ExtFloodFill
Escape
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CopyMetaFileW
CreateDCW
Rectangle
CreateHatchBrush
PatBlt
CreateDIBSection
Ellipse
GetBkMode
CreatePen
SetPixel
GetPixel
DeleteDC
SetTextColor
SetBkColor
CreateBitmap
RoundRect
CreateRoundRectRgn
DeleteObject
GetObjectW
GetCurrentObject
GetStockObject
StretchBlt
SelectObject
CreateFontW

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

OpenSCManagerW
CloseServiceHandle
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
ControlService
StartServiceW
QueryServiceStatus
OpenServiceW
UnlockServiceDatabase
ChangeServiceConfigW
LockServiceDatabase
QueryServiceConfigW
GetUserNameW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetSpecialFolderLocation
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
CommandLineToArgvW
SHGetFileInfoW
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteW
SHGetPathFromIDListW
SHGetDesktopFolder
DragQueryFileW
DragFinish

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIconSize

shlwapi

PathAddBackslashW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathRemoveFileSpecW

ole32

ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateGuid
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoUninitialize
CoCreateInstance
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
CoTaskMemFree
CoInitializeEx
OleFlushClipboard
CoRegisterMessageFilter
DoDragDrop
RegisterDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleGetClipboard
CreateStreamOnHGlobal
CoSetProxyBlanket
CoInitializeSecurity
CoLockObjectExternal
CoInitialize
RevokeDragDrop

oleaut32

SafeArrayGetElemsize
LoadRegTypeLi
DispCallFunc
SysStringLen
VariantChangeType
VariantCopy
SafeArrayCreate
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreateVector
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrFromDate
VariantClear
SysAllocString
VariantTimeToSystemTime
OleLoadPicture
SystemTimeToVariantTime
LoadTypeLi
SysAllocStringLen
OleCreateFontIndirect
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusStartup
GdipGetImageEncodersSize
GdiplusShutdown
GdipSaveImageToStream
GdipDisposeImage
GdipFree
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImageEncoders
GdipCreateBitmapFromStream

wsock32

setsockopt
WSAGetLastError
bind
listen
sendto
WSACleanup
recv
__WSAFDIsSet
send
connect
gethostname
WSAStartup
htons
socket
ntohs
accept
closesocket
ntohl
gethostbyname
inet_addr
select
inet_ntoa
recvfrom
getsockname
htonl
ioctlsocket
WSASetLastError
getpeername

dbghelp

MiniDumpWriteDump

iphlpapi

DeleteIpForwardEntry
CreateIpForwardEntry
GetIpAddrTable
GetIpForwardTable
GetAdaptersInfo
GetIfEntry

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

WSAEventSelect
getaddrinfo
WSASocketA
WSASend
WSARecv
WSAIoctl
WSACreateEvent
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
freeaddrinfo

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

libcurl

curl_slist_free_all
curl_global_cleanup
curl_slist_append
curl_easy_getinfo
curl_easy_perform
curl_easy_cleanup
curl_easy_init
curl_version_info
curl_global_init
curl_easy_setopt

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 590KB - Virtual size: 589KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ctors
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dtors
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 314KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f61308eec9297708a32173b7fcf6884

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libintl3

wininet

libprivoxy

libsodiumr

liveupdate

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

wsock32

dbghelp

iphlpapi

version

ws2_32

oleacc

imm32

winmm

libcurl

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 590KB - Virtual size: 589KB

.data Size: 62KB - Virtual size: 180KB

.ctors Size: 512B - Virtual size: 4B

.dtors Size: 512B - Virtual size: 4B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 314KB - Virtual size: 313KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 590KB - Virtual size: 589KB

.data
Size: 62KB - Virtual size: 180KB

.ctors
Size: 512B - Virtual size: 4B

.dtors
Size: 512B - Virtual size: 4B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 314KB - Virtual size: 313KB