2024-04-20_ca3d2e5032f547ae2fb00b1acf454a74_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-20_ca3d2e5032f547ae2fb00b1acf454a74_mafia
Size

2.5MB
MD5

ca3d2e5032f547ae2fb00b1acf454a74
SHA1

e1dfd5e2f5d785acc6699c1860d7d93e80dd22c2
SHA256

da6fac4cdbe43877566b1befbb4d189876c752f118fd186b6394014f8e023d99
SHA512

b47be4b8b5ac9895393436a4030f3a8c904f1b62b090647ba47ec1bcbea927c5c15a02c888a1b49e946250615f2308a761297cec0f16378726c6f4ee16827d23
SSDEEP

49152:pzaC+fl8Rpj406rRvEFqGtSsnRM6Iw7JVGzBh2rwoADirZuPVCeWUTHufU/2pNC4:qkpF6rRvElwqRM6Iw7JVGzvkEilWVCeW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-20_ca3d2e5032f547ae2fb00b1acf454a74_mafia

Files

2024-04-20_ca3d2e5032f547ae2fb00b1acf454a74_mafia
.exe windows:5 windows x86 arch:x86

53626ad51546fb7fc0e144ad06bfc941

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\build\develop4\Source\branches\naas_continuous\Solutions\_Output\Win32\Release\ControlLauncher.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msi

ord113

winhttp

WinHttpOpen
WinHttpQueryOption
WinHttpReceiveResponse
WinHttpSetOption
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpDetectAutoProxyConfigUrl
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpReadData
WinHttpSetCredentials
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryAuthSchemes
WinHttpAddRequestHeaders

userenv

ExpandEnvironmentStringsForUserW

iphlpapi

GetAdaptersAddresses

advapi32

RegQueryInfoKeyW
RegCreateKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
CredReadW
CredFree
RegDeleteKeyW
CredDeleteW
CredWriteW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
OpenProcessToken
RegSetValueExW
RegCloseKey

kernel32

GetTempPathW
GetProfileIntW
SearchPathW
VirtualProtect
GetUserDefaultLCID
FindResourceExW
LocalReAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
DecodePointer
EncodePointer
GetTimeFormatW
GetDateFormatW
GetSystemTimeAsFileTime
RtlUnwind
HeapReAlloc
ExitProcess
ExitThread
CreateThread
HeapQueryInformation
HeapSize
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalGetAtomNameW
GlobalFlags
InitializeCriticalSection
GetTickCount
ReleaseActCtx
CreateActCtxW
CreateEventW
SuspendThread
SetThreadPriority
GetFileTime
GetFileSizeEx
GetFileAttributesW
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
SetFileAttributesW
GetFileAttributesExW
InterlockedIncrement
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetCurrentThread
ConvertDefaultLocale
GetNumberFormatW
CompareStringA
GetLocaleInfoW
InterlockedExchange
GetFullPathNameW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetThreadLocale
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
ActivateActCtx
DeactivateActCtx
lstrcmpW
GlobalSize
GlobalAlloc
MulDiv
GlobalLock
GlobalUnlock
FreeResource
GetCurrentThreadId
TerminateThread
LoadLibraryW
GetCurrentProcessId
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
InterlockedDecrement
SystemTimeToTzSpecificLocalTime
GetVolumeInformationW
GetWindowsDirectoryW
GetDiskFreeSpaceExW
GetVersionExW
OpenProcess
GetProcessHeap
HeapFree
GetCurrentProcess
HeapAlloc
GetTempFileNameW
CreateProcessW
ExpandEnvironmentStringsW
ResumeThread
LocalFree
DeleteFileW
CloseHandle
ReleaseMutex
DeleteCriticalSection
GetUserDefaultUILanguage
lstrcmpiW
RemoveDirectoryW
SetCurrentDirectoryW
GlobalFree
GetProcAddress
SetLastError
GetLastError
RaiseException
lstrlenW
GetModuleFileNameW
GetExitCodeProcess
FormatMessageW
CopyFileW
Sleep
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
SetEvent
WaitForSingleObject
CreateDirectoryW
LoadLibraryExW
FreeLibrary
lstrlenA
CreateMutexW
FileTimeToLocalFileTime
FindNextFileW
LockResource
FindClose
MultiByteToWideChar
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
FindFirstFileW
FileTimeToDosDateTime
SetErrorMode
GetCurrentDirectoryW
lstrcpyW
GetSystemDirectoryW
GetSystemDefaultUILanguage
TlsFree

user32

EmptyClipboard
IsCharLowerW
MapVirtualKeyExW
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
CopyIcon
CharUpperBuffW
GetDoubleClickTime
SubtractRect
DestroyCursor
GetWindowRgn
DrawIconEx
LoadImageW
GetIconInfo
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
MapVirtualKeyW
CreatePopupMenu
GetMenuDefaultItem
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IntersectRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
DestroyIcon
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
KillTimer
SetTimer
InvalidateRect
DeleteMenu
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
OffsetRect
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
RegisterClipboardFormatW
GetMessageW
TranslateMessage
GetCursorPos
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
SetCursor
PostQuitMessage
CharUpperW
MoveWindow
SetWindowTextW
CloseClipboard
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
CallNextHookEx
GetClassLongW
SetWindowRgn
GetPropW
RemovePropW
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
ShowScrollBar
RedrawWindow
ValidateRect
UpdateWindow
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
CopyRect
PtInRect
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
RemoveMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetWindowTextLengthW
GetScrollPos
SetScrollPos
GetWindow
SetFocus
LoadMenuW
GetSubMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
SetClipboardData
OpenClipboard
GetKeyNameTextW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
LoadStringW
SendMessageTimeoutW
FindWindowW
keybd_event
ToUnicodeEx
DrawFrameControl
DrawEdge
DrawStateW
GetSystemMenu
SetClassLongW
DestroyAcceleratorTable
IsDialogMessageW
SetParent
GetWindowRect
GetKeyState
GetForegroundWindow
GetWindowLongW
GetWindowTextW
GetClassNameW
SetWindowPos
ShowWindow
IsWindowVisible
GetMonitorInfoW
RegisterWindowMessageW
IsIconic
RegisterShellHookWindow
SetForegroundWindow
DrawIcon
GetClientRect
GetAsyncKeyState
DeregisterShellHookWindow
PostThreadMessageW
GetSystemMetrics
GetWindowThreadProcessId
CharNextW
LoadIconW
PostMessageW
IsWindow
SendMessageW
EnableWindow
SetPropW
IsZoomed
SetWindowsHookExW

gdi32

SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
GetBkColor
GetTextColor
CreateFontIndirectW
GetTextExtentPoint32W
ScaleWindowExtEx
GetTextMetricsW
CreateDIBitmap
CreateCompatibleBitmap
CreateRectRgnIndirect
EnumFontFamiliesW
GetTextCharsetInfo
GetRgnBox
SetRectRgn
CombineRgn
GetMapMode
GetObjectW
DPtoLP
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
ExtSelectClipRgn
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
OffsetRgn
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceW
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
RealizePalette
DeleteDC
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
SetBkColor
SetTextColor
CreateDCW
CopyMetaFileW
GetDeviceCaps
PatBlt
CreateBitmap
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

shell32

SHGetFolderPathW
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHAppBarMessage
SHBrowseForFolderW
ShellExecuteExW
DragQueryFileW
DragFinish
ShellExecuteW

comctl32

ImageList_GetIconSize
InitCommonControlsEx

shlwapi

PathGetDriveNumberW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW

ole32

ReleaseStgMedium
CoCreateGuid
CreateStreamOnHGlobal
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoInitializeSecurity
StringFromGUID2
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleInitialize
CoInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
OleFlushClipboard
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
CoRegisterClassObject

oleaut32

VariantChangeType
GetErrorInfo
VariantTimeToSystemTime
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayUnlock
OleCreateFontIndirect
VariantCopy
SysStringByteLen
VariantInit
SysAllocStringByteLen
VariantClear
RegisterTypeLi
VarUI4FromStr
SysAllocStringLen
UnRegisterTypeLi
LoadTypeLi
VarBstrFromDate
SystemTimeToVariantTime
SafeArrayDestroy
SysFreeString
SysStringLen
SysAllocString

oledlg

OleUIBusyW

ws2_32

inet_ntoa

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipGetImageHeight
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipDisposeImage
GdipGetImageWidth
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCloneImage

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

psapi

EnumProcesses

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53626ad51546fb7fc0e144ad06bfc941

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

msi

winhttp

userenv

iphlpapi

advapi32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

ws2_32

oleacc

gdiplus

imm32

winmm

psapi

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 366KB - Virtual size: 366KB

.data Size: 28KB - Virtual size: 62KB

.rsrc Size: 449KB - Virtual size: 449KB

.reloc Size: 190KB - Virtual size: 189KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 366KB - Virtual size: 366KB

.data
Size: 28KB - Virtual size: 62KB

.rsrc
Size: 449KB - Virtual size: 449KB

.reloc
Size: 190KB - Virtual size: 189KB