2024-04-21_5110c49104c9336e49db2b94249bc2a5_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-21_5110c49104c9336e49db2b94249bc2a5_mafia
Size

161KB
MD5

5110c49104c9336e49db2b94249bc2a5
SHA1

e0dae7880802bbd85d6b7081ea32db8b1449163d
SHA256

685c80df61f9743c7fd8ded832b90692cdc5b70f75f50b138e1764e48ff92af4
SHA512

d4414f34c2ef7fae911eb5b396387f69ae6744d916f052c85c5b84e516be55bb9aa2b94a09ec2f98e596746c1b7f325b1fe5923e803b50db5470a3ba02fc51fc
SSDEEP

3072:6Aoh5HRaSzCSqs6sRO/wJp4MdXWmkLKqYPdIQg7:Tu5H8S+Sq11WsLKoQg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-21_5110c49104c9336e49db2b94249bc2a5_mafia

Files

2024-04-21_5110c49104c9336e49db2b94249bc2a5_mafia
.exe windows:5 windows x86 arch:x86

1d1cd432bae3f8bb35f8530fce458c47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\CODE\_Wistron_TE\Windows\WinMBD\branches\WMI\Release\WinMBD32.pdb

Imports

kernel32

CreateMutexA
ReleaseMutex
WaitForSingleObject
InitializeCriticalSection
InterlockedDecrement
DeviceIoControl
CreateFileA
Sleep
GetModuleFileNameA
GetLastError
CloseHandle
GetNativeSystemInfo
LocalFree
lstrlenA
GetProcessHeap
SetEndOfFile
CreateFileW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapFree
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
RaiseException
HeapCreate
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
ReadFile
FlushFileBuffers
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
RtlUnwind
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
MultiByteToWideChar
HeapReAlloc
LoadLibraryW
GetLocaleInfoW
WriteConsoleW
SetStdHandle
LCMapStringW
GetStringTypeW

user32

MessageBoxA

advapi32

ControlService
QueryServiceStatusEx
StartServiceA
CreateServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
DeleteService

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d1cd432bae3f8bb35f8530fce458c47

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 117KB - Virtual size: 116KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 31KB

.rsrc Size: 512B - Virtual size: 448B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 117KB - Virtual size: 116KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 31KB

.rsrc
Size: 512B - Virtual size: 448B

.reloc
Size: 9KB - Virtual size: 9KB