2024-04-22_64abf89e0b783203920963a7d54cc4f9_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-22_64abf89e0b783203920963a7d54cc4f9_mafia
Size

972KB
MD5

64abf89e0b783203920963a7d54cc4f9
SHA1

d30a3d7103ab9cdb36b2718630e1afac2cb069ff
SHA256

eb8d186ab6668f2f9e19de0d61b9a51cff493ac89e40feb3db451255dc5ceb64
SHA512

6369a9e0b467e14caa091675aa78294340e7b0e34a7808e02925786190a5195ddb4b43108527188c36d426ab7212175d905414f6fc91e93eaedd2e14a658e78a
SSDEEP

24576:uqRbHvKFDY4hQIcPcFphJ9eSWengBrajcjCQtPw:3bHvIz6UhJ9NLIrawjbpw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-22_64abf89e0b783203920963a7d54cc4f9_mafia

Files

2024-04-22_64abf89e0b783203920963a7d54cc4f9_mafia
.exe windows:5 windows x86 arch:x86

4bca64e1661ed72fb4f380684fb98898

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Prog\HPCASL4.6\Release\hpqwmiex.pdb

Imports

setupapi

SetupDiDestroyDeviceInfoList
CM_Locate_DevNodeW
CM_Get_Device_IDW
CM_Get_Device_ID_Size
CM_Get_Sibling
SetupDiOpenDeviceInfoW
CM_Get_Child
SetupDiOpenClassRegKeyExW
SetupDiEnumDeviceInterfaces
CM_Get_DevNode_Status
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW

kernel32

GetCurrentThreadId
CreateEventW
OpenProcess
GetVersionExW
DeleteTimerQueue
GetCurrentProcessId
CreateTimerQueueTimer
CreateTimerQueue
SetEnvironmentVariableW
GetVolumeInformationW
FlushFileBuffers
QueryDosDeviceW
LoadLibraryW
GlobalAlloc
TerminateProcess
GetExitCodeProcess
CreateProcessW
VerifyVersionInfoW
VerSetConditionMask
FormatMessageW
DeleteFileW
ReleaseMutex
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringW
SetLastError
MoveFileW
GetTempFileNameW
FindClose
FindNextFileW
FindFirstFileW
GetFullPathNameW
GetFileAttributesExW
CreateDirectoryW
CreateMutexW
GetFirmwareEnvironmentVariableW
CompareStringW
HeapFree
HeapAlloc
GetProcessHeap
WriteFile
ExpandEnvironmentStringsW
WideCharToMultiByte
HeapDestroy
HeapReAlloc
HeapSize
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
ReadFile
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentThread
GetCurrentProcess
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
lstrcmpiW
RaiseException
SetEvent
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
GetCommandLineW
GetSystemPowerStatus
DeviceIoControl
ReleaseSemaphore
CreateSemaphoreW
LocalFree
LocalAlloc
CreateThread
WaitForSingleObject
SetProcessShutdownParameters
MultiByteToWideChar
SetThreadPriority
GetLocalTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
WaitForMultipleObjects
TerminateThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GlobalFree
GetModuleHandleW
GetProcAddress
InterlockedCompareExchange
CreateFileW
InterlockedExchange
InterlockedDecrement
OpenEventW
PulseEvent
CloseHandle
lstrlenW
InterlockedIncrement
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
SetStdHandle
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
EncodePointer
DecodePointer
GetTickCount
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetLocaleInfoW
GetStdHandle
HeapCreate
ExitProcess
IsProcessorFeaturePresent
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
LCMapStringW
GetFileAttributesW
GetStartupInfoW
HeapSetInformation
VirtualQuery
RtlUnwind
ExitThread
ResumeThread
GetTimeFormatW
GetDateFormatW
VirtualProtect
VirtualAlloc
GetSystemInfo
GetStringTypeW

user32

LoadStringW
GetSystemMetrics
PostThreadMessageW
GetMessageW
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextW
CharUpperW
TranslateMessage
DispatchMessageW

advapi32

OpenServiceW
CryptAcquireContextW
CryptReleaseContext
CryptVerifySignatureW
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
CryptHashData
CryptImportKey
EqualSid
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
StartServiceW
ControlService
DeleteService
CreateServiceW
QueryServiceStatus
ChangeServiceConfigW
CreateWellKnownSid
OpenThreadToken
OpenProcessToken
InitializeAcl
AddAccessAllowedAce
GetAclInformation
AddAce
GetAce
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSid
GetLengthSid
CopySid
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryInfoKeyW
OpenSCManagerW
GetServiceKeyNameW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
CloseServiceHandle
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoDisconnectObject
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoFreeUnusedLibraries
CoRevokeClassObject
CoRegisterClassObject
CoInitializeSecurity
CoSetProxyBlanket
CoResumeClassObjects
CoInitializeEx
CoAddRefServerProcess
CLSIDFromString
OleRun
CoCreateGuid
CoReleaseServerProcess

shell32

CommandLineToArgvW
SHGetFolderPathW

oleaut32

SystemTimeToVariantTime
SysStringByteLen
VarUdateFromDate
VarCmp
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SafeArrayDestroy
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
GetErrorInfo
VarBstrCmp
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysStringLen
VariantCopy
VariantClear
VariantInit
SysFreeString
VariantTimeToSystemTime

shlwapi

StrTrimW
StrCmpNIW
StrCmpW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetProcessImageFileNameW
EnumProcesses

Sections

.text
Size: 642KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bca64e1661ed72fb4f380684fb98898

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

version

psapi

Sections

.text Size: 642KB - Virtual size: 642KB

.rdata Size: 241KB - Virtual size: 240KB

.data Size: 16KB - Virtual size: 34KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 62KB - Virtual size: 62KB

.text
Size: 642KB - Virtual size: 642KB

.rdata
Size: 241KB - Virtual size: 240KB

.data
Size: 16KB - Virtual size: 34KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 62KB - Virtual size: 62KB