2024-04-22_38bd64a2eae1baef3781ab100bbacc1a_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-22_38bd64a2eae1baef3781ab100bbacc1a_mafia
Size

1.8MB
MD5

38bd64a2eae1baef3781ab100bbacc1a
SHA1

87e8689c542f39b400c5f203bed37b430df2afa7
SHA256

2621b57082b57f4ef30a47a7b311de20a0281650e6ea3011d31d3ab554f91c1c
SHA512

84339521bdbd7ddba616a50da8475bcd298141f7db628737f34dded520436229db4c31a41a22397e972fe16436a1c72ed18c6fa9913c69def33833d1ff4eda06
SSDEEP

49152:xoPY6SVe/7st+0s+ZYQ0KnJklEBeYoz2TIx:DLe/fJmHnnel

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-22_38bd64a2eae1baef3781ab100bbacc1a_mafia

Files

2024-04-22_38bd64a2eae1baef3781ab100bbacc1a_mafia
.exe windows:5 windows x86 arch:x86

b311346eb3f29ee2f19bf0b60437c39e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Hudson_Home\workspace\klaus\Desktop Software\klickTel Automated Update Service\prj\installer\ktsinstaller\bin\ktsinstaller.pdb

Imports

kernel32

GetVersionExA
LocalFree
CompareStringW
GetTimeZoneInformation
DuplicateHandle
SetEnvironmentVariableA
CloseHandle
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetCurrentProcessId
GetProcessTimes
CreateProcessW
GetConsoleWindow
GetStdHandle
GetStartupInfoW
TerminateProcess
InterlockedIncrement
GetSystemTimeAsFileTime
GetCurrentDirectoryW
GetLongPathNameW
GetSystemDirectoryW
GetTempPathW
ExpandEnvironmentStringsW
GetLogicalDriveStringsW
WideCharToMultiByte
GetFileAttributesW
GetFileAttributesExW
SetFileTime
SetEndOfFile
SetFileAttributesW
CopyFileW
MoveFileW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TryEnterCriticalSection
GetEnvironmentVariableW
SetEnvironmentVariableW
GetVersionExW
GetSystemInfo
GetComputerNameW
CreatePipe
CreateEventW
SetEvent
FindFirstFileW
FindClose
FindNextFileW
InterlockedExchange
GetExitCodeThread
TlsGetValue
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
CreateMutexW
ReleaseMutex
ResetEvent
WaitForMultipleObjects
MultiByteToWideChar
EncodePointer
DecodePointer
InitializeCriticalSection
LocalAlloc
GetModuleFileNameW
LoadLibraryW
GetCommandLineW
HeapSetInformation
RtlUnwind
RaiseException
ExitThread
CreateThread
GetCPInfo
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
GetModuleHandleW
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoW
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
WriteConsoleW
SetStdHandle
LoadLibraryA
EnterCriticalSection
GetProcAddress
SetLastError
GetLastError
GetExitCodeProcess
LeaveCriticalSection
OpenProcess
GetProcessHeap
WaitForSingleObject
HeapFree
GetCurrentProcess
HeapAlloc
FreeLibrary
Sleep
InterlockedDecrement
SetThreadPriority

iphlpapi

GetAdaptersInfo

advapi32

ReportEventW
DeregisterEventSource
RegQueryInfoKeyA
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
QueryServiceConfigW
OpenServiceW
ChangeServiceConfigA
ControlService
StartServiceA
QueryServiceStatus
DeleteService
CreateServiceW
CloseServiceHandle
OpenSCManagerA
RegEnumValueW
RegisterEventSourceW

ws2_32

ntohs
htons
getservbyname
gethostname
ntohl
inet_addr
getnameinfo
getaddrinfo
freeaddrinfo
WSACleanup
WSAStartup
htonl

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b311346eb3f29ee2f19bf0b60437c39e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

iphlpapi

advapi32

ws2_32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 296KB - Virtual size: 295KB

.data Size: 22KB - Virtual size: 37KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 75KB - Virtual size: 75KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 296KB - Virtual size: 295KB

.data
Size: 22KB - Virtual size: 37KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 75KB - Virtual size: 75KB