2024-04-23_ddf69adb0c40da2a9a15e3deeaad7b3d_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-23_ddf69adb0c40da2a9a15e3deeaad7b3d_mafia
Size

811KB
MD5

ddf69adb0c40da2a9a15e3deeaad7b3d
SHA1

69ef0fddc14551a251fd7cf5f86b0d4c5507b63d
SHA256

cab5d31089374610a7f2efda41aa6e03fb7fc66342b85614ff2f03a3489b1e8a
SHA512

16871b36d98cd840baac302383811f1accc96a53853c09ad511a39ff88cdafe528888a0be542d7e6ca7c83efda611e8bca31b5ff6ec5f4448951ed302475187c
SSDEEP

24576:+UUsltqWPNpUGJkpA2fl8Q2RDgbZx7TVKt:+/WPNuGaptfl8Q2RslTc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-23_ddf69adb0c40da2a9a15e3deeaad7b3d_mafia

Files

2024-04-23_ddf69adb0c40da2a9a15e3deeaad7b3d_mafia
.exe windows:5 windows x86 arch:x86

1e08266b3597f453608af7821aa66457

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Y:\!devtools\crashrpt\bin\CrashSender.pdb

Imports

ws2_32

htons
getservbyname
htonl
inet_ntoa
gethostbyname
inet_addr
WSAGetLastError
gethostbyaddr
socket
connect
closesocket
send
recv
WSAStartup
WSACleanup
WSASetLastError
getservbyport
ntohs

dnsapi

DnsQuery_W
DnsFree

wininet

HttpEndRequestW
HttpOpenRequestW
InternetSetOptionW
HttpQueryInfoW
InternetCloseHandle
InternetQueryOptionW
HttpSendRequestExW
InternetReadFile
InternetOpenW
InternetConnectW
InternetWriteFile

rpcrt4

RpcStringFreeA
UuidToStringA

psapi

GetProcessMemoryInfo

gdi32

SetBkColor
CreateDCW
GetDIBits
TextOutW
CreateFontW
CreateRectRgn
SelectClipRgn
BitBlt
SelectPalette
RealizePalette
SetStretchBltMode
StretchBlt
SetViewportOrgEx
SetLayout
DeleteObject
CreateFontIndirectW
SelectObject
GetObjectW
SetBkMode
SetTextColor
DeleteDC
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
SetDIBits
Polygon
CreateSolidBrush
CreatePen
CreateHalftonePalette
CreatePalette
GetDIBColorTable

shell32

SHFileOperationW
SHGetFileInfoW
ExtractIconW
ShellExecuteW
CommandLineToArgvW
Shell_NotifyIconW
SHGetSpecialFolderPathW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

SetCurrentDirectoryW
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
GetStdHandle
GetFileType
HeapSize
GetLocaleInfoW
HeapReAlloc
GetConsoleCP
GetConsoleMode
PeekNamedPipe
UnhandledExceptionFilter
VirtualQuery
VirtualProtect
GetStartupInfoW
HeapSetInformation
GetDateFormatW
GetTimeFormatW
FindFirstFileExW
SetFilePointer
QueryPerformanceCounter
GetCurrentDirectoryW
SetHandleCount
Sleep
FatalAppExitA
InitializeCriticalSectionAndSpinCount
lstrlenW
InterlockedDecrement
OpenFileMappingW
CreateFileMappingW
CloseHandle
UnmapViewOfFile
InterlockedIncrement
GetSystemInfo
MapViewOfFile
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryW
WritePrivateProfileStringW
SystemTimeToFileTime
GetFileAttributesExW
MultiByteToWideChar
lstrlenA
DebugBreak
GetTickCount
GetModuleFileNameW
GetTempFileNameW
GetTempPathW
GetUserDefaultLCID
GetPrivateProfileStringW
GlobalFree
FormatMessageW
GlobalAlloc
GetFileAttributesW
GetLastError
CreateDirectoryW
SetEvent
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ResetEvent
WideCharToMultiByte
CreateEventW
FindNextFileW
FindClose
SetLastError
GetFullPathNameW
FindFirstFileW
GetFileSizeEx
CreateFileW
GetSystemTime
FileTimeToSystemTime
GetProcessTimes
ReadProcessMemory
OpenProcess
CopyFileW
RaiseException
FlushInstructionCache
GetCurrentThreadId
GetModuleHandleW
lstrcmpiW
MulDiv
CompareStringW
lstrcmpW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
GetVersionExW
WriteFile
ReadFile
CreateProcessW
GetFileInformationByHandle
Process32NextW
TerminateProcess
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
CreateThread
CreateMutexW
GlobalUnlock
GlobalLock
LoadLibraryA
GetSystemDirectoryA
GetTimeZoneInformation
GetDriveTypeW
FileTimeToLocalFileTime
DecodePointer
EncodePointer
GetDateFormatA
GetCPInfo
GetTimeFormatA
GetSystemTimeAsFileTime
RtlUnwind
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrcmpiA
CompareStringA
GetVersion
InterlockedExchange
GetVersionExA
VirtualAlloc
VirtualFree
HeapAlloc
GetProcessHeap
HeapFree
SetConsoleCtrlHandler
FlushFileBuffers
LCMapStringW
SetEnvironmentVariableW
OutputDebugStringW
SetStdHandle
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
ExitProcess
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEndOfFile
CreateFileA
GetFullPathNameA
SetEnvironmentVariableA
TlsFree
GetCurrentThread
IsProcessorFeaturePresent
SystemTimeToTzSpecificLocalTime
GetACP

user32

GetSubMenu
GetActiveWindow
DrawIcon
DrawTextExW
GetIconInfo
GetMenu
EnableWindow
FlashWindow
MessageBoxW
IsDialogMessageW
AdjustWindowRectEx
CopyRect
LoadIconW
PostQuitMessage
DialogBoxParamW
PostMessageW
SetProcessDefaultLayout
KillTimer
GetScrollInfo
SetScrollInfo
CharUpperW
DrawTextExA
SetTimer
AnimateWindow
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
IntersectRect
GetWindowThreadProcessId
EnumWindows
EnumDisplayMonitors
GetCursorInfo
GetCapture
ReleaseCapture
ReleaseDC
EndPaint
BeginPaint
GetCursorPos
EnableMenuItem
DrawFocusRect
FillRect
DrawTextW
TrackPopupMenu
CallWindowProcW
IsWindow
GetDlgCtrlID
GetParent
SetFocus
SetCapture
IsWindowEnabled
UpdateWindow
ScreenToClient
GetWindowTextLengthW
DeleteMenu
EndDialog
LoadImageW
GetDesktopWindow
GetSysColorBrush
GetKeyState
CreateDialogParamW
GetClassNameW
GetWindowTextW
CharUpperA
SystemParametersInfoW
DestroyWindow
SetRectEmpty
GetDlgItem
RedrawWindow
IsWindowVisible
ShowWindow
InvalidateRect
SendMessageW
SetWindowPos
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyIcon
GetGuiResources
CharNextW
GetWindowLongW
SetWindowLongW
GetDC
GetWindowRect
MapWindowPoints
MoveWindow
GetWindow
LoadStringW
LoadMenuW
SetWindowTextW
MonitorFromPoint
GetMonitorInfoW
DestroyMenu
SetMenuItemInfoW
PtInRect
CheckMenuRadioItem
LoadCursorW
GetSysColor
GetFocus
SetCursor
OffsetRect
UnregisterClassA
CharLowerA
CharLowerW
GetClientRect
CreateWindowExW

advapi32

RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegEnumValueW
RegOpenKeyExW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateGuid

oleaut32

VarDecCmp
VarDateFromStr
VarI4FromStr
VarR8FromStr
SysFreeString
VarUI4FromStr
VarDecFromStr

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_Remove
ImageList_ReplaceIcon
_TrackMouseEvent

Sections

.text
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e08266b3597f453608af7821aa66457

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

dnsapi

wininet

rpcrt4

psapi

gdi32

shell32

comdlg32

version

kernel32

user32

advapi32

ole32

oleaut32

comctl32

Sections

.text Size: 554KB - Virtual size: 553KB

.rdata Size: 122KB - Virtual size: 122KB

.data Size: 10KB - Virtual size: 18KB

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 554KB - Virtual size: 553KB

.rdata
Size: 122KB - Virtual size: 122KB

.data
Size: 10KB - Virtual size: 18KB

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 24KB - Virtual size: 23KB