2024-04-23_84a25a406026792cd480bc5970fb04ac_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-23_84a25a406026792cd480bc5970fb04ac_mafia
Size

3.8MB
MD5

84a25a406026792cd480bc5970fb04ac
SHA1

e1da9710487f978191e63ffc0e178a1d1b999ae3
SHA256

2054d10d9dd8c48e0f64df93e76917ef055c6dd704fe49ffc0b7dfaa97783718
SHA512

c175d369794d1fa8cf46f4b2bc733299114508b0cb92a879d6a19f5cfebeda0b9bd2d2c9a70f59fe19eb60ac538e3c5176e72491380910ff46e5134a00dbf404
SSDEEP

49152:Ewxk+LC3ck/rShC2OWYP2M72npLuDxRKncT1NuZoKvyiBcyqy//Z9i0w:Nk+LaqCwMVOpqIrdvyifqy//Z9i0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-23_84a25a406026792cd480bc5970fb04ac_mafia

Files

2024-04-23_84a25a406026792cd480bc5970fb04ac_mafia
.exe windows:5 windows x86 arch:x86

76eaee523cba0c507ad062dc1c94b7ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\dist\706\kcml\release.msc.x86.c\kclient.pdb

Imports

comctl32

ord16
CreateStatusWindowW
CreateToolbarEx
ImageList_AddMasked
ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_DrawEx
ImageList_GetImageCount
ImageList_Merge
ImageList_Add
CreatePropertySheetPageW
DestroyPropertySheetPage
ImageList_Draw
ImageList_GetIconSize
ImageList_DragShowNolock
PropertySheetW
ImageList_LoadImageW
ImageList_DragLeave
ImageList_EndDrag
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragMove
ord17
ImageList_DrawIndirect
ImageList_Remove
ImageList_GetIcon

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SysFreeString
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayGetElement
VariantCopy
SysStringByteLen
SysAllocStringLen
VariantCopyInd
LoadTypeLi
SafeArrayCreate
SafeArrayPutElement
VarUI4FromStr
VariantChangeType
SafeArrayCreateVector
LoadRegTypeLi
SysStringLen
SysAllocString
VariantClear
SysAllocStringByteLen
VariantInit

imm32

ImmNotifyIME
ImmGetContext
ImmReleaseContext
ImmGetConversionStatus
ImmGetOpenStatus
ImmSetConversionStatus
ImmSimulateHotKey

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeEndPeriod
timeKillEvent
timeSetEvent
timeBeginPeriod
timeGetDevCaps
PlaySoundW

kernel32

SetThreadPriority
GetCurrentThread
CreateDirectoryW
GetDriveTypeW
GetTempPathW
SetFileTime
SystemTimeToFileTime
GetSystemTime
SetCommState
GetCommState
SetCommTimeouts
GetFileInformationByHandle
InterlockedDecrement
GetTempFileNameW
GetCurrentDirectoryW
DeleteCriticalSection
InterlockedIncrement
GetUserDefaultLCID
IsDBCSLeadByteEx
GetCPInfo
lstrlenA
InitializeCriticalSectionAndSpinCount
FindAtomW
GetComputerNameW
RegisterWaitForSingleObject
OpenEventW
GetSystemTimeAsFileTime
WaitForMultipleObjects
ExitProcess
HeapDestroy
GetCPInfoExW
IsDebuggerPresent
OutputDebugStringW
GetExitCodeProcess
VirtualQuery
GlobalHandle
GetVersion
GetSystemInfo
SetThreadAffinityMask
GetEnvironmentVariableW
SetEndOfFile
CreateNamedPipeW
WaitNamedPipeW
DeviceIoControl
FindCloseChangeNotification
lstrcpyW
GetModuleFileNameW
FreeLibrary
FormatMessageW
GetTimeZoneInformation
SetEnvironmentVariableA
HeapCreate
FindFirstChangeNotificationW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
WriteConsoleW
InterlockedCompareExchange
InterlockedPushEntrySList
lstrlenW
GetStringTypeW
RtlUnwind
DecodePointer
EncodePointer
VirtualAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetFileType
WideCharToMultiByte
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsValidCodePage
LCMapStringW
MultiByteToWideChar
GetConsoleCP
GetConsoleMode
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
SetHandleCount
FlushFileBuffers
GetModuleFileNameA
QueryPerformanceCounter
InterlockedExchange
SetStdHandle
FindNextChangeNotification
GetFileTime
InitializeCriticalSection
ReleaseMutex
CreateMutexW
CompareFileTime
SetThreadLocale
LoadLibraryExW
MapViewOfFileEx
LocalReAlloc
GetPrivateProfileStringW
GetPrivateProfileIntW
SetEnvironmentVariableW
SetCurrentDirectoryW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
GetDiskFreeSpaceW
SetLastError
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetTimeFormatW
GetLocalTime
GetTickCount
GetFileSize
ReadProcessMemory
GlobalAddAtomW
GlobalDeleteAtom
GetLocaleInfoW
SetErrorMode
WriteFile
SetFilePointer
ReadFile
FindResourceExW
SizeofResource
UnmapViewOfFile
GetCurrentProcessId
CreateFileMappingW
MapViewOfFile
LocalFree
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
GlobalReAlloc
FindResourceW
LoadResource
LockResource
LocalAlloc
LocalLock
LocalUnlock
GetProfileStringW
CreateFileW
GetFileAttributesW
_lwrite
OpenFile
_llseek
_lclose
GetProcAddress
GetLastError
CreateProcessW
TlsFree
TlsAlloc
TlsGetValue
TlsSetValue
GetFullPathNameW
GetVersionExW
GlobalAlloc
GetModuleHandleW
GetOEMCP
GetACP
GetThreadLocale
GetCurrentThreadId
GetCommandLineW
DeleteFileW
CloseHandle
CreateThread
CreateEventW
GetSystemDirectoryA
LoadLibraryA
SetEvent
Sleep
ResetEvent
WaitForSingleObject
lstrcatW
GlobalFree
GlobalLock
VirtualFree
InterlockedPopEntrySList
MulDiv
GlobalUnlock
lstrcmpiW
WinExec
lstrcmpW
lstrcpynW
LoadLibraryW

user32

GetCursor
GetKeyboardState
GetAsyncKeyState
SetWindowRgn
TrackPopupMenuEx
SetRectEmpty
CopyIcon
RegisterWindowMessageW
MapWindowPoints
MonitorFromWindow
IsMenu
IsCharAlphaNumericW
InsertMenuItemW
DestroyCursor
WindowFromDC
GetMenuItemID
IsDlgButtonChecked
CheckDlgButton
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DefFrameProcW
LoadStringW
GetScrollPos
DeleteMenu
EnumWindows
keybd_event
mouse_event
GetMenuItemRect
FindWindowExW
CharNextW
UpdateLayeredWindow
IsCharAlphaW
MonitorFromRect
LoadKeyboardLayoutW
GetIconInfo
CreateIconFromResourceEx
DialogBoxParamW
DrawTextExW
RemovePropW
GetPropW
GetWindowThreadProcessId
SubtractRect
CreatePopupMenu
SetMenuItemInfoW
ChildWindowFromPoint
SetMenuDefaultItem
GetKeyNameTextW
LoadImageW
GetCursorPos
OffsetRect
IsRectEmpty
DrawMenuBar
MapDialogRect
GetSysColorBrush
DrawStateW
GetMessagePos
PtInRect
GetMenuItemCount
TrackPopupMenu
SetParent
UnregisterClassW
SetMenu
CreateMDIWindowW
ChildWindowFromPointEx
GetMessageTime
SetActiveWindow
GetMenuBarInfo
ScreenToClient
RedrawWindow
DrawIconEx
GetWindowDC
ClientToScreen
SendInput
RemoveMenu
GetWindow
GetDlgCtrlID
DefMDIChildProcW
GetForegroundWindow
MsgWaitForMultipleObjects
BringWindowToTop
SetForegroundWindow
GetScrollInfo
CallWindowProcW
DdeEnableCallback
DdeGetData
GetDesktopWindow
DefDlgProcW
RegisterClipboardFormatW
LoadMenuW
DdeConnect
DdeInitializeW
DdeCreateDataHandle
DdeQueryStringW
DdeNameService
DdeGetLastError
DdeUninitialize
DdeDisconnect
DdeAccessData
DdeUnaccessData
DdeCreateStringHandleW
DdeFreeStringHandle
DdeClientTransaction
wsprintfA
IsWindow
SetCursor
ShowCursor
DestroyCaret
ScrollWindowEx
CreateCaret
SetClassLongW
IntersectRect
InvertRect
EqualRect
GetClipboardData
GetClassLongW
MoveWindow
CheckRadioButton
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
EnableWindow
SetClipboardViewer
GetClassNameW
FindWindowW
RegisterClassExW
AdjustWindowRectEx
DestroyIcon
CreateMenu
CreateWindowExW
GetMenuItemInfoW
VkKeyScanW
LoadCursorW
RegisterClassW
FillRect
InflateRect
FrameRect
DrawFrameControl
DrawTextW
DrawFocusRect
SetCapture
ReleaseCapture
GetSubMenu
GetMessageW
IsWindowEnabled
TranslateMessage
IsDialogMessageW
DispatchMessageW
ShowCaret
IsWindowVisible
ShowWindow
GetSystemMenu
SetCaretPos
SystemParametersInfoW
HideCaret
NotifyWinEvent
GetKeyState
MapVirtualKeyW
SetScrollRange
SetScrollPos
ShowScrollBar
SetWindowPlacement
GetKeyboardLayout
DrawIcon
ChangeClipboardChain
DestroyMenu
PostQuitMessage
WinHelpW
DestroyWindow
GetMenu
IsClipboardFormatAvailable
EnableMenuItem
CheckMenuItem
PostThreadMessageW
SendNotifyMessageW
EndDialog
GetDlgItem
GetWindowTextLengthW
SetFocus
GetWindowTextW
LoadIconW
GetFocus
MessageBeep
PostMessageW
KillTimer
SetTimer
GetWindowRect
GetParent
GetWindowPlacement
UpdateWindow
BeginPaint
GetClientRect
EndPaint
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetWindowLongW
DefWindowProcW
SetWindowPos
GetWindowLongW
SetRect
AdjustWindowRect
GetSystemMetrics
IsIconic
IsZoomed
CopyRect
DrawEdge
TabbedTextOutW
GetMenuState
SetDlgItemInt
GetDlgItemInt
GetDlgItemTextW
LoadBitmapW
SetScrollInfo
GetClassInfoExW
UnionRect
MonitorFromPoint
GetMonitorInfoW
GetClassInfoW
GetCapture
TrackMouseEvent
CreateIconIndirect
InvalidateRect
WindowFromPoint
GetDoubleClickTime
wsprintfW
GetSysColor
GetDC
ReleaseDC
DialogBoxIndirectParamW
CreateDialogIndirectParamW
InsertMenuW
PeekMessageW
SetPropW
AppendMenuW
SendMessageW
SendDlgItemMessageW
SetDlgItemTextW
MessageBoxW
SetWindowTextW
GetActiveWindow
EnumChildWindows
UnregisterClassA

advapi32

CryptReleaseContext
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
GetUserNameW
RegQueryInfoKeyW
GetLengthSid
GetTokenInformation
OpenProcessToken
SetSecurityInfo
GetAce
GetSecurityDescriptorDacl
RegGetKeySecurity
InitializeAcl
RegOpenKeyW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
LookupAccountNameW
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
AddAccessDeniedAce
AddAccessAllowedAce
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegOpenCurrentUser
RegSetValueExA
CryptDestroyKey
RegQueryValueExW

gdi32

Polyline
SetDIBitsToDevice
ExtCreatePen
RoundRect
LineTo
GetNearestColor
ExtSelectClipRgn
GetObjectW
GetStockObject
GetTextMetricsW
GetTextFaceW
SelectObject
StretchDIBits
SetStretchBltMode
RealizePalette
SelectPalette
SetBkMode
DeleteObject
UnrealizeObject
CreateFontIndirectW
SetTextColor
SetBkColor
Rectangle
CreateSolidBrush
ExtTextOutW
RemoveFontResourceW
AddFontResourceW
GetDeviceCaps
EndDoc
EndPage
TextOutW
MoveToEx
SetTextAlign
StartPage
StartDocW
GetDIBits
AbortDoc
GetTextExtentPointW
SetAbortProc
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
GetCurrentPositionEx
GetTextExtentPoint32W
CreateDCW
GetCurrentObject
CreatePen
PatBlt
BitBlt
ExcludeClipRect
Polygon
CreateDIBSection
GdiFlush
CreatePalette
GetPixel
SetDIBits
GetNearestPaletteIndex
StretchBlt
SetBrushOrgEx
GetBrushOrgEx
SetMetaFileBitsEx
DeleteMetaFile
GetSystemPaletteEntries
SelectClipRgn
CreateRectRgn
SetViewportOrgEx
RestoreDC
PlayMetaFile
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
SaveDC
CombineRgn
GetClipRgn
GetViewportOrgEx
GetTextColor
GetCharWidthW
GetBkColor
GetCharWidth32W
EnumFontFamiliesW
CreateICW
TranslateCharsetInfo
Ellipse
GetObjectA
OffsetRgn
CreateRectRgnIndirect
FillRgn

ws2_32

gethostbyaddr
ioctlsocket
WSAEventSelect
shutdown
select
ntohs
WSASetLastError
closesocket
connect
socket
setsockopt
getsockname
getpeername
WSAResetEvent
WSAWaitForMultipleEvents
WSACreateEvent
WSAStartup
ntohl
gethostname
getsockopt
accept
bind
listen
WSAEnumNetworkEvents
inet_ntoa
gethostbyname
inet_addr
htonl
getservbyname
WSACleanup
htons
send
recv
WSAGetLastError
getservbyport

shell32

DragAcceptFiles
SHGetSpecialFolderLocation
CommandLineToArgvW
SHGetFileInfoW
ExtractIconW
ExtractIconExW
DuplicateIcon
SHChangeNotify
SHFileOperationW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
DragQueryFileW
DragQueryPoint
DragFinish
ShellExecuteW

winspool.drv

ClosePrinter
EndDocPrinter
EndPagePrinter
OpenPrinterW
DocumentPropertiesW
GetPrinterW
WritePrinter
StartPagePrinter
StartDocPrinterW

comdlg32

PrintDlgW
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
ChooseFontW
ChooseColorW
PageSetupDlgW

ole32

CoTaskMemAlloc
ReleaseStgMedium
StgCreateStorageEx
RegisterDragDrop
CoTaskMemFree
StringFromCLSID
CoTaskMemRealloc
DoDragDrop
StringFromIID
CLSIDFromProgID
CoSetProxyBlanket
CoInitializeSecurity
CreateBindCtx
CoCreateGuid
CoCreateInstance
RevokeDragDrop
CoGetClassObject
StgCreateDocfile
CreateStreamOnHGlobal
CLSIDFromString
CoUninitialize
OleUninitialize
OleInitialize
CoInitializeEx
MkParseDisplayName

gdiplus

GdipTranslateWorldTransform
GdipDrawLineI
GdipDrawPath
GdipCombineRegionRectI
GdipCloneRegion
GdipDrawLinesI
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteFont
GdipSetStringFormatHotkeyPrefix
GdipDrawString
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDisposeImage
GdipSetSmoothingMode
GdipCreateBitmapFromHICON
GdipSetStringFormatFlags
GdipCreatePen1
GdipDrawImageI
GdipCloneImage
GdipSetLineBlend
GdipLoadImageFromFile
GdipCreateTexture
GdipCreateLineBrushFromRectWithAngleI
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipSetStringFormatAlign
GdipDrawArcI
GdipFillPath
GdiplusStartup
GdiplusShutdown
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipCloneBrush
GdipRestoreGraphics
GdipSaveGraphics
GdipSetClipRegion
GdipSetClipRectI
GdipGetPenWidth
GdipCreateSolidFill
GdipDeletePen
GdipCreatePen2
GdipDeleteBrush
GdipAlloc
GdipCreateRegion
GdipGetClip
GdipFillRectangleI
GdipGetWorldTransform
GdipReleaseDC
GdipGetDC
GdipCreateFromHWND
GdipCreateFromHDC
GdipGetMatrixElements
GdipCreateMatrix
GdipFree
GdipIsEmptyRegion
GdipGetRegionHRgn
GdipDeleteRegion
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipDeleteMatrix
GdipGetImageBounds
GdipGetSmoothingMode

secur32

GetUserNameExW

iphlpapi

NotifyAddrChange

oleacc

LresultFromObject
AccessibleObjectFromWindow

msimg32

GradientFill

Exports

Exports

_KClient@16
_KClientLoadError@16
_KClientSnoop@8
_RegisterAboutControl@8
_RegisterOurDlgControl@8
_SetInternal@0

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

K_BSS
Size: - Virtual size: 58KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 773KB - Virtual size: 773KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

K_DATA
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_text
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 815KB - Virtual size: 815KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76eaee523cba0c507ad062dc1c94b7ab

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

oleaut32

imm32

version

winmm

kernel32

user32

advapi32

gdi32

ws2_32

shell32

winspool.drv

comdlg32

ole32

gdiplus

secur32

iphlpapi

oleacc

msimg32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

K_BSS Size: - Virtual size: 58KB

.rdata Size: 773KB - Virtual size: 773KB

.data Size: 29KB - Virtual size: 38KB

K_DATA Size: 25KB - Virtual size: 24KB

_text Size: 512B - Virtual size: 1B

.rsrc Size: 815KB - Virtual size: 815KB

.reloc Size: 170KB - Virtual size: 169KB

.text
Size: 2.0MB - Virtual size: 2.0MB

K_BSS
Size: - Virtual size: 58KB

.rdata
Size: 773KB - Virtual size: 773KB

.data
Size: 29KB - Virtual size: 38KB

K_DATA
Size: 25KB - Virtual size: 24KB

_text
Size: 512B - Virtual size: 1B

.rsrc
Size: 815KB - Virtual size: 815KB

.reloc
Size: 170KB - Virtual size: 169KB