2024-04-23_134a4f032c57d68319acaa045ba87c26_mafia_sakula

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-23_134a4f032c57d68319acaa045ba87c26_mafia_sakula
Size

231KB
MD5

134a4f032c57d68319acaa045ba87c26
SHA1

a8913350a9279a02095b49ea69d76d445464f2c2
SHA256

6540ac53d021fa6eeb65565003a126950d13c41c07bb2ce2d39e5bf6e982a2e4
SHA512

112a100bfbf1826ebfceebfa910dd3e6681a4536aa8186cc3add1659176b41aadf4622ab1bc3613862a4609cde59fc983d97ba23da2f194fcc1662c3364a0e89
SSDEEP

3072:m4vQm/7865WvbZx4pUahdNPIPoriiUVfdVurrO+lFxDo:4mDl5cZCbhdN/e7fbiNc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-23_134a4f032c57d68319acaa045ba87c26_mafia_sakula

Files

2024-04-23_134a4f032c57d68319acaa045ba87c26_mafia_sakula
.exe windows:5 windows x86 arch:x86

c3fc40f0e7e85e58e7c465093d476204

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\edk\Sample\Platform\Nt32\uefi\Tools\ProcessDsc.pdb

Imports

shlwapi

PathCanonicalizeA

kernel32

GetProcAddress
CreateFileW
DeleteCriticalSection
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
ReleaseSemaphore
CreateThread
InitializeCriticalSection
CloseHandle
CreateEventA
CreateSemaphoreA
SetEvent
Sleep
GetExitCodeProcess
CreateProcessA
GetStdHandle
CreateFileA
GetShortPathNameA
HeapAlloc
GetLastError
HeapFree
CreateDirectoryA
GetDriveTypeW
GetFullPathNameA
GetCommandLineA
HeapSetInformation
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetCurrentThread
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
ExitProcess
WriteFile
GetModuleFileNameW
HeapCreate
HeapDestroy
RtlUnwind
GetFileAttributesA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FatalAppExitA
LCMapStringW
MultiByteToWideChar
GetCurrentDirectoryW
SetCurrentDirectoryW
ReadFile
SetFilePointer
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
WriteConsoleW
HeapReAlloc
CompareStringW
SetEnvironmentVariableA
HeapSize
SetEndOfFile
GetProcessHeap

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3fc40f0e7e85e58e7c465093d476204

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

Sections

.text Size: 181KB - Virtual size: 181KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 20KB - Virtual size: 36KB

.idata Size: 3KB - Virtual size: 3KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 181KB - Virtual size: 181KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 20KB - Virtual size: 36KB

.idata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 7KB - Virtual size: 6KB