2024-04-23_99e362658aa0b1e28823392a7c3bbc83_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-23_99e362658aa0b1e28823392a7c3bbc83_mafia
Size

1.2MB
MD5

99e362658aa0b1e28823392a7c3bbc83
SHA1

6714866acabc3da3a1feafea6c94afc45e208d2d
SHA256

0a8ca9dfe0d69e5de08e03c8f402a7494507d93b9a1d748b71e9bbf6c5c90559
SHA512

e52704fb8996c8ffd29127453e0858e45bc3e0859713e1dd7af364eb27d1bb61c909a117a7c414705b1e78bce078feba56869fc6d4e7fad42d4c61d9b01c088c
SSDEEP

24576:1B9NejMimnzoO+BJQ9A99JbirrfmobiSMkhLBzrCxQi/lL+kxCce:PejMimnzorBJQejJ+vfmo6k7bg5+Dce

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-04-23_99e362658aa0b1e28823392a7c3bbc83_mafia

Files

2024-04-23_99e362658aa0b1e28823392a7c3bbc83_mafia
.exe windows:5 windows x86 arch:x86

9a523dc3d44e0f33d817285e267f7ab0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\qba1\workspace\root\Products\iRST\14.5\Storage_Installer\InstallerWrap\MSI\RST\Release\Setup.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetUserDefaultUILanguage
GetTempPathW
GetTempFileNameW
LoadLibraryExW
GetProcAddress
CreateDirectoryW
MoveFileW
MoveFileExW
ExpandEnvironmentStringsW
GetFileSize
ReadFile
SizeofResource
LoadResource
LockResource
FindFirstFileW
FindClose
GetFileAttributesW
FindNextFileW
IsWow64Process
GetCurrentProcess
MultiByteToWideChar
CreateProcessW
GetExitCodeProcess
GetCurrentDirectoryW
GetDriveTypeW
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
ExitProcess
GetNativeSystemInfo
VerSetConditionMask
VerifyVersionInfoW
OpenMutexW
ReleaseMutex
CreateMutexW
MulDiv
GetConsoleMode
GetConsoleCP
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLangID
HeapSize
GetSystemTimeAsFileTime
CopyFileW
QueryPerformanceCounter
HeapCreate
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
IsProcessorFeaturePresent
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCPInfo
RtlUnwind
RaiseException
HeapAlloc
HeapFree
CreateThread
GetCurrentThreadId
ExitThread
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLocaleInfoW
FreeLibrary
EnumResourceLanguagesW
GetSystemPowerStatus
GetEnvironmentVariableW
FindResourceW
WaitForSingleObject
GetModuleHandleW
GetVersion
LoadLibraryW
DeleteFileW
RemoveDirectoryW
GetUserDefaultLCID
GetLastError
LoadLibraryA
SetFileAttributesW
GetModuleFileNameW
InterlockedDecrement
CloseHandle
WriteFile
GetLocalTime
SetFilePointer
CreateFileW
GetTickCount
GetVersionExW
GetCommandLineW
LocalAlloc
lstrlenW
LocalFree
FormatMessageW
Sleep
GetStringTypeW
WideCharToMultiByte
InterlockedExchange
InterlockedCompareExchange
InterlockedIncrement
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetCurrentProcessId

user32

MapWindowPoints
GetClassNameW
InflateRect
SetClassLongW
wsprintfW
LoadCursorW
MapDialogRect
SetFocus
OffsetRect
CopyRect
CallWindowProcW
GetSystemMetrics
AdjustWindowRectEx
DrawTextW
GetWindowTextLengthW
SetRectEmpty
ReleaseDC
GetDC
MessageBoxIndirectW
FillRect
SetRect
GetWindowLongW
EnableWindow
LoadImageW
SetDlgItemTextW
InvalidateRect
GetParent
EndDialog
SetWindowTextW
GetWindowTextW
GetWindow
GetDlgItem
GetClientRect
SetWindowPos
GetWindowRect
DestroyWindow
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
ShowWindow
SetWindowLongW
CreateDialogIndirectParamW
ExitWindowsEx
LoadStringW
SendMessageW
MessageBoxW
MoveWindow
MonitorFromWindow
GetMonitorInfoW
CreateWindowExW
SetCursor

gdi32

GetDeviceCaps
DeleteObject
DeleteDC
StretchBlt
BitBlt
SelectObject
CreateCompatibleDC
SetBkMode
SetTextColor
GetObjectW
CreateFontW
GetStockObject
GetTextMetricsW

advapi32

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCreateKeyExW

shell32

SHCreateDirectoryExW
SHFileOperationW
CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderLocation

ole32

OleRun
CoCreateInstance
CoInitialize

oleaut32

GetErrorInfo
SysFreeString
SysStringLen
VariantInit
VariantCopy
VariantClear
SysAllocString

shlwapi

PathGetCharTypeW
PathSkipRootW
PathIsUNCW
PathCombineW
PathIsRelativeW
PathMatchSpecW
PathGetArgsW
PathQuoteSpacesW
PathFindFileNameW
PathRemoveExtensionW
PathFindExtensionW
PathRemoveFileSpecW
PathRemoveArgsW
PathFileExistsW
PathAppendW
PathStripToRootW

cabinet

ord22
ord23
ord20

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupOpenInfFileW
SetupFindNextLine
SetupGetStringFieldW
SetupGetLineTextW
SetupFindFirstLineW
SetupCloseInfFile
SetupDiGetClassDevsW

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 797KB - Virtual size: 797KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

clsxnop
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9a523dc3d44e0f33d817285e267f7ab0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

cabinet

setupapi

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 7KB - Virtual size: 17KB

.rsrc Size: 797KB - Virtual size: 797KB

.reloc Size: 47KB - Virtual size: 48KB

clsxnop Size: 80KB - Virtual size: 80KB

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 7KB - Virtual size: 17KB

.rsrc
Size: 797KB - Virtual size: 797KB

.reloc
Size: 47KB - Virtual size: 48KB

clsxnop
Size: 80KB - Virtual size: 80KB