2024-04-24_4394651edca3a2ab6a3b68da484253bc_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-24_4394651edca3a2ab6a3b68da484253bc_mafia
Size

1.4MB
MD5

4394651edca3a2ab6a3b68da484253bc
SHA1

b83bac52c5a920665f7d6bb7d48f2f56c5da1ce2
SHA256

abfa439823691b260be075982ac11aa37766a9b1c0c7db2cb07c184b76dc0992
SHA512

9238021e3e857229fdd6f31deb7493807cadba2904f603303928e77a251907e4041d568ade18cb44c973e3d8dea92488252ed9f523948881548cd67b1b75ed71
SSDEEP

24576:WsqZa6y1Dph5hFGnHlaqiQKHWVC0w6sGTBXtTrslWEsrwrPsrf8NRbAraf2xYhgM:Wdy1DphwnHKHqCH+XTwlWEskbswNRkUn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-24_4394651edca3a2ab6a3b68da484253bc_mafia

Files

2024-04-24_4394651edca3a2ab6a3b68da484253bc_mafia
.exe windows:5 windows x86 arch:x86

8b92e2e4a298cd1416f3ee4ce2a6607d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\ci\workspace\nbrowser_bdupdate_m10_5_branch\bdupdate\output\SparkUpdate.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSAGetLastError
getaddrinfo
getnameinfo
WSAStartup
gethostname
freeaddrinfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

imm32

ImmDisableIME

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

psapi

EnumProcesses
EnumProcessModules
GetModuleInformation
GetModuleFileNameExW

kernel32

TerminateProcess
FlushInstructionCache
GetCurrentProcess
SetLastError
Sleep
TerminateThread
ResetEvent
SetEvent
SetThreadPriority
WaitForMultipleObjects
CreateEventW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetVersionExW
MoveFileExW
FindClose
FindNextFileW
FindFirstFileW
GetTempPathW
ReleaseMutex
lstrcpyW
InitializeCriticalSection
GetFullPathNameW
SetCurrentDirectoryW
CreateMutexW
OutputDebugStringW
GetSystemTime
GetCommandLineW
FreeConsole
GetConsoleScreenBufferInfo
GetStdHandle
AllocConsole
WriteConsoleW
SetConsoleTextAttribute
GetCurrentProcessId
GetPrivateProfileIntW
SetProcessAffinityMask
lstrcmpiW
LoadLibraryExW
OpenFileMappingW
VirtualQuery
CreateProcessW
ExitProcess
OpenEventW
HeapAlloc
GetProcessHeap
HeapFree
OpenMutexW
GetExitCodeProcess
WTSGetActiveConsoleSessionId
DeviceIoControl
GetSystemInfo
WaitForSingleObject
GetVolumeInformationA
ExpandEnvironmentStringsW
LeaveCriticalSection
GetFileAttributesExW
GlobalFree
GlobalAlloc
GetShortPathNameW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrlenA
VirtualProtect
IsWow64Process
HeapCreate
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
ProcessIdToSessionId
InterlockedExchange
InterlockedCompareExchange
GetFileSizeEx
ReadProcessMemory
VirtualQueryEx
QueueUserWorkItem
InterlockedExchangeAdd
InterlockedDecrement
QueryPerformanceFrequency
QueryPerformanceCounter
SetFilePointerEx
SetFileValidData
GetModuleFileNameA
GetModuleHandleA
CreateFileA
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetTempFileNameW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetDriveTypeW
GetLogicalDrives
InterlockedPopEntrySList
EncodePointer
OpenProcess
GetModuleHandleW
CopyFileW
GetModuleFileNameW
EnterCriticalSection
lstrlenW
DecodePointer
RtlUnwind
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LocalFree
FormatMessageW
DeleteFileW
FreeLibrary
SetEndOfFile
GetLastError
TlsFree
DosDateTimeToFileTime
SetFileAttributesW
TlsSetValue
TlsGetValue
GetConsoleCP
GetConsoleMode
ExitThread
CreateThread
GetTimeFormatW
GetDateFormatW
ResumeThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetFileType
GetCurrentThreadId
TlsAlloc
GetTickCount
UnmapViewOfFile
GetLocalTime
CreateFileMappingW
MapViewOfFile
GetFileSize
WriteFile
SetFileTime
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
WideCharToMultiByte
LocalFileTimeToFileTime
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileW
SetFilePointer
MultiByteToWideChar
LoadLibraryW
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
HeapSize
FlushFileBuffers
GetACP
GetOEMCP
GetSystemTimeAsFileTime
InterlockedIncrement
IsValidCodePage
SetStdHandle
GetLocaleInfoW
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
CompareStringW
SetEnvironmentVariableA
HeapReAlloc
RemoveDirectoryW
HeapDestroy

user32

GetCursorPos
TrackPopupMenu
DestroyMenu
SetFocus
GetSystemMetrics
RegisterWindowMessageW
CreatePopupMenu
GetAsyncKeyState
LoadIconW
MessageBoxW
CallWindowProcW
GetWindowLongW
LoadCursorW
GetClassInfoExW
SetWindowLongW
AllowSetForegroundWindow
DialogBoxParamW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
ShowWindow
SetTimer
DestroyWindow
SetWindowTextW
LoadImageW
DefWindowProcW
KillTimer
GetForegroundWindow
GetWindowThreadProcessId
InsertMenuW
AttachThreadInput
BringWindowToTop
SetForegroundWindow
SetActiveWindow
IsIconic
SendMessageW
IsWindow
DestroyIcon
PostMessageW
GetDesktopWindow
wsprintfW
CharNextW
UnregisterClassA
RegisterClassExW

gdi32

GetStockObject

advapi32

GetExplicitEntriesFromAclW
LookupAccountSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
GetUserNameW
GetTokenInformation
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumKeyExA
SetTokenInformation
SetSecurityInfo
SetEntriesInAclW
GetSecurityInfo
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
StartServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
CreateProcessAsUserW
DuplicateTokenEx
RegEnumValueW
QueryServiceStatusEx
CryptReleaseContext
CryptDecrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetServiceStatus
SetServiceObjectSecurity
BuildExplicitAccessWithNameW
GetSecurityDescriptorDacl
QueryServiceObjectSecurity
RegOpenKeyW
DeleteService
ControlService
ChangeServiceConfig2W
CreateServiceW
RegCreateKeyW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RevertToSelf
RegQueryInfoKeyW

shell32

ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
SHCreateDirectoryExW
ord165
SHFileOperationW
CommandLineToArgvW
SHGetSpecialFolderPathW
Shell_NotifyIconW

ole32

CoInitialize
CoUninitialize
CoInitializeEx
CoCreateInstance
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CLSIDFromProgID
CoTaskMemRealloc

oleaut32

SysAllocStringLen
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
VarUI4FromStr
VarBstrCmp
SysAllocString
VariantInit
SysFreeString

shlwapi

PathAppendW
PathFileExistsW
PathRemoveFileSpecW
SHSetValueW
SHGetValueW
PathIsDirectoryW
PathFindExtensionW
PathGetDriveNumberW
PathStripPathW
PathRemoveExtensionW
PathCombineW
PathFindFileNameW

iphlpapi

GetIpForwardTable
GetAdaptersAddresses
GetAdaptersInfo

rpcrt4

RpcStringFreeW
UuidToStringW

wininet

InternetErrorDlg
HttpEndRequestW
HttpQueryInfoW
InternetGetLastResponseInfoW
InternetReadFileExA
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetSetStatusCallbackW
InternetOpenW
InternetSetOptionW
InternetQueryOptionW
InternetOpenA
InternetSetOptionA
InternetCloseHandle
HttpEndRequestA
HttpSendRequestExA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetWriteFile

Exports

Exports

?ClearService@Com@Util@@YGJXZ
?CreateObjectByIID@Com@Util@@YGJABU_GUID@@PAPAX@Z
?GetService@Com@Util@@YGJABU_GUID@@PAPAX@Z
?RegObject@Com@Util@@YGJABU_GUID@@0PA_W1@Z
?RegService@Com@Util@@YGJABU_GUID@@0PA_W1@Z
?ResetPath@Com@Util@@YGJPA_W@Z
?XNetDownloadFile@@YAPAXPAXPAVIXNetDownloadStatusCallback@@PB_W2W4XnetMethodType@@22@Z
?XNetHttpRequest@@YAPAXPAXP6AX0H0KPB_W@Z1W4XnetMethodType@@11K@Z
?XNetInit@@YAHXZ
?XNetStop@@YAHPAX@Z
?XNetUninit@@YAHXZ
GetLogController

Sections

.text
Size: 653KB - Virtual size: 652KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 18KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 125KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8b92e2e4a298cd1416f3ee4ce2a6607d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

userenv

imm32

wtsapi32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

rpcrt4

wininet

Exports

Exports

Sections

.text Size: 653KB - Virtual size: 652KB

.rdata Size: 174KB - Virtual size: 173KB

.data Size: 18KB - Virtual size: 31KB

.rsrc Size: 435KB - Virtual size: 435KB

.reloc Size: 125KB - Virtual size: 128KB

.text
Size: 653KB - Virtual size: 652KB

.rdata
Size: 174KB - Virtual size: 173KB

.data
Size: 18KB - Virtual size: 31KB

.rsrc
Size: 435KB - Virtual size: 435KB

.reloc
Size: 125KB - Virtual size: 128KB