2024-04-25_9a10a691bc5ddfd6d3ae21c27cd3db59_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-25_9a10a691bc5ddfd6d3ae21c27cd3db59_mafia
Size

1.4MB
MD5

9a10a691bc5ddfd6d3ae21c27cd3db59
SHA1

9ef3d0a09aaeb07b8d795dcb02b8f01520cdc086
SHA256

f2fa689019743a967758a6c0a345a08a6973a56e2b6064f36f684a0d1d787ab3
SHA512

cb6afb5263f8f24a2e21b63e25581e9f37eacd0213de93182de5a22e84751e58a11e0fd0e819a0e7381bc0ec28b2e5932d6a023605ed2671e19c1cc79206d0b5
SSDEEP

24576:zOxr073dYJhhKDJLAIw9yul0ofJee3664TNjx+mZCkt76f/24pN+XNqNG6hditW:RDa6+vl0ofAWnwf9Ckt7c20+9qNxUW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-25_9a10a691bc5ddfd6d3ae21c27cd3db59_mafia

Files

2024-04-25_9a10a691bc5ddfd6d3ae21c27cd3db59_mafia
.exe windows:5 windows x86 arch:x86

b4ed08ee490041c75aad84ef8dbd5e2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\BuildEngineSpace\Temp\dfb55d5b-0493-48aa-8b4c-e4504fb33030\UNIQUE_BUILDFOLDER_1\build\Win32\Release\mcinst.pdb

Imports

wintrust

WinVerifyTrust

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

rpcrt4

UuidCreate

kernel32

InterlockedDecrement
DeleteFileA
GetModuleFileNameA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetCurrentDirectoryA
GetEnvironmentVariableA
GetSystemDirectoryA
LocalAlloc
LocalFree
CreateMutexA
ReleaseMutex
CopyFileA
RemoveDirectoryA
GetFileAttributesA
lstrlenA
SetEnvironmentVariableA
Sleep
GetSystemInfo
ExpandEnvironmentStringsA
GetShortPathNameA
MoveFileA
GetCurrentProcess
GetLongPathNameA
lstrlenW
CreateThread
WaitForMultipleObjects
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
HeapAlloc
GetProcessHeap
HeapFree
RaiseException
CreateEventA
DuplicateHandle
GetThreadTimes
SetPriorityClass
SuspendThread
ResumeThread
GetCurrentProcessId
SetEvent
GetModuleHandleA
GetFullPathNameA
lstrcmpiA
SearchPathA
GlobalFree
GlobalAlloc
lstrcpynA
InterlockedIncrement
SetCurrentDirectoryA
LoadLibraryExW
InterlockedExchange
SwitchToThread
InterlockedCompareExchange
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
CreateFileW
DeviceIoControl
GetCurrentThreadId
IsBadReadPtr
SystemTimeToFileTime
VerifyVersionInfoW
VerSetConditionMask
GetLocaleInfoW
WriteConsoleW
SetStdHandle
SetHandleCount
GetFileType
IsProcessorFeaturePresent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
HeapCreate
GetStdHandle
GetCurrentThread
SetThreadPriority
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringA
GetLocalTime
EnterCriticalSection
LoadLibraryA
GetProcAddress
LeaveCriticalSection
GetCurrentDirectoryW
CreateDirectoryW
FlushFileBuffers
FreeLibrary
GetTempFileNameA
GetTempPathA
MultiByteToWideChar
DeleteFileW
FindNextFileW
RemoveDirectoryW
GetVersionExW
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
MoveFileExW
GetShortPathNameW
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetWindowsDirectoryA
CreateFileA
CloseHandle
GetFileSize
ReadFile
SetFilePointer
WriteFile
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MoveFileExA
CreateDirectoryA
FindFirstFileA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetUserDefaultLCID
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
TerminateProcess
GetCPInfo
LCMapStringW
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitProcess
GetSystemTimeAsFileTime
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FindNextFileA
WideCharToMultiByte
FindClose
GetLastError
GetFileInformationByHandle
PeekNamedPipe
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
GetDriveTypeW
GetTimeZoneInformation
SetLastError
CompareStringW
FileTimeToSystemTime
VirtualQuery
VirtualAlloc
VirtualProtect
HeapDestroy
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
EncodePointer
DecodePointer
GetConsoleCP
GetConsoleMode

user32

DestroyWindow
DispatchMessageA
DefWindowProcA
GetMessageA
ShowWindow
CreateWindowExA
RegisterClassA
PostThreadMessageA
ExitWindowsEx
CharNextA
LoadStringA
wsprintfA
TranslateMessage
SetWindowRgn

advapi32

StartServiceCtrlDispatcherA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
ChangeServiceConfig2A
QueryServiceConfig2A
QueryServiceConfigA
ChangeServiceConfigA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyA
EqualSid
AllocateAndInitializeSid
GetTokenInformation
FreeSid
RegCloseKey
RegisterServiceCtrlHandlerA
SetServiceStatus
RegDeleteKeyA
CreateServiceA
DeleteService
OpenServiceA
CloseServiceHandle
EnumServicesStatusExA
OpenSCManagerA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
GetSecurityDescriptorControl
QueryServiceStatus
ControlService
UnlockServiceDatabase
LockServiceDatabase

shell32

SHGetFolderPathA
SHCreateDirectoryExA

ole32

CoInitialize
StringFromCLSID
CoTaskMemFree
CoUninitialize
CoCreateGuid

shlwapi

PathAppendA
PathFileExistsA
PathRemoveFileSpecA
SHDeleteValueA
PathAddBackslashA
PathStripPathA
SHDeleteKeyA
StrStrIA
wnsprintfW

crypt32

CryptMsgClose
CertFreeCertificateChain
CertFreeCertificateContext
CertCloseStore
CertGetNameStringW
CertGetCertificateContextProperty
CryptDecodeObject
CryptMsgGetParam
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertGetSubjectCertificateFromStore
CryptQueryObject

Sections

.text
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b4ed08ee490041c75aad84ef8dbd5e2f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wintrust

version

rpcrt4

kernel32

user32

advapi32

shell32

ole32

shlwapi

crypt32

Sections

.text Size: 323KB - Virtual size: 323KB

.rdata Size: 131KB - Virtual size: 131KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 358KB - Virtual size: 357KB

.reloc Size: 592KB - Virtual size: 596KB

.text
Size: 323KB - Virtual size: 323KB

.rdata
Size: 131KB - Virtual size: 131KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 358KB - Virtual size: 357KB

.reloc
Size: 592KB - Virtual size: 596KB