2024-04-25_ff2290002f79f579386960c844db3a91_mafia_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-25_ff2290002f79f579386960c844db3a91_mafia_revil
Size

7.9MB
MD5

ff2290002f79f579386960c844db3a91
SHA1

4e8d24e1836daaa1bf3496e94a4ef823b7ac7f70
SHA256

8770a7c81c0ab8d63e26f16d6c0b7fae0137f8473e8808c5e45176d10dd0e77b
SHA512

1af1d47e0f14a7f89689b8311ce3c37c35857a590f1700fafd00a0ec3ec23a63a16350391af9f0d34a18ffe5743ece78829e57886f2edb6b9f4ce7be60571430
SSDEEP

196608:9cRLYEi2IkP1NENXdzN5OOAyRdamaQsDzve3WX2kAcvqEz+Klwxu/4NmWglUnLUo:aRLYEi2IQ1NENXdzN5OOAyRdamaQs1jc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-25_ff2290002f79f579386960c844db3a91_mafia_revil

Files

2024-04-25_ff2290002f79f579386960c844db3a91_mafia_revil
.exe windows:5 windows x86 arch:x86

904d3f7c574002e4cbeeb47cc5dec285

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Webhost\25-04-2024\WindowsBuilds\OSD_NATIVE\8222343\osdeployer\ONPREMISE\OSD_SRC\agent\Release\ImageCreator.pdb

Imports

crypt32

CryptMsgGetParam
CryptQueryObject
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
PFXImportCertStore
PFXVerifyPassword
CertGetNameStringA
CryptStringToBinaryA
CertCreateCertificateContext
CertDeleteCertificateFromStore
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertAddCertificateContextToStore
CertGetNameStringW
CertOpenStore

ws2_32

getsockopt
WSAGetLastError
WSAStartup
WSACleanup
gethostbyname
setsockopt
__WSAFDIsSet
WSAPoll
recvfrom
shutdown
sendto
getpeername
gethostname
ntohl
getprotobyname
inet_addr
WSASocketA
htonl
recv
WSASetLastError
send
connect
getsockname
bind
listen
accept
socket
WSAIoctl
closesocket
getaddrinfo
htons
freeaddrinfo
getnameinfo
ioctlsocket
ntohs
select

iphlpapi

ConvertLengthToIpv4Mask
GetAdapterIndex
GetAdaptersInfo
GetAdaptersAddresses

netapi32

DsRoleFreeMemory
NetGetJoinInformation
NetLocalGroupEnum
DsRoleGetPrimaryDomainInformation
DsGetDcNameW
NetLocalGroupGetMembers
NetApiBufferFree

ntdsapi

DsGetDomainControllerInfoW
DsFreeDomainControllerInfoW
DsBindW
DsUnBindW

kernel32

GetNativeSystemInfo
GetFileAttributesW
DeleteFileW
GetVersion
CreateProcessW
GetExitCodeProcess
LoadLibraryW
GetProcAddress
GetModuleHandleW
TerminateProcess
GetDiskFreeSpaceExW
CreateDirectoryW
Sleep
GetCurrentDirectoryW
GetCurrentProcess
GetTempPathW
RemoveDirectoryW
lstrlenW
WideCharToMultiByte
lstrlenA
CreateSemaphoreW
ReleaseSemaphore
GetDiskFreeSpaceW
GetDriveTypeW
GetVolumeInformationW
FormatMessageW
GetVolumePathNamesForVolumeNameW
FindFirstVolumeW
CreateFileW
DeviceIoControl
FindVolumeClose
FindNextVolumeW
SetFilePointer
ReadFile
FreeLibrary
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetVolumeMountPointW
GetWindowsDirectoryA
GetFileSize
DeleteVolumeMountPointW
GetModuleFileNameW
WriteFile
ReadFileEx
WriteFileEx
CopyFileW
VirtualAlloc
VirtualFree
GetEnvironmentVariableW
GetVersionExW
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
GetSystemTime
SystemTimeToFileTime
LocalFree
FindFirstFileW
FindNextFileW
FindClose
GetSystemTimeAsFileTime
CreateEventA
WaitForSingleObjectEx
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentThreadId
CreateFileA
GetFileAttributesExA
GetFileTime
CompareFileTime
InterlockedIncrement
InterlockedDecrement
GetExitCodeThread
SetCurrentDirectoryW
FlushViewOfFile
InterlockedCompareExchange
GetTickCount
OutputDebugStringA
UnmapViewOfFile
UnlockFileEx
UnlockFile
SetEndOfFile
QueryPerformanceCounter
MapViewOfFile
LockFileEx
LockFile
LoadLibraryA
HeapCompact
HeapValidate
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
GetVersionExA
GetTempPathA
GetSystemInfo
GetFullPathNameW
GetFullPathNameA
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetCurrentProcessId
FormatMessageA
FlushFileBuffers
DeleteFileA
CreateFileMappingW
CreateFileMappingA
GetCurrentDirectoryA
TryEnterCriticalSection
GetModuleHandleExW
QueryPerformanceFrequency
GetThreadTimes
GetCurrentThread
SetLastError
TlsGetValue
TlsSetValue
InitializeCriticalSectionAndSpinCount
InterlockedExchangeAdd
TlsAlloc
TlsFree
CreateFiber
SwitchToFiber
DeleteFiber
GetStdHandle
GetFileType
RaiseException
ConvertThreadToFiber
ConvertFiberToThread
InterlockedExchange
SetCriticalSectionSpinCount
SwitchToThread
SetHandleInformation
GetProcessAffinityMask
ExpandEnvironmentStringsA
ReadConsoleA
ReadConsoleW
GetConsoleMode
SetConsoleMode
CreateTimerQueue
DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueueTimer
GetTimeZoneInformation
OpenProcess
FindFirstFileA
SetFileAttributesA
FindNextFileA
RemoveDirectoryA
SetFileAttributesW
GetFileSizeEx
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GlobalMemoryStatusEx
GetComputerNameExW
GetSystemFirmwareTable
GetComputerNameW
GetFirmwareEnvironmentVariableW
GetLocalTime
GetLocaleInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
GetDateFormatA
GetTimeFormatA
MultiByteToWideChar
SetThreadPriority
ReleaseMutex
CreateMutexW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
CloseHandle
GetLastError
CreateEventW
InitializeCriticalSection
WaitForSingleObject
SetEvent
LeaveCriticalSection
ResetEvent
EnterCriticalSection
GetWindowsDirectoryW
IsProcessorFeaturePresent
SetHandleCount
GetStartupInfoW
GetACP
GetOEMCP
IsValidCodePage
CompareStringW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
GetFileInformationByHandle
SetConsoleCtrlHandler
PeekNamedPipe
WriteConsoleW
CreateThread
AreFileApisANSI
MoveFileW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA
VirtualQuery
CreateSemaphoreA
DuplicateHandle
GetModuleHandleA
WaitForMultipleObjectsEx
MoveFileExW
SetWaitableTimer
OpenEventA
CreateWaitableTimerA
IsDBCSLeadByteEx
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
FoldStringW
WaitForMultipleObjects
OutputDebugStringW
GetConsoleCP
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
ExitProcess
RtlUnwind
GetCPInfo
ResumeThread
HeapSetInformation
GetCommandLineA
ExitThread
DecodePointer
EncodePointer
GetStringTypeW

user32

GetSystemMetrics
wsprintfW
GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

advapi32

RegLoadKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegUnLoadKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
GetTokenInformation
RegDeleteKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegGetKeySecurity
GetSecurityDescriptorDacl
RegSetKeySecurity
RegQueryInfoKeyW
RegRenameKey
LookupAccountSidW
ConvertStringSidToSidW
ConvertSidToStringSidW
RegQueryValueW
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
CryptGetHashParam
CryptHashData
InitiateSystemShutdownW
OpenThreadToken
DuplicateToken
CreateWellKnownSid
CheckTokenMembership
CryptGetUserKey
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptGetProvParam
CryptEnumProvidersW
CryptSignHashW
CryptAcquireContextW
CryptExportKey
CryptSetHashParam
ReportEventW
DeregisterEventSource
RegisterEventSourceW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExA
RegOpenKeyExA
GetSidSubAuthority
GetSidSubAuthorityCount
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetNamedSecurityInfoW
GetAce
GetAclInformation
GetSecurityDescriptorSacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegOpenKeyW
RegDeleteValueW
RegEnumValueW
OpenProcessToken

shell32

SHFileOperationW
SHCreateDirectoryExW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoUninitialize
StringFromGUID2
CoInitialize
CoCreateGuid

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

shlwapi

PathCombineW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW
StrTrimW
PathFileExistsA
PathStripToRootW

mpr

WNetCancelConnection2W
WNetAddConnection2W

msi

ord246
ord248

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupOpenInfFileW
SetupGetStringFieldW
SetupFindFirstLineW
SetupFindNextLine
CM_Get_DevNode_Registry_Property_ExW
SetupDiGetDevicePropertyW
CM_Locate_DevNodeW
CM_Get_DevNode_Status
SetupDiGetDeviceInstanceIdW
SetupCloseInfFile

winhttp

WinHttpSetCredentials
WinHttpSendRequest
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpSetStatusCallback
WinHttpQueryOption
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpWriteData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpOpen
WinHttpConnect

winmm

timeBeginPeriod
timeGetDevCaps

psapi

GetProcessMemoryInfo
GetProcessImageFileNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

LZ4_compressBound
LZ4_compress_HC
LZ4_compress_HC_continue
LZ4_compress_HC_extStateHC
LZ4_compress_default
LZ4_compress_destSize
LZ4_compress_fast
LZ4_compress_fast_continue
LZ4_compress_fast_extState
LZ4_createStream
LZ4_createStreamDecode
LZ4_createStreamHC
LZ4_decompress_fast
LZ4_decompress_fast_continue
LZ4_decompress_fast_usingDict
LZ4_decompress_safe
LZ4_decompress_safe_continue
LZ4_decompress_safe_partial
LZ4_decompress_safe_usingDict
LZ4_freeStream
LZ4_freeStreamDecode
LZ4_freeStreamHC
LZ4_loadDict
LZ4_loadDictHC
LZ4_resetStream
LZ4_resetStreamHC
LZ4_saveDict
LZ4_saveDictHC
LZ4_setStreamDecode
LZ4_sizeofState
LZ4_sizeofStateHC
LZ4_versionNumber
LZ4_versionString

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 437KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

904d3f7c574002e4cbeeb47cc5dec285

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

ws2_32

iphlpapi

netapi32

ntdsapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

mpr

msi

setupapi

winhttp

winmm

psapi

version

Exports

Exports

Sections

.text Size: 5.7MB - Virtual size: 5.7MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 114KB - Virtual size: 146KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 437KB - Virtual size: 437KB

.text
Size: 5.7MB - Virtual size: 5.7MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 114KB - Virtual size: 146KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 437KB - Virtual size: 437KB