2024-04-26_1df716e30e23ef65aca8dfa76767f344_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-26_1df716e30e23ef65aca8dfa76767f344_mafia
Size

994KB
MD5

1df716e30e23ef65aca8dfa76767f344
SHA1

dcb0b913be2087703293e7733ecaf7018958b0ad
SHA256

146854cb691506baf1d228ed5016a800add5a0306acbc05e23c8d61b057d8522
SHA512

d624ded1cbc2b0cb92bbf078103add3200d0ceca87f5c9f13c31a6edbd6d8a50b3d0c4d359cf9a501958fab92707fb3692bda8a85cd3994ca1ad60cfca3a770f
SSDEEP

12288:DdFGzgYAOftNRmptyxmwVPHOyvWVTkaGmO9gRdY+f7El9mSU2PKNcTu3DOxY3AqF:DdF94Rl2qA4u3D+oAWzRj3AMm5nzwJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-26_1df716e30e23ef65aca8dfa76767f344_mafia

Files

2024-04-26_1df716e30e23ef65aca8dfa76767f344_mafia
.exe windows:5 windows x86 arch:x86

e5e528016f423a9dd1584ae2806dcb62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\Woogamble\browser\chromium\src\out\Release\GlobusVpnBrowser.exe.pdb

Imports

winmm

timeGetTime

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathRemoveFileSpecW
PathFileExistsW

kernel32

GetEnvironmentVariableA
LoadLibraryW
SetEnvironmentVariableA
CreateEventW
WaitForSingleObject
ExpandEnvironmentStringsW
GetCurrentProcessId
GetTickCount
ReleaseMutex
SetLastError
CreateMutexW
SetFilePointer
CreateFileW
WriteFile
OutputDebugStringA
FormatMessageA
SetEnvironmentVariableW
lstrlenW
GetUserDefaultLangID
InterlockedExchange
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
RaiseException
CreateThread
GetCurrentThreadId
GetNativeSystemInfo
GetVersionExW
InterlockedExchangeAdd
RtlCaptureStackBackTrace
TlsGetValue
TlsFree
TlsSetValue
TlsAlloc
ResetEvent
SetEvent
WaitForMultipleObjects
OpenProcess
SetInformationJobObject
GetExitCodeProcess
VirtualQueryEx
HeapSetInformation
GetProcessId
DuplicateHandle
GetSystemInfo
ResumeThread
AssignProcessToJobObject
ReadFile
GetStdHandle
SetHandleInformation
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleA
GetModuleHandleExW
UnregisterWaitEx
RegisterWaitForSingleObject
InterlockedIncrement
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
GetSystemDirectoryW
GetWindowsDirectoryW
GetFileAttributesW
GetLongPathNameW
GetCurrentDirectoryW
QueryDosDeviceW
MapViewOfFile
CreateFileMappingW
SetEndOfFile
FlushFileBuffers
ReleaseSemaphore
InterlockedDecrement
FreeLibrary
RtlCaptureContext
CreateSemaphoreW
GetUserDefaultUILanguage
GetThreadContext
SuspendThread
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
WriteProcessMemory
VirtualProtectEx
TerminateJobObject
SignalObjectAndWait
GetProcessHandleCount
VirtualFree
GetFileType
CreateJobObjectW
CreateNamedPipeW
OpenEventW
SearchPathW
DebugBreak
ReadProcessMemory
SizeofResource
LockResource
LoadResource
FindResourceW
VirtualAlloc
FormatMessageW
LocalFree
SetCurrentDirectoryW
LoadLibraryExW
GetModuleFileNameW
GetTempPathW
GetEnvironmentVariableW
GetCommandLineW
CreateProcessW
CloseHandle
GetLastError
GetModuleHandleW
GetProcAddress
VirtualProtect
VirtualAllocEx
VirtualFreeEx
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
CreateRemoteThread
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
WriteConsoleW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeW
CompareStringW
InitializeCriticalSection
GetLocaleInfoW
HeapCreate
IsProcessorFeaturePresent
RtlUnwind
GetCPInfo
LCMapStringW
SetStdHandle
GetProcessHeap
GetFullPathNameW
HeapAlloc
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetStartupInfoW
ExitProcess
HeapFree
UnhandledExceptionFilter
DecodePointer
EncodePointer
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
LoadLibraryA
LocalAlloc

advapi32

GetSecurityInfo
CreateWellKnownSid
CopySid
LookupPrivilegeValueW
EqualSid
DuplicateToken
DuplicateTokenEx
CreateRestrictedToken
SetThreadToken
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
RevertToSelf
RegDisablePredefinedCache
RegisterTraceGuidsW
TraceEvent
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
CreateProcessAsUserW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW
SetEntriesInAclW

user32

GetUserObjectInformationW
GetThreadDesktop
SetProcessWindowStation
CreateDesktopW
CharUpperW
wsprintfW
MessageBoxW
GetProcessWindowStation
CreateWindowStationW
CloseDesktop
CloseWindowStation

userenv

GetProfileType

Exports

Exports

CrashForException
DumpProcess
DumpProcessWithoutCrash
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
SetActiveURL
SetClientId
SetCommandLine2
SetCrashKeyValuePair
SetExperimentList3
SetExtensionID
SetGpuInfo
SetNumberOfExtensions
SetNumberOfViews
SetPrinterInfo

Sections

.text
Size: 438KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5e528016f423a9dd1584ae2806dcb62

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

version

shlwapi

kernel32

advapi32

user32

userenv

Exports

Exports

Sections

.text Size: 438KB - Virtual size: 437KB

.rdata Size: 174KB - Virtual size: 173KB

.data Size: 7KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 340KB - Virtual size: 340KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 438KB - Virtual size: 437KB

.rdata
Size: 174KB - Virtual size: 173KB

.data
Size: 7KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 340KB - Virtual size: 340KB

.reloc
Size: 33KB - Virtual size: 33KB