2024-04-27_ba8b31580efc5b56709f9f1c6f4cb4fa_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-27_ba8b31580efc5b56709f9f1c6f4cb4fa_mafia
Size

17.5MB
MD5

ba8b31580efc5b56709f9f1c6f4cb4fa
SHA1

99b45f204c3202b1d41a8fef9874cc174c5313eb
SHA256

5dc8308365b3ebba7825ebfb3f0f152c45c8d84b2a99da5ffc2d6cddabae1042
SHA512

49926c311985c8c1323efa1dec7c5915c2086b1fbd414cfe5a383d45924a72b8a1d2fc641727ff52edaaeede1fb45e32469c0ca162b8a9ab84ce48cc50c2e7f7
SSDEEP

393216:i+imqpwz8c6Wd3Q4DJ/31i4OE3IC4gSJsv6tWKFdu9CmfiH7b1a/tl:i8qpwTgy0E3pfi3U/tl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-27_ba8b31580efc5b56709f9f1c6f4cb4fa_mafia

Files

2024-04-27_ba8b31580efc5b56709f9f1c6f4cb4fa_mafia
.exe windows:5 windows x86 arch:x86

3eca3ef608188d18d79c3831d873fb7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\admin\Desktop\ziptoexe\exeGui\debug\book.pdb

Imports

ole32

CoUninitialize
CoInitialize
CoGetMalloc
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
OleGetClipboard
DoDragDrop
ReleaseStgMedium
OleUninitialize
OleInitialize
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoCreateGuid
StringFromGUID2
OleSetMenuDescriptor
OleLockRunning
OleRun
CreateStreamOnHGlobal
StgOpenStorageOnILockBytes
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleCreateFromFile
CoGetClassObject
CoCreateInstance
CLSIDFromProgID
CoFreeUnusedLibraries

oleaut32

GetActiveObject
LoadTypeLi
VariantInit
SysFreeString
SysAllocStringLen
OleCreatePictureIndirect
SystemTimeToVariantTime
SafeArrayGetVartype
OleTranslateColor
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantTimeToSystemTime
VariantClear
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
SysAllocString
SysStringLen
SafeArrayCreate
OleCreateFontIndirect

user32

ToAscii
GetKeyboardState
GetKeyboardLayout
CreateCaret
HideCaret
DestroyCaret
SetCaretPos
TranslateMessage
GetKeyboardLayoutList
RegisterWindowMessageW
GetAsyncKeyState
RegisterClipboardFormatW
SetRect
FillRect
CreateCursor
SetCursorPos
DestroyCursor
GetIconInfo
DrawIconEx
CreateIconIndirect
GetDoubleClickTime
SetDoubleClickTime
SetCaretBlinkTime
GetUpdateRect
InvalidateRgn
BeginPaint
EndPaint
GetCursorPos
ClipCursor
PeekMessageW
DefWindowProcW
GetWindowRgn
GetCaretBlinkTime
FlashWindowEx
MessageBeep
WindowFromPoint
UnregisterClassW
GetClassInfoW
LoadImageW
TrackPopupMenuEx
RegisterClassExW
GetSysColor
SystemParametersInfoW
SetWindowRgn
ScrollWindowEx
UpdateWindow
ValidateRgn
GetWindowPlacement
SetWindowPlacement
GetWindowRect
MoveWindow
InvalidateRect
IsIconic
MapVirtualKeyW
SetForegroundWindow
ReleaseCapture
UnhookWindowsHookEx
SetCursor
SetWindowsHookExW
SetCapture
SetMenuItemInfoW
DestroyIcon
SetWindowTextW
ScreenToClient
SetParent
GetSystemMetrics
GetDesktopWindow
AdjustWindowRectEx
CreateWindowExW
SetWindowPos
ClientToScreen
GetSystemMenu
EnableMenuItem
IsWindowVisible
DestroyWindow
ShowWindow
ReleaseDC
GetDC
SetWindowLongW
GetActiveWindow
SetFocus
GetFocus
IsChild
IsWindowEnabled
EnableWindow
PostMessageW
GetMenuItemCount
GetMenuItemInfoW
GetClientRect
GetWindowLongW
SendMessageW
GetKeyState
GetParent
GetMessagePos
LoadIconW
ChangeClipboardChain
SetClipboardViewer
GetClipboardFormatNameW
GetMessageW
KillTimer
SetTimer
GetQueueStatus
RegisterClassW
DispatchMessageW
MsgWaitForMultipleObjectsEx
CharNextExA
ToUnicode
IsZoomed
GetMenu
GetSysColorBrush
CallNextHookEx

gdi32

GdiSetBatchLimit
GetStockObject
GetObjectW
CombineRgn
OffsetRgn
GetDeviceCaps
CreateCompatibleDC
SelectObject
DeleteObject
EndPath
CreateDCW
ExtCreatePen
StrokePath
FillPath
BeginPath
CloseFigure
MoveToEx
LineTo
PolyBezierTo
SetPolyFillMode
SaveDC
StretchBlt
RestoreDC
SelectClipPath
CreatePen
GetBkMode
AbortDoc
EndPage
EndDoc
ResetDCW
StartDocW
StartPage
SelectClipRgn
GdiFlush
SetTextColor
SetBkMode
SetTextAlign
ExtTextOutW
GetCharABCWidthsW
GetCharABCWidthsI
GetCharABCWidthsFloatW
SetGraphicsMode
SetWorldTransform
GetGlyphOutlineW
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetFontData
EnumFontFamiliesExW
GetTextFaceW
CreateFontIndirectW
GetTextMetricsW
Rectangle
CreateSolidBrush
CreateRectRgn
CreateEllipticRgn
GetRegionData
GetNearestPaletteIndex
CreatePalette
GetPaletteEntries
CreateBitmap
GetDIBits
CreateDIBSection
CreateCompatibleBitmap
BitBlt
SelectPalette
RealizePalette
PtInRegion
DeleteDC

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
OpenProcessToken
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegCloseKey
RegQueryInfoKeyW

imm32

ImmSetCompositionWindow
ImmSetCompositionFontW
ImmGetContext
ImmReleaseContext
ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContext
ImmGetDefaultIMEWnd
ImmSetCandidateWindow

winmm

PlaySoundW

winspool.drv

ClosePrinter
GetPrinterW
OpenPrinterW
DeviceCapabilitiesW
EnumPrintersW
EnumFormsW

ws2_32

WSAAsyncSelect

shell32

ShellExecuteW
SHGetFileInfoW

kernel32

CreateEventW
GetCurrentThread
GetThreadPriority
GetSystemInfo
SetEndOfFile
GetLogicalDrives
GetFileType
SetFilePointerEx
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
MultiByteToWideChar
WaitForSingleObjectEx
GetCurrentThreadId
GetSystemDirectoryW
LoadLibraryW
LoadLibraryExW
FreeLibrary
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
OutputDebugStringW
GetModuleFileNameW
GetSystemTime
GetLocalTime
GetCommandLineW
GetCurrentProcessId
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
GetUserDefaultLCID
CompareStringW
FormatMessageW
LocalFree
GetVersionExW
GetDriveTypeW
SetEvent
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetFileSize
GetVolumeInformationW
GetLongPathNameW
lstrlenA
ExitProcess
GetProfileStringW
GlobalSize
lstrcmpW
IsValidLanguageGroup
IsValidLocale
GetUserDefaultLangID
Sleep
InterlockedDecrement
GetLocaleInfoW
SetErrorMode
GetStartupInfoW
GetModuleHandleW
ExpandEnvironmentStringsW
CreateProcessW
GetProcAddress
DeleteAtom
FindAtomW
AddAtomW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SetLastError
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFilePointer
ResetEvent
TlsAlloc
DuplicateHandle
GetCurrentProcess
TlsSetValue
TlsGetValue
WaitForMultipleObjects
RaiseException
SwitchToThread
ResumeThread
SetThreadPriority
TerminateThread
TlsFree
DeviceIoControl
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindClose
FindFirstFileW
CreateDirectoryW
GetFileAttributesW
RemoveDirectoryW
GetTempPathW
SetCurrentDirectoryW
GetCurrentDirectoryW
CopyFileW
MoveFileW
DeleteFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultUILanguage
FindNextFileW
FindFirstFileExW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
EncodePointer
DecodePointer
HeapAlloc
HeapFree
RtlUnwind
CreateDirectoryA
GetCommandLineA
HeapSetInformation
HeapReAlloc
WriteConsoleW
GetStdHandle
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
InitializeCriticalSectionAndSpinCount
ExitThread
CreateThread
SetCurrentDirectoryA
SetFileAttributesW
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetHandleCount
HeapCreate
HeapDestroy
InterlockedIncrement
FatalAppExitA
SetConsoleCtrlHandler
InterlockedExchange
IsProcessorFeaturePresent
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
FlushFileBuffers
SetEnvironmentVariableW
SetEnvironmentVariableA
GetFullPathNameA
GetStringTypeW
GetLocaleInfoA
EnumSystemLocalesA
GetProcessHeap
lstrlenW
GetCurrentDirectoryA
WideCharToMultiByte
WriteFile
ReadFile
GetLastError
CreateFileA
CreateFileW
CloseHandle

Sections

.text
Size: 11.9MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3eca3ef608188d18d79c3831d873fb7f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

oleaut32

user32

gdi32

advapi32

imm32

winmm

winspool.drv

ws2_32

shell32

kernel32

Sections

.text Size: 11.9MB - Virtual size: 11.9MB

.rdata Size: 2.8MB - Virtual size: 2.8MB

.data Size: 109KB - Virtual size: 132KB

.idata Size: 14KB - Virtual size: 13KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 346KB - Virtual size: 346KB

.text
Size: 11.9MB - Virtual size: 11.9MB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 109KB - Virtual size: 132KB

.idata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 346KB - Virtual size: 346KB