2024-04-28_805ab7490d999b33d31ede88d2f4f293_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-28_805ab7490d999b33d31ede88d2f4f293_mafia
Size

1.6MB
MD5

805ab7490d999b33d31ede88d2f4f293
SHA1

e7c7a60f2e987ceb7951b7364ead19a73608c7f5
SHA256

8cf83104ec11a5b1d3af35a06adce0426af5bc514620a9323d06be398416bc2f
SHA512

fc6786d6ea412df4386bfc5effb6fd6a52c128028be869c7adf96a42b0890e9d8900a9067908cd09cfae2e883ac4f82b04ccdd286b48e58005c96e60b9f90090
SSDEEP

49152:z4r1U5rUf7/2beESCq5VqLNiXicJFFRGNzj3:z4JU5k/2beg7wRGpj3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-28_805ab7490d999b33d31ede88d2f4f293_mafia

Files

2024-04-28_805ab7490d999b33d31ede88d2f4f293_mafia
.exe windows:5 windows x86 arch:x86

963dc120184075745deb8ea105b3ab78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\CB\11XMainQ\BuildResults\bin\Release\AcroExt\AcroExt.exe.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleA
Sleep
LocalFree
FormatMessageA
GlobalAddAtomW
SetEvent
CreateSemaphoreA
CreateEventA
HeapAlloc
WaitForSingleObject
ReleaseSemaphore
HeapFree
SetDllDirectoryW
GetCommandLineW
CreateFileW
WaitNamedPipeW
GetLastError
CreateNamedPipeW
GetTickCount64
HeapSetInformation
GetVersionExW
GetProcessHeap
GetSystemTimeAsFileTime
GetSystemInfo
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OpenProcess
DuplicateHandle
CloseHandle
GetCurrentProcessId
GetCurrentProcess
IsProcessInJob
InterlockedDecrement
InterlockedIncrement
SetEnvironmentVariableA
CreateFileA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetTimeZoneInformation
SetStdHandle
LocalAlloc
FreeLibrary
InterlockedExchange
LoadLibraryA
RaiseException
VirtualAllocEx
VirtualQueryEx
GetModuleHandleW
InterlockedCompareExchange
GetNativeSystemInfo
WriteProcessMemory
VirtualProtectEx
GetFileAttributesW
QueryDosDeviceW
GetLongPathNameW
GetTickCount
TerminateProcess
SetInformationJobObject
PostQueuedCompletionStatus
SetLastError
TerminateJobObject
GetCurrentThreadId
UnregisterWaitEx
GetQueuedCompletionStatus
ResetEvent
CreateThread
CreateEventW
CreateIoCompletionPort
RegisterWaitForSingleObject
GetProcessId
ReleaseMutex
CreateProcessW
GetModuleFileNameW
CreateMutexW
SetFilePointer
WriteFile
OutputDebugStringA
SignalObjectAndWait
SetHandleInformation
GetProcessHandleCount
VirtualFree
ResumeThread
LoadLibraryW
GetThreadContext
AssignProcessToJobObject
GetExitCodeProcess
MapViewOfFile
CreateFileMappingW
GetFileType
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
lstrlenW
VirtualFreeEx
CreateJobObjectW
GetModuleHandleExW
ProcessIdToSessionId
SearchPathW
QueryPerformanceCounter
QueryPerformanceFrequency
SystemTimeToFileTime
GetCurrentDirectoryW
DebugBreak
ReadProcessMemory
SuspendThread
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
InterlockedExchangeAdd
SetEndOfFile
DeviceIoControl
CreateDirectoryW
MultiByteToWideChar
AreFileApisANSI
WideCharToMultiByte
OpenEventA
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
DisconnectNamedPipe
ConnectNamedPipe
ReadFile
GetStringTypeW
EncodePointer
DecodePointer
GetLocaleInfoW
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind
HeapCreate
GetConsoleCP
GetConsoleMode
ExitProcess
HeapReAlloc
WriteConsoleW
GetStdHandle
GetCPInfo
ExitThread
LCMapStringW
GetTimeFormatA
GetDateFormatA
CompareStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
IsProcessorFeaturePresent
HeapSize
GetACP
GetOEMCP
IsValidCodePage

advapi32

RegCreateKeyExW
RevertToSelf
SetTokenInformation
GetLengthSid
ConvertStringSidToSidW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
SetThreadToken
CreateProcessAsUserW
CreateRestrictedToken
DuplicateTokenEx
DuplicateToken
EqualSid
GetTokenInformation
LookupPrivilegeValueW
CopySid
CreateWellKnownSid
GetSecurityInfo
SetEntriesInAclW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDisablePredefinedCache

user32

GetUserObjectInformationW
GetThreadDesktop
SetProcessWindowStation
CreateDesktopW
GetProcessWindowStation
CreateWindowStationW
wsprintfW
CloseDesktop
CloseWindowStation
GetWindowThreadProcessId
GetClientRect
CreateWindowExW
LoadCursorW
RegisterClassExW
GetWindowLongW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
FindWindowExW
SetPropW
BeginPaint
EndPaint
GetPropW
AllowSetForegroundWindow
GetParent
CallWindowProcW
DefWindowProcW
SetWindowLongW
SendMessageW
SetWindowPos
ShowWindow
PostMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
MessageBoxW

libcef

cef_string_wide_to_utf8
cef_string_utf8_cmp
cef_string_utf8_set
cef_string_utf8_to_wide
cef_string_wide_clear
cef_string_utf8_clear
cef_string_userfree_utf8_free
cef_shutdown
cef_run_message_loop
cef_quit_message_loop
cef_currently_on
cef_add_cross_origin_whitelist_entry
cef_parse_url
cef_execute_process
cef_api_hash
cef_initialize
cef_get_path
cef_post_task
cef_register_extension
cef_string_list_free
cef_string_list_alloc
cef_cookie_manager_get_global_manager
cef_v8value_create_undefined
cef_v8value_create_null
cef_v8value_create_bool
cef_v8value_create_double
cef_v8value_create_string
cef_v8value_create_object_with_interceptor
cef_v8value_create_array
cef_v8value_create_function
cef_xml_reader_create
cef_stream_reader_create_for_file
cef_stream_reader_create_for_handler
cef_command_line_create
cef_command_line_get_global
cef_string_map_free
cef_string_map_alloc
cef_v8context_get_current_context
cef_browser_host_create_browser
cef_string_list_append
cef_string_map_append
cef_string_multimap_append
cef_string_list_value
cef_string_list_size
cef_string_map_value
cef_string_map_key
cef_string_map_size
cef_string_multimap_value
cef_string_multimap_key
cef_string_multimap_size
cef_zip_reader_create
cef_string_multimap_free
cef_string_multimap_alloc
cef_string_list_copy

winmm

timeGetTime

Sections

.text
Size: 764KB - Virtual size: 763KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 632KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

963dc120184075745deb8ea105b3ab78

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

libcef

winmm

Sections

.text Size: 764KB - Virtual size: 763KB

.rdata Size: 180KB - Virtual size: 180KB

.data Size: 25KB - Virtual size: 39KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 632KB - Virtual size: 636KB

.text
Size: 764KB - Virtual size: 763KB

.rdata
Size: 180KB - Virtual size: 180KB

.data
Size: 25KB - Virtual size: 39KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 632KB - Virtual size: 636KB