2024-05-01_8870a8481654948e9f48a431ae9bd20a_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-01_8870a8481654948e9f48a431ae9bd20a_mafia
Size

2.2MB
MD5

8870a8481654948e9f48a431ae9bd20a
SHA1

70fffd5d1cb8bc34eee66209cd09a1c08f648417
SHA256

8df04ea48d60baf9f8ace385a008ac37e949f3a9a1ff13d856683d00eda8eca9
SHA512

4f182f8c5f5eb1cbf9a69cba9a8ca2afbd775a32e2d35df8766ecc7829b5670fade64e05e06b4b6eeeb8e8ba4bd0a46a1fd7d30db7aba9a97ea3d077c6568f61
SSDEEP

49152:pdqwOXz5b9rVpsy06XYz6y4yEL2js5wQD0DAeei4j:p6fsy06XYz4yELn9D00N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-01_8870a8481654948e9f48a431ae9bd20a_mafia

Files

2024-05-01_8870a8481654948e9f48a431ae9bd20a_mafia
.exe windows:5 windows x86 arch:x86

ec6ca8d1490bc167fb289b8b6484288e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\build3.0.0\Funshion\Rel\bin\Release\Funshion.pdb

Imports

dbghelp

MiniDumpWriteDump

shlwapi

SHSetValueW
SHDeleteKeyW
PathFileExistsA
PathFileExistsW
SHDeleteValueW
PathRemoveExtensionW
StrCmpIW
PathAddExtensionW
PathFindExtensionW
PathFindFileNameW
PathIsRootW
StrStrIW
StrFormatByteSizeW
SHGetValueW

ws2_32

gethostbyname
inet_ntoa
gethostname
ntohl

wininet

InternetSetCookieW
InternetGetCookieExW
InternetSetOptionW
InternetConnectA
HttpOpenRequestA
HttpSendRequestExW
HttpEndRequestW
HttpAddRequestHeadersA
InternetCloseHandle
InternetOpenA
InternetGetConnectedState
HttpQueryInfoW
InternetSetOptionA
InternetReadFile
InternetOpenUrlW
HttpQueryInfoA
InternetGetCookieW
InternetQueryDataAvailable

iphlpapi

GetAdaptersInfo
GetBestInterface
GetIfEntry

psapi

GetModuleFileNameExW

winmm

mixerClose
mixerGetControlDetailsW
mixerGetLineControlsW
mixerGetLineInfoW
mixerOpen
timeGetTime

dsound

ord3

kernel32

LockResource
CreateEventW
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
CreateFileW
CreateProcessW
GetCurrentProcessId
SetUnhandledExceptionFilter
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindFirstFileW
FindNextFileW
SetFileAttributesW
RemoveDirectoryW
DeleteFileW
FindClose
GetSystemInfo
GetVersionExW
GlobalMemoryStatusEx
GetLogicalDriveStringsA
GetDriveTypeA
GetModuleHandleA
GetDiskFreeSpaceA
LoadLibraryW
GetPrivateProfileIntW
GetCurrentDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
CreateDirectoryW
WaitForSingleObject
SetEvent
OutputDebugStringW
GetFileAttributesW
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcpyW
GetTickCount
InterlockedExchange
SetThreadExecutionState
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
DeviceIoControl
OpenProcess
Sleep
TerminateProcess
ResetEvent
WaitForMultipleObjects
IsBadReadPtr
CopyFileW
GetDriveTypeW
FlushInstructionCache
GetSystemDirectoryW
GetDiskFreeSpaceExW
GlobalFree
GlobalHandle
MoveFileW
lstrlenA
GetFileSize
lstrcpynW
CreateEventA
ReadFile
CreateMutexW
MapViewOfFile
UnmapViewOfFile
GetSystemTimeAsFileTime
CreateFileMappingW
ReleaseMutex
InterlockedCompareExchange
WriteFile
FlushFileBuffers
CreatePipe
SetHandleInformation
EnterCriticalSection
GetStdHandle
OpenEventA
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
SetFilePointer
GetTimeZoneInformation
GetLocaleInfoW
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
LCMapStringW
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
MoveFileA
GetDateFormatW
GetTimeFormatW
CreateThread
ExitThread
HeapSetInformation
GetCommandLineW
LocalFree
InitializeCriticalSection
DecodePointer
EncodePointer
GetStringTypeW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
GetProcAddress
GlobalUnlock
lstrlenW
MultiByteToWideChar
lstrcmpW
GetModuleFileNameW
MulDiv
LeaveCriticalSection
SizeofResource
InitializeCriticalSectionAndSpinCount
GlobalAlloc
GetModuleHandleW
GlobalLock
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
FindResourceExW
ExitProcess
ResumeThread
SystemTimeToFileTime
SetWaitableTimer
CreateWaitableTimerA
SetLastError
GetLastError
GetStartupInfoW
RaiseException
FormatMessageA
CreateDirectoryA
DeleteFileA
LocalFileTimeToFileTime
SetFileTime
SetInformationJobObject
CreateJobObjectW
AssignProcessToJobObject
OpenJobObjectW
GetFileAttributesExW
VirtualProtect
VirtualQuery
ConnectNamedPipe
CreateNamedPipeW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetLogicalDrives

user32

BringWindowToTop
CallNextHookEx
SendMessageA
CheckMenuItem
DestroyMenu
RemoveMenu
EnableMenuItem
LoadMenuW
CheckMenuRadioItem
GetSubMenu
TrackPopupMenu
EnableWindow
SystemParametersInfoW
InflateRect
PtInRect
PostMessageW
ModifyMenuW
DrawTextW
SetWindowRgn
KillTimer
SetTimer
LoadImageW
MessageBoxW
MonitorFromRect
SetCursor
SetRect
AppendMenuW
PostThreadMessageW
EqualRect
CopyRect
IntersectRect
GetMonitorInfoW
EnumDisplayMonitors
OffsetRect
SetClipboardData
OpenClipboard
GetSysColorBrush
EmptyClipboard
CloseClipboard
GetMenuItemCount
CreateDesktopW
GetTopWindow
WindowFromPoint
GetForegroundWindow
GetWindowThreadProcessId
IsRectEmpty
SetWindowsHookExW
SetLayeredWindowAttributes
CreateDialogParamW
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
SetRectEmpty
MapWindowPoints
GetWindowDC
GetMenuItemID
UpdateLayeredWindow
RegisterHotKey
ExitWindowsEx
EnumChildWindows
MonitorFromWindow
GetActiveWindow
GetDlgCtrlID
DrawIcon
GetIconInfo
LoadIconW
DestroyIcon
UnregisterClassA
SendMessageW
ReleaseCapture
CreateWindowExW
IsWindow
SetWindowPos
GetSysColor
GetDesktopWindow
RedrawWindow
SetWindowLongW
GetDlgItem
ReleaseDC
GetClassNameW
PeekMessageW
GetWindowTextW
GetWindowLongW
InvalidateRect
RegisterClassExW
TranslateMessage
GetDC
GetClassInfoExW
BeginPaint
UnregisterHotKey
GetKeyState
DisableProcessWindowsGhosting
SetFocus
CreateAcceleratorTableW
GetClientRect
FindWindowW
LoadCursorW
InvalidateRgn
GetParent
GetFocus
SetCapture
IsChild
FillRect
RegisterWindowMessageW
CharNextW
GetMessageW
ScreenToClient
DestroyAcceleratorTable
GetWindowTextLengthW
SendDlgItemMessageW
CreateDialogIndirectParamW
SetActiveWindow
DispatchMessageW
MoveWindow
GetWindow
DefWindowProcW
CallWindowProcW
DialogBoxParamW
EndDialog
GetCapture
DestroyWindow
ClientToScreen
EndPaint
wsprintfW
IsIconic
IsZoomed
SetForegroundWindow
GetCursorPos
ShowWindow
IsWindowVisible
GetWindowRect
GetSystemMetrics
ShowCursor
SetWindowTextW

gdi32

ExtTextOutW
SetBkMode
SetTextColor
LineTo
MoveToEx
CreatePatternBrush
RestoreDC
SaveDC
CreatePen
CreateRoundRectRgn
CreateDIBSection
DPtoLP
BitBlt
CreateRectRgn
CombineRgn
SetPixel
OffsetRgn
SetBrushOrgEx
CreateFontW
RoundRect
GetTextExtentPoint32W
ExtSelectClipRgn
GetClipBox
CreateRectRgnIndirect
SelectClipRgn
GetTextColor
GetTextMetricsW
SetDIBColorTable
GetDIBColorTable
StretchBlt
Rectangle
GetPixel
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetStockObject
CreateFontIndirectW
SetBkColor
CreateSolidBrush

advapi32

LookupPrivilegeValueW
RegQueryInfoKeyW
InitializeSecurityDescriptor
IsTextUnicode
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyW
RegQueryValueExA
RegEnumKeyW
AdjustTokenPrivileges
RegCreateKeyExW
OpenProcessToken
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
SetSecurityDescriptorDacl
RegDeleteKeyW

shell32

ShellExecuteW
SHChangeNotify
ShellExecuteExW
Shell_NotifyIconW
ord165
DragQueryFileW
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CoSetProxyBlanket
CoUninitialize
OleSetContainedObject
CoCreateGuid
CoInitialize
OleDraw
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
OleCreate
OleUninitialize
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoTaskMemRealloc
OleLockRunning
CoGetClassObject

oleaut32

OleLoadPicture
DispCallFunc
LoadRegTypeLi
SysFreeString
VarUI4FromStr
OleCreateFontIndirect
SysAllocStringLen
VariantInit
LoadTypeLi
VariantClear
SysStringLen
SysAllocString
GetErrorInfo

comctl32

_TrackMouseEvent
InitCommonControlsEx
ImageList_Create

msimg32

TransparentBlt
AlphaBlend
GradientFill

urlmon

UrlMkGetSessionOption

gdiplus

GdipDeleteBrush
GdipGetImageWidth
GdipGetImageHeight
GdipCloneImage
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDrawImageRectI
GdipCloneBrush
GdipDrawImageRectRectI
GdipCreateTextureIAI
GdipCreateSolidFill
GdipBitmapGetPixel
GdipSetSolidFillColor
GdipFillRectangleI
GdipReleaseDC
GdipDrawImageRectRect
GdipDeleteGraphics
GdipFree
GdiplusStartup
GdipBeginContainer2
GdipTranslateWorldTransform
GdipCreateImageAttributes
GdipEndContainer
GdipDisposeImageAttributes
GdipCreateBitmapFromStream
GdipSetImageAttributesColorMatrix
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdiplusShutdown
GdipDrawImageI
GdipLoadImageFromStream
GdipGetImagePalette
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipBitmapUnlockBits

winhttp

WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpSetStatusCallback
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpCrackUrl
WinHttpReadData

imagehlp

ImageGetCertificateHeader
ImageGetCertificateData

rpcrt4

UuidToStringW
UuidCreate

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

wintrust

WinVerifyTrust

crypt32

CryptVerifyMessageSignature

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 377KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec6ca8d1490bc167fb289b8b6484288e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

shlwapi

ws2_32

wininet

iphlpapi

psapi

winmm

dsound

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

urlmon

gdiplus

winhttp

imagehlp

rpcrt4

version

comdlg32

wintrust

crypt32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 377KB - Virtual size: 377KB

.data Size: 65KB - Virtual size: 89KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 89KB - Virtual size: 92KB

.reloc Size: 118KB - Virtual size: 117KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 377KB - Virtual size: 377KB

.data
Size: 65KB - Virtual size: 89KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 89KB - Virtual size: 92KB

.reloc
Size: 118KB - Virtual size: 117KB