2024-05-02_70f168911d5a7492ec674ffbc90d276a_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-02_70f168911d5a7492ec674ffbc90d276a_mafia
Size

13.0MB
MD5

70f168911d5a7492ec674ffbc90d276a
SHA1

23ed5f31e20be4261dac99d179d7b861da98eefd
SHA256

5dd40365aab927af5d50469b1b1ac1e84fc85de59fdecacd9bb491f494b80d7d
SHA512

385f213131622707bf6feba62d5e8443031131664b42fece1e8576b4cb8af35b533bf4789abd70c67c84866cc4dbe61b60744e0c3eb3f55d8425d971f6ef5605
SSDEEP

196608:WeYcZL4qqMEYhPI3Y3KYPL3cPGDedQsCPaYWX8PdTul0ABO+r0zulQE1cvI:WeY+L6QPIggPGDedPhXY8lZBt0zIQER

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-02_70f168911d5a7492ec674ffbc90d276a_mafia

Files

2024-05-02_70f168911d5a7492ec674ffbc90d276a_mafia
.exe windows:5 windows x86 arch:x86

8ea3ac4ad3525a588a10d2e3d5146694

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyW

kernel32

DeviceIoControl
MultiByteToWideChar
GetCurrentThread
GetSystemTime
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
SetFilePointer
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SetFileTime
WriteFile
FileTimeToSystemTime
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetTickCount
CreateFileW
GetFileTime
CreateEventW
ResetEvent
WaitForSingleObject
CloseHandle
GetBinaryTypeW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetEnvironmentVariableA
CompareStringW
GetComputerNameW
SetEndOfFile
WriteConsoleW
FlushFileBuffers
Sleep
GetCommandLineW
GetTempPathW
CreateDirectoryW
GetModuleHandleW
GetCurrentThreadId
GetModuleFileNameW
GetFileAttributesW
FindResourceW
SizeofResource
LoadResource
LockResource
LoadLibraryW
GetProcAddress
FreeLibrary
InterlockedDecrement
HeapCreate
TlsFree
TlsSetValue
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
FindFirstFileExW
FileTimeToLocalFileTime
HeapAlloc
GetProcessHeap
WideCharToMultiByte
HeapReAlloc
GetLocaleInfoW
GetCurrentProcessId
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetFileType
PeekNamedPipe
GetFullPathNameW
HeapSize
GetStdHandle
ExitProcess
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
HeapFree
IsValidCodePage
GetOEMCP
GetACP
SetLastError
GetModuleHandleA
GetVersion
GetLastError
OutputDebugStringA
IsDebuggerPresent
GetLogicalDriveStringsW
GetDriveTypeW
QueryDosDeviceW
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
SetFileAttributesW
CreateThread
LocalFree
InterlockedIncrement
GetStringTypeW
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
RaiseException
RtlUnwind

user32

EndDialog
SetWindowPos
SetWindowLongW
ScreenToClient
GetWindowRect
MoveWindow
ShowWindow
MessageBoxW
GetWindowThreadProcessId
GetForegroundWindow
GetClassNameW
GetWindow
GetDesktopWindow
SetForegroundWindow
GetSysColor
CallWindowProcW
SetCursor
LoadCursorW
GetSysColorBrush
EndPaint
DrawIconEx
FillRect
SetRect
BeginPaint
GetClientRect
TrackPopupMenu
GetCursorPos
AppendMenuW
wsprintfW
SetDlgItemTextW
LoadStringW
GetDlgItem
SendMessageW
CreatePopupMenu
PostMessageW
IsWindow
DialogBoxParamW
EnableWindow
SetWindowTextW
LoadImageW
DestroyIcon
GetFocus
SetFocus
GetDlgItemTextW
GetWindowLongW

advapi32

CryptDestroyHash
CryptEncrypt
CryptGetHashParam
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDeriveKey
RevertToSelf
CryptAcquireContextW
GetFileSecurityW
ImpersonateSelf
OpenThreadToken
MapGenericMask
AccessCheck

shell32

CommandLineToArgvW
ShellExecuteW

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CLSIDFromProgID
CoCreateInstance
CoInitialize
CoUninitialize
StgCreateStorageEx
StgOpenStorageEx

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantClear
VariantCopy
VariantInit
SysFreeString
SysAllocString

iphlpapi

GetAdaptersInfo

ws2_32

WSAStartup
WSACleanup
htonl
ntohl
htons
inet_addr
gethostbyname
socket
connect
send
recv
closesocket
select

wininet

InternetReadFile
HttpQueryInfoW
HttpSendRequestW
InternetConnectW
InternetOpenW
InternetCloseHandle
HttpOpenRequestW

gdi32

SelectObject
MoveToEx
LineTo
SetBkMode
SetTextColor
CreatePen
DeleteObject

Sections

.text
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12.6MB - Virtual size: 12.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ea3ac4ad3525a588a10d2e3d5146694

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

iphlpapi

ws2_32

wininet

gdi32

Sections

.text Size: 293KB - Virtual size: 293KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 11KB - Virtual size: 24KB

.rsrc Size: 12.6MB - Virtual size: 12.6MB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 293KB - Virtual size: 293KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 11KB - Virtual size: 24KB

.rsrc
Size: 12.6MB - Virtual size: 12.6MB

.reloc
Size: 22KB - Virtual size: 22KB