2024-05-02_6ce34d15c867536c0b3adae71bac2729_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-02_6ce34d15c867536c0b3adae71bac2729_mafia
Size

283KB
MD5

6ce34d15c867536c0b3adae71bac2729
SHA1

b679c69bcd40d6ab9f43eb5f1d1e2cebffa67a7e
SHA256

e3443e596165c4a3a573a8712ba3bf137092ab768055baa8252acd8a382a4aa3
SHA512

a7942c3175addcba9b386d23b61d4cc7c1f30a3047f2246ec870ce2c2d01c72d8310aae9b9abab6dec7dee5747708c33cc977b56c7e5b496b90d336f572b2c20
SSDEEP

6144:WiwKPv/apIB/p5sjICnx96s+lp3vOm+yX7R0f9J:WlKvapIB/p5QPx96s4p3vp94n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-02_6ce34d15c867536c0b3adae71bac2729_mafia

Files

2024-05-02_6ce34d15c867536c0b3adae71bac2729_mafia
.exe windows:5 windows x86 arch:x86

4e9624b6e627b9895deb15a5b43216df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\keith\Documents\Visual Studio 2010\Projects\gCADPlus\10.9\gCADPlus9\bin\sustcalc.pdb

Imports

kernel32

LoadLibraryExW
GetModuleFileNameW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetEndOfFile
WriteConsoleW
ReadFile
SetFilePointer
CreateFileW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
LCMapStringW
WideCharToMultiByte
LoadLibraryW
SetConsoleCtrlHandler
FatalAppExitA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
FreeLibrary
FreeEnvironmentStringsW
GetFileType
SetHandleCount
Sleep
ExitProcess
HeapCreate
GetStringTypeW
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetACP
GetCPInfo
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
GetStdHandle
WriteFile
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
SetLastError
lstrlenA
MultiByteToWideChar
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetProcAddress
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GetEnvironmentStringsW
DeleteCriticalSection
GetLastError
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
CreateProcessA
WaitForSingleObject
CloseHandle
lstrlenW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCommandLineW
CreateDirectoryW
RtlUnwind
EncodePointer
DecodePointer
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
RaiseException
GetOEMCP

user32

CreateWindowExW
SetWindowTextW
MoveWindow
GetClientRect
InvalidateRect
ShowWindow
SendMessageW
DrawTextW
GetWindowLongW
PostMessageA
IsWindow
ScreenToClient
SetWindowPlacement
GetWindowPlacement
GetActiveWindow
GetSystemMetrics
DialogBoxParamW
CreateDialogParamW
SendDlgItemMessageW
EndDialog
PostQuitMessage
LoadImageW
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SetWindowPos
GetDlgItem
DestroyWindow
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetFocus
GetWindowTextW
PostMessageW
GetSysColor
SetWindowLongW
CallWindowProcW
DefWindowProcW
GetDC
ReleaseDC
IsDialogMessageW
GetParent
SetFocus
UnregisterClassA

gdi32

GetPixel
GetTextExtentPoint32W
GetDIBColorTable
CreateCompatibleDC
DeleteObject
SetBkColor
ExtTextOutW
SetTextColor
SelectObject
DeleteDC
CreateFontW
GetObjectW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExA
RegCreateKeyA
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VarUI4FromStr
SysFreeString

gdiplus

GdiplusShutdown

msimg32

TransparentBlt

comctl32

InitCommonControlsEx

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e9624b6e627b9895deb15a5b43216df

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

msimg32

comctl32

Sections

.text Size: 205KB - Virtual size: 205KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 205KB - Virtual size: 205KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 9KB - Virtual size: 9KB