2024-05-05_7164870dea0669c10fc4ad8e6d8e1349_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-05_7164870dea0669c10fc4ad8e6d8e1349_mafia
Size

488KB
MD5

7164870dea0669c10fc4ad8e6d8e1349
SHA1

bdd4138baf39478804051acc793c08def4d27632
SHA256

bafae637aa182bfb2addc40847e9661d029a7d099faa807124625fd0e0a7ce73
SHA512

d9db431d31eb5417a33fb0891f3d7638056ece6d35ac5ea225fbbe9911d4947c1d1eda849d8cb394ae335cdc3197be3576a4cb7d5353365021a89dd844334642
SSDEEP

6144:1L6szsg5odR18n1LeL1ewkGMrPzbw0nlvV:V6szsg5aSn5eL1ewarPzbwyN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-05_7164870dea0669c10fc4ad8e6d8e1349_mafia

Files

2024-05-05_7164870dea0669c10fc4ad8e6d8e1349_mafia
.exe windows:5 windows x86 arch:x86

2814809f1e181e814c7923f1cec5ad8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\derek\dr\build_package\build_release-32\bin32\balloon.pdb

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
InitiateSystemShutdownW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
LookupAccountNameW
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegSetKeySecurity
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegOpenKeyW
CloseEventLog
ReadEventLogW
GetOldestEventLogRecord
GetNumberOfEventLogRecords
NotifyChangeEventLog
OpenEventLogW
ClearEventLogW
GetSecurityInfo

kernel32

VirtualFreeEx
GetLastError
VirtualAllocEx
GetCurrentProcess
OpenProcess
GetCurrentThread
FindClose
FindFirstFileW
MoveFileExW
MoveFileW
DeleteFileW
LocalFree
GetProcAddress
GetModuleHandleW
GetShortPathNameW
GetSystemDirectoryW
CloseHandle
CreateDirectoryW
RemoveDirectoryW
FindNextFileW
LocalAlloc
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
CopyFileW
ExpandEnvironmentStringsW
FormatMessageW
LoadLibraryExW
CreateEventW
CreateThread
ReadProcessMemory
TerminateProcess
SleepEx
ResumeThread
GetThreadContext
WriteProcessMemory
VirtualProtectEx
CreateRemoteThread
CreateFileW
GetCurrentProcessId
HeapFree
HeapAlloc
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
ExitProcess
DecodePointer
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
GetCommandLineA
HeapSetInformation
MultiByteToWideChar
ReadFile
GetStringTypeW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
Sleep
FatalAppExitA
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
IsProcessorFeaturePresent
RtlUnwind
SetStdHandle
SetFilePointer
SetEndOfFile
HeapReAlloc
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale

Sections

.text
Size: 377KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2814809f1e181e814c7923f1cec5ad8e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

Sections

.text Size: 377KB - Virtual size: 376KB

.rdata Size: 78KB - Virtual size: 78KB

.data Size: 5KB - Virtual size: 14KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 377KB - Virtual size: 376KB

.rdata
Size: 78KB - Virtual size: 78KB

.data
Size: 5KB - Virtual size: 14KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB