2024-05-09_398d9246662762328e07477fd491ff83_mafia_nionspy | Triage

Sharing

General

Target

2024-05-09_398d9246662762328e07477fd491ff83_mafia_nionspy
Size

279KB
MD5

398d9246662762328e07477fd491ff83
SHA1

51ce0e1ef62dbb5629fe161f3eec433e3e6bcb18
SHA256

3c87f516ddd58209e2f5c245f7a3ec7fba0c6a60515ecdf4b6017af4efe6b26d
SHA512

3574d806ab1b2cee1a1d7cb437b6662a9e2ff40bebcf6bb35bb08a61118dd0adab64076d8a80d42ad71433643bb7a4637d11be015804bd519ef25480ab9526ae
SSDEEP

6144:rTz+WrPFZvTXb4RyW42vFlOloh2E+7phg7ozD:rTBPFV0RyWl3h2E+7ph

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-09_398d9246662762328e07477fd491ff83_mafia_nionspy

Files

2024-05-09_398d9246662762328e07477fd491ff83_mafia_nionspy
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ