2024-05-09_b514d0bd47ef196f3638552e3aefb82f_backswap_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-09_b514d0bd47ef196f3638552e3aefb82f_backswap_mafia
Size

3.3MB
MD5

b514d0bd47ef196f3638552e3aefb82f
SHA1

ef00bba17b461b885984131b4f362a6680d553f9
SHA256

544c7b2f7feddfb5827ec74ccb31cecb62033348240ce87cfebfd16beb9e7aa5
SHA512

cd2e37f414142b12f12700cf69e91e93550d691330060a78ee572776b50f02747de88e8510d0f07165cd7ce6da197885d96405b7efb2bbd1c8d80e70deb1ed31
SSDEEP

98304:KwuMa8sP9n+Qit/d4Lb+MwN2MAguYGH5mrkRNyyl4c9UKBNqH9U/vrCtet:aPlBpR5nyyv5/M9U/vr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-09_b514d0bd47ef196f3638552e3aefb82f_backswap_mafia

Files

2024-05-09_b514d0bd47ef196f3638552e3aefb82f_backswap_mafia
.exe windows:5 windows x86 arch:x86

35fbc675e03f9f1d3ced79947e0bc6cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\_Intermediate\ALService\Executables\ALE_adv.pdb

Imports

mscoree

CorBindToRuntimeEx

rpcrt4

UuidCreate

netapi32

DsGetDcNameW
NetApiBufferFree
NetWkstaGetInfo

ntdsapi

DsUnBindW
DsListSitesW
DsFreePasswordCredentials
DsBindWithCredW
DsMakePasswordCredentialsW
DsBindW
DsFreeNameResultW

ws2_32

WSAGetLastError
socket
WSAStartup
htonl
getservbyname
recv
gethostbyname
gethostbyaddr
getservbyport
ntohs
WSACleanup
closesocket
WSASetLastError
inet_addr
htons
connect
getsockname
inet_ntoa
getsockopt
setsockopt
send

iphlpapi

GetAdaptersInfo

kernel32

ExpandEnvironmentStringsA
GlobalGetAtomNameW
InterlockedCompareExchange
GetLastError
MultiByteToWideChar
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
lstrlenW
GetModuleHandleW
RaiseException
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
GetProcAddress
LocalFree
CloseHandle
GetCurrentProcess
GetCurrentThread
LockResource
GetLocalTime
ExitProcess
CreateThread
GetCurrentThreadId
GetTickCount
Sleep
SetLastError
DeactivateActCtx
ActivateActCtx
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
SetConsoleCtrlHandler
FatalAppExitA
GetConsoleMode
GetConsoleCP
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapDestroy
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapSize
HeapQueryInformation
ExitThread
HeapReAlloc
HeapAlloc
EncodePointer
DecodePointer
HeapFree
GetSystemTimeAsFileTime
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
LocalLock
LocalUnlock
SearchPathW
GetProfileIntW
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
SetErrorMode
GetFileSizeEx
LocalFileTimeToFileTime
SetFileAttributesW
GetFileAttributesExW
FileTimeToLocalFileTime
FindResourceExW
GetAtomNameW
GetShortPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileW
CreateFileW
GetThreadLocale
GetStringTypeExW
lstrcpyW
DeleteFileW
GlobalFlags
GetCurrentDirectoryW
TlsFree
LocalReAlloc
TlsSetValue
LoadLibraryW
OpenMutexW
LocalAlloc
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
lstrlenA
ReleaseMutex
GetDiskFreeSpaceW
GetFullPathNameW
GetTempFileNameW
GetFileTime
SetFileTime
ReplaceFileW
GetFileAttributesW
GetUserDefaultLCID
VirtualProtect
GlobalFindAtomW
CompareStringW
FreeResource
ReleaseActCtx
CreateActCtxW
GlobalAddAtomW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
lstrcmpA
GlobalDeleteAtom
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringA
lstrcmpW
InterlockedExchange
GlobalFree
CopyFileW
GlobalSize
MulDiv
InitializeCriticalSection
GetSystemDirectoryA
LoadLibraryA
CreateDirectoryW
GetCurrentProcessId
OutputDebugStringW
IsBadStringPtrW
GetVersionExW
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
CreateProcessW
GetExitCodeProcess
GlobalAlloc
GlobalLock
GlobalUnlock
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
GetSystemTime
SystemTimeToFileTime
WideCharToMultiByte
FormatMessageW
WaitForSingleObject

user32

TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
GetDCEx
CopyImage
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
SetClassLongW
NotifyWinEvent
DestroyAcceleratorTable
RedrawWindow
SetWindowRgn
WindowFromPoint
UnionRect
SetParent
GetSystemMenu
GetDialogBaseUnits
MessageBeep
GetNextDlgGroupItem
SetCapture
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
UnregisterClassW
CharUpperW
SetLayeredWindowAttributes
EnumDisplayMonitors
KillTimer
RealChildWindowFromPoint
DeleteMenu
GetSysColorBrush
IsZoomed
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
UnpackDDElParam
ReuseDDElParam
GetMenuBarInfo
DestroyIcon
ReleaseCapture
LoadAcceleratorsW
InvalidateRect
IsIconic
InsertMenuItemW
CreatePopupMenu
IntersectRect
OffsetRect
BringWindowToTop
SetRectEmpty
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
MapVirtualKeyW
GetKeyNameTextW
ReleaseDC
GetDC
GetAsyncKeyState
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
UpdateLayeredWindow
IsMenu
MessageBoxW
UpdateWindow
LoadIconW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
UnhookWindowsHookEx
GetWindowTextLengthW
GetWindowTextW
SetFocus
SetWindowPos
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GetWindow
GetWindowThreadProcessId
GetWindowLongW
InSendMessage
CreateMenu
WaitMessage
IsClipboardFormatAvailable
SendNotifyMessageW
FrameRect
GetUpdateRect
CopyIcon
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
SubtractRect
DrawIcon
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
ValidateRect
DestroyCursor
WindowFromDC
GetWindowRgn
EnumChildWindows
GetTabbedTextExtentW
MonitorFromPoint
GetSubMenu
LoadMenuW
GetWindowRect
SendMessageW
CheckMenuItem
CharNextW
EnableWindow
GetClientRect
ScreenToClient
GetCursorPos
GetSystemMetrics
PostMessageW
SetTimer
LoadImageW
GetParent
IsWindow
ModifyMenuW
SetMenuDefaultItem
TranslateAcceleratorW
PostThreadMessageW
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
LoadCursorW
SetCursor
RegisterClipboardFormatW
RemoveMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
PostQuitMessage
EnableMenuItem
GetFocus
GetMenuCheckMarkDimensions
SetMenuItemBitmaps

gdi32

GetBkColor
GetTextColor
GetRgnBox
EnumFontFamiliesExW
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetCurrentObject
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
GetDIBits
StretchBlt
CreateDIBitmap
GetTextCharsetInfo
Rectangle
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
CreateMetaFileW
CloseMetaFile
DeleteMetaFile
SetPixelV
RoundRect
EnumFontFamiliesW
GetTextMetricsW
StretchDIBits
CreateFontW
GetCharWidthW
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetLayout
CreateFontIndirectW
GetObjectW
GetDeviceCaps
CopyMetaFileW
CreateDCW
CreateBitmap
SetTextColor
SetBkColor
CreateRectRgnIndirect
PatBlt
CreateCompatibleDC
BitBlt
ExtTextOutW
CreateCompatibleBitmap
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetPixel
GetTextExtentPoint32W
GetLayout

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetJobW

advapi32

ReportEventW
CryptHashData
RegOpenKeyExA
RegQueryValueExA
CryptCreateHash
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
RegDeleteValueW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
GetFileSecurityW
SetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegSetValueW
InitializeAcl
AddAce
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
IsValidAcl
GetAclInformation
GetAce
FreeSid
InitializeSid
AllocateAndInitializeSid
GetSidLengthRequired
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
LogonUserW
ImpersonateLoggedOnUser
RevertToSelf
LookupAccountSidW
LsaQueryInformationPolicy
ConvertStringSidToSidW
DeregisterEventSource
RegisterEventSourceW
CryptGetHashParam
ConvertSidToStringSidW
LsaRemoveAccountRights
LsaOpenPolicy
LsaClose
LookupAccountNameW
LsaEnumerateAccountRights
LsaFreeMemory
LsaAddAccountRights
LsaNtStatusToWinError
AdjustTokenPrivileges
RegEnumValueW
RegConnectRegistryW
RegCreateKeyW
RegQueryValueExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
RegFlushKey
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorGroup
IsValidSid
GetLengthSid
CopySid
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegSetValueExW

shell32

SHGetSpecialFolderLocation
ShellExecuteW
DragFinish
DragQueryFileW
ShellExecuteExW
SHBrowseForFolderW
SHGetMalloc
SHAddToRecentDocs
SHAppBarMessage
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW
ExtractIconW

comctl32

ImageList_Add
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Create
_TrackMouseEvent
ImageList_GetIconSize
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Remove
ImageList_DrawEx

shlwapi

PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathIsUNCW
PathRemoveFileSpecW
PathStripToRootW

ole32

CoInitializeSecurity
OleDestroyMenuDescriptor
OleTranslateAccelerator
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CLSIDFromProgID
ReleaseStgMedium
CoImpersonateClient
CoRevertToSelf
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CreateBindCtx
StringFromCLSID
CoTreatAsClass
OleDuplicateData
CoCreateGuid
CLSIDFromString
PropVariantCopy
CoDisconnectObject
StringFromGUID2
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoInitializeEx
OleRun
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
StgCreateDocfile
CreateFileMoniker
StgOpenStorage
StgIsStorageFile
CreateDataAdviseHolder
CreateOleAdviseHolder
CoGetMalloc
GetRunningObjectTable
OleIsRunning
OleQueryLinkFromData
OleQueryCreateFromData
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
OleRegGetMiscStatus
OleRegEnumVerbs
CreateGenericComposite
CreateItemMoniker
OleGetIconOfClass
OleCreateLinkToFile
OleCreateFromFile
OleSetContainedObject
GetHGlobalFromILockBytes
OleLoad
OleCreate
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleSaveToStream
WriteClassStm
OleSave
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
OleSetMenuDescriptor
OleLockRunning
IsAccelerator
OleCreateMenuDescriptor

oleaut32

VariantTimeToSystemTime
VarBstrCmp
RegisterTypeLi
VarBstrCat
GetErrorInfo
VariantChangeType
OleCreateFontIndirect
SystemTimeToVariantTime
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SafeArrayAllocDescriptor
LoadTypeLi
VarBstrFromCy
VarBstrFromDec
VariantCopy
CreateErrorInfo
VarBstrFromDate
SafeArrayGetUBound
SafeArrayGetLBound
VariantInit
SafeArrayGetElement
VariantClear
SysAllocStringLen
SysAllocString
VarCyFromStr
SysStringByteLen
SafeArrayCopy
SysAllocStringByteLen
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VarDateFromStr
VarUI4FromStr
DispCallFunc
SafeArrayCreate
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayUnaccessData
VarDecFromStr
SafeArrayPutElement
SysStringLen
SysFreeString
SafeArrayAllocData
SysReAllocStringLen
SetErrorInfo
LoadRegTypeLi

oledlg

OleUIBusyW

mapi32

ord138
ord75
ord19
ord23
ord21
ord17

wldap32

ord309
ord304
ord88
ord14
ord16
ord145
ord127
ord310
ord206
ord26
ord135
ord133
ord140
ord142
ord208
ord27
ord46
ord191
ord41
ord18
ord224
ord79
ord147
ord301
ord54
ord91
ord303
ord103
ord73
ord216
ord167

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipFree

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35fbc675e03f9f1d3ced79947e0bc6cb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

rpcrt4

netapi32

ntdsapi

ws2_32

iphlpapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

mapi32

wldap32

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 596KB - Virtual size: 595KB

.data Size: 42KB - Virtual size: 74KB

.rsrc Size: 89KB - Virtual size: 89KB

.reloc Size: 193KB - Virtual size: 192KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 596KB - Virtual size: 595KB

.data
Size: 42KB - Virtual size: 74KB

.rsrc
Size: 89KB - Virtual size: 89KB

.reloc
Size: 193KB - Virtual size: 192KB