2024-05-09_48e7a3c83c677e5fd10ba20cc91e5d95_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-09_48e7a3c83c677e5fd10ba20cc91e5d95_mafia
Size

891KB
MD5

48e7a3c83c677e5fd10ba20cc91e5d95
SHA1

763297ab50127b0f208abc953979cfa40759b300
SHA256

4d0b9d64e5e65330c1e77182aa8d30e4c34a5ae8c88ea3463512d12380559fa5
SHA512

b07802748d761ac1ca0095df8a7821c8313c8866a00930fcdad9d5eb2b01a5f0d785fd5deb28abfbebcbf81549f093c651b1581072ce95844d46063a9032a674
SSDEEP

24576:0xQbgbGwzCRTrXusqjnhMgeiCl7G0nehbGZpbD:0xEAGwGRTGDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-09_48e7a3c83c677e5fd10ba20cc91e5d95_mafia

Files

2024-05-09_48e7a3c83c677e5fd10ba20cc91e5d95_mafia
.exe windows:5 windows x86 arch:x86

9a2620076802f27a0c25f713aa9db061

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shfolder

SHGetFolderPathW

comctl32

ord17

shlwapi

PathFileExistsW
PathRelativePathToW
PathRemoveFileSpecW
PathAppendW
PathFindFileNameW
PathRenameExtensionW

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW

kernel32

FindResourceW
FindResourceExW
FindClose
FindNextFileW
FindFirstFileW
GetLastError
GetCurrentDirectoryW
LocalFree
GetCommandLineW
GetTempFileNameW
GetTempPathW
CloseHandle
GetCurrentProcess
InterlockedExchange
RaiseException
EnterCriticalSection
LeaveCriticalSection
CreateFileW
GetProcAddress
GetModuleHandleW
WriteFile
FlushInstructionCache
GetVersionExW
FreeResource
GetCurrentThreadId
GetUserDefaultLangID
SetLastError
lstrlenW
RemoveDirectoryW
Sleep
FreeLibrary
CreateProcessW
CopyFileW
CreateDirectoryW
GetModuleFileNameW
LoadLibraryW
WaitForSingleObject
DeleteFileW
ReadFile
GetFileSize
LoadResource
VerifyVersionInfoW
VerSetConditionMask
SetFileAttributesW
GetWindowsDirectoryW
SizeofResource
MoveFileExW
lstrcmpW
HeapFree
GetProcessHeap
GetTickCount
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
GetStringTypeW
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
FlushFileBuffers
ExitProcess
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
GetStdHandle
SetHandleCount
GetConsoleMode
GetConsoleCP
SetFilePointer
GetFileType
PeekNamedPipe
GetFileInformationByHandle
SetUnhandledExceptionFilter
LockResource
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetStdHandle
SetEndOfFile
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetFileAttributesExW
WideCharToMultiByte
TlsAlloc
GetCPInfo
MultiByteToWideChar
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
GetFileAttributesW
FindFirstFileExW
GetDriveTypeW
GetFullPathNameW
TlsFree
TlsSetValue
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedCompareExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
EncodePointer
DecodePointer
RtlUnwind
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsGetValue

user32

SetDlgItemTextW
UpdateWindow
GetSystemMetrics
LoadImageW
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
GetKeyState
SetWindowPos
UnregisterClassA
SetWindowTextW
GetWindowLongW
GetActiveWindow
CreateDialogParamW
DialogBoxParamW
EndDialog
SetActiveWindow
ShowWindow
SendMessageW
SetWindowLongW
DestroyWindow
MessageBoxW
EnableWindow
MapWindowPoints
GetDlgItem

comdlg32

GetSaveFileNameW

advapi32

FreeSid
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9a2620076802f27a0c25f713aa9db061

Headers

DLL Characteristics

File Characteristics

Imports

shfolder

comctl32

shlwapi

shell32

kernel32

user32

comdlg32

advapi32

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 48KB - Virtual size: 58KB

.rsrc Size: 60KB - Virtual size: 60KB

.reloc Size: 580KB - Virtual size: 584KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 48KB - Virtual size: 58KB

.rsrc
Size: 60KB - Virtual size: 60KB

.reloc
Size: 580KB - Virtual size: 584KB