2024-05-11_6a27f822b70cf3a99af1cd3de1f9f343_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-11_6a27f822b70cf3a99af1cd3de1f9f343_mafia
Size

1.9MB
MD5

6a27f822b70cf3a99af1cd3de1f9f343
SHA1

c357fc3098f72253d650ad0359e2bd972c11389e
SHA256

4f0a6bfdf34060740524cc6ca2a8680815a84467ec2a19e7e675b5106669cb52
SHA512

fa8771df3265a61a7c8c702536b13501a195f40a6324cf01d181ef2ac202f0590897da847059478e5f577d55f2984f7091d30fc13cd38f8cdd733a5101cd698a
SSDEEP

49152:SHrMbyAQAZVQK4nbyLWZXLFKMZiL+SLnKlZodnP7NIjZGrUmQQ:RyAQgV2byUXLo6iL+SLnKloP6jZGrU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-11_6a27f822b70cf3a99af1cd3de1f9f343_mafia

Files

2024-05-11_6a27f822b70cf3a99af1cd3de1f9f343_mafia
.exe windows:5 windows x86 arch:x86

07b9b68104086c5aec7680a8e1939297

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Software\project\Azbil\NSSMC\Wakayama\LeakedSteel_A300\Release\LeakedSteel_A300.pdb

Imports

aip_idrv32

ord45
ord2
ord41
ord6
ord123
ord3
ord73

gmildiows

GM_TimerRead
GM_DigitalOutputBlock
GM_CloseDIO
GM_TimerSet
GM_InitializeDIO

kernel32

GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetConsoleCP
GetConsoleMode
WriteConsoleW
GetDriveTypeW
SetEnvironmentVariableA
LCMapStringW
IsProcessorFeaturePresent
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
MultiByteToWideChar
SizeofResource
LockResource
QueryPerformanceCounter
LoadResource
FindResourceW
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
CreateDirectoryW
DeleteFileW
FindFirstFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
RemoveDirectoryW
GetDiskFreeSpaceExW
lstrlenW
GetTimeZoneInformation
GetLastError
GetPrivateProfileStringW
GetPrivateProfileIntW
GetCurrentDirectoryW
CreateMutexW
ReleaseMutex
ResumeThread
WaitForSingleObject
TerminateThread
GlobalLock
GlobalUnlock
Sleep
GlobalFree
GlobalAlloc
FormatMessageW
LocalFree
InterlockedIncrement
GetThreadLocale
lstrcmpW
FreeLibrary
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
HeapSize
HeapQueryInformation
ExitProcess
GetFileType
SetStdHandle
CreateThread
ExitThread
HeapReAlloc
RaiseException
RtlUnwind
DecodePointer
EncodePointer
MoveFileA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapAlloc
HeapFree
SetLastError
IsDebuggerPresent
UnhandledExceptionFilter
WideCharToMultiByte
TerminateProcess
GetDateFormatW
GetTimeFormatW
DeactivateActCtx
ActivateActCtx
LoadLibraryW
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetTickCount
SetErrorMode
GetSystemDirectoryW
GlobalGetAtomNameW
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
WritePrivateProfileStringW
lstrcpyW
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
FindNextFileW
GetFileTime
GetFileSizeEx
GetFileAttributesW
GetFileAttributesExW
lstrlenA
lstrcmpA
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
lstrcmpiW
CreateEventW
SuspendThread
SetEvent
SetThreadPriority
CloseHandle
GetCurrentProcessId
GetModuleFileNameW
CopyFileW
GlobalSize
MulDiv
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
GetModuleHandleW
GetProcAddress
CompareStringW
DeleteCriticalSection

user32

FrameRect
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetIconInfo
HideCaret
InvertRect
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongW
DestroyAcceleratorTable
SetParent
RegisterClipboardFormatW
UnregisterClassW
UnpackDDElParam
ReuseDDElParam
LoadImageW
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
DestroyIcon
GetNextDlgGroupItem
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
GetAsyncKeyState
NotifyWinEvent
MessageBeep
WindowFromPoint
SetWindowRgn
DeleteMenu
SetLayeredWindowAttributes
EnumDisplayMonitors
GetSysColorBrush
CopyImage
RealChildWindowFromPoint
ReleaseCapture
SetCapture
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
IntersectRect
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
SetRectEmpty
IsZoomed
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
WaitMessage
PostQuitMessage
CharUpperW
MapVirtualKeyW
GetKeyNameTextW
GetMessageW
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
GetActiveWindow
CopyIcon
GetNextDlgTabItem
EndDialog
LoadMenuW
FillRect
DrawStateW
GetMenuStringW
InsertMenuW
RemoveMenu
IsWindowEnabled
ShowWindow
MoveWindow
IsDialogMessageW
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
CharUpperBuffW
PostThreadMessageW
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
CreateMenu
GetWindowRgn
DestroyCursor
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SubtractRect
MapVirtualKeyExW
IsCharLowerW
GetDoubleClickTime
GetUpdateRect
CreateDialogIndirectParamW
IsClipboardFormatAvailable
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
IsWindow
GetDlgItem
GetWindowLongW
OffsetRect
PtInRect
CopyRect
GetDlgCtrlID
GetWindow
CharNextW
LoadCursorW
SetCursor
GetParent
GetDC
SetWindowTextW
PostMessageW
DrawMenuBar
EnableMenuItem
UpdateWindow
InvalidateRect
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
AppendMenuW
GetSystemMenu
PeekMessageW
LoadIconW
ReleaseDC
GetWindowDC
GetForegroundWindow
GetDesktopWindow
ScreenToClient
GetCursorPos
GetWindowRect
KillTimer
SetTimer
SendMessageW
EnableWindow
TranslateMessage

gdi32

SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
SetBkMode
CreatePen
CreateRectRgnIndirect
SetROP2
GetTextMetricsW
GetTextExtentPoint32W
CreateFontIndirectW
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetRgnBox
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
CreatePolygonRgn
CreateEllipticRgn
Polyline
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
PatBlt
SetPolyFillMode
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
CreateBitmap
SetBkColor
SetTextColor
GetTextColor
GetBkColor
GetDeviceCaps
GetStockObject
SetPixel
Ellipse
CreateHatchBrush
Rectangle
StretchDIBits
SetStretchBltMode
CreateFontW
DeleteDC
BitBlt
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
GetObjectW
DeleteObject
CreateSolidBrush

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegCloseKey
RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHAppBarMessage
SHBrowseForFolderW
DragQueryFileW
DragFinish

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathIsDirectoryW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW

ole32

CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoCreateInstance
RevokeDragDrop
CoLockObjectExternal
CoInitializeEx
CoGetClassObject
IsAccelerator
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoInitialize
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CoTaskMemAlloc
CoTaskMemFree
RegisterDragDrop
OleGetClipboard
ReleaseStgMedium
OleLockRunning

oleaut32

SysFreeString
VarBstrFromDate
SysStringLen
SafeArrayDestroy
SafeArrayGetElement
VariantCopy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantTimeToSystemTime
SysAllocString
VariantInit
VariantChangeType
OleCreateFontIndirect
SysAllocStringLen
VariantClear
SystemTimeToVariantTime

oledlg

OleUIBusyW

gdiplus

GdipAlloc
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusStartup
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipFree
GdipDisposeImage
GdipSaveImageToFile
GdiplusShutdown

ws2_32

inet_ntoa
WSAStartup
WSACleanup
gethostbyname
closesocket
htonl
htons
inet_addr
accept
socket
select
bind
getpeername
WSASetLastError
connect
sendto
recvfrom
WSAAsyncSelect
send
recv
WSAGetLastError
ntohs

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07b9b68104086c5aec7680a8e1939297

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

aip_idrv32

gmildiows

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

ws2_32

oleacc

imm32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 313KB - Virtual size: 312KB

.data Size: 34KB - Virtual size: 66KB

.rsrc Size: 45KB - Virtual size: 45KB

.reloc Size: 178KB - Virtual size: 177KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 313KB - Virtual size: 312KB

.data
Size: 34KB - Virtual size: 66KB

.rsrc
Size: 45KB - Virtual size: 45KB

.reloc
Size: 178KB - Virtual size: 177KB