2024-05-12_0881c497d9951172c4e97f9e57ae6baf_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-12_0881c497d9951172c4e97f9e57ae6baf_mafia
Size

243KB
MD5

0881c497d9951172c4e97f9e57ae6baf
SHA1

0127a8b7ae74a92dc781d82c33c4ed2a6d84a885
SHA256

6b25ea19296fdd3876566dfa4a8f07c7b5e92f1731cff2a6b54e7f8e37557c6c
SHA512

ef12421cb36529d1b4dd17a4679f594d18f20ae06405ce62144a19638429674e0f781282f1c42fe8a6508e860bbefbfc17db72f800689ec153ddb158677b1d63
SSDEEP

3072:E0eobR5mwy0XyYXgCBlFg6ZV1tvebuYF6xvWhaI4HWSxF9te:TF5mAXVXgCBlFg6ZV1tmyKX4HW0k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-12_0881c497d9951172c4e97f9e57ae6baf_mafia

Files

2024-05-12_0881c497d9951172c4e97f9e57ae6baf_mafia
.exe windows:5 windows x86 arch:x86

314edd5749c2087ead494d1163cb8b34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
SetCurrentDirectoryA
GetLastError
GetModuleFileNameA
CreateMutexA
CloseHandle
SetEndOfFile
CreateFileA
InitializeCriticalSection
CreateFileW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
WriteConsoleW
SetStdHandle
LoadLibraryW
InterlockedExchange
GetCommandLineA
HeapReAlloc
GetStringTypeW
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
GetLocaleInfoW
GetModuleFileNameW
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
ReadFile
GetCurrentProcess
SetPriorityClass
ExitProcess
Sleep
HeapCreate
IsProcessorFeaturePresent
HeapAlloc
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
GetProcAddress
GetCurrentThreadId
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
LeaveCriticalSection
GetProcessHeap
EnterCriticalSection
HeapFree

user32

RegisterHotKey
LoadCursorA
DestroyWindow
GetMessageA
SetTimer
RegisterClassExA
PostQuitMessage
TrackPopupMenu
KillTimer
SetForegroundWindow
LoadStringA
LoadIconA
RegisterWindowMessageA
GetDC
TranslateMessage
GetForegroundWindow
SetWindowLongA
MessageBoxA
GetWindowLongA
CreateWindowExA
ReleaseDC
DefWindowProcA
GetDesktopWindow
SetWindowPos
GetCursorPos
ShowWindow
CreatePopupMenu
PostMessageA
DispatchMessageA
SystemParametersInfoA
GetSystemMetrics
AllowSetForegroundWindow
InsertMenuA
UnregisterHotKey

gdi32

CreateSolidBrush
GetDeviceCaps

shell32

Shell_NotifyIconA

strokesplus

loadHookConfig
setLastActive
getGesturesDisabled
clearMyHook
openSettings
setLearningMode
getHookBtn
setPreviousTrainingModeState
getDrawGesture
reloadLuaState
getTrayIconVisible
openHotkeys
setWindowState
openHelp
openConfig
setTrayID
openIgnored
getCheckForOtherGesturePrograms
getReInitOnResume
clearCaptureVars
FireHotkey
setTrayIconVisible
LoadHotkeys
openPrefs
openGestureName
getHideAdditionalInstanceMessage
getCheckForegroundTimeout
setDrawGesture
openPassword
setDPIModifier
getLearningMode
openAbout
setGesturesDisabled
saveConfig
setOSVersion
setWindowTransparency
setMyHook
setHookBtn
sethWndServer

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

gdiplus

GdiplusStartup
GdiplusShutdown

Exports

Exports

ptConfig
ptLang

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

314edd5749c2087ead494d1163cb8b34

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

strokesplus

psapi

gdiplus

Exports

Exports

Sections

.text Size: 153KB - Virtual size: 153KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 30KB - Virtual size: 29KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 153KB - Virtual size: 153KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 30KB - Virtual size: 29KB

.reloc
Size: 13KB - Virtual size: 13KB