2024-05-12_7992276ad3df019f0eb70c8e8e2caf72_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-12_7992276ad3df019f0eb70c8e8e2caf72_mafia
Size

1.7MB
MD5

7992276ad3df019f0eb70c8e8e2caf72
SHA1

4750102d1e7d1795a0547f27b73f23346a76670a
SHA256

b9c19b478d9ce680131ee86340326313a2acfee1de7c734b1abbd71f3572cd9f
SHA512

9f2a888b1e38c58904b4ea2b21589a559e5ccd55758fd9efe487e9f977086b59dd6c9edba23c88acb8e7f4a62b6c58aa4a6c6ef55fbf6f9bba986f616353ebe3
SSDEEP

24576:UoEk1GpS3YiEqvMv3ScZFtXAJCzG8OvG0WfJKsocuDy8UgHREBO51MU8nv:8p33SK/AoCxehzYyf4EBy+jv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-12_7992276ad3df019f0eb70c8e8e2caf72_mafia

Files

2024-05-12_7992276ad3df019f0eb70c8e8e2caf72_mafia
.exe windows:5 windows x86 arch:x86

0769981bf75caefa25b4a5226b514c0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\kjk\src\sumatrapdf\obj-rel\SumatraPDF-no-MuPDF.pdb

Imports

advapi32

RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityA
SetFileSecurityW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyW

kernel32

CopyFileExW
SetErrorMode
QueryPerformanceCounter
InitializeCriticalSection
FormatMessageW
LeaveCriticalSection
GetFileAttributesW
MulDiv
GetPrivateProfileIntW
GetLastError
EnterCriticalSection
QueryPerformanceFrequency
DeleteCriticalSection
LocalFree
SetFileAttributesW
GetUserDefaultUILanguage
ReadDirectoryChangesW
GetOverlappedResult
ResetEvent
WaitForMultipleObjects
GetTickCount
Sleep
SetThreadExecutionState
GetSystemTime
GetLogicalDrives
GlobalLock
GetProfileStringW
GlobalAlloc
GlobalUnlock
GlobalFree
GlobalDeleteAtom
GlobalAddAtomW
GetSystemDirectoryW
GetWindowsDirectoryW
GetDriveTypeW
CreateDirectoryW
SetFileTime
WriteFile
ReadFile
WritePrivateProfileStringW
GetFileSizeEx
GetLongPathNameW
GetFileTime
GetFileAttributesExW
GetShortPathNameW
DeleteFileW
GetFileInformationByHandle
WideCharToMultiByte
MultiByteToWideChar
AllocConsole
CreateProcessW
SetConsoleScreenBufferSize
GetPrivateProfileStringW
LoadLibraryW
GetModuleFileNameW
GetStdHandle
GetConsoleScreenBufferInfo
GetVersion
lstrcpyW
InterlockedIncrement
InterlockedDecrement
CreateFileA
SetFilePointer
MoveFileW
FlushFileBuffers
SetEndOfFile
GetFileType
GetModuleHandleW
GetFileAttributesA
SetFileAttributesA
DeviceIoControl
CreateDirectoryA
FindNextFileA
FindFirstFileA
GetFullPathNameA
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
IsDBCSLeadByte
GetCPInfo
GetEnvironmentVariableW
GetTempFileNameW
GetExitCodeProcess
GetTempPathW
CreateEventA
InterlockedExchange
InterlockedCompareExchange
DeleteFileA
GetACP
WriteConsoleW
GetTimeZoneInformation
GetProcessHeap
CreateProcessA
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetConsoleMode
GetConsoleCP
SetHandleCount
GetCurrentDirectoryW
PeekNamedPipe
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
DuplicateHandle
MoveFileA
RaiseException
ExitProcess
RtlUnwind
InitializeCriticalSectionAndSpinCount
SetStdHandle
FindFirstFileExW
DecodePointer
EncodePointer
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetLocaleInfoW
GetThreadContext
HeapReAlloc
GetLocaleInfoA
VirtualQuery
HeapAlloc
CompareStringW
SetUnhandledExceptionFilter
GetCurrentProcess
HeapFree
WaitForSingleObject
SetEvent
GetCurrentThread
FormatMessageA
Thread32First
TerminateThread
GetVersionExW
HeapDestroy
HeapCreate
TerminateProcess
Thread32Next
CreateFileW
GetEnvironmentVariableA
GetProcAddress
OpenThread
GlobalMemoryStatusEx
CreateEventW
Module32FirstW
GetSystemInfo
GetModuleFileNameA
GetModuleHandleA
CreateToolhelp32Snapshot
GetCurrentThreadId
OutputDebugStringA
Module32NextW
CloseHandle
GetCurrentProcessId
SuspendThread
ResumeThread
CreateThread
FindFirstFileW
FindClose
FindNextFileW
FindResourceW
LoadResource
SizeofResource
LockResource
GetDateFormatW
GetTimeFormatW
GetFullPathNameW
GetCommandLineW

user32

DeferWindowPos
SetPropW
RemovePropW
GetWindow
PeekMessageW
OemToCharBuffA
CharToOemBuffW
OemToCharA
CharUpperW
CharToOemA
CharLowerA
CharUpperA
ShowCaret
SetClassLongW
DdeInitializeW
DdeCreateStringHandleW
DdeFreeStringHandle
DdeUninitialize
DdeCreateDataHandle
DdeClientTransaction
DdeConnect
DdeDisconnect
GetMonitorInfoW
DdeFreeDataHandle
MonitorFromRect
FindWindowW
TranslateAcceleratorW
SetTimer
GetMessageW
PostQuitMessage
IsIconic
SetCapture
KillTimer
IsZoomed
GetKeyState
GetFocus
TrackMouseEvent
LoadCursorW
SetParent
IsCharUpperW
GetCapture
TranslateMessage
LoadAcceleratorsW
GetForegroundWindow
RegisterClassExW
LoadIconW
GetScrollInfo
InvalidateRect
SystemParametersInfoW
GetSysColor
SetWindowPos
BeginDeferWindowPos
LoadBitmapW
IsWindow
ShowScrollBar
GetCursor
EndDeferWindowPos
GetPropW
EnumDisplayMonitors
GetWindowDC
MonitorFromWindow
GetDesktopWindow
SetClipboardData
SetMenuItemInfoW
CloseClipboard
EmptyClipboard
OpenClipboard
GetMenuItemID
ModifyMenuW
CheckMenuRadioItem
InsertMenuW
FindWindowExW
ReleaseCapture
PostMessageW
GetSystemMetrics
MessageBoxW
wsprintfA
GetMessagePos
CallWindowProcW
DestroyMenu
MapWindowPoints
SendMessageW
CreateWindowExW
RemoveMenu
CreatePopupMenu
RedrawWindow
SetWindowLongW
EnableMenuItem
AppendMenuW
GetWindowLongW
SetFocus
CreateMenu
SetForegroundWindow
TrackPopupMenu
GetWindowRect
DestroyWindow
IsCharAlphaNumericW
CharLowerW
MoveWindow
DefWindowProcW
ShowWindow
GetCursorPos
BeginPaint
GetClientRect
CopyImage
DrawTextW
FillRect
SetActiveWindow
ScreenToClient
SetCursor
EndPaint
EnableWindow
SetDlgItemTextW
CheckRadioButton
IsDlgButtonChecked
CheckDlgButton
SendDlgItemMessageW
EndDialog
GetDlgItem
CheckMenuItem
GetWindowTextLengthW
ShowWindowAsync
ReuseDDElParam
MessageBeep
IsWindowUnicode
UnpackDDElParam
GetDC
LoadImageW
ReleaseDC
DrawFrameControl
HideCaret
SetMenu
GetParent
DialogBoxParamW
DialogBoxIndirectParamW
IsWindowVisible
UpdateWindow
SetScrollInfo
GetScrollPos
DispatchMessageW

gdi32

CreateRectRgn
CreateDIBitmap
MoveToEx
SetGraphicsMode
LineTo
GetDIBits
CreateCompatibleBitmap
SetDIBits
SetWorldTransform
SetBkColor
EndPage
StartPage
GetDeviceCaps
CreateDCW
SetMapMode
StartDocW
EndDoc
AbortDoc
GetObjectW
BitBlt
CreateFontIndirectW
CreateSolidBrush
GetTextExtentPoint32W
SetTextColor
DeleteDC
StretchBlt
SetBkMode
SelectObject
SelectClipRgn
CreateCompatibleDC
Rectangle
SetStretchBltMode
CreateRoundRectRgn
CreatePen
RoundRect
TextOutW
GetStockObject
DeleteObject

comdlg32

CommDlgExtendedError
PrintDlgExW
GetSaveFileNameW
GetOpenFileNameW

shell32

SHChangeNotify
SHAddToRecentDocs
DragAcceptFiles
DragQueryFileW
DragFinish
SHGetSpecialFolderPathW
SHGetDesktopFolder
ShellExecuteExW
SHBindToParent
SHGetFileInfoW

gdiplus

GdipDeletePen
GdipFree
GdiplusShutdown
GdipSetSmoothingMode
GdipCreateSolidFill
GdipAlloc
GdipSetPageUnit
GdipCreateFromHDC
GdipDeleteMatrix
GdipSaveImageToFile
GdipTransformMatrixPoints
GdipGetImageEncoders
GdipRotateMatrix
GdipGetImageEncodersSize
GdipTranslateMatrix
GdipDrawImageI
GdipGetImageVerticalResolution
GdipSetWorldTransform
GdipSetClipRectI
GdipCreateMatrix
GdipGetImageHeight
GdipInvertMatrix
GdipGetImageWidth
GdipDeleteGraphics
GdipSetCompositingQuality
GdipFillRectangleI
GdipDrawLineI
GdipCreatePen1
GdipFillEllipseI
GdiplusStartup
GdipAddPathRectangleI
GdipWindingModeOutline
GdipDrawPath
GdipDeletePath
GdipFillPath
GdipCreatePath
GdipDrawImageRectRectI
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDisposeImage
GdipGetDC
GdipCreateHBITMAPFromBitmap
GdipSetInterpolationMode
GdipCloneImage
GdipReleaseDC
GdipCreateBitmapFromStream
GdipGetImageHorizontalResolution
GdipCloneBitmapAreaI
GdipScaleMatrix
GdipDeleteBrush

comctl32

ImageList_Create
ImageList_AddMasked
InitCommonControlsEx
ImageList_Destroy
CreatePropertySheetPageW
ImageList_GetIconSize
ImageList_Draw

winspool.drv

ord203
OpenPrinterW
DocumentPropertiesW
ClosePrinter

wininet

HttpQueryInfoW
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestW
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetConnectW
InternetSetOptionW

ole32

CoCreateInstance
ReleaseStgMedium
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal
CoUninitialize
OleUninitialize
OleInitialize

oleaut32

VariantClear
VariantInit
SysAllocString

shlwapi

SHSetValueW
PathAppendW
SHDeleteKeyW
SHDeleteValueW
PathIsRelativeW
StrStrIW
StrRStrIW
StrStrW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

libmupdf

fz_transform_point
fz_convert_pixmap
fz_tell
fz_is_indirect
fz_new_pixmap_with_rect
fz_new_device
fz_round_rect
pdf_resolve_indirect
xml_att
fz_new_text_span
fz_new_buffer
pdf_to_ucs2_buf
pdf_from_ucs2
fz_dict_puts
fz_accelerate
fz_matrix_expansion
fz_dict_get_key
fz_transform_rect
fz_free_device
fz_free_link_dest
fz_throw_imp
fz_dict_len
fz_free_context
fz_to_name
fz_strdup
pdf_get_crypt_revision
xps_find_link_target_obj
xps_run_page
fz_array_len
pdf_load_outline
pdf_get_crypt_key
fz_md5_init
fz_find_device_colorspace
pdf_lookup_dest
fz_to_int
pdf_parse_link_dest
fz_new_null
xml_parse_document
fz_clear_pixmap_with_color
fz_rotate
fz_dict_gets
fz_to_str_buf
pdf_has_permission
pdf_load_stream
xps_free_context
fz_new_draw_device
pdf_count_pages
fz_dict_getsa
fz_open_file_w
xps_load_outline
fz_free_display_list
xps_bound_page
fz_dict_get_val
fz_open_buffer
pdf_authenticate_password
fz_new_bbox_device
fz_free
pdf_open_xref_with_stream
pdf_is_stream
fz_md5_update
xps_count_pages
fz_new_display_list
pdf_load_name_tree
fz_close
pdf_to_rect
fz_new_context
fz_to_gen
xps_free_page
pdf_file_spec_to_str
pdf_free_page
fz_execute_display_list
pdf_needs_password
fz_flush_warnings
fz_seek
pdf_run_page_with_usage
fz_to_str_len
pdf_free_xref
fz_var_imp
fz_copy_dict
xps_open_stream
fz_drop_buffer
fz_scale
pdf_bound_page
pdf_load_page
fz_clone_stream
fz_new_gdiplus_device
xps_load_page
fz_free_text_span
fz_free_link
fz_new_link
fz_free_outline
gzwopen
jpeg_resync_to_restart
jpeg_finish_decompress
jpeg_read_scanlines
jpeg_start_decompress
jpeg_read_header
jpeg_CreateDecompress
jpeg_destroy_decompress
jpeg_std_error
inflate
crc32
fz_intersect_rect
xps_free_part
fz_md5_final
fz_bound_pixmap
xps_read_part
fz_malloc
fz_translate
fz_to_num
fz_new_string
xml_tag
fz_push_try
fz_invert_matrix
fz_new_text_device
fz_drop_obj
xps_extract_doc_props
fz_new_list_device
fz_dict_dels
fz_dict_put
fz_concat
fz_array_get
fz_read_all
fz_warn_imp
fz_keep_obj
pdf_run_page
xml_free_element
fz_drop_pixmap
gzseek
gzopen
gzclose
gztell
gzerror
gzread
inflateInit2_
inflateEnd
fz_new_stream

urlmon

CoInternetGetSession

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 407KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0769981bf75caefa25b4a5226b514c0c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

gdi32

comdlg32

shell32

gdiplus

comctl32

winspool.drv

wininet

ole32

oleaut32

shlwapi

version

libmupdf

urlmon

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 407KB - Virtual size: 407KB

.data Size: 62KB - Virtual size: 113KB

.rsrc Size: 137KB - Virtual size: 137KB

.reloc Size: 91KB - Virtual size: 90KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 407KB - Virtual size: 407KB

.data
Size: 62KB - Virtual size: 113KB

.rsrc
Size: 137KB - Virtual size: 137KB

.reloc
Size: 91KB - Virtual size: 90KB