Behavioral task
behavioral1
Sample
2024-05-13_fe162399433959663876132443843985_mafia_nionspy.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-05-13_fe162399433959663876132443843985_mafia_nionspy.exe
Resource
win10v2004-20240426-en
General
-
Target
2024-05-13_fe162399433959663876132443843985_mafia_nionspy
-
Size
130KB
-
MD5
fe162399433959663876132443843985
-
SHA1
32ece77fa5fd098162feeaa2d6b3de4daaabd8a7
-
SHA256
ab6f4d012ab5c2a2c1c819d6636cdece12406c2637e920ddfd68c05eca139323
-
SHA512
e646569a7c3f4eeb501e0b5ddecef898c7f92dd91e114f2707ddba1fc4302e3c401f8675f2710b7f0af3f1c288763d375fcea6c83434e3937a9d802e11d1ae23
-
SSDEEP
1536:p+2NjAn0avhGnwXSvhh4J+fd9+FozDJDPqKyRml:B+/vhxS52J5FozDJDPq5
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 1 IoCs
resource yara_rule sample UPX -
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-05-13_fe162399433959663876132443843985_mafia_nionspy
Files
-
2024-05-13_fe162399433959663876132443843985_mafia_nionspy.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 184KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
UPX1 Size: 122KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE