2024-05-15_f7c130719b76323bca8f8ad10a79e6c2_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-15_f7c130719b76323bca8f8ad10a79e6c2_mafia
Size

266KB
MD5

f7c130719b76323bca8f8ad10a79e6c2
SHA1

201ef81ee934931c926143e10bf6ac868a80ca93
SHA256

3141136ea95d8ee8bca866051bc3f877b7cd1e258249d26fd54fb26c15e68324
SHA512

5e8ab10c36a6ae5e8442cffac0e4c7d8e6d5700400a5f08e3bf4336f7a577ccc2a39c28144d06762f61b4ebc974bcfbd6f15c6fb724e6072f7dc89980bdab319
SSDEEP

3072:pIwMJ0ilE/6cDKEq6/Rlx5iMI/jSdPr28sGXugURuzIhMr2ZyXMMaco7So:pIwMusEME//Rlx5zrBpsUugUjMFX3FE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-15_f7c130719b76323bca8f8ad10a79e6c2_mafia

Files

2024-05-15_f7c130719b76323bca8f8ad10a79e6c2_mafia
.exe windows:5 windows x86 arch:x86

393f43a32e179288f3388620f268d7a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Ralph\Documents\Visual Studio 2010\Projects\Testing Purposes\Release\Testing Purposes.pdb

Imports

kernel32

GetLastError
HeapFree
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
GetCommandLineW
HeapSetInformation
HeapAlloc
HeapReAlloc
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
IsProcessorFeaturePresent
InterlockedIncrement
InterlockedDecrement
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetProcAddress
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
Sleep
HeapSize
ExitProcess
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
ReadFile
FlushFileBuffers
CloseHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
WriteConsoleW
SetStdHandle
LCMapStringW
GetStringTypeW
CreateFileW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSection
CreateFileA
SetEndOfFile
GetProcessHeap

Sections

.text
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

393f43a32e179288f3388620f268d7a4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 211KB - Virtual size: 211KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 211KB - Virtual size: 211KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 10KB - Virtual size: 10KB