2024-05-15_66f3091039b72c889de1a0ab2edb6d02_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-15_66f3091039b72c889de1a0ab2edb6d02_mafia
Size

9.8MB
MD5

66f3091039b72c889de1a0ab2edb6d02
SHA1

fb26335081e08c39ce72a4a73b63cc018b346c7c
SHA256

ee9cf1f90ae69ad4adc67ee3ec3aadadd5a8ede7eca3c0b2f1f1b6a90e1c995d
SHA512

8ce14c2ad0c09d59760f6590a4d2fe27d8c4647d9fcea43a08aef618e1e4f0c7c5a2a0b0e85c9b61cc8ab2526ce1e260cd8d2c1b656fee2e0514f5836018acca
SSDEEP

49152:r5lgAyw9wH27RaLZ8WjkfuW98KEBIkz0vkzn492i/HdL5O2eE6zuylB:Gowia2WMuW9fEBII6k492Yd429

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-15_66f3091039b72c889de1a0ab2edb6d02_mafia

Files

2024-05-15_66f3091039b72c889de1a0ab2edb6d02_mafia
.exe windows:5 windows x86 arch:x86

bf6aa0c5b8a3233e349700658e7d2f5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockFile
LockFileEx
UnlockFile
OpenFileMappingW
GetVersion
GetFullPathNameA
GetFullPathNameW
WriteConsoleW
SetHandleCount
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetEnvironmentVariableA
HeapSize
HeapCreate
IsProcessorFeaturePresent
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
GetOEMCP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindFirstFileExW
GetFileType
InitializeCriticalSectionAndSpinCount
SetStdHandle
CreateThread
ExitThread
SetConsoleCtrlHandler
GetConsoleMode
SetErrorMode
HeapReAlloc
GetDateFormatA
GetTimeFormatA
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineW
RaiseException
RtlUnwind
LoadLibraryA
LCMapStringW
GetSystemInfo
GetUserDefaultLCID
lstrlenA
DecodePointer
EncodePointer
InterlockedExchange
InterlockedCompareExchange
GetStringTypeW
GetTempPathW
WaitForMultipleObjectsEx
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
GlobalAlloc
GlobalFree
GetEnvironmentStringsW
ExitProcess
SuspendThread
GetExitCodeThread
WriteFileGather
ReadFileScatter
GetComputerNameA
QueryPerformanceFrequency
TlsSetValue
TlsFree
TlsAlloc
PulseEvent
CreateEventA
Sleep
QueryPerformanceCounter
GetConsoleCP
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
CreateMutexW
TryEnterCriticalSection
SetThreadPriority
GetCurrentThread
TlsGetValue
ResumeThread
ReleaseSemaphore
GetStdHandle
lstrcmpiW
GetProcessHeap
HeapAlloc
HeapFree
CompareStringW
SetLastError
ReadProcessMemory
lstrcmpW
MapViewOfFileEx
OpenFileMappingA
CreateFileMappingA
FormatMessageA
GetFileSizeEx
SwitchToThread
GetDiskFreeSpaceExW
PeekNamedPipe
WaitNamedPipeW
LocalFileTimeToFileTime
TerminateProcess
DuplicateHandle
CreateProcessW
ReadDirectoryChangesW
lstrlenW
InterlockedIncrement
FlushFileBuffers
SetFilePointerEx
GetProcessTimes
GetWindowsDirectoryW
DeleteTimerQueueEx
CreateTimerQueue
DeleteTimerQueueTimer
CreateTimerQueueTimer
SetEndOfFile
CreateFileA
ReadFile
GetPrivateProfileStringA
GetLocaleInfoW
CompareFileTime
GetCurrentDirectoryW
FormatMessageW
FileTimeToLocalFileTime
FileTimeToSystemTime
RemoveDirectoryW
CreateDirectoryW
GetDiskFreeSpaceW
ExpandEnvironmentStringsW
GetVolumeInformationW
GetDriveTypeW
QueryDosDeviceW
GetLogicalDriveStringsW
GetComputerNameExW
GetComputerNameW
LocalAlloc
CreateSemaphoreW
WaitForMultipleObjects
GetCurrentThreadId
GetCurrentProcess
CloseHandle
GetCurrentProcessId
GetStringTypeExW
ProcessIdToSessionId
GetLongPathNameW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalMemoryStatusEx
SetFileTime
GetVersionExW
WideCharToMultiByte
GetACP
MultiByteToWideChar
CreateEventW
WaitForSingleObject
SetEvent
ResetEvent
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
OutputDebugStringW
GetLocalTime
GetSystemTime
GetLastError
WriteFile
GetFileSize
MoveFileExW
CreateFileW
GetTickCount
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
CancelIo
DisconnectNamedPipe
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
InterlockedDecrement
DeviceIoControl
GetOverlappedResult
MoveFileW
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetTempFileNameW
GetFileAttributesW
GetFileAttributesExW
LocalFree
DeleteFileW
SetFileAttributesW
SetFilePointer
GetFileInformationByHandle
OpenProcess
SystemTimeToFileTime
GetTimeZoneInformation
FreeLibrary
LoadLibraryExW

user32

TranslateMessage
DispatchMessageW
EnumWindows
GetForegroundWindow
GetWindowThreadProcessId
CloseClipboard
EmptyClipboard
wsprintfW
GetSystemMetrics
OpenClipboard
MessageBoxW
GetWindowTextW
GetWindowInfo
DdeUninitialize
DdeInitializeW
DdeNameService
RegisterHotKey
SetWindowTextA
GetMessageW
DdeAccessData
DdeGetData
DdeQueryConvInfo
GetParent
DdeUnaccessData
DdeDisconnect
DdeClientTransaction
DdeCreateStringHandleW
DdeConnect
DdeGetLastError
DdeFreeStringHandle
GetShellWindow
LoadStringW
GetWindowLongW
CreateWindowExW
SetWindowLongW
RegisterClassExW
LoadIconW
LoadCursorW
SystemParametersInfoW
DdeQueryStringW
SendMessageW
UnregisterHotKey
keybd_event
SetClipboardData
SetTimer
PostMessageW
PostThreadMessageW
GetWindowRect
OpenDesktopW
SwitchDesktop
CloseDesktop
EnumDisplayMonitors
DefWindowProcW
GetDesktopWindow
GetWindowDC
ReleaseDC

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorControl
CheckTokenMembership
LookupAccountNameW
GetTokenInformation
RegQueryValueExW
SetEntriesInAclW
AllocateAndInitializeSid
ConvertSidToStringSidW
RegCloseKey
RegOpenKeyExW
RegNotifyChangeKeyValue
SetNamedSecurityInfoW
ReportEventW
DeregisterEventSource
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegisterEventSourceW
EqualSid
RegOpenKeyW
GetSecurityDescriptorSacl
FreeSid
SetSecurityDescriptorSacl
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
ConvertStringSidToSidW
LookupAccountSidW
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
IsValidSid

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathW

ole32

StgOpenStorage
StgCreateDocfileOnILockBytes
StgIsStorageILockBytes
StgOpenStorageOnILockBytes
PropVariantClear
CoCreateGuid
CoTaskMemFree
CLSIDFromString
CoCreateInstance
OleRun
StringFromGUID2
CoInitialize
IIDFromString
CoUninitialize

fcregex

validateRegularExperssion

fcagui

?handleMessage@IDlpeConsoleHandler@@QAEXH_J0@Z
?setNotificationHistory@IDlpeConsoleHandler@@QAEXAAV?$list@UHistoryNotification@@V?$allocator@UHistoryNotification@@@std@@@std@@@Z
?reloadScanRecordList@IDlpeConsoleHandler@@QAEXW4ScanInfoType@@@Z
?setAgentStatus@IDlpeConsoleHandler@@QAEXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0ChallengeResponsInfo@@QAE@AAU0@@Z
?addNotificationToHistory@IDlpeConsoleHandler@@QAEXAAUHistoryNotification@@@Z
?removeNotificationFromHistory@IDlpeConsoleHandler@@QAEX_K@Z
?updateConsoleConfiguration@IDlpeConsoleHandler@@QAEXPAUDlpeConsoleConfig@@@Z
?closeConsole@IDlpeConsoleHandler@@IAEXXZ
?getScanInfo@IDlpeConsoleHandler@@QAEPAUScanInfo@@W4ScanInfoType@@@Z
??0IDlpeConsoleHandler@@QAE@XZ
??1IDlpeConsoleHandler@@QAE@XZ
?startNotificationUI@McTrayPluginHelper@@QAEXPAVNotificationDlgParams@@@Z
?sendChallengeDlgResult@McTrayPluginHelper@@QAEXPAVChallengeResponseDlgParams@@@Z
?startChallengeResponseUI@McTrayPluginHelper@@QAEXPAVChallengeResponseDlgParams@@@Z
?deleteUIParams@McTrayPluginHelper@@QAEXPAVUIParams@@@Z
?allocateUIParams@McTrayPluginHelper@@QAEPAVUIParams@@W4McTrayPluginUIRequestType@@@Z
?setStringValue@McTrayPluginHelper@@QAEXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
?insertSetValues@McTrayPluginHelper@@QAEXAAV?$set@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@0@Z
?startBusinessJustificationUI@McTrayPluginHelper@@QAEXPAVJustificationDlgParams@@@Z
??0HistoryNotification@@QAE@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@W4IconType@@_J@Z
??1HistoryNotification@@QAE@XZ
?openConsole@IDlpeConsoleHandler@@QAEXW4DLPE_CONSOLE_PAGE_INDEX@@@Z
?close@McTrayPluginHelper@@QAEXXZ
?create@McTrayPluginHelper@@QAEHXZ
?changeBypass@IDlpeConsoleHandler@@QAEX_JH@Z
??0McTrayPluginUICallback@@QAE@XZ
??0McTrayPluginHelper@@QAE@XZ
??1McTrayPluginHelper@@UAE@XZ
??0HistoryNotification@@QAE@AAU0@@Z
?addRecordList@ScanInfo@@QAEXAAUDiscoveryRecord@@@Z
?updateScansInfo@IDlpeConsoleHandler@@QAEXW4ScanInfoType@@@Z
?newScanRecord@IDlpeConsoleHandler@@QAEXW4ScanInfoType@@@Z
?reset@ScanInfo@@QAEXXZ
?recordListSize@ScanInfo@@QAEHXZ

ws2_32

connect
getsockopt
gethostbyname
WSACleanup
recvfrom
recv
sendto
send
inet_ntoa
inet_addr
accept
ioctlsocket
ntohs
socket
setsockopt
listen
closesocket
bind
__WSAFDIsSet
select
WSAGetLastError
shutdown
WSARecvFrom
WSARecv
htonl
WSAStartup
WSASendTo
WSASend
gethostbyaddr
getservbyname
gethostname
htons
getpeername
getsockname
WSAEventSelect
WSAEnumNetworkEvents
ntohl

mswsock

AcceptEx
GetAcceptExSockaddrs
TransmitFile

netapi32

DsGetDcNameW
NetShareEnum
NetApiBufferFree
NetDfsGetInfo

shlwapi

UrlUnescapeW
PathGetArgsW
SHCopyKeyW
PathFileExistsW

secur32

GetUserNameExW

psapi

GetProcessMemoryInfo
EnumProcessModules
GetModuleBaseNameW
GetProcessImageFileNameW

gdiplus

GdipCloneImage
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDisposeImage
GdipCreateBitmapFromHBITMAP

iphlpapi

GetAdaptersInfo
GetBestInterface
GetIfEntry

dnsapi

DnsFree
DnsQuery_W

fcagsec

?setLowSecurityMode@ChallengeResponse@@QAEXH@Z
?appendEncryptData@DlpEncryptionAlg@@QAEHAAVDlpCryptoContext@@AAVACE_Message_Block@@@Z
?initEncryptData@DlpEncryptionAlg@@QAEHAAVDlpCryptoContext@@AAVACE_Message_Block@@@Z
?appendLastEncryptData@DlpEncryptionAlg@@QAEHAAVDlpCryptoContext@@AAVACE_Message_Block@@@Z
?getEncryptData@DlpEncryptionAlg@@QAEXAAVDlpCryptoContext@@AAVACE_Message_Block@@@Z
??0Aes256CryptoAlg@@QAE@XZ
?decryptData@Aes256CryptoAlg@@QAEHPAEI00AAII@Z
??1Aes256CryptoAlg@@QAE@XZ
CheckDLPEncryptSignature
?appendDecryptData@DlpDecryptionAlg@@QAEHAAVDlpCryptoContext@@AAVACE_Message_Block@@@Z
?finishDecryptData@DlpDecryptionAlg@@QAEHAAVDlpCryptoContext@@@Z
?getDecryptData@DlpDecryptionAlg@@QAEXAAVDlpCryptoContext@@AAVACE_Message_Block@@@Z
?initDecryptData@DlpDecryptionAlg@@QAEHAAVDlpCryptoContext@@PAE@Z
?updateDigest@IShaHashAlg@@QAEHPAEI@Z
?finishDigest@IShaHashAlg@@QAEHPAEI@Z
?initDigest@IShaHashAlg@@QAEHXZ
??1DlpCryptoContext@@QAE@XZ
??0DlpCryptoContext@@QAE@XZ
?generateKeyFromSeed@CryptoUtils@@YAHPAE0I@Z
?setDecryptorKey@DlpDecryptionAlg@@QAEHPAE@Z
?setEncryptorKey@DlpEncryptionAlg@@QAEHPAE@Z
?addDecryptorKey@DlpDecryptionAlg@@QAEHPAE@Z
??1DlpEncryptionAlg@@QAE@XZ
??1DlpDecryptionAlg@@QAE@XZ
??1ChallengeResponse@@UAE@XZ
??0ChallengeResponse@@QAE@XZ
?setSecureKey@ChallengeResponse@@QAEXPAE@Z
?getLastCryptoError@CryptoUtils@@YAPADXZ
?generateChallenge@ChallengeResponse@@QAEHPADAAI@Z
?validateResponse@ChallengeResponse@@QAEHPBDAAI@Z
??1Sha224HashAlg@@QAE@XZ
?validateResponse@ChallengeResponse@@QAEHPBD0AAI@Z
??0DlpDecryptionAlg@@QAE@XZ
??0DlpEncryptionAlg@@QAE@XZ
??0Sha224HashAlg@@QAE@XZ
?open@DlpEncryptionAlg@@QAEHXZ
?digest@IShaHashAlg@@QAEHPAEI0I@Z
GetCurrentThreadUserName

mpr

WNetGetConnectionW

userenv

ExpandEnvironmentStringsForUserW

msi

ord109
ord195

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetConnectA
HttpOpenRequestA
InternetCrackUrlA
InternetOpenA
InternetSetStatusCallbackW
InternetSetOptionW
HttpAddRequestHeadersA
HttpQueryInfoW
HttpSendRequestA
InternetReadFile
InternetErrorDlg
InternetCloseHandle

fshelperlibrary

IFSHelperIsProtectedFromByteW
IFSHelperInitializeW
IFSHelperTerminateW
IFSHelperProtectW
IFSHelperIsSupportedFileW

prnscrmonintegrator

IPrnScrPreRegisterHotKey
IPrnScrPrintScreenKeyPressed
IPrnScrTerminate
IPrnScrInitialize
IPrnScrPostRegisterHotKey
IPrnScrIsDCInstalled

gdi32

CreateDCA
DeleteDC
BitBlt
SelectObject
GetStockObject
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap

winspool.drv

EnumPrintersW

oleaut32

SysAllocStringLen
SystemTimeToVariantTime
SysStringLen
VariantCopy
GetErrorInfo
VariantInit
VariantClear
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantChangeType
VariantTimeToSystemTime

Sections

.text
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf6aa0c5b8a3233e349700658e7d2f5b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

fcregex

fcagui

ws2_32

mswsock

netapi32

shlwapi

secur32

psapi

gdiplus

iphlpapi

dnsapi

fcagsec

mpr

userenv

msi

wtsapi32

version

wininet

fshelperlibrary

prnscrmonintegrator

gdi32

winspool.drv

oleaut32

Sections

.text Size: 7.0MB - Virtual size: 7.0MB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 196KB - Virtual size: 196KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 344KB - Virtual size: 344KB

.text
Size: 7.0MB - Virtual size: 7.0MB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 196KB - Virtual size: 196KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 344KB - Virtual size: 344KB