2024-05-16_f4ed83027a957ccd721f818351295358_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-16_f4ed83027a957ccd721f818351295358_mafia
Size

1.8MB
MD5

f4ed83027a957ccd721f818351295358
SHA1

f4676848974f23b2a3b840f189851a87830a183d
SHA256

5b446d7fcfc648718fe75d031a5708a757080cb58f9b4415eebfa49b5184545b
SHA512

1bd183ebce56e992788bc8179314c99e62a307173bd86d269a78711174430906043754980fd7ce860149e824e4d460d0464fd5e36a1387bc54db66c0caab783a
SSDEEP

24576:Z8HQRTd/u8s8DPtujHExGUuMNKsbkZ4EUE8WHHHqbw33arz67lFnK:KiXsI1KHxmNpbkZ4EUE8YHHqE3lFnK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-16_f4ed83027a957ccd721f818351295358_mafia

Files

2024-05-16_f4ed83027a957ccd721f818351295358_mafia
.exe windows:5 windows x86 arch:x86

76ea7ad933afbec9c8b5be36fbb2724e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

LZOpenFileA
LZCopy
LZClose

user32

GetDialogBaseUnits
GetClassInfoA
RegisterClassA
RegisterWindowMessageA
FindWindowA
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMDISysAccel
TranslateMessage
DispatchMessageA
EnumWindows
GetWindowThreadProcessId
PostMessageA
CharNextA
MessageBoxA
WaitForInputIdle
GetCursorPos
TrackPopupMenu
CreatePopupMenu
CreateMenu
wsprintfA
CharUpperA
WaitMessage
GetWindowPlacement
PostQuitMessage
GetSysColor
CopyRect
IntersectRect
GetKeyState
ScrollWindowEx
FlashWindow
GetMenu
DrawMenuBar
SetPropA
CreateWindowExA
GetWindowDC
RemovePropA
GetMenuStringA
GetDesktopWindow
SetRect
UpdateWindow
SetForegroundWindow
CharLowerA
CheckMenuItem
ModifyMenuA
RemoveMenu
SetMenuItemBitmaps
GetSubMenu
IsMenu
SetMenu
GetMenuItemCount
GetMenuItemID
EnableMenuItem
DestroyMenu
LoadMenuA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
CallWindowProcA
BeginPaint
EndPaint
GetPropA
SetTimer
KillTimer
SetWindowTextA
SetWindowLongA
SetWindowPos
LoadImageA
ShowWindow
SetLayeredWindowAttributes
EnableWindow
InvalidateRect
GetWindowRect
SetRectEmpty
DrawEdge
InflateRect
DrawTextA
GetFocus
IsWindowVisible
SetFocus
GetWindowLongA
IsWindowEnabled
GetWindow
GetParent
LoadCursorA
SetCursor
DestroyIcon
GetDC
ReleaseDC
ScreenToClient
IsRectEmpty
GetClientRect
ClipCursor
ClientToScreen
IsWindow
GetClassNameA
SendMessageA
GetWindowTextLengthA
GetWindowTextA
AppendMenuA

gdi32

AddFontResourceA
MoveToEx
LineTo
Rectangle
CreatePatternBrush
CreateSolidBrush
GetTextMetricsA
CreateRectRgnIndirect
SetBkColor
GetStockObject
GetTextExtentPoint32A
SetBkMode
SetTextColor
SetBrushOrgEx
PatBlt
StretchDIBits
CreateCompatibleDC
GetObjectA
SelectObject
StretchBlt
BitBlt
DeleteObject
CreatePen
CreateICA
GetDeviceCaps
DeleteDC
CreateFontIndirectA

comctl32

FlatSB_SetScrollRange
ImageList_Duplicate
ImageList_GetIcon
_TrackMouseEvent
FlatSB_SetScrollPos
ImageList_Add
InitCommonControlsEx
FlatSB_SetScrollProp
InitializeFlatSB
FlatSB_GetScrollPos
FlatSB_GetScrollRange
ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon

comdlg32

PrintDlgA
CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA
PageSetupDlgA

advapi32

SetSecurityDescriptorDacl
GetUserNameA
InitializeSecurityDescriptor

shell32

ExtractIconA
DragFinish
DragQueryFileA
CommandLineToArgvW
SHBrowseForFolderA
Shell_NotifyIconA
FindExecutableA
SHGetMalloc
SHGetPathFromIDListA
ShellExecuteExA
DragAcceptFiles

mpr

WNetEnumResourceA
WNetCloseEnum
WNetOpenEnumA

odbc32

ord59
ord15
ord18
ord12
ord1
ord39
ord41
ord7
ord45
ord50
ord22
ord4
ord40
ord8
ord72
ord11
ord3
ord17
ord36
ord10
ord29
ord9
ord14
ord19
ord30
ord47
ord16
ord76
ord54
ord13
ord43
ord2
ord57

zkernel

?zGridColAdd@@YGXPAUHWND__@@HHPBD1HJJ1_N@Z
?zDBGetPKkey@@YGFPAXPBDPAPAU_pkey_@@G@Z
?zGridBrowse@@YG_NPAUHWND__@@PAXPBD2222222222H@Z
?zGridPrepare@@YGPAXPAUHWND__@@PBD@Z
?zGridExec@@YGPAXPAUHWND__@@PBD@Z
?zDBExecScript@@YGHPAX0PBDFPAD@Z
?zGridPutLong@@YGXPAUHWND__@@JHJ@Z
?zDBError@@YGXPAX00PBD@Z
?zKernelInit@@YGXXZ
?zGridGetSuffix@@YGPBDPAUHWND__@@H@Z
?zGridGetPrefix@@YGPBDPAUHWND__@@H@Z
?zGridPutText@@YGXPAUHWND__@@JHPBD@Z
?zGridGetText@@YGPBDPAUHWND__@@JH_N@Z
?zGridGetCellRect@@YGXPAUHWND__@@JHPAUtagRECT@@@Z
?zGridAggregate@@YGNPAUHWND__@@HPBD11_N@Z

wsock32

ioctlsocket

ole32

CreateStreamOnHGlobal
CoCreateGuid
StringFromGUID2

oleaut32

OleLoadPicture

shlwapi

StrStrIA
PathCompactPathExA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

msimg32

GradientFill

gdiplus

GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCloneImage
GdipDrawImageRectI
GdipDrawImageI
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusStartup
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdiplusShutdown
GdipGetImageGraphicsContext

uxtheme

SetWindowTheme
OpenThemeData
CloseThemeData
DrawThemeBackground

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

crpe32

ord63
ord98
ord17
ord72
ord6
ord62
ord135
ord41
ord30
ord23
ord53
ord59
ord60
ord58
ord29
ord75
ord47
ord40
ord32
ord9
ord129
ord130
ord1000
ord1001
ord1002
ord1004
ord11
ord35
ord36
ord37
ord48
ord19
ord20
ord7
ord10

_dll0

?SeekReport@@YA?AVxstring@@AAVzDB@@AAV?$xsharedmemory@VshMem@@@@V1@2AAV1@AAH4@Z
?CloseMod@@YA_NVxstring@@@Z
?zlibuncompress@@YA_NVxstring@@0@Z
?RunLoadAppuntamenti@@YA_NAAVzDB@@Vxstring@@1@Z
?SeekReport@@YA?AVxstring@@AAVzDB@@AAVcZero@@V1@2AAV1@AAH4@Z
?Create@DesktopManager@@QAE_NVxstring@@@Z
?LaunchApplication@DesktopManager@@QAE_NVxstring@@0H@Z
?Switch@DesktopManager@@QAE_NVxstring@@@Z
?RunQtaBase@@YAXAAVzDB@@Vxstring@@Vxdate@@2@Z
?RunArtDoc@@YAXAAVzDB@@Vxstring@@H@Z
?RunQtaMatricole@@YAXAAVzDB@@Vxstring@@@Z
?RunRiepilogoVB@@YAXAAVzDB@@Vxstring@@HH@Z
?Guid@@YA?AVxstring@@XZ
?Run@@YA_NVxstring@@0H@Z
?Run@@YA_NVxstring@@@Z
?VirtuaWinCurrentDesktopNumber@@YAHXZ
?Version@@YA?AVxstring@@AAVzDB@@V1@AAH2AAV1@@Z
?SingleInstance@@YA_NAAV?$xsharedmemory@VshMem@@@@HH@Z
?ZeroContext@@YA_NAAVcZero@@@Z
?ZeroDBcontext@@YA_NAAVzDB@@AAVcZero@@@Z
?ZeroOwner@@YA?AVxstring@@XZ
?RunGeneraIncassi@@YAXAAVzDB@@Vxstring@@@Z
?RunAggiornaIncassi@@YAXAAVzDB@@Vxstring@@@Z
?RunAggiornaEvasione@@YAXAAVzDB@@Vxstring@@@Z
?ActiveConnection@@YAHAAVzDB@@@Z
?RigeneraEvasioneArticoli@@YAXAAVzDB@@@Z
?RunLoadAppuntamenti@@YA_NAAVzDB@@AAV?$xsharedmemory@VshMem@@@@@Z
?RunScript@@YA_NAAVzDB@@Vxstring@@1_N@Z
?RunQtaLav@@YAXAAVzDB@@Vxstring@@@Z
?K4@@YA_NPBDPAD0@Z
?RunValBase@@YAXAAVzDB@@Vxstring@@Vxdate@@2@Z
?RunQtaTagColPVE@@YAXAAVzDB@@Vxstring@@Vxdate@@2@Z
?RunQtaTagCol@@YAXAAVzDB@@Vxstring@@Vxdate@@2HHH1@Z
?RunArtResoRF@@YAXAAVzDB@@Vxstring@@Vxdate@@2@Z
?RunArtResoCM@@YAXAAVzDB@@Vxstring@@Vxdate@@2@Z
?RunArtTrasfCM@@YAXAAVzDB@@Vxstring@@Vxdate@@2@Z
?Str2C128font@@YA?AVxstring@@PBDPAD@Z
?Str2I52font@@YA?AVxstring@@PBDPAD@Z
?CpuName@@YA?AVxstring@@XZ
?RunArtTrasfSM@@YAXAAVzDB@@Vxstring@@Vxdate@@2@Z
?Str2EANUPCfont@@YA?AVxstring@@PBDPAD@Z

_dll

?RunReport@@YA_NAAVcZero@@Vxstring@@111FFHPAUHWND__@@@Z
?OpenReport@@YA_NAAV?$xsharedmemory@VshMem@@@@AAVxcrpejob@@Vxstring@@22FF@Z
?OpenReport@@YA_NAAVcZero@@AAVxcrpejob@@Vxstring@@22FF@Z
?CloseDYMO@@YAHXZ
?PrintDYMOLabel11353@@YAXVxstring@@000@Z
?LoadDYMOLabel11353@@YA_NVxstring@@@Z
?OpenDYMO@@YAPAUHINSTANCE__@@XZ
?RunReport@@YA_NAAV?$xsharedmemory@VshMem@@@@Vxstring@@111FFHPAUHWND__@@@Z

kernel32

GlobalMemoryStatusEx
LocalUnlock
LocalLock
LocalAlloc
RtlUnwind
RaiseException
GetCurrentDirectoryW
SetCurrentDirectoryW
GetSystemInfo
InterlockedDecrement
InterlockedIncrement
HeapAlloc
EncodePointer
DecodePointer
HeapSetInformation
GetStartupInfoW
GetCurrentProcessId
ProcessIdToSessionId
SetThreadExecutionState
UnmapViewOfFile
SetEvent
GlobalSize
TlsAlloc
GetModuleFileNameA
GetCommandLineA
GetCommandLineW
GetUserDefaultLangID
CreateThread
SetThreadPriority
ResumeThread
SuspendThread
SetFilePointer
FindNextFileA
GetShortPathNameA
SetCurrentDirectoryA
CreateProcessA
GetCurrentDirectoryA
CreateEventA
OpenEventA
WriteFile
ReadFile
FlushFileBuffers
GetModuleHandleA
FormatMessageA
LocalFree
GetDateFormatA
GetStdHandle
FindFirstFileA
FindClose
GetPrivateProfileStringA
GetLocalTime
GetLastError
GetTempFileNameA
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
LockResource
LoadResource
FindResourceA
Sleep
SizeofResource
CloseHandle
GetFileSize
WritePrivateProfileStringA
FreeLibrary
GetProcAddress
UnhandledExceptionFilter
LoadLibraryA
CopyFileA
CreateFileA
DeleteFileA
MoveFileExA
SetFileAttributesA
CreateDirectoryA
RemoveDirectoryA
FileTimeToSystemTime
SystemTimeToFileTime
LockFile
UnlockFile
GetExitCodeThread
TerminateThread
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
OpenProcess
GetDiskFreeSpaceExA
GlobalHandle
GlobalReAlloc
lstrlenW
TlsFree
GetEnvironmentVariableA
GetProfileStringA
GetProfileIntA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
WideCharToMultiByte
GetComputerNameA
GetTimeZoneInformation
LCMapStringW
DeleteCriticalSection
MultiByteToWideChar
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsSetValue
GetModuleHandleW
SetLastError
GetCurrentThreadId
SetEnvironmentVariableA
CompareStringW
CreateFileW
GetProcessHeap
SetEndOfFile
WriteConsoleW
LoadLibraryW
SetStdHandle
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
HeapCreate
GetModuleFileNameW
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetUserDefaultLCID
ExitProcess
GetFileType

Sections

.text
Size: 843KB - Virtual size: 842KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 487KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76ea7ad933afbec9c8b5be36fbb2724e

Headers

DLL Characteristics

File Characteristics

Imports

lz32

user32

gdi32

comctl32

comdlg32

advapi32

shell32

mpr

odbc32

zkernel

wsock32

ole32

oleaut32

shlwapi

winspool.drv

msimg32

gdiplus

uxtheme

wtsapi32

crpe32

_dll0

_dll

kernel32

Sections

.text Size: 843KB - Virtual size: 842KB

.rdata Size: 317KB - Virtual size: 317KB

.data Size: 49KB - Virtual size: 108KB

.rsrc Size: 487KB - Virtual size: 486KB

.reloc Size: 133KB - Virtual size: 133KB

.text
Size: 843KB - Virtual size: 842KB

.rdata
Size: 317KB - Virtual size: 317KB

.data
Size: 49KB - Virtual size: 108KB

.rsrc
Size: 487KB - Virtual size: 486KB

.reloc
Size: 133KB - Virtual size: 133KB