2024-05-17_673d7a0293ded3887c94aee5a53c67d9_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-17_673d7a0293ded3887c94aee5a53c67d9_mafia
Size

1017KB
MD5

673d7a0293ded3887c94aee5a53c67d9
SHA1

01ffc8e961b1905755448b52bc2dbdc1f7ef8da5
SHA256

e12b862aa29ca4290efabea2d55376656223bb5ec731df6fc3d111898c595920
SHA512

e6888c23de59528468aa3fb0305b9e777686eb84f33f14c31745abc1e533fdc77a1d377bddf0478f453be12d2cd0e7c2839ec396abd5a6a10f1d5dbc59886223
SSDEEP

24576:/nlGHwveMUCdxBEYb53dS7Bn55FC+7CBsy+6:/ByYbxdSF55FC+7N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-17_673d7a0293ded3887c94aee5a53c67d9_mafia

Files

2024-05-17_673d7a0293ded3887c94aee5a53c67d9_mafia
.exe windows:5 windows x86 arch:x86

6c0096b437767d67746daad41468e3f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildDrive\DGBuildAgent6_1_1\agent\win\bin\Release32\afemc.pdb

Imports

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegLoadKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
RegEnumValueW
RegRestoreKeyW
RegSaveKeyW
RegSaveKeyExW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CryptAcquireContextW
CryptReleaseContext
CryptExportKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptGenKey
CryptDestroyKey
CryptDecrypt
CryptGetUserKey
LsaNtStatusToWinError
CryptCreateHash
CryptDestroyHash
CryptHashData
CryptGetHashParam

secur32

GetUserNameExW

kernel32

LoadLibraryW
CloseHandle
UnmapViewOfFile
GetLastError
GetFileSize
MapViewOfFile
GetSystemInfo
CreateFileMappingW
CreateFileW
ExitProcess
SetConsoleCtrlHandler
DeleteFileW
WriteFile
SetEndOfFile
SetFilePointer
ReadFile
InterlockedIncrement
InterlockedDecrement
MoveFileExW
DebugBreak
ReplaceFileW
lstrlenA
GetTickCount
GetFileType
GetStdHandle
GetConsoleTitleW
ScrollConsoleScreenBufferW
SetConsoleWindowInfo
SetConsoleTextAttribute
WriteConsoleW
SetConsoleCursorPosition
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
SetConsoleTitleW
SetLastError
DeviceIoControl
GetVersionExW
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
GetDriveTypeW
GetLogicalDriveStringsW
GetVolumeInformationW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CopyFileW
CompareFileTime
GetSystemTimeAsFileTime
FileTimeToSystemTime
HeapAlloc
GetProcessHeap
HeapFree
QueryPerformanceCounter
Sleep
OutputDebugStringW
LocalFree
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
lstrcpynW
LockResource
GetFullPathNameW
GetTempFileNameW
SystemTimeToFileTime
GetSystemTime
CreateDirectoryW
FlushFileBuffers
CreateFileA
SetFileTime
LocalFileTimeToFileTime
SetFileAttributesW
InitializeCriticalSection
CreateEventW
WaitForSingleObject
GetWindowsDirectoryW
GetModuleFileNameW
GetComputerNameW
FreeLibrary
GetCurrentProcessId
IsBadReadPtr
GlobalMemoryStatus
GetProcessIoCounters
GetCurrentThread
GetProcessTimes
GetProcessHandleCount
LoadLibraryA
GetProcessWorkingSetSize
GetCurrentThreadId
GetThreadTimes
OutputDebugStringA
MoveFileW
FileTimeToLocalFileTime
TerminateProcess
TlsAlloc
TlsSetValue
TlsGetValue
GetFileSizeEx
CreateMutexW
ReleaseMutex
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringW
GetConsoleCP
GetLocaleInfoW
GetTimeZoneInformation
GetStartupInfoW
SetHandleCount
IsProcessorFeaturePresent
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
IsValidCodePage
GetOEMCP
GetACP
LCMapStringW
GetCPInfo
HeapSetInformation
GetCommandLineW
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
VirtualQuery
VirtualAlloc
VirtualProtect
GetDateFormatW
GetTimeFormatW
RtlUnwind
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
GetStringTypeW
DecodePointer
EncodePointer
InterlockedExchange
InterlockedCompareExchange
SizeofResource
FindFirstFileW
FindClose
GetFileAttributesW
ExpandEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentVariableW
lstrlenW
GetModuleHandleW
GetProcAddress
FindResourceExW
FindResourceW
GetOverlappedResult
LoadResource
SetEnvironmentVariableA
GetCurrentProcess

user32

GetCursorPos
GetFocus
GetProcessWindowStation
GetQueueStatus
GetCapture
GetInputState
GetDesktopWindow
MessageBoxW
GetCaretPos
GetActiveWindow
GetClipboardViewer
GetClipboardOwner
GetMessageTime
GetMessagePos
GetOpenClipboardWindow

shell32

SHFileOperationW
SHCreateDirectoryExW

ole32

CoTaskMemFree
IIDFromString
CLSIDFromString
CoCreateGuid
StringFromCLSID
StringFromGUID2

oleaut32

VariantClear
SysAllocString
SysStringLen
SysFreeString
SysAllocStringByteLen
GetErrorInfo

shlwapi

PathAddBackslashW
PathRemoveBlanksW
PathStripToRootW
PathAppendW
PathFindExtensionW
PathRemoveExtensionW
PathSkipRootW
PathCommonPrefixW
PathRemoveFileSpecW
PathStripPathW
PathFileExistsW
PathIsDirectoryW
PathIsRootW
PathRemoveBackslashW

rpcrt4

UuidCreateSequential
UuidCreate

crypt32

CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertAddCertificateContextToStore
CertOpenStore
CertDeleteCertificateFromStore
PFXIsPFXBlob
CertFreeCertificateContext
CryptAcquireCertificatePrivateKey

userenv

UnloadUserProfile

Exports

Exports

_RtlCompareMemory@12

Sections

.text
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.VSec_CD
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VSec_DT
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VSec_DC
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c0096b437767d67746daad41468e3f9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

secur32

kernel32

user32

shell32

ole32

oleaut32

shlwapi

rpcrt4

crypt32

userenv

Exports

Exports

Sections

.text Size: 548KB - Virtual size: 548KB

.VSec_CD Size: 105KB - Virtual size: 105KB

.rdata Size: 171KB - Virtual size: 170KB

.data Size: 23KB - Virtual size: 35KB

.VSec_DT Size: 9KB - Virtual size: 8KB

.VSec_DC Size: 33KB - Virtual size: 32KB

.rsrc Size: 79KB - Virtual size: 78KB

.reloc Size: 47KB - Virtual size: 47KB

.text
Size: 548KB - Virtual size: 548KB

.VSec_CD
Size: 105KB - Virtual size: 105KB

.rdata
Size: 171KB - Virtual size: 170KB

.data
Size: 23KB - Virtual size: 35KB

.VSec_DT
Size: 9KB - Virtual size: 8KB

.VSec_DC
Size: 33KB - Virtual size: 32KB

.rsrc
Size: 79KB - Virtual size: 78KB

.reloc
Size: 47KB - Virtual size: 47KB