2024-05-18_bb59788bf9cbf41c274dc7727bf3ab71_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-18_bb59788bf9cbf41c274dc7727bf3ab71_mafia
Size

6.9MB
MD5

bb59788bf9cbf41c274dc7727bf3ab71
SHA1

1e59e75b8088d4ea3be582d4467e09fa4a809fd1
SHA256

2973484f217dff3fa75a6e9f7b125fd2233cfad0fecdc479118a818d5339de5e
SHA512

a72692fe61b15850467f952fb2e0742fb51325e758776ad7d2005ead907b726c48c3e1f7c4a6d98ee0d7254c6cd56af3db250b83a357d7bb5ca687c122ad82b3
SSDEEP

98304:F+e/bDDHKCdmeLAuzduCzr1uHX7nJbVuHMGTSYNlEqa3KXWhOQzNYDtcyDBf:F+OrHNmkztuLnJAH7SoUKXWbcGGx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-05-18_bb59788bf9cbf41c274dc7727bf3ab71_mafia

Files

2024-05-18_bb59788bf9cbf41c274dc7727bf3ab71_mafia
.exe windows:6 windows x86 arch:x86

5beb291ae6544664f7c8c89434aaa3fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
VirtualProtectEx
GetLastError
CreateMutexA
ContinueDebugEvent
ResumeThread
OutputDebugStringA
OutputDebugStringW
SetThreadContext
GetThreadContext
WaitForDebugEvent
WriteProcessMemory
UnmapViewOfFile
InitializeCriticalSection
FreeConsole
CreateThread
SuspendThread
DebugActiveProcess
SetEnvironmentVariableA
GetCurrentProcessId
MapViewOfFile
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
GetVersionExA
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
SetLastError
ReleaseMutex
WaitForSingleObject
OpenMutexA
SetErrorMode
GetShortPathNameA
GetModuleFileNameA
GetShortPathNameW
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
SetFilePointer
CreateFileA
ExitProcess
GetLocalTime
MultiByteToWideChar
SearchPathA
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetWindowsDirectoryA
ReadProcessMemory
WritePrivateProfileStringA
DeleteFileA
MoveFileA
CreateProcessA
GetStartupInfoA
GetCurrentThreadId
ReadFile
GetFileSize
GetProcessHeap
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
LoadLibraryW
FreeLibrary
SetConsoleCtrlHandler
FatalAppExitA
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetLocaleInfoW
GetStdHandle
CompareStringW
WriteFile
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
HeapAlloc
GetDateFormatA
GetTimeFormatA
GetModuleHandleW
HeapFree
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
LeaveCriticalSection
GetExitCodeProcess
GetCurrentThread
SetThreadPriority
Sleep
GetTickCount
VirtualQueryEx
CreateEventA
CloseHandle
GetModuleHandleA
SetEvent
GetCommandLineA
GetPrivateProfileStringA
GetCommandLineW
FormatMessageA
LocalFree
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
DeleteCriticalSection
SetEndOfFile
SetFilePointerEx
CreateFileW
FindClose
RemoveDirectoryW
DeleteFileW
DeviceIoControl
GetFullPathNameW
FindFirstFileW
FindNextFileW
GetFileAttributesW
CreateDirectoryExW
CopyFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
GetFileTime
SetFileTime
MoveFileExW
GetDiskFreeSpaceExW
CreateDirectoryW
AreFileApisANSI

user32

BeginPaint
EndPaint
KillTimer
GetAsyncKeyState
DefDlgProcA
DrawTextA
CreateDialogParamA
RegisterClassExA
DialogBoxParamA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
InSendMessage
UnpackDDElParam
DefWindowProcW
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageW
PeekMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
LoadStringA
LoadStringW
FindWindowA
DestroyWindow
GetDesktopWindow
GetSystemMetrics
MoveWindow
MessageBoxA
SendMessageA
SetPropA
EnumThreadWindows
GetPropA
WaitForInputIdle
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
FreeDDElParam

gdi32

SelectObject
BitBlt
DeleteObject
CreatePalette
CreateDCA
SelectPalette
RealizePalette
CreateDIBitmap
DeleteDC
CreateCompatibleDC

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

SHGetSpecialFolderPathA

Sections

UPX0
Size: - Virtual size: 16.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 752KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 132KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5beb291ae6544664f7c8c89434aaa3fa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Sections

UPX0 Size: - Virtual size: 16.2MB

UPX1 Size: - Virtual size: 5.2MB

UPX2 Size: - Virtual size: 4KB

.text Size: 752KB - Virtual size: 768KB

.adata Size: 52KB - Virtual size: 64KB

.data Size: 132KB - Virtual size: 192KB

.reloc Size: 40KB - Virtual size: 64KB

.pdata Size: 5.9MB - Virtual size: 5.9MB

UPX0
Size: - Virtual size: 16.2MB

UPX1
Size: - Virtual size: 5.2MB

UPX2
Size: - Virtual size: 4KB

.text
Size: 752KB - Virtual size: 768KB

.adata
Size: 52KB - Virtual size: 64KB

.data
Size: 132KB - Virtual size: 192KB

.reloc
Size: 40KB - Virtual size: 64KB

.pdata
Size: 5.9MB - Virtual size: 5.9MB