2024-05-20_53c5e5eb4aef0a09616c4ffcfa96ffcf_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-20_53c5e5eb4aef0a09616c4ffcfa96ffcf_mafia
Size

5.2MB
MD5

53c5e5eb4aef0a09616c4ffcfa96ffcf
SHA1

5ba2ae612725c41b73f50580b17642d1c2d72e63
SHA256

d9ffc4c49746ac31961a6ace0461c6780a3ba1c5ea2407320947b3d8f1b3b516
SHA512

2cb8b1acfb9b67e8a18b0a2a44b8b89f80c74471fb51a36376fff2fa9df10c6ca28463d90942d26615eecdfdac57453b97f12ae888c8ee979f4852fcc2d28ca2
SSDEEP

98304:FkYInOLFB3OZ/OHu3mxSa6ewRaHpvvcwvhphz6skYsUI8YY5ACa0484U75yye2Oa:FkYInNZ2RbwRx85HZVyy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-20_53c5e5eb4aef0a09616c4ffcfa96ffcf_mafia

Files

2024-05-20_53c5e5eb4aef0a09616c4ffcfa96ffcf_mafia
.exe windows:5 windows x86 arch:x86

dcd8b1090aff49a47be3d92d81c088ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
Sleep
GetProcAddress
FreeLibrary
WaitForSingleObject
GetExitCodeThread
CloseHandle
CreateThread
ExitThread
TlsFree
DeleteCriticalSection
TlsGetValue
TlsSetValue
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
SetThreadPriority
InitializeCriticalSection
TlsAlloc
IsBadWritePtr
WideCharToMultiByte
GetVersionExA
GetProcessHeap
SetEndOfFile
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
CompareStringW
IsValidLocale
EnumSystemLocalesA
SleepEx
QueryPerformanceCounter
SwitchToThread
FormatMessageA
GetLastError
LocalFree
GetCurrentProcess
GetLongPathNameW
InterlockedIncrement
InterlockedDecrement
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryA
CreateDirectoryW
GetLocalTime
GetSystemTimeAsFileTime
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetModuleHandleW
ExitProcess
MoveFileA
DeleteFileW
MoveFileW
RaiseException
RtlUnwind
GetCPInfo
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
SetLastError
GetCurrentThreadId
HeapSize
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
LoadLibraryW
GetTimeZoneInformation
CreateFileA
CreateFileW
ReadFile
SetFilePointer
GetUserDefaultLCID
GetLocaleInfoA
DeleteFileA

user32

GetForegroundWindow
DrawTextW
DrawTextA
GetCursor
ReleaseDC
GetClientRect
GetDC
GetWindowInfo
AdjustWindowRect
GetKeyboardLayout
GetCursorPos
MessageBoxA
PostQuitMessage
DefWindowProcW
ScreenToClient
IsIconic
SendMessageW
SetForegroundWindow
FindWindowW
DestroyWindow
UnregisterClassW
PeekMessageW
TranslateMessage
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
SetCursor
DestroyIcon
GetWindowLongW
SystemParametersInfoW
ShowWindow
UpdateWindow
SetActiveWindow
SetWindowLongW
SetWindowPos

shell32

SHGetSpecialFolderPathA
SHGetFolderPathW
CommandLineToArgvW

jngload

?freeData@@YAXAAPAK@Z
?readMNG@@YAXPBXAAK1AAPAKK@Z

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

shlwapi

PathFindFileNameW

psapi

GetModuleFileNameExW
EnumProcessModules

d3d8

Direct3DCreate8

dinput8

DirectInput8Create

ws2_32

recv
select
__WSAFDIsSet
send
connect
closesocket
WSAGetLastError
socket
setsockopt
htons
ioctlsocket
getsockopt
inet_addr

gdi32

GetDIBits
GetObjectA
CreateFontIndirectA
BitBlt
SetTextColor
SetBkColor
SetBkMode
CreateDIBSection
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontW
CreateSolidBrush
DeleteObject
DeleteDC

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dcd8b1090aff49a47be3d92d81c088ac

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

jngload

winmm

shlwapi

psapi

d3d8

dinput8

ws2_32

gdi32

advapi32

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 30KB - Virtual size: 68KB

.rsrc Size: 387KB - Virtual size: 387KB

.reloc Size: 267KB - Virtual size: 266KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 30KB - Virtual size: 68KB

.rsrc
Size: 387KB - Virtual size: 387KB

.reloc
Size: 267KB - Virtual size: 266KB