2024-05-21_3b05363f557d438aabe8a30b091ac390_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-21_3b05363f557d438aabe8a30b091ac390_mafia
Size

954KB
MD5

3b05363f557d438aabe8a30b091ac390
SHA1

db65a6b34e324b1f85e0b1ad4eccdb216ceea568
SHA256

b29628e7c5e678728f6919b1a49431d9861bfb776f39633139b22e087e746bc0
SHA512

e2e2b6898d00efabdf1ef2497535f9ef37c2b8a504c06233fc84734a2b7e3a708cab1c159a098d387de79d70b4a84b770c722a82d61ce44a99299e14647464b0
SSDEEP

24576:2BqmZcLCR0g/IDxAL+idPJeo6e/KadHM29i0pSiYmuORaDS:2ZZD0g/0CBeopCadpSiYmDUDS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-21_3b05363f557d438aabe8a30b091ac390_mafia

Files

2024-05-21_3b05363f557d438aabe8a30b091ac390_mafia
.exe windows:5 windows x86 arch:x86

0b75690267c2ee2551eff65201b9a2af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\snitch_client\Hooks\control\Release\ServiceConsole.pdb

Imports

kernel32

GetSystemInfo
DeleteCriticalSection
GetVersionExA
DeleteFileA
GetProcAddress
SetConsoleMode
ReadConsoleInputA
SetLastError
CreateProcessA
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TerminateThread
GetCommandLineA
GetCurrentThread
GetModuleHandleW
GetLogicalDrives
SystemTimeToFileTime
WaitForMultipleObjects
GetCompressedFileSizeA
GetFileAttributesA
GetExitCodeThread
ReadDirectoryChangesW
GetTickCount
SetEvent
Sleep
WideCharToMultiByte
LocalFree
CreateEventW
LocalAlloc
CreateNamedPipeA
FlushFileBuffers
DisconnectNamedPipe
GetOverlappedResult
ReadFile
WriteFile
ConnectNamedPipe
WaitForSingleObject
GetLocalTime
FormatMessageA
GlobalFree
MultiByteToWideChar
InterlockedDecrement
CloseHandle
GetDriveTypeA
EnterCriticalSection
DeviceIoControl
GetVersionExW
GetCurrentProcess
SetPriorityClass
CreateFileA
GetLastError
CreateDirectoryA
ExpandEnvironmentStringsA
FlushConsoleInputBuffer
LoadLibraryA
GlobalMemoryStatus
GetVersion
GetModuleHandleA
lstrlenA
GetProcessHeap
SetEndOfFile
GetExitCodeProcess
SetEnvironmentVariableA
CompareStringW
SetStdHandle
WriteConsoleW
CreateFileW
LoadLibraryW
FreeLibrary
SetConsoleCtrlHandler
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetLocaleInfoW
SetFilePointer
GetStartupInfoW
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetModuleFileNameW
GetStdHandle
ExitProcess
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
InterlockedIncrement
EncodePointer
DecodePointer
InitializeCriticalSection
HeapFree
HeapAlloc
ExitThread
ResumeThread
CreateThread
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetACP

user32

RegisterDeviceNotificationW
UnregisterDeviceNotification
MessageBoxA
GetDesktopWindow
CharToOemBuffA
GetUserObjectInformationW
GetProcessWindowStation
GetSystemMetrics

advapi32

LookupPrivilegeValueW
ReportEventA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegCloseKey
CreateProcessAsUserA
DeregisterEventSource
QueryServiceConfigW
AdjustTokenPrivileges
ControlService
RevertToSelf
SetServiceStatus
QueryServiceStatus
DuplicateTokenEx
StartServiceW
ChangeServiceConfig2W
ImpersonateSelf
RegisterEventSourceA
RegisterServiceCtrlHandlerExA
SetTokenInformation
DuplicateToken
CreateServiceA
SetThreadToken
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenThreadToken
DeleteService
OpenProcessToken
CloseServiceHandle
OpenServiceA

oleaut32

SysAllocString
SysFreeString
VariantClear

winhttp

WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpSetCredentials
WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpReadData
WinHttpQueryAuthSchemes

sqlite3

sqlite3_free
sqlite3_changes
sqlite3_vmprintf
sqlite3_close
sqlite3_exec
sqlite3_open
sqlite3_column_count
sqlite3_column_text
sqlite3_errmsg
sqlite3_busy_timeout
sqlite3_finalize
sqlite3_step
sqlite3_mprintf
sqlite3_prepare_v2

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationA

Sections

.text
Size: 654KB - Virtual size: 654KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b75690267c2ee2551eff65201b9a2af

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

oleaut32

winhttp

sqlite3

wtsapi32

Sections

.text Size: 654KB - Virtual size: 654KB

.rdata Size: 227KB - Virtual size: 226KB

.data Size: 24KB - Virtual size: 43KB

.reloc Size: 47KB - Virtual size: 47KB

.text
Size: 654KB - Virtual size: 654KB

.rdata
Size: 227KB - Virtual size: 226KB

.data
Size: 24KB - Virtual size: 43KB

.reloc
Size: 47KB - Virtual size: 47KB