2024-05-22_07d080dce7acf493221cca1d29634080_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-22_07d080dce7acf493221cca1d29634080_mafia
Size

5.2MB
MD5

07d080dce7acf493221cca1d29634080
SHA1

6b8413806a4c98ce3999896c9098ffd3c9b94291
SHA256

f913f3238d68e1434c879ef92fb9ae9ff32d277eb8da8e8def20343a497cc4a8
SHA512

0890573e3517d0fd9867ec60c24b720874b82e82f4d2e80bc60dfb8f5f6991bcb5f16e306f27ff3a318a83f111b3a3e5cd9dcbc1cbc8f64dcb6a9b62100af7b8
SSDEEP

98304:FkYInOLFB3OZ/OHu3mxSa6ewRaHpvvcwvhphz6skYsUI8YY5ACd0484U75yye2ra:FkYInNZ2RbwRx858ZVyy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-05-22_07d080dce7acf493221cca1d29634080_mafia

Files

2024-05-22_07d080dce7acf493221cca1d29634080_mafia
.exe windows:5 windows x86 arch:x86

dcd8b1090aff49a47be3d92d81c088ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
Sleep
GetProcAddress
FreeLibrary
WaitForSingleObject
GetExitCodeThread
CloseHandle
CreateThread
ExitThread
TlsFree
DeleteCriticalSection
TlsGetValue
TlsSetValue
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
SetThreadPriority
InitializeCriticalSection
TlsAlloc
IsBadWritePtr
WideCharToMultiByte
GetVersionExA
GetProcessHeap
SetEndOfFile
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
CompareStringW
IsValidLocale
EnumSystemLocalesA
SleepEx
QueryPerformanceCounter
SwitchToThread
FormatMessageA
GetLastError
LocalFree
GetCurrentProcess
GetLongPathNameW
InterlockedIncrement
InterlockedDecrement
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryA
CreateDirectoryW
GetLocalTime
GetSystemTimeAsFileTime
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetModuleHandleW
ExitProcess
MoveFileA
DeleteFileW
MoveFileW
RaiseException
RtlUnwind
GetCPInfo
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
SetLastError
GetCurrentThreadId
HeapSize
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
LoadLibraryW
GetTimeZoneInformation
CreateFileA
CreateFileW
ReadFile
SetFilePointer
GetUserDefaultLCID
GetLocaleInfoA
DeleteFileA

user32

GetForegroundWindow
DrawTextW
DrawTextA
GetCursor
ReleaseDC
GetClientRect
GetDC
GetWindowInfo
AdjustWindowRect
GetKeyboardLayout
GetCursorPos
MessageBoxA
PostQuitMessage
DefWindowProcW
ScreenToClient
IsIconic
SendMessageW
SetForegroundWindow
FindWindowW
DestroyWindow
UnregisterClassW
PeekMessageW
TranslateMessage
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
SetCursor
DestroyIcon
GetWindowLongW
SystemParametersInfoW
ShowWindow
UpdateWindow
SetActiveWindow
SetWindowLongW
SetWindowPos

shell32

SHGetSpecialFolderPathA
SHGetFolderPathW
CommandLineToArgvW

jngload

?freeData@@YAXAAPAK@Z
?readMNG@@YAXPBXAAK1AAPAKK@Z

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

shlwapi

PathFindFileNameW

psapi

GetModuleFileNameExW
EnumProcessModules

d3d8

Direct3DCreate8

dinput8

DirectInput8Create

ws2_32

recv
select
__WSAFDIsSet
send
connect
closesocket
WSAGetLastError
socket
setsockopt
htons
ioctlsocket
getsockopt
inet_addr

gdi32

GetDIBits
GetObjectA
CreateFontIndirectA
BitBlt
SetTextColor
SetBkColor
SetBkMode
CreateDIBSection
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontW
CreateSolidBrush
DeleteObject
DeleteDC

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dcd8b1090aff49a47be3d92d81c088ac

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

jngload

winmm

shlwapi

psapi

d3d8

dinput8

ws2_32

gdi32

advapi32

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 30KB - Virtual size: 68KB

.rsrc Size: 387KB - Virtual size: 387KB

.reloc Size: 267KB - Virtual size: 266KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 30KB - Virtual size: 68KB

.rsrc
Size: 387KB - Virtual size: 387KB

.reloc
Size: 267KB - Virtual size: 266KB