2024-05-22_c3049819c623717c6b35fe2ee08fa6a2_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-22_c3049819c623717c6b35fe2ee08fa6a2_mafia
Size

2.3MB
MD5

c3049819c623717c6b35fe2ee08fa6a2
SHA1

836a5c8eb12a7bcfa1cf8dee1e4ce36285602be7
SHA256

3638abdb2e290e4a0c86490a52d1cf3a1f938a98d0eca7a0f0ff08a5eb07d8d4
SHA512

ff7907455546ee9247b1ffcd23674818766a9486d9cdeeb68285d057d18cf4ca7a60764fbbb8c3293fba32499875046925337f551708489b991995bb765e838b
SSDEEP

49152:nO6UCQQyRD4iIwdekQcluOi12yHtDBoDu42jf0opNZHKHqyKT4oMTLF+JB+0Oewp:nOtCQQ2D4SEtJOi1dHRBXjf0+L4qyKTH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-22_c3049819c623717c6b35fe2ee08fa6a2_mafia

Files

2024-05-22_c3049819c623717c6b35fe2ee08fa6a2_mafia
.exe windows:5 windows x86 arch:x86

97cd2d5196e248082285572ea10cab7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel\backend\build\bin\Win32\Release\NvBackend.pdb

Imports

iphlpapi

IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle

ws2_32

accept
WSAWaitForMultipleEvents
listen
send
gethostbyname
WSAResetEvent
closesocket
WSACreateEvent
inet_addr
WSAStartup
WSACleanup
WSACloseEvent
getsockname
setsockopt
__WSAFDIsSet
bind
recv
sendto
WSAEventSelect
htons
WSAEnumNetworkEvents
WSAGetLastError
htonl
connect
ioctlsocket
socket
select

kernel32

GetUserDefaultUILanguage
OpenEventW
CreateProcessW
GetExitCodeProcess
GetCurrentThread
SetThreadAffinityMask
GetSystemPowerStatus
SystemTimeToFileTime
SetHandleInformation
GetProcessTimes
ReadFile
CreatePipe
CreateDirectoryW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
GlobalMemoryStatusEx
GetVersionExW
GetNativeSystemInfo
GetProcAddress
Sleep
ExitProcess
ExpandEnvironmentStringsW
FindNextFileW
IsWow64Process
FindClose
GetFileAttributesW
GetLogicalDrives
GetCurrentProcess
GetDriveTypeW
FindFirstFileW
DeleteFileW
GetSystemTimeAsFileTime
LocalFree
CloseHandle
LocalAlloc
SetLastError
GetLastError
CreateFileW
GetSystemDirectoryW
GetModuleHandleW
LoadLibraryExW
WriteFile
WaitForSingleObject
FreeLibrary
GetCommandLineW
GetStdHandle
InterlockedCompareExchange
SetEnvironmentVariableA
GetProcessHeap
GetTimeZoneInformation
WriteConsoleW
SetStdHandle
CompareStringW
InterlockedExchange
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentDirectoryW
CreateFileA
GetFullPathNameA
GetStringTypeW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleFileNameA
RtlUnwind
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
HeapSize
GetLocaleInfoW
HeapCreate
RaiseException
LCMapStringW
IsProcessorFeaturePresent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
FindFirstFileExA
GetDriveTypeA
CreateThread
ExitThread
GetStartupInfoW
HeapSetInformation
MapViewOfFile
UnmapViewOfFile
VirtualQuery
ProcessIdToSessionId
CreateFileMappingW
OpenFileMappingW
GetCurrentProcessId
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
SetEvent
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
DeleteCriticalSection
SetEndOfFile
SetFilePointerEx
GetFileAttributesExW
GetFileInformationByHandle
SetEnvironmentVariableW
GetModuleHandleExW
CopyFileW
GetModuleFileNameW
lstrlenW
RemoveDirectoryW
SetFileAttributesW
GetVolumeInformationW
CreateMutexW
PeekNamedPipe
GetTickCount
FormatMessageW
FileTimeToSystemTime
SetThreadPriority
FlushFileBuffers
OpenMutexW
WaitForMultipleObjects
ReleaseMutex
FileTimeToLocalFileTime
ResumeThread
GetCurrentThreadId
MoveFileW
QueryPerformanceCounter
QueryPerformanceFrequency
lstrlenA
FindFirstFileExW
GetSystemDirectoryA
lstrcmpiW
GetSystemDefaultLangID
GetWindowsDirectoryW
GetProcessAffinityMask
InterlockedDecrement
DeviceIoControl
GlobalAlloc
GlobalFree
GetDiskFreeSpaceExW
HeapFree
DecodePointer
EncodePointer
GetCommandLineA

user32

TranslateMessage
KillTimer
UnregisterClassW
PostQuitMessage
GetMessageW
RegisterClassExW
DestroyWindow
MsgWaitForMultipleObjectsEx
SetWindowLongW
PeekMessageW
GetWindowLongW
CreateWindowExW
DefWindowProcW
DispatchMessageW
EnumDisplayDevicesW
EnumDisplaySettingsW
SetTimer
GetSystemMetrics
EnumDisplaySettingsExW

advapi32

RegEnumValueW
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
RegSetValueExW
RegDeleteValueW
ReportEventW
DeregisterEventSource
RegQueryInfoKeyW
RegEnumKeyExW
CryptHashData
CryptDestroyHash
SetEntriesInAclW
SetSecurityDescriptorDacl
ConvertStringSidToSidW
InitializeSecurityDescriptor
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegisterEventSourceW
CryptCreateHash

shell32

SHFileOperationW
CommandLineToArgvW
SHGetFolderPathW

shlwapi

PathCombineW

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiSetDeviceInstallParamsW
SetupDiDestroyDriverInfoList
SetupDiGetDriverInstallParamsW
SetupDiEnumDriverInfoW
SetupDiGetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

version

GetFileVersionInfoA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeA

winhttp

WinHttpConnect
WinHttpSendRequest
WinHttpSetOption
WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpCloseHandle

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoCreateGuid
StringFromGUID2
CoSetProxyBlanket

oleaut32

SysFreeString
SafeArrayGetElement
VariantChangeType
VariantCopy
SafeArrayGetLBound
SysAllocString
VariantInit
VariantClear
SysStringLen

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97cd2d5196e248082285572ea10cab7a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

ws2_32

kernel32

user32

advapi32

shell32

shlwapi

setupapi

version

winhttp

ole32

oleaut32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 397KB - Virtual size: 397KB

.data Size: 19KB - Virtual size: 41KB

.rsrc Size: 147KB - Virtual size: 147KB

.reloc Size: 140KB - Virtual size: 139KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 397KB - Virtual size: 397KB

.data
Size: 19KB - Virtual size: 41KB

.rsrc
Size: 147KB - Virtual size: 147KB

.reloc
Size: 140KB - Virtual size: 139KB