General

Malware Config

Signatures

Files

• 2024-05-23_5fb791968a1460f815e4aba655d4c78d_mafia

  .exe windows:5 windows x86 arch:x86

  a80097d13f7e0058bb1a805555708354

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  HeapQueryInformation

  LCMapStringA

  GetCommandLineA

  GetTickCount

  GetLocalTime

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  FindClose

  FindFirstFileA

  FindNextFileA

  GetDiskFreeSpaceExA

  GetDiskFreeSpaceA

  MulDiv

  GetCurrentDirectoryA

  GetVolumeInformationA

  GlobalAlloc

  GlobalLock

  GlobalUnlock

  GlobalFree

  GetUserDefaultLCID

  GetPrivateProfileStringA

  GetStartupInfoA

  CreateProcessA

  ExitProcess

  CancelWaitableTimer

  VirtualAlloc

  VirtualFree

  HeapReAlloc

  FreeLibrary

  HeapDestroy

  TryEnterCriticalSection

  SetCriticalSectionSpinCount

  DeleteCriticalSection

  HeapCreate

  CreateEventA

  WaitForMultipleObjects

  SetEvent

  lstrcpyn

  RtlMoveMemory

  InitializeCriticalSectionAndSpinCount

  GetCurrentProcessId

  IsWow64Process

  GetSystemInfo

  GlobalMemoryStatusEx

  GetProcessId

  GetTimeFormatA

  GetDateFormatA

  GetLocaleInfoA

  SetFileAttributesA

  GetFileAttributesA

  GetLongPathNameA

  GetTempPathA

  GetSystemDirectoryA

  GetWindowsDirectoryA

  GetComputerNameA

  MoveFileA

  ReadFile

  GetFileSizeEx

  WriteFile

  SetEndOfFile

  SetFilePointerEx

  CreateFileA

  CreateFileW

  TlsSetValue

  IsBadReadPtr

  TlsGetValue

  GetTempPathW

  lstrlenW

  DeleteFileA

  CreateFileMappingA

  Process32Next

  Process32First

  CreateToolhelp32Snapshot

  OpenProcess

  UnmapViewOfFile

  MapViewOfFile

  OpenFileMappingA

  WideCharToMultiByte

  MultiByteToWideChar

  GetModuleFileNameA

  HeapSize

  GetCurrentProcess

  TerminateProcess

  GetProcAddress

  LoadLibraryA

  GetModuleHandleA

  SetThreadAffinityMask

  HeapFree

  InterlockedExchange

  LeaveCriticalSection

  GetCurrentThreadId

  WaitForSingleObject

  SetWaitableTimer

  CreateWaitableTimerA

  SwitchToThread

  InterlockedCompareExchange

  EnterCriticalSection

  HeapAlloc

  GetProcessHeap

  CloseHandle

  CreateThread

  SetProcessDEPPolicy

  GetProcessVersion

  GlobalGetAtomNameA

  GlobalAddAtomA

  GlobalFindAtomA

  GlobalFlags

  LocalReAlloc

  GlobalReAlloc

  GlobalHandle

  InitializeCriticalSection

  LocalAlloc

  SetFilePointer

  GetLastError

  GetDriveTypeA

  Sleep

  lstrcpyA

  lstrlenA

  SetLastError

  lstrcatA

  QueryPerformanceCounter

  GetVersion

  HeapSetInformation

  GetStartupInfoW

  EncodePointer

  DecodePointer

  RtlUnwind

  RaiseException

  SetUnhandledExceptionFilter

  GetModuleHandleW

  GetStdHandle

  GetModuleFileNameW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  SetHandleCount

  GetFileType

  TlsAlloc

  TlsFree

  InterlockedIncrement

  InterlockedDecrement

  GetSystemTimeAsFileTime

  UnhandledExceptionFilter

  IsDebuggerPresent

  IsProcessorFeaturePresent

  GetConsoleCP

  GetConsoleMode

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  LCMapStringW

  VirtualQuery

  GetStringTypeW

  LoadLibraryW

  GetLocaleInfoW

  SetStdHandle

  FlushFileBuffers

  WriteConsoleW

  EnumSystemLocalesA

  IsValidLocale

  lstrcmpiA

  lstrcmpA

  GlobalDeleteAtom

  LocalFree

  lstrcpynA

  IsBadReadPtr

  LCMapStringA

  LoadLibraryA

  FreeLibrary

  GetProcAddress

  HeapFree

  HeapAlloc

  ExitProcess

  GetProcessHeap

  GetModuleHandleA

  GetEnvironmentVariableA

  VirtualProtectEx

  RtlMoveMemory

  user32

  PtInRect

  GetWindow

  GetParent

  PostQuitMessage

  PostMessageA

  EnableWindow

  IsWindowEnabled

  GetLastActivePopup

  SetWindowsHookExA

  CallNextHookEx

  GetKeyState

  GetNextDlgTabItem

  GetFocus

  EnableMenuItem

  CheckMenuItem

  SetMenuItemBitmaps

  ModifyMenuA

  GetMenuState

  LoadBitmapA

  GetMenuCheckMarkDimensions

  TabbedTextOutA

  DrawTextA

  GrayStringA

  UnhookWindowsHookEx

  DestroyWindow

  GetDlgCtrlID

  SetWindowTextA

  GetMenuItemCount

  RegisterWindowMessageA

  GetMessagePos

  GetMessageTime

  DefWindowProcA

  RemovePropA

  CallWindowProcA

  GetPropA

  SetPropA

  GetClassLongA

  CreateWindowExA

  GetWindowLongA

  GetMenuItemID

  GetSubMenu

  GetMenu

  RegisterClassA

  GetClassInfoA

  WinHelpA

  GetCapture

  GetTopWindow

  CopyRect

  AdjustWindowRectEx

  GetSysColor

  MapWindowPoints

  LoadIconA

  LoadCursorA

  GetSysColorBrush

  LoadStringA

  DestroyMenu

  EmptyClipboard

  SetClipboardData

  MessageBoxA

  wsprintfA

  DispatchMessageA

  TranslateMessage

  GetMessageA

  PeekMessageA

  GetWindowTextA

  SystemParametersInfoA

  GetClassNameA

  SendMessageA

  SetForegroundWindow

  SetActiveWindow

  BringWindowToTop

  CloseClipboard

  GetClipboardData

  OpenClipboard

  ClientToScreen

  GetClientRect

  SetFocus

  GetWindowThreadProcessId

  ShowWindowAsync

  BlockInput

  FindWindowExA

  DestroyIcon

  GetDC

  FillRect

  AttachThreadInput

  SetWindowLongA

  GetDlgItem

  SetWindowPos

  GetAncestor

  GetForegroundWindow

  IsWindow

  MsgWaitForMultipleObjects

  GetWindowPlacement

  IsWindowVisible

  IsIconic

  DrawIconEx

  ReleaseDC

  SendInput

  GetSystemMetrics

  MapVirtualKeyA

  GetLastInputInfo

  LoadImageA

  EnumDisplaySettingsA

  GetWindowRect

  wsprintfA

  MessageBoxA

  oleaut32

  SystemTimeToVariantTime

  OleLoadPicture

  VarR8FromCy

  VarR8FromBool

  VariantTimeToSystemTime

  SafeArrayDestroy

  VariantClear

  LoadTypeLi

  LHashValOfNameSys

  RegisterTypeLi

  VariantCopy

  SafeArrayCreate

  SysAllocString

  VariantTimeToSystemTime

  shlwapi

  PathFindFileNameA

  PathFindExtensionA

  gdi32

  GetClipBox

  ScaleWindowExtEx

  SetWindowExtEx

  ScaleViewportExtEx

  SetViewportExtEx

  OffsetViewportOrgEx

  SetViewportOrgEx

  SetMapMode

  GetStockObject

  GetDeviceCaps

  SetDIBitsToDevice

  GetDIBits

  SetPixelV

  GetPixel

  GdiFlush

  BitBlt

  GetObjectA

  CreateDIBSection

  DeleteObject

  SetTextColor

  CreateSolidBrush

  SelectObject

  CreateCompatibleBitmap

  CreateCompatibleDC

  PtVisible

  RectVisible

  TextOutA

  ExtTextOutA

  Escape

  SetBkColor

  RestoreDC

  SaveDC

  CreateBitmap

  DeleteDC

  advapi32

  InitializeSecurityDescriptor

  SetSecurityDescriptorDacl

  CryptAcquireContextA

  CryptCreateHash

  CryptReleaseContext

  CryptHashData

  CryptDestroyHash

  CryptGetHashParam

  RegOpenKeyA

  RegCloseKey

  OpenProcessToken

  GetTokenInformation

  RegQueryValueExA

  shell32

  SHGetSpecialFolderPathW

  ShellExecuteA

  SHGetSpecialFolderPathA

  SHGetFileInfoA

  ShellExecuteExA

  ole32

  CoCreateGuid

  CoInitialize

  OleRun

  CoInitializeEx

  CoCreateInstance

  CLSIDFromString

  CLSIDFromProgID

  CreateStreamOnHGlobal

  CoUninitialize

  wininet

  HttpSendRequestA

  HttpSendRequestExA

  InternetWriteFile

  InternetSetOptionA

  InternetReadFile

  HttpQueryInfoA

  HttpOpenRequestA

  InternetCloseHandle

  InternetConnectA

  HttpEndRequestA

  InternetOpenA

  msvcrt

  strstr

  malloc

  free

  strchr

  _ftol

  atoi

  sprintf

  winspool.drv

  DocumentPropertiesA

  OpenPrinterA

  ClosePrinter

  comctl32

  ord17

  Sections

  .text

  Size: 464KB - Virtual size: 464KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 49KB - Virtual size: 48KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1.0MB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 34KB - Virtual size: 33KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 55KB - Virtual size: 56KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ