2024-05-23_115d8ce94eefb8501b1e27ab03db4389_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-23_115d8ce94eefb8501b1e27ab03db4389_mafia
Size

1.8MB
MD5

115d8ce94eefb8501b1e27ab03db4389
SHA1

c23d5c277b1392c5e887e2f39af3a2bd36cd2fbd
SHA256

639dc635b28ca3390d765f50834cb4eb32fa52010b04480d9f61b5912071baa8
SHA512

aa8e79663b2adb5c73b398191519de2fa34cb87063bf0f7a66c90130595a20d2a19cf2dfbaa7f993cd75a60e23da6a0c3e370efa2dd64ca8b090cfed787dc15d
SSDEEP

49152:6hIcY1WU0uBs98GyzHY9I7HBeVx5rT4rGz:n1vvFYke

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-23_115d8ce94eefb8501b1e27ab03db4389_mafia

Files

2024-05-23_115d8ce94eefb8501b1e27ab03db4389_mafia
.exe windows:5 windows x86 arch:x86

d1179a887579aa5992937ac24468eeb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Hudson_Home\workspace\klaus\Desktop Software\klickTel Automated Update Service\prj\installer\ktsinstaller\bin\ktsinstaller.pdb

Imports

kernel32

DuplicateHandle
CloseHandle
CompareStringW
GetTimeZoneInformation
SetEnvironmentVariableA
GetVersionExA
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetCurrentProcessId
GetProcessTimes
CreateProcessW
GetConsoleWindow
GetStdHandle
GetStartupInfoW
TerminateProcess
InterlockedIncrement
GetSystemTimeAsFileTime
GetCurrentDirectoryW
GetLongPathNameW
GetSystemDirectoryW
GetTempPathW
ExpandEnvironmentStringsW
GetLogicalDriveStringsW
WideCharToMultiByte
GetFileAttributesW
GetFileAttributesExW
SetFileTime
SetEndOfFile
SetFileAttributesW
CopyFileW
MoveFileW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TryEnterCriticalSection
GetEnvironmentVariableW
SetEnvironmentVariableW
GetVersionExW
GetSystemInfo
GetComputerNameW
CreatePipe
CreateEventW
SetEvent
FindFirstFileW
FindClose
FindNextFileW
InterlockedExchange
LoadLibraryA
GetExitCodeThread
TlsGetValue
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
CreateMutexW
ReleaseMutex
ResetEvent
WaitForMultipleObjects
MultiByteToWideChar
EncodePointer
DecodePointer
InitializeCriticalSection
LocalAlloc
GetModuleFileNameW
LoadLibraryW
GetCommandLineW
HeapSetInformation
RtlUnwind
RaiseException
ExitThread
CreateThread
GetCPInfo
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
GetModuleHandleW
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoW
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
WriteConsoleW
SetStdHandle
EnterCriticalSection
GetProcAddress
SetLastError
GetExitCodeProcess
LeaveCriticalSection
OpenProcess
GetProcessHeap
WaitForSingleObject
HeapFree
GetCurrentProcess
HeapAlloc
FreeLibrary
LocalFree
GetLastError
Sleep
FormatMessageA
InterlockedDecrement
SetThreadPriority

iphlpapi

GetAdaptersInfo

advapi32

ReportEventW
DeregisterEventSource
RegQueryInfoKeyA
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
QueryServiceConfigW
OpenServiceW
ChangeServiceConfigA
ControlService
StartServiceA
QueryServiceStatus
DeleteService
CreateServiceW
CloseServiceHandle
OpenSCManagerA
RegEnumValueW
RegisterEventSourceW

ws2_32

ntohs
htons
getservbyname
gethostname
ntohl
inet_addr
getnameinfo
getaddrinfo
freeaddrinfo
WSACleanup
WSAStartup
htonl

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1179a887579aa5992937ac24468eeb0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

iphlpapi

advapi32

ws2_32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 296KB - Virtual size: 295KB

.data Size: 22KB - Virtual size: 37KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 75KB - Virtual size: 75KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 296KB - Virtual size: 295KB

.data
Size: 22KB - Virtual size: 37KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 75KB - Virtual size: 75KB