2024-05-23_f47b36aaf30f2e4ab35538cbcf476939_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-23_f47b36aaf30f2e4ab35538cbcf476939_mafia
Size

2.2MB
MD5

f47b36aaf30f2e4ab35538cbcf476939
SHA1

7acbb3b1917df6e4b4eb19d0dd7b04ad754fd876
SHA256

7a77858373c9c060c14ce81ec29fe83a1aae66294e79c8f78a783d718a09a81d
SHA512

b380294712e62ec4701d98b044f142b4f2eae1e86bd3221afee72b518fae33dc0ede57fe929f852881bb8316287d7a86fd60087fc56e0834e4f85d8b058e2d03
SSDEEP

49152:rbWEglpyBwU20E2OBWCH5RpMTfcrDsiaytRZlDOFuckYc1Z8F4I1Qpaj9IEUNAv3:uEglcBu0OBWCH5RpMTfcrABKlC9kYc1Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-23_f47b36aaf30f2e4ab35538cbcf476939_mafia

Files

2024-05-23_f47b36aaf30f2e4ab35538cbcf476939_mafia
.exe windows:5 windows x86 arch:x86

01d0bb854ed73c6a9f1602642bcff765

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\A6在线升级服务器端\Release\A3UpdateProgram.pdb

Imports

kernel32

GetDriveTypeW
SetEnvironmentVariableA
LCMapStringW
GetStringTypeW
GetProcessHeap
IsValidLocale
EnumSystemLocalesA
WriteConsoleW
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapCreate
SetHandleCount
InterlockedDecrement
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
GetFileType
SetStdHandle
CreateThread
ExitThread
HeapReAlloc
RaiseException
ExitProcess
RtlUnwind
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
VirtualProtect
GetUserDefaultLCID
SearchPathW
GetProfileIntW
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
SetErrorMode
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GetSystemDirectoryW
GetCurrentDirectoryW
GetTickCount
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
lstrcmpiW
GetThreadLocale
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileW
FindNextFileW
FindClose
ReleaseActCtx
CreateActCtxW
WaitForSingleObject
ResumeThread
SetThreadPriority
GlobalSize
MulDiv
GetCurrentProcessId
GlobalUnlock
WritePrivateProfileStringW
lstrcpyW
GlobalFree
lstrlenW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GetVersionExW
CompareStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameW
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
ActivateActCtx
DeactivateActCtx
SetLastError
GlobalLock
lstrcmpW
GlobalAlloc
GetModuleHandleW
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
lstrlenA
WideCharToMultiByte
SetFileAttributesW
GetFileAttributesW
FormatMessageW
GetLastError
GetModuleFileNameA
CloseHandle
LocalFree
GetProcAddress
LoadLibraryW
FreeLibrary
Sleep
CopyFileW
WinExec
DeleteFileW
GetPrivateProfileStringW
InterlockedIncrement
MultiByteToWideChar
GetPrivateProfileIntW
GetLocalTime
FindResourceW
LoadResource
LockResource
SizeofResource

user32

SetClipboardData
OpenClipboard
GetIconInfo
HideCaret
InvertRect
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongW
DestroyAcceleratorTable
SetParent
UnpackDDElParam
ReuseDDElParam
LoadImageW
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
PostThreadMessageW
UnregisterClassW
DestroyIcon
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsZoomed
GetAsyncKeyState
NotifyWinEvent
SetWindowRgn
GetNextDlgGroupItem
InvalidateRgn
IntersectRect
IsRectEmpty
CopyAcceleratorTableW
OffsetRect
CharNextW
SetRect
MessageBeep
IsClipboardFormatAvailable
CopyImage
KillTimer
SetTimer
RealChildWindowFromPoint
GetSysColorBrush
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
DeleteMenu
WaitMessage
ReleaseCapture
LoadCursorW
WindowFromPoint
SetCapture
RegisterClipboardFormatW
CharUpperW
LoadMenuW
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
InvalidateRect
DrawStateW
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
SetMenuItemBitmaps
CloseClipboard
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetCursorPos
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetMenuState
GetMenuStringW
InsertMenuW
RemoveMenu
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
FindWindowW
GetLastActivePopup
IsIconic
SetForegroundWindow
LoadIconW
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
FrameRect
CopyIcon
CharUpperBuffW
GetKeyNameTextW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
GetUpdateRect
GetDoubleClickTime
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
IsCharLowerW
MapVirtualKeyExW
SubtractRect
DestroyCursor
GetWindowRgn
GetMenuCheckMarkDimensions
GetSystemMenu
AppendMenuW
SendMessageW
GetClientRect
GetSystemMetrics
DrawIcon
CopyRect
EnableWindow
MessageBoxW
PostMessageW
PostQuitMessage
GetWindow
PtInRect
SetWindowPos
SetWindowLongW
GetWindowLongW
GetMenu
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
GetWindowPlacement
SetWindowPlacement
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
GetWindowRect
GetParent
AdjustWindowRectEx
GetSysColor
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
GetMenuItemCount
GetMenuItemID
GetSubMenu
UpdateWindow
ValidateRect
IsWindowVisible
RedrawWindow
ShowScrollBar
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
GetKeyState
TrackPopupMenu
EmptyClipboard

gdi32

GetBkColor
GetTextColor
GetRgnBox
SetRectRgn
CombineRgn
GetMapMode
PatBlt
CreateRoundRectRgn
CreateDIBSection
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
GetTextCharsetInfo
DPtoLP
EnumFontFamiliesW
GetTextMetricsW
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateDIBitmap
GetTextExtentPoint32W
CreateFontIndirectW
CreateHatchBrush
CreateSolidBrush
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreateBitmap
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
CreateFontW
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
GetDeviceCaps
GetObjectW
SetBkColor
SetTextColor
OffsetWindowOrgEx

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegCloseKey
RegQueryValueExW
RegSetValueExW
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
StartServiceA
ControlService
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
DragFinish
SHAppBarMessage
ShellExecuteW
DragQueryFileW
SHGetDesktopFolder

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathIsDirectoryW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathFileExistsW

ole32

OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
DoDragDrop
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleTranslateAccelerator
CoUninitialize
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
IsAccelerator
OleLockRunning
OleGetClipboard
CoGetClassObject
RevokeDragDrop
CoLockObjectExternal
StgOpenStorageOnILockBytes
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleRun
CoCreateInstance
CoInitialize
RegisterDragDrop

oleaut32

VariantInit
VariantCopy
VariantClear
SysAllocStringLen
VariantChangeType
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VarBstrFromDate
SysStringLen
SysFreeString
SysAllocStringByteLen
GetErrorInfo

oledlg

OleUIBusyW

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 453KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01d0bb854ed73c6a9f1602642bcff765

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 295KB - Virtual size: 295KB

.data Size: 26KB - Virtual size: 56KB

.rsrc Size: 453KB - Virtual size: 452KB

.reloc Size: 172KB - Virtual size: 171KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 295KB - Virtual size: 295KB

.data
Size: 26KB - Virtual size: 56KB

.rsrc
Size: 453KB - Virtual size: 452KB

.reloc
Size: 172KB - Virtual size: 171KB