2024-05-23_08ae5ba6e0ecffe177743eccd82bb62e_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-23_08ae5ba6e0ecffe177743eccd82bb62e_mafia
Size

3.0MB
MD5

08ae5ba6e0ecffe177743eccd82bb62e
SHA1

6b4b3b2cf8324fad77689b63fc4dc3f81697802d
SHA256

f73582c18eddbbb8a6a01568af98a0b7535f7d9d88e6f92225f6fa6ba00ce40f
SHA512

e427af84a8353359dae6ca0c5cd27348c55dec8d9fa309b595ba2bbcc74da42980dc39256bb1c246181d8f21fbcb38f3b40c997976e60a0aa714dad31e5d6978
SSDEEP

49152:tv+sKwgM6rv/XKq2/w3Ot+xj3O6Epc9yZC99HBAHtF5hFwVAgXSgzFD:3Kwl6uq24etEN9hk3rwue

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-23_08ae5ba6e0ecffe177743eccd82bb62e_mafia

Files

2024-05-23_08ae5ba6e0ecffe177743eccd82bb62e_mafia
.exe windows:5 windows x86 arch:x86

8ea3ac4ad3525a588a10d2e3d5146694

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyW

kernel32

DeviceIoControl
MultiByteToWideChar
GetCurrentThread
GetSystemTime
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
SetFilePointer
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SetFileTime
WriteFile
FileTimeToSystemTime
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetTickCount
CreateFileW
GetFileTime
CreateEventW
ResetEvent
WaitForSingleObject
CloseHandle
GetBinaryTypeW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetEnvironmentVariableA
CompareStringW
GetComputerNameW
SetEndOfFile
WriteConsoleW
FlushFileBuffers
Sleep
GetCommandLineW
GetTempPathW
CreateDirectoryW
GetModuleHandleW
GetCurrentThreadId
GetModuleFileNameW
GetFileAttributesW
FindResourceW
SizeofResource
LoadResource
LockResource
LoadLibraryW
GetProcAddress
FreeLibrary
InterlockedDecrement
HeapCreate
TlsFree
TlsSetValue
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
FindFirstFileExW
FileTimeToLocalFileTime
HeapAlloc
GetProcessHeap
WideCharToMultiByte
HeapReAlloc
GetLocaleInfoW
GetCurrentProcessId
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetFileType
PeekNamedPipe
GetFullPathNameW
HeapSize
GetStdHandle
ExitProcess
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
HeapFree
IsValidCodePage
GetOEMCP
GetACP
SetLastError
GetModuleHandleA
GetVersion
GetLastError
OutputDebugStringA
IsDebuggerPresent
GetLogicalDriveStringsW
GetDriveTypeW
QueryDosDeviceW
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
SetFileAttributesW
CreateThread
LocalFree
InterlockedIncrement
GetStringTypeW
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
RaiseException
RtlUnwind

user32

EndDialog
SetWindowPos
SetWindowLongW
ScreenToClient
GetWindowRect
MoveWindow
ShowWindow
MessageBoxW
GetWindowThreadProcessId
GetForegroundWindow
GetClassNameW
GetWindow
GetDesktopWindow
SetForegroundWindow
GetSysColor
CallWindowProcW
SetCursor
LoadCursorW
GetSysColorBrush
EndPaint
DrawIconEx
FillRect
SetRect
BeginPaint
GetClientRect
TrackPopupMenu
GetCursorPos
AppendMenuW
wsprintfW
SetDlgItemTextW
LoadStringW
GetDlgItem
SendMessageW
CreatePopupMenu
PostMessageW
IsWindow
DialogBoxParamW
EnableWindow
SetWindowTextW
LoadImageW
DestroyIcon
GetFocus
SetFocus
GetDlgItemTextW
GetWindowLongW

advapi32

CryptDestroyHash
CryptEncrypt
CryptGetHashParam
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDeriveKey
RevertToSelf
CryptAcquireContextW
GetFileSecurityW
ImpersonateSelf
OpenThreadToken
MapGenericMask
AccessCheck

shell32

CommandLineToArgvW
ShellExecuteW

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CLSIDFromProgID
CoCreateInstance
CoInitialize
CoUninitialize
StgCreateStorageEx
StgOpenStorageEx

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantClear
VariantCopy
VariantInit
SysFreeString
SysAllocString

iphlpapi

GetAdaptersInfo

ws2_32

WSAStartup
WSACleanup
htonl
ntohl
htons
inet_addr
gethostbyname
socket
connect
send
recv
closesocket
select

wininet

InternetReadFile
HttpQueryInfoW
HttpSendRequestW
InternetConnectW
InternetOpenW
InternetCloseHandle
HttpOpenRequestW

gdi32

SelectObject
MoveToEx
LineTo
SetBkMode
SetTextColor
CreatePen
DeleteObject

Sections

.text
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ea3ac4ad3525a588a10d2e3d5146694

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

iphlpapi

ws2_32

wininet

gdi32

Sections

.text Size: 293KB - Virtual size: 293KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 11KB - Virtual size: 24KB

.rsrc Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 293KB - Virtual size: 293KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 11KB - Virtual size: 24KB

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 22KB - Virtual size: 22KB