2024-05-24_5297c9ac581242a1275496b3d9f4ca6a_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-24_5297c9ac581242a1275496b3d9f4ca6a_mafia
Size

1.4MB
MD5

5297c9ac581242a1275496b3d9f4ca6a
SHA1

21eec9d26e08cae188e9c8f6f0d48da695eaca77
SHA256

5d74eeb9dac0a203befc463c39014a7e7382b1793e735840a60074c4995e9db1
SHA512

d8f8e7dc33ce25451f4e2ecefc98a695e93a31cdc0d56179240e676af1ffb8ef256007c6459a2da650c5ba79af2ad4f865712050ef6a07b833ff3d316c0049d1
SSDEEP

24576:GE+GB3U10YwoZoHhdeCtF/5KLcqjpDqz7S+4LzIEc0+ltM+dgWS5ZZHEiQH:P33HACtx5KLcq1S7S5CTdHS35ENH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-24_5297c9ac581242a1275496b3d9f4ca6a_mafia

Files

2024-05-24_5297c9ac581242a1275496b3d9f4ca6a_mafia
.exe windows:5 windows x86 arch:x86

ee0a63a8c9d21ef130bf89e2d57c3004

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryA
LocalFree
FormatMessageA
SetCurrentDirectoryA
FileTimeToSystemTime
LocalFileTimeToFileTime
GetCurrentDirectoryA
CreatePipe
CreateProcessA
WaitForSingleObject
InterlockedDecrement
GetDiskFreeSpaceExA
GetModuleHandleA
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
FindNextFileA
FindClose
SetErrorMode
LoadLibraryA
GetProcAddress
FreeLibrary
ReadFile
GetFileSize
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
lstrlenA
ExpandEnvironmentStringsA
CreateMutexA
GetLastError
FindResourceA
SizeofResource
LoadResource
LockResource
lstrlenW
GetTempPathA
GetTempFileNameA
MoveFileA
CreateFileA
GetFileTime
SystemTimeToFileTime
SetFileTime
DeleteFileA
GetFileAttributesA
CopyFileA
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
InitializeCriticalSection
WriteFile
FlushFileBuffers
DeleteCriticalSection
FindFirstFileA
CreateDirectoryA
GetFullPathNameA
CloseHandle
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
lstrcpyW
DebugBreak
LoadLibraryExA
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetCurrentDirectoryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileW
SetStdHandle
SetHandleCount
HeapSize
GetTimeZoneInformation
HeapCreate
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
InterlockedIncrement
GetStringTypeW
InterlockedCompareExchange
InterlockedExchange
Sleep
EncodePointer
DecodePointer
GetTickCount
GetACP
FreeResource
GetFileType
DuplicateHandle
DosDateTimeToFileTime
MulDiv
SetLastError
SleepEx
PeekNamedPipe
WaitForMultipleObjects
GetStdHandle
GetModuleHandleW
ExitProcess
RaiseException
RtlUnwind
HeapFree
ExitThread
ResumeThread
CreateThread
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
HeapReAlloc
GetCurrentThreadId
FileTimeToLocalFileTime
GetFileInformationByHandle
GetDriveTypeA
FindFirstFileExA
GetModuleFileNameW
GetLocaleInfoW
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
FatalAppExitA
LoadLibraryW
UnhandledExceptionFilter
GetExitCodeProcess

user32

GetKeyState
GetDC
SetWindowPos
InvalidateRect
SetTimer
KillTimer
IsWindow
SetCapture
ReleaseCapture
PtInRect
ReleaseDC
DestroyWindow
SetFocus
GetFocus
CreateWindowExA
MapWindowPoints
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
GetWindow
GetCursorPos
GetParent
DispatchMessageA
TranslateMessage
GetMessageA
DefWindowProcA
ShowWindow
EnableWindow
CallWindowProcA
GetPropA
SetPropA
RegisterClassA
LoadCursorA
ScreenToClient
GetClassInfoExA
CharNextA
OffsetRect
InflateRect
SetCursor
wvsprintfA
IntersectRect
FillRect
DrawTextA
CharPrevA
SetRect
CreateCaret
HideCaret
ShowCaret
SetCaretPos
ClientToScreen
GetSysColor
GetWindowTextA
GetWindowTextLengthA
SetWindowTextA
InvalidateRgn
MoveWindow
CreateAcceleratorTableA
WinHelpA
IsWindowVisible
GetMonitorInfoA
GetActiveWindow
MonitorFromWindow
SetWindowRgn
GetWindowRect
IsIconic
SetWindowLongA
GetWindowLongA
MessageBoxA
wsprintfA
GetClientRect
IsZoomed
PostQuitMessage
SystemParametersInfoA
LoadIconA
SendMessageA
RegisterClassExA
PostMessageA
EqualRect

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
SelectClipRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
CombineRgn
StretchBlt
CreateDIBSection
SetStretchBltMode
ExtTextOutA
SetBkColor
CreateSolidBrush
LineTo
MoveToEx
SaveDC
BitBlt
RestoreDC
Rectangle
SetWindowOrgEx
DeleteDC
CreatePen
CreateRoundRectRgn
DeleteObject
RoundRect
SetTextColor
SetBkMode
TextOutA
GetTextExtentPoint32A
GetCharABCWidthsA
GetDeviceCaps
SetViewportExtEx
SetMapMode
SetWindowExtEx
SetViewportOrgEx
GetStockObject
GetObjectA
CreateFontIndirectA
CreatePenIndirect
GetTextMetricsA
SelectObject

advapi32

RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
SHChangeNotify

ole32

CLSIDFromString
CLSIDFromProgID
CoInitialize
CoUninitialize
OleLockRunning
CreateBindCtx
MkParseDisplayName
StringFromCLSID
CoTaskMemFree
ProgIDFromCLSID
CoRevokeClassObject
CoRegisterClassObject
CreateOleAdviseHolder
OleRegGetUserType
CoTaskMemAlloc
StringFromIID
CoCreateInstance
CoLockObjectExternal

oleaut32

VariantInit
SysFreeString
SysStringByteLen
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayGetElement
VariantChangeType
SafeArrayGetDim
SystemTimeToVariantTime
SafeArrayCreate
SafeArrayDestroy
VariantCopy
SafeArrayAccessData
VariantTimeToSystemTime
SafeArrayCreateVector
VariantCopyInd
LHashValOfNameSys
LoadRegTypeLi
DispGetIDsOfNames
SysStringLen
UnRegisterTypeLi
GetActiveObject
LoadTypeLibEx
SysAllocStringLen
SysAllocString
VariantClear
SysAllocStringByteLen

wldap32

ord41
ord46
ord27
ord301
ord33
ord200
ord79
ord35
ord32
ord30
ord26
ord50
ord60
ord143
ord22
ord211

ws2_32

WSACleanup
inet_ntoa
WSAStartup
recv
setsockopt
gethostbyname
send
gethostname
ioctlsocket
select
__WSAFDIsSet
listen
accept
recvfrom
sendto
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
WSASetLastError
freeaddrinfo
getaddrinfo
WSAGetLastError

shlwapi

PathFindFileNameA
SHDeleteKeyA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdiplusStartup
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdiplusShutdown
GdipDeleteBrush
GdipFree

Sections

.text
Size: 975KB - Virtual size: 975KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ukavold
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ee0a63a8c9d21ef130bf89e2d57c3004

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wldap32

ws2_32

shlwapi

version

comctl32

gdiplus

Sections

.text Size: 975KB - Virtual size: 975KB

.rdata Size: 224KB - Virtual size: 224KB

.data Size: 17KB - Virtual size: 26KB

.rsrc Size: 170KB - Virtual size: 169KB

.reloc Size: 82KB - Virtual size: 83KB

ukavold Size: - Virtual size: 63KB

.text
Size: 975KB - Virtual size: 975KB

.rdata
Size: 224KB - Virtual size: 224KB

.data
Size: 17KB - Virtual size: 26KB

.rsrc
Size: 170KB - Virtual size: 169KB

.reloc
Size: 82KB - Virtual size: 83KB

ukavold
Size: - Virtual size: 63KB