2024-05-24_b8c8bbe44933368a4e0a23c5f8ac584e_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-24_b8c8bbe44933368a4e0a23c5f8ac584e_mafia
Size

594KB
MD5

b8c8bbe44933368a4e0a23c5f8ac584e
SHA1

a42feb3326b9b6f75093aec5441b8e5499cfc9ba
SHA256

16a8b934e03e1cb27567fbde3493f993ed158cbaf2642b3df101fb1dd8190f0a
SHA512

37c8d27f21d2a53274ad890faa7045b19a2eb6f41eb9e91456f1441d18adfee74ac56f640c57f19d243e563649e4a63ca6e4c7120edaa3a8b0a4570e8c919d77
SSDEEP

12288:ZDy6Fa+ZTVdPwidyymSzCFKFmiAVGqNzWF9zTLGWVNFhzcC6OkK6BxJKtBt:Zta+ZTVbBGNz+ZF9cC6OkDBxJKt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-24_b8c8bbe44933368a4e0a23c5f8ac584e_mafia

Files

2024-05-24_b8c8bbe44933368a4e0a23c5f8ac584e_mafia
.exe windows:5 windows x86 arch:x86

40bc0670d2c2b1e753b99495358fb0d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\code\weasel\Release\WeaselServer.pdb

Imports

imm32

ImmDisableIME

usp10

ScriptStringFree
ScriptStringOut
ScriptStringAnalyse

rime

RimeConfigGetInt
RimeConfigGetString
RimeConfigGetBool
RimeGetCommit
RimeSchemaOpen
RimeGetOption
RimeFreeContext
RimeConfigBeginMap
RimeFreeStatus
RimeGetStatus
RimeSetOption
RimeSetProperty
RimeClearComposition
RimeCommitComposition
RimeProcessKey
RimeDestroySession
RimeCreateSession
RimeFindSession
RimeFinalize
RimeConfigClose
RimeConfigOpen
RimeStartMaintenance
RimeInitialize
RimeSetNotificationHandler
RimeSetup
RimeConfigNext
RimeConfigEnd
RimeGetContext
RimeFreeCommit

libglog

??0LogMessageVoidify@google@@QAE@XZ
??1LogMessage@google@@QAE@XZ
?stream@LogMessage@google@@QAEAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@XZ
??0LogMessage@google@@QAE@PBDHH@Z
??ILogMessageVoidify@google@@QAEXAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@@Z
??0LogMessage@google@@QAE@PBDH@Z

kernel32

UnhandledExceptionFilter
TerminateProcess
GetCurrentThread
TlsFree
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
lstrlenW
GetProcAddress
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
CreateDirectoryW
WideCharToMultiByte
CreateMutexW
CloseHandle
ExpandEnvironmentStringsW
GetModuleFileNameA
FindResourceA
LockResource
MulDiv
GetVersionExW
SetUnhandledExceptionFilter
GetCurrentProcess
FlushInstructionCache
SetLastError
GetSystemInfo
LocalFree
FormatMessageA
CreateFileMappingA
OpenFileMappingA
LoadLibraryW
GetFileSizeEx
UnmapViewOfFile
DuplicateHandle
MapViewOfFileEx
GetModuleHandleExW
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
InterlockedPopEntrySList
RtlUnwind
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetCommandLineW
IsDebuggerPresent
ExitProcess
HeapSetInformation
GetStartupInfoW
VirtualAlloc
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
WriteFile
GetStdHandle
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
FatalAppExitA
SetConsoleCtrlHandler
InterlockedExchange
LCMapStringW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
CreateFileW
FlushFileBuffers
InitializeCriticalSection
GetVersion

user32

SetWindowTextW
LoadCursorW
GetClassInfoExW
CallWindowProcW
EndPaint
BeginPaint
DrawIconEx
ShowWindow
GetClientRect
InflateRect
ReleaseDC
SetWindowPos
GetDC
PostQuitMessage
RedrawWindow
GetWindowLongW
SetWindowLongW
PeekMessageW
SetParent
SystemParametersInfoW
EnumChildWindows
FindWindowW
GetWindowRect
GetClassNameW
GetMenuItemID
PostMessageW
TrackPopupMenu
SetForegroundWindow
DispatchMessageW
TranslateMessage
SetActiveWindow
GetMessageW
GetCursorPos
SetMenuDefaultItem
DestroyMenu
GetSubMenu
LoadMenuW
LoadStringW
KillTimer
SendMessageW
DrawAnimatedRects
SetTimer
LoadIconW
DestroyIcon
LoadImageW
CreateWindowExW
RegisterClassExW
RegisterWindowMessageW
SetRect
OffsetRect
CopyRect
GetMonitorInfoW
MonitorFromRect
DefWindowProcW
DestroyWindow
CharNextW
IsWindow
UnregisterClassA

gdi32

CreateRectRgnIndirect
SetViewportOrgEx
CreatePen
CreateCompatibleDC
BitBlt
CreateSolidBrush
TextOutW
RoundRect
Rectangle
FillRgn
SetTextColor
SetBkMode
SetBkColor
GetTextExtentPoint32W
DeleteObject
CreateFontW
SelectObject
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC

advapi32

RegCreateKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
RegOpenKeyW
GetUserNameW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW

shell32

Shell_NotifyIconW
ShellExecuteW
SHAppBarMessage

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
VarUI4FromStr

comctl32

InitCommonControlsEx

winsparkle

win_sparkle_set_registry_path
win_sparkle_check_update_with_ui
win_sparkle_set_appcast_url
win_sparkle_cleanup
win_sparkle_init

Sections

.text
Size: 450KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40bc0670d2c2b1e753b99495358fb0d1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

usp10

rime

libglog

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

winsparkle

Sections

.text Size: 450KB - Virtual size: 449KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 13KB - Virtual size: 33KB

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 450KB - Virtual size: 449KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 13KB - Virtual size: 33KB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 21KB - Virtual size: 20KB