D:\TFS_LINKURY\Protectium\Navigator\Release\Kakadu.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-24_0bd18d0feb05575aea3f2cc37765de50_mafia.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-05-24_0bd18d0feb05575aea3f2cc37765de50_mafia.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-05-24_0bd18d0feb05575aea3f2cc37765de50_mafia
-
Size
1.0MB
-
MD5
0bd18d0feb05575aea3f2cc37765de50
-
SHA1
bebd533e131dd281b364901391be8c34f8ef97a6
-
SHA256
f2895eab58afd48f71ef84aefecdc539f2aca675204ba4296ca66ed61895e093
-
SHA512
4e7466037e608856dd72e09fce18a38c5ab5a6117c472d306e134b41b870f43955655335a147be8e9c94a00a1115bb667924d32fe307c38805564d074bf8f61b
-
SSDEEP
24576:kO4cTBiyb5kaqxSf1bsLRm25W5vl8Uozo1v1Z32Wz7eC6YHnNRuc0:kG5kaqesLRm2w5vGUscv1p22eC6YHnD2
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-05-24_0bd18d0feb05575aea3f2cc37765de50_mafia
Files
-
2024-05-24_0bd18d0feb05575aea3f2cc37765de50_mafia.exe windows:5 windows x86 arch:x86
667b145d55830e4a9c81934c4178e5c1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
shlwapi
SHDeleteKeyA
PathIsDirectoryW
PathFileExistsW
version
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW
kernel32
DeleteFileA
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
WideCharToMultiByte
MultiByteToWideChar
SetLastError
CopyFileW
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
LoadLibraryW
FormatMessageW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
FlushFileBuffers
GetTempPathW
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetCurrentThreadId
DeleteCriticalSection
GetVersionExA
DeleteFileW
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
GetVersionExW
FindFirstFileW
FindFirstFileA
FindClose
FindNextFileA
FindNextFileW
GlobalFree
CreateProcessA
GetModuleFileNameW
GetModuleFileNameA
InterlockedExchange
CreateTimerQueueTimer
InterlockedExchangeAdd
CreateEventW
DeleteTimerQueueTimer
GetUserDefaultLangID
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
ExitThread
GetLocaleInfoW
GetFileType
GetStdHandle
SetHandleCount
InitializeCriticalSectionAndSpinCount
CopyFileA
GetLastError
SetThreadPriority
TerminateThread
LocalFree
GetCommandLineW
CloseHandle
OutputDebugStringA
WaitForSingleObject
Sleep
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
WriteConsoleW
CreateThread
ExitProcess
FileTimeToSystemTime
GetFileAttributesExW
GetProcessHeap
DecodePointer
EncodePointer
GetStringTypeW
GetDriveTypeW
FindFirstFileExW
GetDriveTypeA
FindFirstFileExA
GetTimeFormatA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
GetDateFormatA
GetCommandLineA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CompareStringW
LCMapStringW
RtlUnwind
GetCPInfo
RaiseException
GetStartupInfoW
HeapSetInformation
FileTimeToLocalFileTime
user32
SetForegroundWindow
PostThreadMessageW
GetMessageW
DispatchMessageW
ShowWindow
TranslateMessage
UnregisterClassW
DestroyWindow
DefWindowProcW
MessageBoxW
SetWindowLongW
GetWindowLongW
RegisterClassExW
GetClientRect
GetParent
PostMessageW
MoveWindow
GetSystemMetrics
CreateWindowExW
SystemParametersInfoW
GetClassInfoExW
LoadCursorW
SetWindowPos
GetWindowRect
advapi32
GetLengthSid
RegSetKeySecurity
FreeSid
RegEnumValueA
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
RegOpenKeyExA
SetSecurityDescriptorDacl
RegCreateKeyA
RegEnumKeyExA
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegQueryValueExA
RegSetValueExA
RegCloseKey
shell32
SHCreateDirectoryExA
SHCreateDirectoryExW
SHGetFolderPathA
SHChangeNotify
CommandLineToArgvW
ole32
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
OleSetContainedObject
CoCreateInstance
oleaut32
VariantInit
winhttp
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpCrackUrl
Sections
.text Size: 858KB - Virtual size: 857KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 118KB - Virtual size: 118KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ