2024-05-24_9d62eb986da8df016343349e91c1560d_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-24_9d62eb986da8df016343349e91c1560d_mafia
Size

416KB
MD5

9d62eb986da8df016343349e91c1560d
SHA1

6c083a2da8572c54b356fef7e989ede41ff7b632
SHA256

ad2597a5a5372771609739918e891e8f7bd4e421f362d9d535713a443892da73
SHA512

a73f23fa95cb9033845fb0efe101ff3da99fbd7ec65e33e871c7167abb8dbbb6de05e5b53e49f8543532f3b91e7b507af1cf4130660dcf42dcd2d9bebebc0ecb
SSDEEP

12288:jOGEiw9o4A2RtDiowd/d1aOKfsVVWlWOImTfGGInz/u:aG6o4A2rCaOKkVVWlKkfGFy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-24_9d62eb986da8df016343349e91c1560d_mafia

Files

2024-05-24_9d62eb986da8df016343349e91c1560d_mafia
.exe windows:5 windows x86 arch:x86

a00a6fca426a4097af75c0213eb8f66e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExW
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleExW
GetCurrentProcessId
WideCharToMultiByte
CreateProcessW
WaitForSingleObject
WTSGetActiveConsoleSessionId
CreateDirectoryW
LoadLibraryW
CreateMutexW
CreateFileW
GetVersionExW
GlobalFree
GetLocalTime
CreateFileA
DeleteFileA
OutputDebugStringA
Sleep
WriteFile
GetTickCount
FindClose
GetStdHandle
InterlockedPushEntrySList
HeapFree
GetTempPathW
LocalFree
InitializeCriticalSection
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
Process32NextW
OpenProcess
DeviceIoControl
GetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
HeapSize
HeapReAlloc
HeapCreate
GetLocaleInfoW
IsDebuggerPresent
CopyFileW
OutputDebugStringW
CreateToolhelp32Snapshot
GetProcessHeap
Process32FirstW
TerminateProcess
CloseHandle
VirtualQuery
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
SetLastError
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetProcAddress
lstrlenW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetModuleHandleW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
LCMapStringW
GetFileType
WriteConsoleW
FindFirstFileExW
InterlockedPopEntrySList
FindFirstFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
SetPriorityClass
MultiByteToWideChar
InterlockedExchange
GetStringTypeW
GetStartupInfoW
HeapSetInformation
GetCommandLineW
RtlUnwind
DecodePointer
EncodePointer
InterlockedCompareExchange

user32

GetWindowRect
GetWindow
GetParent
LoadImageW
GetSystemMetrics
wsprintfW
GetMonitorInfoW
MapWindowPoints
SetWindowPos
MoveWindow
GetWindowLongW
CallWindowProcW
EndPaint
BeginPaint
GetClientRect
GetWindowTextLengthW
GetWindowTextW
DefWindowProcW
PostQuitMessage
GetDlgItem
EnableWindow
IsDialogMessageW
CreateDialogParamW
UnregisterClassA
MessageBoxA
DestroyWindow
SendMessageW
TranslateMessage
GetMessageW
CharNextW
CreateWindowExW
MonitorFromWindow
SetWindowTextW
ShowWindow
SetWindowLongW
DispatchMessageW
PeekMessageW

gdi32

GetObjectA
DeleteObject
CreateFontW

advapi32

RegQueryValueExW
GetUserNameW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

ord155
ShellExecuteW
SHGetFolderLocation
SHGetPathFromIDListW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VarUI4FromStr
VariantInit
VariantClear

shlwapi

SHRegGetValueW
ord12

comctl32

InitCommonControlsEx

gdiplus

GdipAlloc
GdipFree
GdipDeleteBrush
GdiplusStartup
GdiplusShutdown
GdipDeleteGraphics
GdipDeleteRegion
GdipDeleteFont
GdipCreateSolidFill
GdipCloneImage
GdipDrawImageRectI
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStream
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipCreateRegionRect
GdipDrawString
GdipFillRegion
GdipReleaseDC
GdipCreateFromHDC

wtsapi32

WTSQueryUserToken
WTSQuerySessionInformationW
WTSFreeMemory

winhttp

WinHttpConnect
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpOpen
WinHttpCloseHandle
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData

psapi

GetModuleBaseNameA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 323KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a00a6fca426a4097af75c0213eb8f66e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

wtsapi32

winhttp

psapi

iphlpapi

Sections

.text Size: 323KB - Virtual size: 322KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 9KB - Virtual size: 21KB

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 44KB - Virtual size: 44KB

.text
Size: 323KB - Virtual size: 322KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 9KB - Virtual size: 21KB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 44KB - Virtual size: 44KB