2024-05-24_329019677b58b038cf1b5e17cc84765e_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-24_329019677b58b038cf1b5e17cc84765e_mafia
Size

7.0MB
MD5

329019677b58b038cf1b5e17cc84765e
SHA1

e7f14e5cb927cc6816b165c46fa5bb1d62674774
SHA256

1f43632b279238cda2e1b3e11062a58d048da363d5733aa7d5cac88a28d656dd
SHA512

281ca6a91ab8a98d9f3f55ed7cc5d10efb963addcab9b9dcdee8b12493f6d5929e84652fc996ddcaf7cbfb0722f9d89022a000e82d7437afab3f855bdcecff8f
SSDEEP

196608:CKrTB5iRdwODHGgu0ieLtW3OcsWzUaPc2:CKrT/ipDdurQW33sWK2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-24_329019677b58b038cf1b5e17cc84765e_mafia

Files

2024-05-24_329019677b58b038cf1b5e17cc84765e_mafia
.exe windows:5 windows x86 arch:x86

57731345187c32c8bcac242f4bb8a01d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\build2.8.9\Funshion\Rel\src\toolkits_publish\bin_inst\Release\Install.pdb

Imports

gdiplus

GdipGetFontStyle
GdipGetFontSize
GdipAddPathString
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePath
GdipCreatePath
GdipGetFamilyName
GdipGetFamily
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawString
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipGetPathWorldBounds
GdipCreateImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromFileICM
GdipDrawLine
GdipDeletePen
GdipCreatePen1
GdipSetTextRenderingHint
GdipResetClip
GdipEndContainer
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipBeginContainer2
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipDeleteGraphics
GdipDisposeImageAttributes
GdipReleaseDC
GdiplusShutdown
GdipSetClipRect
GdiplusStartup

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

ExitProcess
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetCurrentThreadId
GetCurrentProcessId
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedExchange
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetModuleHandleExA
WaitForSingleObject
SetEvent
ResetEvent
CreateEventW
CloseHandle
Sleep
CreateEventA
LoadLibraryW
GetProcAddress
FreeLibrary
CreateMutexW
GetLastError
GetModuleFileNameW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
TerminateProcess
lstrcmpW
GetSystemInfo
GetVersionExW
WideCharToMultiByte
CreateFileW
WriteFile
GetModuleHandleW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalMemoryStatusEx
Module32FirstW
GetStdHandle
FreeEnvironmentStringsW
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateProcessW
GetTempPathW
GetFileAttributesW
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
FindNextFileW
FindClose
CopyFileW
GetDriveTypeW
GetDiskFreeSpaceExW
GetSystemDirectoryW
GetLogicalDrives
MoveFileExW
DeleteFileW
CopyFileExW
GetCommandLineW
MoveFileW
GetSystemDefaultLangID
GetTickCount
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
GetProcessId
LocalFree
SetUnhandledExceptionFilter
IsDebuggerPresent
UnhandledExceptionFilter
CompareStringW
LCMapStringW
GetCPInfo
RtlUnwind
GetDateFormatW
GetTimeFormatW
CreateThread
ExitThread
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
GetStringTypeW
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
HeapSize
HeapReAlloc
HeapDestroy
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetCurrentProcess
CreateFileA
SetLastError
HeapCreate
Module32NextW
InitializeCriticalSectionAndSpinCount
RaiseException
IsProcessorFeaturePresent
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetFilePointer
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEndOfFile
ReadFile
SetEnvironmentVariableA
OutputDebugStringW
OpenEventA
ResumeThread
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
FormatMessageA
CreateDirectoryW
GetPrivateProfileIntW
lstrlenW
QueryPerformanceCounter

user32

FindWindowW
SystemParametersInfoW
SendMessageW
LoadIconW
SetCapture
ReleaseDC
PostQuitMessage
PeekMessageW
DispatchMessageW
DefWindowProcW
CreateWindowExW
UpdateLayeredWindow
GetWindowDC
GetWindowRect
SetWindowPos
GetWindowLongW
SetWindowLongW
MsgWaitForMultipleObjectsEx
ShowWindow
IsWindow
RegisterClassW
LoadCursorW
MessageBoxExW
MessageBoxW
wsprintfW
GetDC
DestroyWindow
SetTimer
UnregisterClassW
PostMessageW
KillTimer
WaitMessage
GetQueueStatus
TranslateMessage
RegisterClassExW
CallMsgFilterW

gdi32

CreateDIBSection
CreateCompatibleDC
DeleteObject
EnumFontFamiliesW
DeleteDC
SelectObject

advapi32

RegDeleteKeyW
RegSetValueExW
RegEnumValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHCreateDirectoryExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
ShellExecuteExW
SHChangeNotify
ord165
ShellExecuteW

ole32

CoInitialize
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoCreateGuid
CreateStreamOnHGlobal
CoUninitialize

wininet

InternetSetCookieW
InternetGetCookieW
InternetCloseHandle
InternetOpenUrlW
InternetGetCookieExW
InternetReadFile
HttpQueryInfoW
InternetGetConnectedState
InternetOpenA
InternetSetOptionA
HttpQueryInfoA

shlwapi

SHSetValueW
SHDeleteKeyW
PathRemoveExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW
PathRemoveBackslashW
PathCanonicalizeW
PathIsRootW
SHDeleteValueW
PathIsURLW
PathIsFileSpecW
SHGetValueW

urlmon

UrlMkGetSessionOption

Exports

Exports

??_B?1??get_instance@?$singleton@VCFpFunshionIni@@@serialization@boost@@CAAAVCFpFunshionIni@@XZ@51
??_B?1??get_instance@?$singleton@VCFpInstallAppMgr@@@serialization@boost@@CAAAVCFpInstallAppMgr@@XZ@51
??_B?1??get_instance@?$singleton@VCFpInstallPath@@@serialization@boost@@CAAAVCFpInstallPath@@XZ@51
??_B?1??get_instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@CAAAVCFpSysLanguage@@XZ@51
?get_instance@?$singleton@VCFpFunshionIni@@@serialization@boost@@CAAAVCFpFunshionIni@@XZ
?get_instance@?$singleton@VCFpInstallAppMgr@@@serialization@boost@@CAAAVCFpInstallAppMgr@@XZ
?get_instance@?$singleton@VCFpInstallPath@@@serialization@boost@@CAAAVCFpInstallPath@@XZ
?get_instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@CAAAVCFpSysLanguage@@XZ
?get_mutable_instance@?$singleton@VCFpFunshionIni@@@serialization@boost@@SAAAVCFpFunshionIni@@XZ
?get_mutable_instance@?$singleton@VCFpInstallAppMgr@@@serialization@boost@@SAAAVCFpInstallAppMgr@@XZ
?get_mutable_instance@?$singleton@VCFpInstallPath@@@serialization@boost@@SAAAVCFpInstallPath@@XZ
?get_mutable_instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@SAAAVCFpSysLanguage@@XZ
?instance@?$singleton@VCFpFunshionIni@@@serialization@boost@@0AAVCFpFunshionIni@@A
?instance@?$singleton@VCFpInstallAppMgr@@@serialization@boost@@0AAVCFpInstallAppMgr@@A
?instance@?$singleton@VCFpInstallPath@@@serialization@boost@@0AAVCFpInstallPath@@A
?instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@0AAVCFpSysLanguage@@A
?t@?1??get_instance@?$singleton@VCFpFunshionIni@@@serialization@boost@@CAAAVCFpFunshionIni@@XZ@4V?$singleton_wrapper@VCFpFunshionIni@@@detail@34@A
?t@?1??get_instance@?$singleton@VCFpInstallAppMgr@@@serialization@boost@@CAAAVCFpInstallAppMgr@@XZ@4V?$singleton_wrapper@VCFpInstallAppMgr@@@detail@34@A
?t@?1??get_instance@?$singleton@VCFpInstallPath@@@serialization@boost@@CAAAVCFpInstallPath@@XZ@4V?$singleton_wrapper@VCFpInstallPath@@@detail@34@A
?t@?1??get_instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@CAAAVCFpSysLanguage@@XZ@4V?$singleton_wrapper@VCFpSysLanguage@@@detail@34@A

Sections

.text
Size: 600KB - Virtual size: 599KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57731345187c32c8bcac242f4bb8a01d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

dbghelp

version

kernel32

user32

gdi32

advapi32

shell32

ole32

wininet

shlwapi

urlmon

Exports

Exports

Sections

.text Size: 600KB - Virtual size: 599KB

.rdata Size: 160KB - Virtual size: 159KB

.data Size: 30KB - Virtual size: 49KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 6.1MB - Virtual size: 6.1MB

.reloc Size: 75KB - Virtual size: 75KB

.text
Size: 600KB - Virtual size: 599KB

.rdata
Size: 160KB - Virtual size: 159KB

.data
Size: 30KB - Virtual size: 49KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 6.1MB - Virtual size: 6.1MB

.reloc
Size: 75KB - Virtual size: 75KB