2024-05-24_4b7270092958f75ecb8fd7746fccee01_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-24_4b7270092958f75ecb8fd7746fccee01_mafia
Size

8.3MB
MD5

4b7270092958f75ecb8fd7746fccee01
SHA1

8f6c9fd8deb444de72bc9691c9e9e601532b5aa8
SHA256

2b6f2af11ceb966514a5db4e2ecf85919311117f038249e16fc3d2458e754cf8
SHA512

f4089a06a91897efb1bb61daf0407155b8fbaffbad4f268c923bffe7be05665396557ed1029e7382c2ee0adc37c41f6e7e7377d7eb04d4f2e5cd5bee56edeb4d
SSDEEP

196608:5fQGcwRkw9vECDpxk/rEouxUm6a6xGIeKb3:uGZZpxk/rEouxUm6a6xGIeKb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-24_4b7270092958f75ecb8fd7746fccee01_mafia

Files

2024-05-24_4b7270092958f75ecb8fd7746fccee01_mafia
.exe windows:5 windows x86 arch:x86

350a6532969319afe4f58e376f42012f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BUILD_1062455\BUILD\ENS_ResultsDir\BuildResults\Release32\setupEP.pdb

Imports

wintrust

WinVerifyTrust

kernel32

GetConsoleCP
GetConsoleMode
LCMapStringW
GetStringTypeW
GetTimeZoneInformation
GetLocaleInfoA
IsDebuggerPresent
IsValidLocale
WriteConsoleW
CreateFileA
GetProcessHeap
SetEnvironmentVariableA
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
GetDateFormatA
VirtualAlloc
GetSystemTimeAsFileTime
HeapQueryInformation
HeapSize
CreateThread
ExitThread
RtlUnwind
CreateDirectoryA
GetCPInfo
HeapReAlloc
EncodePointer
DecodePointer
HeapAlloc
HeapFree
IsValidCodePage
HeapSetInformation
GetCommandLineW
GetUserDefaultLCID
SearchPathW
GetProfileIntW
GetTickCount
GetNumberFormatW
GetWindowsDirectoryW
GetTempFileNameW
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
GetFileAttributesExW
SetErrorMode
GetCurrentDirectoryW
GetSystemDirectoryW
FindResourceExW
FileTimeToSystemTime
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedIncrement
GlobalFlags
WritePrivateProfileStringW
lstrcpyW
ConvertDefaultLocale
GetSystemDefaultUILanguage
LoadLibraryExW
GetFullPathNameW
GetOEMCP
GetACP
GetStartupInfoW
IsProcessorFeaturePresent
InterlockedCompareExchange
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiW
lstrlenA
lstrcmpA
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
InitializeCriticalSectionAndSpinCount
LoadLibraryW
VirtualProtect
SuspendThread
ResumeThread
CreateEventW
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
WideCharToMultiByte
GlobalSize
FormatMessageW
lstrlenW
GetCurrentProcessId
ActivateActCtx
DeactivateActCtx
SetLastError
GlobalLock
GlobalUnlock
RaiseException
LoadLibraryA
InterlockedExchange
FreeLibrary
LocalFree
LocalAlloc
GetVersion
GetDiskFreeSpaceExW
RemoveDirectoryW
lstrcmpW
GlobalFree
GlobalAlloc
CreateFileW
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
ExitProcess
GetCurrentThreadId
FindClose
FindNextFileW
FindFirstFileW
FindResourceW
LoadResource
LockResource
SizeofResource
GetTempPathW
CreateMutexW
GetLocalTime
GetDriveTypeW
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileStringW
GetPrivateProfileIntW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetLocaleInfoW
GetUserDefaultUILanguage
GetModuleHandleW
GetProcAddress
WaitForMultipleObjects
GetCurrentThread
SetThreadPriority
CopyFileW
CreateDirectoryW
SetEvent
ResetEvent
GetLastError
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetVersionExW
Sleep
MultiByteToWideChar
MulDiv
GetModuleFileNameW
GetTimeFormatA
EnumSystemLocalesA

user32

RegisterClipboardFormatW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetNextDlgGroupItem
LoadImageW
GetIconInfo
HideCaret
InvertRect
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongW
DestroyAcceleratorTable
SetParent
DestroyIcon
IsClipboardFormatAvailable
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
IsRectEmpty
IsZoomed
MessageBeep
ReleaseCapture
WindowFromPoint
SetCapture
SetWindowRgn
DeleteMenu
OffsetRect
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
UnregisterClassW
GetSysColorBrush
RealChildWindowFromPoint
ShowOwnedPopups
CharUpperW
NotifyWinEvent
DrawFocusRect
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InvalidateRect
IntersectRect
InflateRect
LoadMenuW
MapVirtualKeyW
GetKeyNameTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
CheckMenuItem
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
GetClassNameW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
FrameRect
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
CopyRect
GetWindowTextLengthW
GetWindowTextW
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
CheckDlgButton
SetPropW
GetCapture
SetActiveWindow
MapDialogRect
SetWindowPos
ShowWindow
GetPropW
RemovePropW
GetAsyncKeyState
GetFocus
SetFocus
PostMessageW
GetDlgItem
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
TranslateAcceleratorW
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
CopyIcon
CharUpperBuffW
PostThreadMessageW
WaitMessage
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
GetWindowRgn
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetWindowThreadProcessId
DrawIcon
DestroyCursor
SubtractRect
MapVirtualKeyExW
IsCharLowerW
GetDoubleClickTime
GetUpdateRect
GetTopWindow
GetLastActivePopup
IsWindowEnabled
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ExitWindowsEx
PostQuitMessage
KillTimer
PtInRect
IsWindowVisible
SetCursor
LoadCursorW
SetTimer
GetWindow
EnableMenuItem
GetSystemMenu
SetRect
EnableScrollBar
SetWindowLongW
GetWindowLongW
LoadIconW
IsWindow
FillRect
GetClientRect
GetSystemMetrics
IsIconic
SendMessageW
EnableWindow
GetWindowRect
GetParent
MessageBoxW
LoadBitmapW
ReleaseDC
GetDC
DrawStateW

gdi32

CreateHatchBrush
CopyMetaFileW
CreateDCW
CreateRectRgnIndirect
PatBlt
SetRectRgn
CombineRgn
DPtoLP
EnumFontFamiliesExW
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
CreatePolygonRgn
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
CreateSolidBrush
CreatePen
GetObjectType
SelectPalette
CreateBitmap
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetRgnBox
GetDeviceCaps
CreateRectRgn
SelectClipRgn
DeleteObject
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
BitBlt
SetLayout
CreateCompatibleBitmap
DeleteDC
CreateCompatibleDC
GetTextExtentPoint32W
GetTextMetricsW
SelectObject
GetStockObject
CreateFontIndirectW
GetObjectW
GetViewportExtEx

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
RegEnumValueW
RegDeleteValueW
RegQueryValueW
RegQueryValueExW
RegEnumKeyExW
FreeSid
EqualSid
AllocateAndInitializeSid

shell32

SHAppBarMessage
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ord165
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderLocation
DragQueryFileW
DragFinish
SHGetFolderPathW
SHGetMalloc

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW
PathAppendW
PathIsUNCW
PathIsRelativeW
PathFileExistsW
PathStripToRootW
PathFindExtensionW

ole32

RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
DoDragDrop
CoInitializeEx
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
VarBstrFromDate
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantChangeType
SysAllocStringLen
SysAllocString
VariantClear

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 768KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

350a6532969319afe4f58e376f42012f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wintrust

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

imm32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 365KB - Virtual size: 365KB

.data Size: 28KB - Virtual size: 59KB

.rsrc Size: 5.7MB - Virtual size: 5.7MB

.reloc Size: 768KB - Virtual size: 772KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 365KB - Virtual size: 365KB

.data
Size: 28KB - Virtual size: 59KB

.rsrc
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 768KB - Virtual size: 772KB