2024-05-25_8deb683bd2468d01555976f4a857d094_mafia_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-25_8deb683bd2468d01555976f4a857d094_mafia_revil
Size

43.5MB
MD5

8deb683bd2468d01555976f4a857d094
SHA1

768db1679fab44ca50ec52f76871dfa26dfc2767
SHA256

12908862fcca9e703e62b9cdcae541c9f100e17e37efb994808dff2646dcde9d
SHA512

d36433d709f345152ca620c15fa8d7c0bddf2517fc2b45ebc833e033399f3e3da8e80af0dc844b5da0f25c3a751098e37d5cce5137316e0525d9c46aba9aa4fb
SSDEEP

786432:suBEIITgyM2h80VhV3o+SN72/UvzgeTy1shLhed5fX+eoNDZCTXRHKii2Mqk:9EBNhV3o1N72/Uvzg2y12KfuemORi2MJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-25_8deb683bd2468d01555976f4a857d094_mafia_revil

Files

2024-05-25_8deb683bd2468d01555976f4a857d094_mafia_revil
.exe windows:5 windows x86 arch:x86

0d96bccf9a8346b90c3639fb88143deb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\jobs\CHANNEL_GEARUP\workspace\gearup-booster\install\install.pdb

Imports

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

InterlockedExchangeAdd
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetTimeZoneInformation
GetFullPathNameA
SetStdHandle
WriteConsoleW
GetStringTypeW
SetHandleCount
CreateThread
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentThreadId
GetModuleHandleA
GetVersion
GetFileAttributesA
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
TerminateThread
SetThreadPriority
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
QueryPerformanceCounter
GetSystemTimeAsFileTime
FileTimeToSystemTime
QueryPerformanceFrequency
FileTimeToLocalFileTime
HeapCreate
InterlockedExchange
IsValidCodePage
GetOEMCP
GetLocaleInfoW
GetSystemDirectoryW
IsProcessorFeaturePresent
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
SleepEx
GetCPInfo
SetConsoleMode
ReadConsoleInputA
GetFileInformationByHandle
FindFirstFileExA
GetDriveTypeA
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapAlloc
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapFree
ExitThread
DecodePointer
EncodePointer
InterlockedDecrement
PeekNamedPipe
InterlockedIncrement
RaiseException
ExpandEnvironmentStringsA
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
GetLocalTime
GlobalAlloc
SetLastError
FormatMessageA
GlobalLock
GlobalUnlock
GetFileSize
SetFileTime
DosDateTimeToFileTime
SystemTimeToFileTime
ReadFile
GetFileSizeEx
DuplicateHandle
GetFileType
SetFilePointer
FormatMessageW
LocalFree
GlobalMemoryStatus
LoadLibraryA
ExitProcess
GetACP
GetCurrentDirectoryW
FlushConsoleInputBuffer
GetCurrentProcessId
LoadLibraryW
FreeLibrary
MulDiv
GetDiskFreeSpaceExW
GetUserDefaultUILanguage
OpenMutexW
CreateMutexW
CreateFileW
WriteFile
CreateFileA
GetFileAttributesW
CreateProcessW
GetStdHandle
GetModuleFileNameA
GetVersionExW
GetModuleFileNameW
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
VerifyVersionInfoW
VerSetConditionMask
OutputDebugStringW
TerminateProcess
Sleep
Process32NextW
OpenProcess
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
WaitForMultipleObjects
FindClose
FindNextFileW
FindFirstFileW
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetTickCount
MoveFileExW
CopyFileW
WinExec
SetEnvironmentVariableA
GetExitCodeProcess
ResetEvent
InitializeCriticalSection
FreeResource
LockResource
SizeofResource
CreateEventW
WaitForSingleObject
SetEvent
GetProcAddress
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetLastError
LoadResource
FindResourceW
OutputDebugStringA
GetModuleHandleW
SetEndOfFile
GetProcessHeap
GetDriveTypeW
CompareStringW

ws2_32

socket
WSACleanup
WSAStartup
WSAIoctl
setsockopt
getsockname
select
getsockopt
getpeername
connect
sendto
recvfrom
__WSAFDIsSet
WSASetLastError
send
recv
WSASetEvent
WSAGetLastError
ioctlsocket
getaddrinfo
freeaddrinfo
ntohl
htons
bind
listen
htonl
gethostname
closesocket
ntohs
accept

wldap32

ord26
ord219
ord14
ord118
ord127
ord133
ord145
ord208
ord142
ord79
ord167
ord301
ord27
ord41
ord46
ord216
ord73
ord147

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CryptQueryObject
CertAddCertificateContextToStore
CertCreateCertificateChainEngine
CertGetNameStringW
CertFreeCertificateChainEngine
CertEnumCertificatesInStore
CertOpenStore
CryptStringToBinaryW
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore

user32

InvalidateRgn
CreateAcceleratorTableW
CloseWindow
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
MsgWaitForMultipleObjectsEx
PeekMessageW
CallMsgFilterW
GetQueueStatus
WaitMessage
UnregisterClassW
MoveWindow
GetWindowRgn
CharNextW
MessageBoxW
SetWindowRgn
wvsprintfW
SetCursor
OffsetRect
GetClassInfoExW
RegisterClassExW
LoadCursorW
RegisterClassW
SetPropW
GetPropW
CallWindowProcW
MonitorFromWindow
EnableWindow
ShowWindow
DefWindowProcW
GetMessageW
TranslateMessage
GetWindowTextW
SetWindowTextW
GetWindow
BeginPaint
IsRectEmpty
UpdateLayeredWindow
EndPaint
GetUpdateRect
MapWindowPoints
CreateWindowExW
SetFocus
GetFocus
DestroyWindow
SetWindowPos
PostMessageW
ReleaseCapture
SetCapture
InvalidateRect
GetWindowLongW
SetWindowLongW
GetDC
IsWindow
PostQuitMessage
KillTimer
SetTimer
PtInRect
LoadImageW
SendMessageW
IsZoomed
GetClientRect
ScreenToClient
ReleaseDC
EnumDisplaySettingsW
GetMonitorInfoW
EnumDisplayMonitors
GetCursorPos
GetKeyState
GetWindowRect
IsIconic
GetSysColor
SetCaretPos
GetParent
GetWindowTextLengthW
ShowCaret
HideCaret
CreateCaret
ClientToScreen
SetRect
CharPrevW
DrawTextW
FillRect
DispatchMessageW
IntersectRect

gdi32

GetObjectA
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
SetBkMode
SetTextColor
RoundRect
CreatePenIndirect
MoveToEx
LineTo
CreateSolidBrush
SetBkColor
ExtTextOutW
SetStretchBltMode
StretchBlt
CombineRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SelectClipRgn
CreateRectRgn
PtInRegion
CreateRoundRectRgn
CreateCompatibleDC
CreateDIBSection
SaveDC
BitBlt
RestoreDC
Rectangle
SetWindowOrgEx
DeleteDC
CreatePen
DeleteObject
GetStockObject
GetObjectW
CreateFontIndirectW
SelectObject
GetTextMetricsW
GetDeviceCaps
CreateDCW

advapi32

CryptHashData
RegCloseKey
RegQueryValueExW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
OpenServiceW
ControlService
CryptImportKey
DeleteService
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
DeregisterEventSource
ReportEventA
CryptEncrypt
CryptDestroyKey
CryptCreateHash
RegisterEventSourceA
RegOpenKeyExW
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetFolderPathW
SHGetSpecialFolderLocation
ShellExecuteW
SHGetPathFromIDListW
SHFileOperationW

ole32

CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance

shlwapi

PathFileExistsW

gdiplus

GdipCloneImage
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipSetImageAttributesColorMatrix
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdiplusStartup
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdipFree
GdipDeleteBrush
GdiplusShutdown

comctl32

ord17
_TrackMouseEvent

msimg32

AlphaBlend

winmm

timeGetTime

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55.5MB - Virtual size: 55.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d96bccf9a8346b90c3639fb88143deb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

version

kernel32

ws2_32

wldap32

crypt32

user32

gdi32

advapi32

shell32

ole32

shlwapi

gdiplus

comctl32

msimg32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 328KB - Virtual size: 327KB

.data Size: 21KB - Virtual size: 40KB

.rsrc Size: 55.5MB - Virtual size: 55.5MB

.reloc Size: 221KB - Virtual size: 220KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 328KB - Virtual size: 327KB

.data
Size: 21KB - Virtual size: 40KB

.rsrc
Size: 55.5MB - Virtual size: 55.5MB

.reloc
Size: 221KB - Virtual size: 220KB