2024-05-27_15c3c270daff091be7286e1579238c60_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-27_15c3c270daff091be7286e1579238c60_mafia
Size

9.1MB
MD5

15c3c270daff091be7286e1579238c60
SHA1

e059e4cf73330843e851cd975d57dc6323f9d04f
SHA256

345ebaf7fb148c9cc7c72eb9f9384140eb3f4b48a3cd9511b42d4625e6e2906f
SHA512

a5462d8dcd34458bad0fe4311e531fbb1a2a6be0e1be0d83ffcb87b8daaa4d1f1a190aa8a116c44946226c6ffea4f01dddd2825e4085911574e22142ce386415
SSDEEP

196608:iv6QzTEDaKPsFHYBoVVGUoIPozzfVmdy6NeVjPTv7BojDIg9Cbk/V8m2L2:S6QzTTKeHYBIkURPozzfVmdy6Nq7T4DR

Score

10^/10

Malware Config

Signatures

Detects binaries and memory artifacts referencing sandbox product IDs 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxProductID

Files

2024-05-27_15c3c270daff091be7286e1579238c60_mafia
.exe windows:5 windows x86 arch:x86

56b34a2d622e3dfafd2dfe5ffa9cc3fa

Code Sign

5f:17:40:27:13:17:6b:53:ba:c0:06:1f:ee:7c:b6:39
Certificate

Issuer

CN=All Picture Finder

Not Before

14/05/2016, 03:48

Not After

31/12/2039, 23:59

Subject

CN=All Picture Finder

e4:51:c7:4c:13:ff:7c:bf:f3:bf:bf:95:07:38:6f:93:e6:7d:95:17
Signer

Actual PE Digest

e4:51:c7:4c:13:ff:7c:bf:f3:bf:bf:95:07:38:6f:93:e6:7d:95:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\doc\CodeBase\PicSearcher\PicSearcher\Release\PicSearcher.pdb

Imports

winmm

timeGetTime

ws2_32

inet_ntoa
htons
getaddrinfo
freeaddrinfo
bind
WSAIoctl
select
__WSAFDIsSet
htonl
inet_addr
recv
send
setsockopt
ntohs
WSASetLastError
socket
WSAAsyncSelect
closesocket
connect
gethostbyname
getpeername
getsockname
WSAGetLastError
WSACleanup
gethostname
WSAStartup
ioctlsocket
getsockopt
shutdown

iphlpapi

GetAdaptersInfo

psapi

GetModuleFileNameExW

wininet

InternetGetCookieExA

dbghelp

MiniDumpWriteDump

user32

SystemParametersInfoW
ReleaseDC
GetDC
GetClipboardData
PostMessageW
KillTimer
CloseClipboard
PostThreadMessageW
EmptyClipboard
SetClipboardData
PostQuitMessage
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
GetDialogBaseUnits
SetTimer
SendMessageW
IsWindow
DestroyIcon
DrawIconEx
OpenClipboard
UnregisterClassW
MessageBoxW
DefWindowProcW
DestroyWindow
PeekMessageW
WaitForInputIdle
CreateWindowExW
BringWindowToTop
RegisterClassW
DdeFreeStringHandle
DdeUninitialize
DdeQueryStringW
DdeCreateDataHandle
DdeFreeDataHandle
DdeGetData
DdeGetLastError
DdeInitializeW
DdeDisconnect
DdeClientTransaction
DdeCreateStringHandleW
DdeNameService
DdeConnect
DdePostAdvise
MsgWaitForMultipleObjects
DispatchMessageW
GetWindow
GetWindowRect
SetWindowPos
ShowWindow
InvalidateRect
IsIconic
SetForegroundWindow
IsZoomed
GetWindowPlacement
GetSystemMetrics
DrawMenuBar
EnableMenuItem
GetSystemMenu
FlashWindowEx
SetLayeredWindowAttributes
SetWindowLongW
GetWindowLongW
MoveWindow
SetWindowTextW
CreateDialogIndirectParamW
SetWindowRgn
GetMessagePos
GetCursorPos
TranslateMessage
MapVirtualKeyW
VkKeyScanW
GetAsyncKeyState
GetKeyState
GetClientRect
GetFocus
SetFocus
EnableWindow
AnimateWindow
SetCapture
ReleaseCapture
SetCursorPos
GetScrollInfo
SetScrollInfo
EnableScrollBar
ScrollWindow
GetParent
WindowFromPoint
SetParent
RedrawWindow
UpdateWindow
MapWindowPoints
ScreenToClient
ClientToScreen
DeferWindowPos
IsDialogMessageW
IsWindowVisible
IsWindowEnabled
BeginDeferWindowPos
EndDeferWindowPos
GetMessageTime
GetActiveWindow
ChildWindowFromPointEx
RegisterHotKey
UnregisterHotKey
UnhookWindowsHookEx
CallNextHookEx
GetCapture
SetCursor
PtInRect
TrackPopupMenu
CallWindowProcW
FillRect
SetWindowsHookExW
GetUpdateRgn
GetMenuItemInfoW
GetMenuItemCount
GetSysColor
InflateRect
CreateDialogParamW
GetDlgItem
HideCaret
GetWindowTextLengthW
keybd_event
DrawTextW
DrawFocusRect
CopyRect
DrawStateW
OffsetRect
SetRectEmpty
GetIconInfo
CreateIconIndirect
LoadIconW
LoadBitmapW
LoadImageW
SetMenuItemInfoW
GetMenuState
DestroyMenu
GetSubMenu
AppendMenuW
CreateMenu
RemoveMenu
InsertMenuW
SetMenuInfo
InsertMenuItemW
CreatePopupMenu
ModifyMenuW
CheckMenuItem
CheckMenuRadioItem
GetMenuItemID
GetSysColorBrush
DrawFrameControl
SetRect
DrawEdge
GetClassInfoW
GetDoubleClickTime
DestroyCursor
LoadCursorW
SetMenu
RegisterWindowMessageW
GetProcessDefaultLayout
ChildWindowFromPoint
GetComboBoxInfo
SetActiveWindow
GetClipboardFormatNameW
RegisterClipboardFormatW
GetMessageW
ValidateRect
DestroyAcceleratorTable
CreateAcceleratorTableW
TranslateAcceleratorW
MessageBeep
GetClassNameW
GetWindowTextW
GetMonitorInfoW
EnumDisplayMonitors
MonitorFromPoint
MonitorFromWindow
ChangeDisplaySettingsExW
EnumDisplaySettingsW
BeginPaint
EndPaint
GetWindowDC
UnionRect
FindWindowExW
ShowCursor
AdjustWindowRectEx
IsClipboardFormatAvailable

ole32

CoTaskMemAlloc
OleSetClipboard
CoLockObjectExternal
OleIsCurrentClipboard
CoSetProxyBlanket
CoInitializeSecurity
OleRun
CoCreateInstance
OleUninitialize
OleInitialize
CoCreateGuid
CoUninitialize
CoInitialize
OleLockRunning
OleSetContainedObject
ReleaseStgMedium
RegisterDragDrop
OleGetClipboard
OleFlushClipboard
RevokeDragDrop
CoTaskMemFree

oleaut32

SystemTimeToVariantTime
SafeArrayDestroy
SafeArrayGetVartype
SafeArrayCreate
SysReAllocString
SafeArrayUnlock
SysStringLen
VarBstrFromCy
VariantTimeToSystemTime
SafeArrayLock
SafeArrayPtrOfIndex
VariantInit
SysFreeString
SysAllocString
VariantClear

kernel32

FileTimeToSystemTime
GetFileAttributesW
CreateEventW
SetEvent
ResetEvent
GetACP
HeapReAlloc
CreateFileA
GetFileSize
HeapCompact
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
SystemTimeToFileTime
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
OutputDebugStringW
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
GetVersionExW
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
ReadFile
FlushFileBuffers
HeapSize
LockFileEx
FindFirstFileW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
AreFileApisANSI
DeleteFileA
SetLastError
GetVersion
GetFileType
GetStdHandle
GlobalMemoryStatus
FlushConsoleInputBuffer
InterlockedIncrement
InterlockedExchange
EncodePointer
DecodePointer
lstrlenA
SetErrorMode
PeekNamedPipe
SetNamedPipeHandleState
GetExitCodeProcess
CreatePipe
ResumeThread
SetHandleInformation
ExpandEnvironmentStringsW
TlsFree
TlsSetValue
ExitProcess
TlsGetValue
TlsAlloc
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetThreadLocale
FindResourceW
GetEnvironmentVariableW
IsDebuggerPresent
VerifyVersionInfoW
VerSetConditionMask
GetCPInfo
IsValidCodePage
SizeofResource
LockResource
LoadResource
GetLongPathNameW
GetFileTime
GetTempFileNameW
MulDiv
GetCommandLineW
WriteConsoleA
FileTimeToLocalFileTime
FillConsoleOutputCharacterW
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
FreeConsole
ReadConsoleOutputCharacterA
AttachConsole
GlobalSize
FindClose
GetModuleHandleA
GetExitCodeThread
WaitForSingleObject
CreateThread
GetTickCount
GetTimeZoneInformation
GetSystemTime
HeapFree
GetProcessHeap
HeapAlloc
GetLastError
GetDriveTypeW
GetTempPathA
GetDiskFreeSpaceExW
GetFullPathNameW
GetFullPathNameA
SetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
LocalFree
GlobalUnlock
WriteFile
GlobalLock
GlobalFree
GlobalAlloc
LoadLibraryW
FreeLibrary
FormatMessageW
LocalAlloc
InterlockedDecrement
MoveFileW
CopyFileW
SetCurrentDirectoryW
Process32NextW
Process32FirstW
DuplicateHandle
CreateMutexW
GetUserDefaultUILanguage
SetUnhandledExceptionFilter
LoadLibraryExW
GetCurrentThreadId
CreateFileW
IsBadWritePtr
WaitForMultipleObjects
TerminateProcess
GetCurrentThread
SetThreadPriority
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTempPathW
GetWindowsDirectoryW
lstrlenW
lstrcatW
GetComputerNameW
lstrcmpW
CreateProcessW
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
Sleep
GetModuleFileNameW
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
OpenProcess
CloseHandle
GetModuleHandleW
LoadLibraryA
GetProcAddress
GetCurrentProcess
UnhandledExceptionFilter
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetCurrentDirectoryW
SetConsoleCtrlHandler
FindFirstFileExW
GetDriveTypeA
FindFirstFileExA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
WriteConsoleW
FindNextFileW
RaiseException
RtlUnwind
LCMapStringW
GetTimeFormatW
GetDateFormatW
ExitThread
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleCP
IsProcessorFeaturePresent
GetOEMCP
GetLocaleInfoA
EnumSystemLocalesA
GetStringTypeW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileInformationByHandle
SetEnvironmentVariableA
SetEnvironmentVariableW
CompareStringW
SleepEx
VerifyVersionInfoA
ExpandEnvironmentStringsA
QueryPerformanceFrequency
GetDiskFreeSpaceW

gdi32

GetSystemPaletteEntries
EnumFontFamiliesExW
SetAbortProc
StartDocW
EndDoc
StartPage
EndPage
DeleteEnhMetaFile
GetEnhMetaFileHeader
GetDIBColorTable
PlayEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileW
CloseEnhMetaFile
CreateDIBitmap
CreateDIBSection
GetCharABCWidthsW
MoveToEx
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
LineTo
PtInRegion
EqualRgn
GetRgnBox
RectInRegion
CreateRectRgnIndirect
CombineRgn
ExtCreatePen
CreateHatchBrush
StretchBlt
StretchDIBits
MaskBlt
ExtTextOutW
GetWorldTransform
GetObjectType
Ellipse
RoundRect
Rectangle
PolyPolygon
SetPolyFillMode
Polygon
Pie
Arc
GetBkColor
SelectClipRgn
SetWorldTransform
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
PolyBezier
SetPixel
GetPixel
ExtSelectClipRgn
SetStretchBltMode
ModifyWorldTransform
SetGraphicsMode
SetViewportOrgEx
SetROP2
Polyline
GetClipBox
SetLayout
GetLayout
CreateICW
CreatePatternBrush
ExtFloodFill
GetTextExtentPoint32W
CreateBitmap
CreatePen
CreateSolidBrush
SetTextColor
SetBkColor
SetBkMode
GetOutlineTextMetricsW
CreateFontIndirectW
ExcludeClipRect
CreateRectRgn
SetBrushOrgEx
GdiFlush
GetTextMetricsW
GetRegionData
ExtCreateRegion
OffsetRgn
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectW
DeleteDC
GetDeviceCaps
CreateCompatibleDC
CreateDCW
GetTextExtentExPointW

comdlg32

ChooseColorW
GetOpenFileNameW
PageSetupDlgW
PrintDlgW
ChooseFontW
CommDlgExtendedError
GetSaveFileNameW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

shell32

DragQueryFileW
ExtractIconW
ExtractIconExW
ShellExecuteExW
DragQueryPoint
DragAcceptFiles
Shell_NotifyIconW
SHFileOperationW
SHGetFileInfoW
SHGetMalloc
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
DragFinish

comctl32

ImageList_DragLeave
ImageList_DragEnter
ImageList_DragMove
ImageList_EndDrag
ImageList_BeginDrag
ImageList_SetDragCursorImage
ord16
ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_Remove
ImageList_Destroy
ImageList_Create
ImageList_Add
ImageList_Copy
ImageList_Replace
ord17
ImageList_GetImageCount
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Draw
ImageList_GetIconSize

advapi32

GetUserNameW
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW
RegCreateKeyExW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegSetValueExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
AddAccessDeniedAce
LookupAccountNameW
InitializeAcl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExW
RegCreateKeyW
RegEnumKeyW
GetFileSecurityW
SetFileSecurityW

shlwapi

SHAutoComplete
AssocQueryStringW
PathIsDirectoryW
PathFileExistsW

msimg32

GradientFill
AlphaBlend

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 346KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56b34a2d622e3dfafd2dfe5ffa9cc3fa

Code Sign

5f:17:40:27:13:17:6b:53:ba:c0:06:1f:ee:7c:b6:39Certificate

e4:51:c7:4c:13:ff:7c:bf:f3:bf:bf:95:07:38:6f:93:e6:7d:95:17Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

ws2_32

iphlpapi

psapi

wininet

dbghelp

user32

ole32

oleaut32

kernel32

gdi32

comdlg32

winspool.drv

shell32

comctl32

advapi32

shlwapi

msimg32

Sections

.text Size: 4.7MB - Virtual size: 4.7MB

.rdata Size: 2.4MB - Virtual size: 2.4MB

.data Size: 346KB - Virtual size: 552KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 502KB - Virtual size: 501KB

5f:17:40:27:13:17:6b:53:ba:c0:06:1f:ee:7c:b6:39
Certificate

e4:51:c7:4c:13:ff:7c:bf:f3:bf:bf:95:07:38:6f:93:e6:7d:95:17
Signer

.text
Size: 4.7MB - Virtual size: 4.7MB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 346KB - Virtual size: 552KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 502KB - Virtual size: 501KB