2024-05-27_4c097db3aa3c3d236e50afcff85ac0b9_mafia_mirai

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-27_4c097db3aa3c3d236e50afcff85ac0b9_mafia_mirai
Size

19.0MB
MD5

4c097db3aa3c3d236e50afcff85ac0b9
SHA1

9375fe626057b279b40273659451caa62bd151dd
SHA256

f4883ce47c32bbb394bd4ee98918a2d137b5f3a7fb13e79e6cbaf18a169ef2ab
SHA512

34b6e24dbc29079f41a311715f7e617e2e2911d967610b38df8ffa15d6a7b0845f006f1e0f0272f1a9a6632cbb90ded47a343642d88074adc142ccdc828cb913
SSDEEP

393216:6LVaeIyIbVpM5/VDuF1juxq/pnJtJNv8V1+3:CbItVIVD+9uxsnJtJNv5

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-27_4c097db3aa3c3d236e50afcff85ac0b9_mafia_mirai

Files

2024-05-27_4c097db3aa3c3d236e50afcff85ac0b9_mafia_mirai
.exe windows:6 windows x86 arch:x86

b7ed8c660e4ca1446e9ef00b1e8f91c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

OpenProcessToken
GetTokenInformation
RegSetValueExA
EqualSid
RegQueryValueExA
LookupPrivilegeValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteValueA
AllocateAndInitializeSid
FreeSid
AdjustTokenPrivileges
RegCloseKey

kernel32

GetPrivateProfileIntA
GetFileAttributesA
IsDBCSLeadByte
GetSystemDirectoryA
GlobalUnlock
GetShortPathNameA
CreateDirectoryA
FindFirstFileA
GetLastError
GetProcAddress
RemoveDirectoryA
SetFileAttributesA
GlobalFree
FindClose
GetPrivateProfileStringA
LoadLibraryA
LocalAlloc
WritePrivateProfileStringA
GetModuleFileNameA
FindNextFileA
CompareStringA
_lopen
CloseHandle
LocalFree
DeleteFileA
ExitProcess
DosDateTimeToFileTime
CreateFileA
FindResourceA
GlobalAlloc
ExpandEnvironmentStringsA
LoadResource
WaitForSingleObject
SetEvent
GetModuleHandleW
FormatMessageA
SetFileTime
WriteFile
GetDriveTypeA
GetVolumeInformationA
TerminateThread
SizeofResource
CreateEventA
GetExitCodeProcess
CreateProcessA
ReadFile
_llseek
GetTempFileNameA
ResetEvent
LockResource
GetSystemInfo
LoadLibraryExA
CreateMutexA
GetCurrentDirectoryA
GetVersionExA
GetVersion
GetTempPathA
CreateThread
LocalFileTimeToFileTime
SetFilePointer
GetWindowsDirectoryA
lstrcmpA
_lclose
GlobalLock
GetCurrentProcess
FreeResource
FreeLibrary
Sleep
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
RtlUnwind
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
EnumResourceLanguagesA
MulDiv
GetDiskFreeSpaceA
SetCurrentDirectoryA

gdi32

GetDeviceCaps

user32

SetForegroundWindow
MsgWaitForMultipleObjects
SendDlgItemMessageA
GetWindowRect
GetDC
SetWindowLongA
MessageBoxA
GetWindowLongA
PeekMessageA
ReleaseDC
GetDlgItem
SetWindowPos
ShowWindow
DispatchMessageA
SetWindowTextA
EnableWindow
CallWindowProcA
DialogBoxIndirectParamA
GetDlgItemTextA
LoadStringA
MessageBeep
CharUpperA
CharNextA
ExitWindowsEx
CharPrevA
EndDialog
GetDesktopWindow
SetDlgItemTextA
SendMessageA
GetSystemMetrics

msvcrt

?terminate@@YAXXZ
_controlfp
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
memset
memcpy
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_errno
_vsnprintf
_acmdln

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18.9MB - Virtual size: 18.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7ed8c660e4ca1446e9ef00b1e8f91c3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

cabinet

version

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 1KB - Virtual size: 7KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 18.9MB - Virtual size: 18.9MB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 1KB - Virtual size: 7KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 18.9MB - Virtual size: 18.9MB

.reloc
Size: 4KB - Virtual size: 3KB