2024-05-27_f3ee673f86e2e694a6fb5da1c003e524_mafia_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-27_f3ee673f86e2e694a6fb5da1c003e524_mafia_revil
Size

3.4MB
MD5

f3ee673f86e2e694a6fb5da1c003e524
SHA1

cca201abd94149973d3e4a7cacbeb404e2f9ad6b
SHA256

52529b4cc4f65ce2060b0c67d42b3a1d041c62851d5958231542b564ad5f6ebc
SHA512

29c5590d9f5eaa700e22a8ecde28cb2ec7d7126399d84d16ffc84157d1601eabc99915880ba5dfdf24a185d3107843009d49779100e4e5f11b0b6cf6f62cbc3b
SSDEEP

98304:GbWKy0Q45kXxL3ch6iq/4cQjU/P4/Hx2K4Ye+9pPjtSEYBx1:lC6YcQQow6e+9pPjtPW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-27_f3ee673f86e2e694a6fb5da1c003e524_mafia_revil

Files

2024-05-27_f3ee673f86e2e694a6fb5da1c003e524_mafia_revil
.exe windows:5 windows x86 arch:x86

9e7866aca35c19263306d6daa9c3e8ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\UDS_CLIENT_RELEASE\tool_project\UDSSyslog\Release\UDSSyslog.pdb

Imports

kernel32

WideCharToMultiByte
GetLastError
lstrlenA
GetExitCodeThread
WaitForSingleObject
Sleep
OpenProcess
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetCommandLineW
CreateMutexW
CloseHandle
DeleteFileW
CreateToolhelp32Snapshot
GetFileInformationByHandle
lstrlenW
GetDriveTypeA
GetEnvironmentVariableW
ReadConsoleW
ReadConsoleA
SetConsoleMode
LoadLibraryA
ConvertThreadToFiber
ConvertFiberToThread
GetVersion
GetModuleHandleExW
CreateFiber
SwitchToFiber
DeleteFiber
InterlockedExchangeAdd
InterlockedCompareExchange
FindResourceW
LoadResource
LockResource
SizeofResource
FindClose
FindFirstFileW
FindFirstFileExA
Process32FirstW
Process32NextW
WinExec
GetModuleFileNameW
GetModuleFileNameA
GetLocalTime
DeleteFileA
MoveFileA
GetCurrentProcessId
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
GetLogicalDrives
FreeLibrary
GetProcAddress
CreateFileW
CopyFileW
CreateDirectoryW
GetExitCodeProcess
ReadFile
PeekNamedPipe
GetTickCount
WriteFile
CreateProcessW
DuplicateHandle
GetCurrentProcess
CreatePipe
GetStartupInfoW
GetVersionExW
DeviceIoControl
GlobalFree
GlobalAlloc
HeapFree
HeapAlloc
GetProcessHeap
InterlockedDecrement
LocalFree
FormatMessageW
GetSystemInfo
WTSGetActiveConsoleSessionId
GetComputerNameW
LoadLibraryW
LoadLibraryExW
FindNextFileW
CreateFileA
GetComputerNameA
ResumeThread
SetEvent
MultiByteToWideChar
CreateEventW
SetLastError
SystemTimeToFileTime
GetSystemTime
MulDiv
GlobalUnlock
GlobalLock
GlobalSize
lstrcmpiW
DeactivateActCtx
ActivateActCtx
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
GetVolumeInformationW
GetFullPathNameW
SetThreadPriority
SuspendThread
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpA
InterlockedExchange
lstrcmpW
GetLocaleInfoW
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetCurrentThread
GlobalDeleteAtom
SetErrorMode
GetFileAttributesExW
GetFileAttributesW
GetFileSizeEx
GetFileTime
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GlobalAddAtomW
GlobalGetAtomNameW
InterlockedIncrement
CreateActCtxW
ReleaseActCtx
CompareStringW
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFindAtomW
FreeResource
GetCurrentDirectoryW
GlobalFlags
lstrcpyW
GetTempFileNameW
GetTempPathW
GetWindowsDirectoryW
GetNumberFormatW
InitializeCriticalSectionAndSpinCount
GetProfileIntW
SearchPathW
VirtualProtect
GetUserDefaultLCID
FindResourceExW
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
GetTimeFormatW
GetDateFormatW
ExitProcess
HeapSetInformation
RtlUnwind
RaiseException
GetCPInfo
HeapReAlloc
ExitThread
CreateThread
SetStdHandle
GetFileType
HeapSize
HeapQueryInformation
VirtualAlloc
VirtualQuery
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
LCMapStringW
SetEnvironmentVariableA
GetFullPathNameA
GetDriveTypeW
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA

user32

DestroyIcon
IsIconic
IntersectRect
InflateRect
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoW
SetRectEmpty
KillTimer
SetTimer
InvalidateRect
GetDesktopWindow
RealChildWindowFromPoint
DeleteMenu
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
CreateDialogIndirectParamW
GetMenuDefaultItem
InvertRect
SetActiveWindow
BeginDeferWindowPos
FindWindowA
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
GetMenuItemInfoW
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
HideCaret
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DestroyAcceleratorTable
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
CreatePopupMenu
WindowFromPoint
NotifyWinEvent
GetAsyncKeyState
SetClassLongW
LoadMenuW
GetSystemMenu
GetNextDlgTabItem
SetCapture
ReleaseCapture
MessageBeep
DrawStateW
DrawIconEx
DrawEdge
DrawFrameControl
SetWindowPos
GetWindow
UnhookWindowsHookEx
LoadCursorW
GetSysColorBrush
GetWindowTextLengthW
GetWindowTextW
ShowOwnedPopups
SetCursor
SetMenuItemBitmaps
DestroyMenu
IsRectEmpty
OffsetRect
IsZoomed
SetWindowRgn
RedrawWindow
MonitorFromWindow
SetParent
GetMenuItemID
AppendMenuW
EnableScrollBar
GetIconInfo
CopyImage
GetMenuStringW
GetMenuState
GetSystemMetrics
CharUpperW
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
PostQuitMessage
GetProcessWindowStation
GetUserObjectInformationW
PostMessageW
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetParent
SendMessageW
GetWindowThreadProcessId
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ScreenToClient
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
GetSysColor
CheckMenuItem
EnableMenuItem
LoadImageW
GetNextDlgGroupItem
TranslateAcceleratorW
InsertMenuItemW
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
DrawFocusRect
CopyAcceleratorTableW
ToUnicodeEx
MapVirtualKeyW
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
SetRect
SetCursorPos
BringWindowToTop
LockWindowUpdate
EndDialog
GetWindowRect
ReuseDDElParam
UnpackDDElParam
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UnionRect
UpdateLayeredWindow
IsMenu
CreateMenu
PostThreadMessageW
WaitMessage
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
CreateWindowExW

gdi32

SetPixelV
GetTextFaceW
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
EnumFontFamiliesExW
Rectangle
SetPixel
StretchBlt
SetDIBColorTable
GetRgnBox
OffsetRgn
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
Polygon
Ellipse
Polyline
CreateEllipticRgn
GetTextColor
GetBkColor
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
GetTextExtentPoint32W
DPtoLP
PatBlt
CombineRgn
SetRectRgn
GetTextCharsetInfo
GetTextMetricsW
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateFontIndirectW
CreateDIBitmap
CreateHatchBrush
CreateSolidBrush
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreateBitmap
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectW
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
GetDeviceCaps
EnumFontFamiliesW

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptDestroyKey
CryptEnumProvidersW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegisterEventSourceW
ReportEventW
DeregisterEventSource
OpenProcessToken
LookupAccountSidW
GetTokenInformation
RegEnumValueW
RegQueryValueW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
GetUserNameW
RegEnumKeyExW

shell32

SHBrowseForFolderW
SHAppBarMessage
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetFileInfoW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetPathFromIDListW

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathFileExistsW
PathRemoveFileSpecW

ole32

OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoCreateInstance
CoUninitialize
DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleCreateMenuDescriptor
CoInitializeEx
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
OleDestroyMenuDescriptor

oleaut32

VariantChangeType
VariantClear
SysAllocString
VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
VarBstrFromDate
VariantInit
SysStringLen
SysFreeString
SysAllocStringLen

winmm

PlaySoundW

ws2_32

inet_addr
WSACleanup
closesocket
recv
WSAGetLastError
__WSAFDIsSet
select
ioctlsocket
WSAStartup
freeaddrinfo
getaddrinfo
htons
setsockopt
socket
send
recvfrom
sendto
WSASocketW
inet_ntoa
WSASetLastError
connect

wevtapi

EvtQuery
EvtNext
EvtRender
EvtClose

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipGetImageGraphicsContext
GdipDrawImageI
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDisposeImage

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

crypt32

CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 714KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e7866aca35c19263306d6daa9c3e8ac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

winmm

ws2_32

wevtapi

wtsapi32

oleacc

gdiplus

imm32

crypt32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 714KB - Virtual size: 714KB

.data Size: 47KB - Virtual size: 92KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 251KB - Virtual size: 251KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 714KB - Virtual size: 714KB

.data
Size: 47KB - Virtual size: 92KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 251KB - Virtual size: 251KB