2024-05-28_38ba0d783ef8f072fa5cd24439d3ed03_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-28_38ba0d783ef8f072fa5cd24439d3ed03_mafia
Size

569KB
MD5

38ba0d783ef8f072fa5cd24439d3ed03
SHA1

ea6bed6b8e9ac8a4bfe535c3b32bc79892ff5c4f
SHA256

34cb07f9445692617b129173f9a719887bc54af44f9f19c62d8bc474868f31f1
SHA512

cb1532544c036e3fa49a9723409ad93443331dd940534d81409266a9ad7e74a7fbcadfbf6c9b85aabe1d84f9083036c4503b8e97e5ddf636a9e76809bab752b5
SSDEEP

12288:8ZPxoSlBGQ5ojz5ZvXG45+ZdMpNHHqb8dorATb5jO5F0ppX:8UzQSjz5wvduNHHqbw31Ogpp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-28_38ba0d783ef8f072fa5cd24439d3ed03_mafia

Files

2024-05-28_38ba0d783ef8f072fa5cd24439d3ed03_mafia
.exe windows:5 windows x86 arch:x86

3937f4125e8b712e0491253905bc2ace

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

LZClose
LZOpenFileA
LZCopy

user32

KillTimer
GetClassInfoA
RegisterClassA
RegisterWindowMessageA
FindWindowA
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMDISysAccel
TranslateMessage
DispatchMessageA
SetParent
GetDialogBaseUnits
CharUpperA
WaitMessage
SetTimer
GetWindowPlacement
PostQuitMessage
GetSysColor
CopyRect
IntersectRect
GetKeyState
ScrollWindowEx
FlashWindow
SetPropA
CreateWindowExA
GetWindowDC
RemovePropA
GetDesktopWindow
SetRect
UpdateWindow
SetForegroundWindow
CharLowerA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
CallWindowProcA
BeginPaint
EndPaint
GetPropA
SetWindowTextA
SetWindowLongA
SetWindowPos
LoadImageA
ShowWindow
SetLayeredWindowAttributes
EnableWindow
InvalidateRect
GetWindowRect
SetRectEmpty
DrawEdge
InflateRect
DrawTextA
GetFocus
IsWindowVisible
SetFocus
GetWindowLongA
IsWindowEnabled
GetWindow
GetParent
LoadCursorA
SetCursor
DestroyIcon
GetDC
ReleaseDC
ScreenToClient
IsRectEmpty
GetClientRect
ClipCursor
ClientToScreen
IsWindow
GetClassNameA
SendMessageA
GetWindowTextLengthA
GetWindowTextA
MessageBoxA
CharNextA
wsprintfA

gdi32

MoveToEx
LineTo
Rectangle
CreatePatternBrush
CreateSolidBrush
CreateFontIndirectA
GetTextMetricsA
CreateRectRgnIndirect
SetBkColor
GetStockObject
GetTextExtentPoint32A
SetBkMode
SetTextColor
SetBrushOrgEx
PatBlt
StretchDIBits
CreateCompatibleDC
GetObjectA
SelectObject
StretchBlt
BitBlt
DeleteObject
CreatePen
CreateICA
GetDeviceCaps
DeleteDC

comctl32

FlatSB_SetScrollRange
ImageList_Duplicate
ImageList_GetIcon
_TrackMouseEvent
FlatSB_SetScrollPos
ImageList_Add
InitCommonControlsEx
FlatSB_SetScrollProp
InitializeFlatSB
FlatSB_GetScrollPos
FlatSB_GetScrollRange
ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon

advapi32

SetSecurityDescriptorDacl
GetUserNameA
InitializeSecurityDescriptor

shell32

ExtractIconA
ShellExecuteExA
DragAcceptFiles
DragQueryFileA
DragFinish
FindExecutableA
CommandLineToArgvW

mpr

WNetCloseEnum
WNetEnumResourceA
WNetOpenEnumA

odbc32

ord59
ord1
ord39
ord41
ord7
ord45
ord50
ord22
ord4
ord40
ord8
ord72
ord11
ord3
ord17
ord36
ord10
ord29
ord9
ord12
ord19
ord30
ord47
ord16
ord76
ord54
ord13
ord43
ord2
ord57
ord15
ord18
ord14

zkernel

?zDBGetPKkey@@YGFPAXPBDPAPAU_pkey_@@G@Z
?zGridBrowse@@YG_NPAUHWND__@@PAXPBD2222222222H2@Z
?zGridPrepare@@YGPAXPAUHWND__@@PBD@Z
?zGridExec@@YGPAXPAUHWND__@@PBD@Z
?zGridAggregate@@YGNPAUHWND__@@HPBD11_N@Z
?zGridPutLong@@YGXPAUHWND__@@JHJ@Z
?zDBError@@YGXPAX00PBD@Z
?zKernelInit@@YGXXZ
?zGridGetSuffix@@YGPBDPAUHWND__@@H@Z
?zGridGetPrefix@@YGPBDPAUHWND__@@H@Z
?zGridPutText@@YGXPAUHWND__@@JHPBD@Z
?zGridGetText@@YGPBDPAUHWND__@@JH_N@Z
?zGridGetCellRect@@YGXPAUHWND__@@JHPAUtagRECT@@@Z
?zDBExecScript@@YGHPAX0PBDFPAD@Z

wsock32

ioctlsocket

ole32

CreateStreamOnHGlobal
CoCreateGuid
StringFromGUID2

oleaut32

OleLoadPicture

shlwapi

StrStrIA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

msimg32

GradientFill

gdiplus

GdipDrawImageRectI
GdipDrawImageI
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipFree
GdipCloneImage
GdipLoadImageFromStreamICM
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStream
GdipAlloc

uxtheme

OpenThemeData
CloseThemeData
SetWindowTheme
DrawThemeBackground

crpe32

ord9
ord40
ord47
ord98
ord17
ord72
ord62
ord29
ord41
ord63
ord6
ord7
ord135
ord53
ord59
ord60
ord58
ord129
ord130
ord1000
ord1001
ord1002
ord1004
ord11
ord35
ord36
ord37
ord48
ord19
ord20
ord75
ord10

_dll

?OpenReport@@YA_NVxstring@@000AAVxcrpejob@@000FF@Z

_dll0

?ZeroContext@@YAHAAVzDB@@AAVcZero@@AAV?$xsharedmemory@VshMem@@@@@Z
?RunContatti@@YAXAAVzDB@@Vxstring@@1@Z
?Guid@@YA?AVxstring@@XZ
?SeekReport@@YA?AVxstring@@AAVzDB@@AAVcZero@@V1@2AAV1@AAH4@Z
?VirtuaWinCurrentDesktopNumber@@YAHXZ

kernel32

LockResource
FreeResource
GlobalAlloc
LoadResource
FindResourceA
Sleep
SizeofResource
CloseHandle
GetFileSize
WritePrivateProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
CopyFileA
CreateFileA
DeleteFileA
MoveFileExA
SetFileAttributesA
CreateDirectoryA
RemoveDirectoryA
FileTimeToSystemTime
SystemTimeToFileTime
LockFile
UnlockFile
GetDiskFreeSpaceExA
GlobalHandle
GlobalReAlloc
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetEnvironmentVariableA
GetProfileStringA
GetProfileIntA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetComputerNameA
GetCurrentDirectoryA
GetPrivateProfileStringA
FindClose
FindFirstFileA
GetDateFormatA
LocalFree
FormatMessageA
GetModuleHandleA
FlushFileBuffers
ReadFile
WriteFile
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
GetTempFileNameA
GetLastError
GetLocalTime
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
OpenEventA
CreateEventA
SetCurrentDirectoryA
GetShortPathNameA
FindNextFileA
SetFilePointer
GetUserDefaultLangID
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
GlobalSize
SetEvent
UnmapViewOfFile
LocalUnlock
LocalLock
LocalAlloc
RtlUnwind
RaiseException
GetCurrentDirectoryW
SetCurrentDirectoryW
InterlockedDecrement
InterlockedIncrement
HeapAlloc
EncodePointer
DecodePointer
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetEnvironmentVariableA
CompareStringW
CreateFileW
GetCPInfo
SetEndOfFile
WriteConsoleW
LoadLibraryW
SetStdHandle
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetCurrentProcess
GetProcessHeap
SetLastError
GetCurrentThreadId
HeapCreate
GetModuleFileNameW
GetStringTypeW
IsValidLocale
HeapFree
EnumSystemLocalesA
IsProcessorFeaturePresent
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
ExitProcess
GetTimeZoneInformation
LCMapStringW
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
LeaveCriticalSection
EnterCriticalSection

Sections

.text
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3937f4125e8b712e0491253905bc2ace

Headers

DLL Characteristics

File Characteristics

Imports

lz32

user32

gdi32

comctl32

advapi32

shell32

mpr

odbc32

zkernel

wsock32

ole32

oleaut32

shlwapi

winspool.drv

msimg32

gdiplus

uxtheme

crpe32

_dll

_dll0

kernel32

Sections

.text Size: 332KB - Virtual size: 332KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 9KB - Virtual size: 25KB

.rsrc Size: 111KB - Virtual size: 110KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 332KB - Virtual size: 332KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 9KB - Virtual size: 25KB

.rsrc
Size: 111KB - Virtual size: 110KB

.reloc
Size: 29KB - Virtual size: 29KB