2024-05-28_cc4f906e7c1fa1e32c6e3c01f266db29_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-28_cc4f906e7c1fa1e32c6e3c01f266db29_mafia
Size

16.0MB
MD5

cc4f906e7c1fa1e32c6e3c01f266db29
SHA1

847a2a8f204d762b86f9973f3e092b55d8a4c189
SHA256

30798cc5abf635b6094a1b8a4db717adee03d1db5ad60a38e9347a869a167474
SHA512

be30762410d05277fdef7a1cf54b6c79d2c56f624d177829dc6b834f8b3beec49606bdba577ea93a2dade4429a5bb11061ced6d9f01a35adc1e22dd4b9c38e26
SSDEEP

393216:f+WZtcPdXIU34wdWu1MKLIc3tv/DaooVBMGG+m1XpDjPeA:fCdT34wx15E2hefw+m1AA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-28_cc4f906e7c1fa1e32c6e3c01f266db29_mafia

Files

2024-05-28_cc4f906e7c1fa1e32c6e3c01f266db29_mafia
.exe windows:5 windows x86 arch:x86

3c6d4ea19784098796933b828f753098

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\svnwork\stormplayer\trunk\Setup\BF_NewInstall\src\BF_InstallEngine\bin\Release\B5_Install.pdb

Imports

kernel32

CreateSemaphoreW
CreateEventW
CreateProcessW
FindResourceW
SizeofResource
LoadResource
LockResource
SetErrorMode
GetLocalTime
FindResourceExW
lstrcpynW
GetFileAttributesW
lstrcatW
lstrcmpiW
HeapAlloc
GetProcessHeap
GetModuleHandleA
HeapFree
MoveFileExW
GetPrivateProfileStringW
WritePrivateProfileStringW
FlushInstructionCache
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetLastError
InitializeCriticalSectionAndSpinCount
RaiseException
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
GlobalFree
TerminateThread
CreateMutexW
OpenMutexW
GetDiskFreeSpaceExW
CopyFileW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
ResetEvent
ReleaseSemaphore
InitializeCriticalSection
SetEvent
WaitForSingleObject
VirtualAlloc
VirtualFree
SystemTimeToFileTime
GetSystemTime
FileTimeToDosDateTime
GlobalMemoryStatus
GetModuleHandleW
GetSystemInfo
FileTimeToSystemTime
SetEndOfFile
SetFilePointer
GetFileSize
FindNextFileW
FindFirstFileW
FindClose
GetTempFileNameW
GetTempPathW
SearchPathW
GetCurrentDirectoryW
WriteConsoleW
SetStdHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FlushFileBuffers
GetConsoleCP
RtlUnwind
GetFileType
SetHandleCount
Sleep
HeapCreate
GetLocaleInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
lstrlenW
GetFullPathNameW
DeleteFileW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
SetFileAttributesW
SetFileTime
CreateFileW
GetWindowsDirectoryW
LocalFree
FormatMessageW
GetModuleFileNameW
LoadLibraryW
LoadLibraryExW
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
SetConsoleMode
GetConsoleMode
GetVersionExW
GetCommandLineW
SetFileApisToOEM
CompareFileTime
SetCurrentDirectoryW
GetProcAddress
FileTimeToLocalFileTime
GetCurrentProcess
GetProcessTimes
GetTickCount
OpenEventW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CloseHandle
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
WriteFile
GetStdHandle
GetStartupInfoW
HeapSetInformation
ExitProcess
CreateThread
ExitThread
EncodePointer
DecodePointer
InterlockedPopEntrySList
GetLastError
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GlobalReAlloc
lstrcmpiA
lstrcpyW
ReadFile
DeleteCriticalSection

user32

wsprintfW
DefWindowProcW
SetWindowLongW
GetWindowLongW
CallWindowProcW
RegisterClassExW
LoadCursorW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
UnregisterClassA
IsWindowEnabled
TrackMouseEvent
EnableWindow
CharUpperA
PostQuitMessage
EndDialog
DialogBoxParamW
DrawIconEx
GetWindowThreadProcessId
MapWindowPoints
IsIconic
IsDialogMessageW
SetForegroundWindow
SetRect
EqualRect
ShowWindow
IsRectEmpty
SetMenuItemInfoW
RemoveMenu
GetMenuState
SetMenuInfo
GetMenuInfo
GetClassNameA
CallNextHookEx
GetCursorPos
SetWindowsHookExW
SetPropA
SetClassLongW
GetClassLongW
IsWindowVisible
UnhookWindowsHookEx
GetMenuItemInfoW
OffsetRect
CopyRect
InflateRect
SetWindowTextA
FindWindowA
GetWindowDC
GetMenuItemCount
GetSystemMetrics
SystemParametersInfoW
GetMonitorInfoW
MonitorFromWindow
CharNextA
CharLowerW
CharUpperW
SetCursor
SetWindowRgn
UnregisterHotKey
RegisterHotKey
LoadIconW
IsZoomed
GetWindowRect
KillTimer
SetTimer
EnableMenuItem
GetSystemMenu
SendMessageTimeoutW
FindWindowW
PostMessageW
FindWindowExW
MessageBoxW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
GetDlgItem
SendMessageW
IsWindow
GetClassNameW
GetSysColor
CharNextW
SetWindowPos
RedrawWindow
GetClassInfoExW
CreateWindowExW
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
SetRectEmpty
PtInRect
GetPropA
UpdateWindow
SetParent
DrawTextW

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
GetStockObject
DeleteObject
SetBkColor
ExtTextOutW
CreatePen
CreateFontIndirectW
SetBkMode
SetTextColor
GetClipBox
ExcludeClipRect
Rectangle
StretchBlt
GetPixel
CreateFontW
GetRgnBox
RoundRect
GetTextExtentPoint32W
Ellipse
CreateDCW
SelectPalette
RealizePalette
GetDIBits
CreateDIBitmap
CreateDIBSection
ExtCreateRegion
CombineRgn
BitBlt
GetDeviceCaps
GetObjectW
CreateSolidBrush

advapi32

RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
GetUserNameW
BuildExplicitAccessWithNameW
DeleteAce
GetExplicitEntriesFromAclW
SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegOpenKeyW
SetFileSecurityW
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAccessAllowedAce
AddAce
EqualSid
GetAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityW
LookupAccountNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCreateKeyExW
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW
SHFileOperationW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

ole32

PropVariantClear
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemRealloc
CoInitialize

oleaut32

VariantClear
VariantCopy
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysStringLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysAllocString
VariantInit
VarUI4FromStr
SysFreeString

wininet

InternetGetConnectedState

sensapi

IsNetworkAlive

shlwapi

PathAppendW
SHStrDupW
StrCmpW
StrStrIW
SHDeleteValueW
SHDeleteKeyW
SHSetValueW
SHGetValueW
PathFileExistsW
StrChrIW
PathIsDirectoryW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

TransparentBlt

winhttp

WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpSetOption
WinHttpOpenRequest
WinHttpOpen
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpWriteData
WinHttpGetProxyForUrl

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

timeSetEvent
timeKillEvent

gdiplus

GdipCloneBrush
GdipGetImageWidth
GdipCreateSolidFill
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipAlloc
GdipReleaseDC
GdipFree
GdipFillRectangle
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectRect
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipLoadImageFromStream
GdipGetImageHeight
GdipLoadImageFromStreamICM
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipDeleteBrush
GdipSetPixelOffsetMode

Sections

.text
Size: 962KB - Virtual size: 961KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30.2MB - Virtual size: 30.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c6d4ea19784098796933b828f753098

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

sensapi

shlwapi

comctl32

msimg32

winhttp

wtsapi32

version

winmm

gdiplus

Sections

.text Size: 962KB - Virtual size: 961KB

.rdata Size: 187KB - Virtual size: 187KB

.data Size: 25KB - Virtual size: 43KB

.rsrc Size: 30.2MB - Virtual size: 30.2MB

.reloc Size: 151KB - Virtual size: 150KB

.text
Size: 962KB - Virtual size: 961KB

.rdata
Size: 187KB - Virtual size: 187KB

.data
Size: 25KB - Virtual size: 43KB

.rsrc
Size: 30.2MB - Virtual size: 30.2MB

.reloc
Size: 151KB - Virtual size: 150KB