2024-05-28_caaee97dc58f77cea87632a46d1d23e7_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-28_caaee97dc58f77cea87632a46d1d23e7_mafia
Size

4.1MB
MD5

caaee97dc58f77cea87632a46d1d23e7
SHA1

fda56c9d3d923459c321ab0c6ecc428be85d2627
SHA256

cb9eaba95ad118a6a99158590d9559a45204e3e86c58b35b48968b65e295365d
SHA512

9275234b0cfd5ca3ef8e3cc3eeeb4d8d0c91aa1b2744b34ec17adfbe60545ee547b027fae6219678ae4d56f594e09e5f4fe28d10765f6a9e60cd35d0b8afd967
SSDEEP

49152:ycIU8YjZ4CPSW9ac37rcofSh53UCPSshFhDT5u2TyFicpsXfU3:BCY9VPSW99HshZHSOtTyFnsXf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-28_caaee97dc58f77cea87632a46d1d23e7_mafia

Files

2024-05-28_caaee97dc58f77cea87632a46d1d23e7_mafia
.exe windows:5 windows x86 arch:x86

ae4b53e07663930ca9f766ef87d6b5c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\git_kcml\07.14.release.msc.x86.c\.debug\kclient.pdb

Imports

comctl32

ImageList_DrawEx
ImageList_GetImageCount
ImageList_Merge
ImageList_Add
CreatePropertySheetPageW
DestroyPropertySheetPage
ImageList_Draw
ImageList_GetIconSize
ImageList_DragShowNolock
ord16
ImageList_LoadImageW
ImageList_DragLeave
ImageList_EndDrag
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragMove
ord17
ImageList_DrawIndirect
ImageList_Remove
ImageList_GetIcon
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW
PropertySheetW

oleaut32

SysFreeString
SysAllocStringByteLen
VariantClear
SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantCopyInd
SysAllocStringLen
SysStringByteLen
VariantCopy
VariantChangeType
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VarUI4FromStr
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
SafeArrayCreate
SafeArrayPutElement

imm32

ImmGetContext
ImmReleaseContext
ImmGetConversionStatus
ImmGetOpenStatus
ImmSimulateHotKey
ImmSetConversionStatus
ImmNotifyIME

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeEndPeriod
timeKillEvent
timeSetEvent
timeBeginPeriod
timeGetDevCaps
PlaySoundW

kernel32

SystemTimeToFileTime
GetSystemTime
SetCommState
GetCommState
SetCommTimeouts
GetFileInformationByHandle
InterlockedDecrement
GetTempFileNameW
GetCurrentDirectoryW
GetFileSizeEx
DeleteCriticalSection
InterlockedIncrement
lstrlenA
GetUserDefaultLCID
IsDBCSLeadByteEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
FindAtomW
GetComputerNameW
RegisterWaitForSingleObject
OpenEventW
GetSystemTimeAsFileTime
HeapCreate
ExitProcess
SetFileTime
GetCPInfoExW
IsDebuggerPresent
DebugBreak
OutputDebugStringW
GetExitCodeProcess
GetDriveTypeW
VirtualQuery
GlobalHandle
GetVersion
GetSystemInfo
SetThreadAffinityMask
GetEnvironmentVariableW
SetEnvironmentVariableA
SetEndOfFile
CreateNamedPipeW
WaitNamedPipeW
GetComputerNameA
GetFileTime
DeviceIoControl
CreateDirectoryW
HeapDestroy
GetTempPathW
GetCurrentThread
SetThreadPriority
InitializeCriticalSection
ReleaseMutex
CreateMutexW
CompareFileTime
SetThreadLocale
MapViewOfFileEx
LocalReAlloc
GetPrivateProfileStringW
WaitForMultipleObjects
GetPrivateProfileIntW
SetEnvironmentVariableW
SetCurrentDirectoryW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
FindFirstChangeNotificationW
FindCloseChangeNotification
GetTimeZoneInformation
FindNextChangeNotification
InterlockedPopEntrySList
VirtualFree
InterlockedPushEntrySList
InterlockedCompareExchange
WriteConsoleW
CompareStringW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetDiskFreeSpaceW
SetLastError
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetTimeFormatW
GetLocalTime
GetTickCount
GetFileSize
RtlUnwind
GetStringTypeW
DecodePointer
EncodePointer
GetTimeFormatA
GetDateFormatA
VirtualAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetFileType
CreateFileA
WideCharToMultiByte
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsValidCodePage
LCMapStringW
MultiByteToWideChar
GetConsoleCP
GetConsoleMode
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
SetHandleCount
FlushFileBuffers
GetModuleFileNameA
QueryPerformanceCounter
InterlockedExchange
ReadProcessMemory
GlobalAddAtomW
GlobalDeleteAtom
GetLocaleInfoW
SetErrorMode
WriteFile
SetFilePointer
ReadFile
FindResourceExW
SizeofResource
UnmapViewOfFile
GetCurrentProcessId
CreateFileMappingW
MapViewOfFile
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
GlobalReAlloc
LocalAlloc
LocalLock
LocalUnlock
GetProfileStringW
CreateFileW
GetFileAttributesW
_lwrite
OpenFile
_llseek
_lclose
TlsFree
TlsAlloc
TlsGetValue
TlsSetValue
GetFullPathNameW
GetVersionExW
CreateProcessW
GetLastError
LocalFree
LoadLibraryExW
FindResourceW
LoadResource
LockResource
GlobalAlloc
GetModuleHandleW
GetOEMCP
GetACP
GetThreadLocale
GetCurrentThreadId
GetCommandLineW
DeleteFileW
CreateSemaphoreW
CloseHandle
CreateThread
ReleaseSemaphore
CreateEventW
ResetEvent
GetSystemDirectoryA
LoadLibraryA
WaitForSingleObject
SetEvent
Sleep
lstrcatW
GlobalFree
GlobalLock
MulDiv
GlobalUnlock
lstrcmpiW
WinExec
lstrcmpW
lstrcpynW
LoadLibraryW
GetProcAddress
lstrlenW
lstrcpyW
GetModuleFileNameW
FreeLibrary
FormatMessageW
GetTempFileNameA
SetStdHandle

user32

MapWindowPoints
MonitorFromWindow
IsMenu
IsCharAlphaNumericW
InsertMenuItemW
DestroyCursor
WindowFromDC
GetMenuItemID
IsDlgButtonChecked
CheckDlgButton
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DefFrameProcW
LoadStringW
DeleteMenu
EnumWindows
keybd_event
mouse_event
GetMenuItemRect
FindWindowExW
CharNextW
UpdateLayeredWindow
IsCharAlphaW
MonitorFromRect
LoadKeyboardLayoutW
DialogBoxParamW
DrawTextExW
RegisterWindowMessageW
CopyIcon
SetRectEmpty
TrackPopupMenuEx
SetWindowRgn
GetAsyncKeyState
GetKeyboardState
GetCursor
wsprintfA
DrawEdge
TabbedTextOutW
GetMenuState
SetDlgItemInt
GetDlgItemInt
GetDlgItemTextW
LoadBitmapW
SetScrollInfo
GetClassInfoExW
UnionRect
MonitorFromPoint
GetMonitorInfoW
GetClassInfoW
GetCapture
TrackMouseEvent
CreateIconFromResourceEx
GetIconInfo
CreateIconIndirect
InvalidateRect
WindowFromPoint
GetDoubleClickTime
SetPropW
RemovePropW
GetPropW
GetWindowThreadProcessId
SubtractRect
CreatePopupMenu
ChildWindowFromPoint
SetMenuDefaultItem
GetKeyNameTextW
LoadImageW
GetCursorPos
OffsetRect
IsRectEmpty
MapDialogRect
GetSysColorBrush
DrawStateW
GetMessagePos
PtInRect
GetMenuItemCount
TrackPopupMenu
SetParent
SetMenuItemInfoW
DrawMenuBar
UnregisterClassW
SetMenu
CreateMDIWindowW
ChildWindowFromPointEx
GetMessageTime
SetActiveWindow
GetMenuBarInfo
ScreenToClient
RedrawWindow
DrawIconEx
GetActiveWindow
GetWindowDC
ClientToScreen
SendInput
RemoveMenu
GetWindow
GetDlgCtrlID
DefMDIChildProcW
GetForegroundWindow
MsgWaitForMultipleObjects
BringWindowToTop
SetForegroundWindow
GetScrollInfo
CallWindowProcW
DdeEnableCallback
DdeGetData
GetDesktopWindow
DefDlgProcW
RegisterClipboardFormatW
LoadMenuW
DdeConnect
DdeInitializeW
DdeCreateDataHandle
DdeQueryStringW
DdeNameService
DdeGetLastError
DdeUninitialize
DdeDisconnect
DdeAccessData
DdeUnaccessData
DdeCreateStringHandleW
DdeFreeStringHandle
DdeClientTransaction
PeekMessageW
IsWindow
SetCursor
ShowCursor
EnumChildWindows
ScrollWindowEx
CreateCaret
SetClassLongW
IntersectRect
InvertRect
EqualRect
GetClipboardData
GetClassLongW
MoveWindow
CheckRadioButton
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
EnableWindow
SetClipboardViewer
GetClassNameW
FindWindowW
RegisterClassExW
AdjustWindowRectEx
DestroyIcon
CreateMenu
CreateWindowExW
GetMenuItemInfoW
VkKeyScanW
LoadCursorW
RegisterClassW
FillRect
InflateRect
FrameRect
DrawFrameControl
DrawTextW
DrawFocusRect
SetCapture
ReleaseCapture
GetSubMenu
ShowCaret
IsWindowVisible
ShowWindow
GetSystemMenu
SetCaretPos
GetMessageW
IsWindowEnabled
TranslateMessage
IsDialogMessageW
DispatchMessageW
SystemParametersInfoW
HideCaret
NotifyWinEvent
GetKeyState
MapVirtualKeyW
SetScrollRange
SetScrollPos
ShowScrollBar
SetWindowPlacement
GetKeyboardLayout
DrawIcon
ChangeClipboardChain
DestroyMenu
PostQuitMessage
WinHelpW
DestroyWindow
GetMenu
IsClipboardFormatAvailable
EnableMenuItem
CheckMenuItem
PostThreadMessageW
SendNotifyMessageW
EndDialog
GetDlgItem
GetWindowTextLengthW
SetFocus
GetWindowTextW
LoadIconW
GetFocus
MessageBeep
PostMessageW
KillTimer
SetTimer
GetWindowRect
GetParent
GetWindowPlacement
UpdateWindow
BeginPaint
GetClientRect
EndPaint
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetWindowLongW
DefWindowProcW
SetWindowPos
GetWindowLongW
SetRect
AdjustWindowRect
GetSystemMetrics
IsIconic
IsZoomed
CopyRect
wsprintfW
GetSysColor
GetDC
ReleaseDC
DialogBoxIndirectParamW
CreateDialogIndirectParamW
InsertMenuW
AppendMenuW
SendMessageW
SendDlgItemMessageW
SetDlgItemTextW
MessageBoxW
SetWindowTextW
DestroyCaret
UnregisterClassA

advapi32

RegQueryValueExW
CryptDestroyKey
RegSetValueExA
RegOpenCurrentUser
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
AddAccessAllowedAce
AddAccessDeniedAce
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
LookupAccountNameW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegOpenKeyW
InitializeAcl
RegGetKeySecurity
GetSecurityDescriptorDacl
GetAce
SetSecurityInfo
OpenProcessToken
GetTokenInformation
GetLengthSid
RegQueryInfoKeyW
GetUserNameW
CryptSignHashW
CryptHashData
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
CryptAcquireContextW
CryptReleaseContext
CryptImportKey
CryptCreateHash
CryptDestroyHash

gdi32

GetDIBits
AbortDoc
GetTextExtentPointW
SetAbortProc
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
GetCurrentPositionEx
GetTextExtentPoint32W
CreateDCW
GetCurrentObject
CreatePen
Polyline
PatBlt
BitBlt
ExcludeClipRect
Polygon
CreateDIBSection
GdiFlush
CreatePalette
GetPixel
SetDIBits
GetNearestPaletteIndex
StretchBlt
SetBrushOrgEx
GetBrushOrgEx
SetMetaFileBitsEx
DeleteMetaFile
GetSystemPaletteEntries
UnrealizeObject
SelectClipRgn
CreateRectRgn
SetViewportOrgEx
RestoreDC
PlayMetaFile
StartDocW
SetWindowExtEx
SetWindowOrgEx
SetMapMode
SaveDC
CombineRgn
GetClipRgn
GetViewportOrgEx
GetTextColor
GetCharWidthW
GetBkColor
GetCharWidth32W
EnumFontFamiliesW
CreateICW
TranslateCharsetInfo
Ellipse
GetObjectA
OffsetRgn
CreateRectRgnIndirect
FillRgn
ExtSelectClipRgn
GetNearestColor
LineTo
RoundRect
ExtCreatePen
SetDIBitsToDevice
DeleteObject
SetBkMode
SelectPalette
RealizePalette
SetStretchBltMode
StretchDIBits
SelectObject
GetTextFaceW
GetTextMetricsW
GetStockObject
GetObjectW
SetTextAlign
StartPage
MoveToEx
TextOutW
EndPage
GetDeviceCaps
EndDoc
AddFontResourceW
RemoveFontResourceW
ExtTextOutW
CreateSolidBrush
Rectangle
SetBkColor
SetViewportExtEx
CreateFontIndirectW
SetTextColor

ws2_32

shutdown
closesocket
connect
socket
WSAEventSelect
getsockname
getpeername
WSAResetEvent
WSAWaitForMultipleEvents
WSACreateEvent
WSAStartup
ntohl
gethostname
getsockopt
accept
bind
listen
WSASetEvent
WSAEnumNetworkEvents
ioctlsocket
inet_addr
getservbyname
WSACleanup
htons
recv
WSAGetLastError
select
send
setsockopt
ntohs
getservbyport
gethostbyaddr
htonl
inet_ntoa
gethostbyname
WSASetLastError

shell32

ShellExecuteA
Shell_NotifyIconW
SHGetSpecialFolderLocation
CommandLineToArgvW
SHGetFileInfoW
ExtractIconW
ExtractIconExW
DuplicateIcon
SHChangeNotify
SHFileOperationW
DragAcceptFiles
SHGetSpecialFolderPathW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
DragQueryFileW
DragQueryPoint
DragFinish
ShellExecuteW

winspool.drv

StartDocPrinterW
StartPagePrinter
WritePrinter
GetPrinterW
DocumentPropertiesW
OpenPrinterW
EndPagePrinter
EndDocPrinter
ClosePrinter

comdlg32

ChooseColorW
PrintDlgW
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
ChooseFontW
PageSetupDlgW

ole32

CoInitializeEx
OleInitialize
OleUninitialize
CoUninitialize
CLSIDFromString
CreateStreamOnHGlobal
CoSetProxyBlanket
CoInitializeSecurity
StringFromIID
CreateBindCtx
MkParseDisplayName
CLSIDFromProgID
DoDragDrop
CoTaskMemRealloc
StringFromCLSID
CoTaskMemFree
RegisterDragDrop
StgCreateStorageEx
ReleaseStgMedium
CoTaskMemAlloc
CoCreateGuid
CoCreateInstance
RevokeDragDrop
CoGetClassObject
StgCreateDocfile

gdiplus

GdipDeleteFont
GdipSetStringFormatHotkeyPrefix
GdipDrawString
GdipMeasureString
GdipDeleteStringFormat
GdipCreateFontFromLogfontA
GdipDisposeImage
GdipGetImageBounds
GdipCreateBitmapFromHICON
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipDrawImageI
GdipCloneImage
GdipSetLineBlend
GdipLoadImageFromFile
GdipCreateTexture
GdipCreateLineBrushFromRectWithAngleI
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipGetSmoothingMode
GdipDrawArcI
GdipFillPath
GdiplusShutdown
GdiplusStartup
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipCreateStringFormat
GdipDrawLinesI
GdipCloneRegion
GdipCombineRegionRectI
GdipDrawPath
GdipDrawLineI
GdipTranslateWorldTransform
GdipSetSmoothingMode
GdipCreatePen1
GdipCloneBrush
GdipRestoreGraphics
GdipSaveGraphics
GdipSetClipRegion
GdipSetClipRectI
GdipGetPenWidth
GdipCreateSolidFill
GdipDeletePen
GdipCreatePen2
GdipDeleteBrush
GdipAlloc
GdipCreateRegion
GdipGetClip
GdipFillRectangleI
GdipGetWorldTransform
GdipReleaseDC
GdipGetDC
GdipCreateFromHWND
GdipCreateFromHDC
GdipGetMatrixElements
GdipCreateMatrix
GdipFree
GdipIsEmptyRegion
GdipGetRegionHRgn
GdipDeleteRegion
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipDeleteMatrix
GdipCreateFontFromDC

secur32

GetUserNameExW

iphlpapi

NotifyAddrChange

oleacc

AccessibleObjectFromWindow
LresultFromObject

crypt32

CryptDecodeObjectEx
CertFreeCertificateContext
CertCreateCertificateContext
CertGetNameStringW

cryptui

CryptUIDlgViewCertificateW

msimg32

GradientFill

Exports

Exports

_KClient@16
_KClientLoadError@16
_KClientSnoop@8
_RegisterAboutControl@8
_RegisterOurDlgControl@8
_SetInternal@0

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

K_BSS
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 865KB - Virtual size: 865KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

K_DATA
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_text
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 816KB - Virtual size: 815KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae4b53e07663930ca9f766ef87d6b5c7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

oleaut32

imm32

version

winmm

kernel32

user32

advapi32

gdi32

ws2_32

shell32

winspool.drv

comdlg32

ole32

gdiplus

secur32

iphlpapi

oleacc

crypt32

cryptui

msimg32

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

K_BSS Size: - Virtual size: 42KB

.rdata Size: 865KB - Virtual size: 865KB

.data Size: 36KB - Virtual size: 44KB

K_DATA Size: 25KB - Virtual size: 25KB

_text Size: 512B - Virtual size: 1B

.rsrc Size: 816KB - Virtual size: 815KB

.reloc Size: 202KB - Virtual size: 201KB

.text
Size: 2.2MB - Virtual size: 2.2MB

K_BSS
Size: - Virtual size: 42KB

.rdata
Size: 865KB - Virtual size: 865KB

.data
Size: 36KB - Virtual size: 44KB

K_DATA
Size: 25KB - Virtual size: 25KB

_text
Size: 512B - Virtual size: 1B

.rsrc
Size: 816KB - Virtual size: 815KB

.reloc
Size: 202KB - Virtual size: 201KB