2024-05-28_984b6ae442a54747746576d7a72ad111_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-28_984b6ae442a54747746576d7a72ad111_mafia
Size

858KB
MD5

984b6ae442a54747746576d7a72ad111
SHA1

3c1a02057b511bb73b61359ac627f3d3db3167b6
SHA256

36c3b56c23d44fd09bbcb7832e9131d3d9b8384fa7eef04eeb7797a60d45d044
SHA512

53f46737dacb7947a4b6d19233e64dbb9cd6fd807f4607d4ee366fd978c839771dff42f3029c0a9765521f789c71b632e9f3ab06bb2b6af7c3024dd83368988a
SSDEEP

12288:LlJFvJkBKzfusjOjCYFt7O3K86wRSG30dcGu6LwhaPXVA7Xwjkxqsli:LlNk/9o68v3XWLVFQAjkxqsli

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-28_984b6ae442a54747746576d7a72ad111_mafia

Files

2024-05-28_984b6ae442a54747746576d7a72ad111_mafia
.exe windows:5 windows x86 arch:x86

f854763ac39e1222d111c47251de8986

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files (x86)\Jenkins\jobs\1 CS Build Launcher (development)\workspace\output\Release\Launcher.pdb

Imports

kernel32

DeleteCriticalSection
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadLibraryExW
lstrcmpiW
GetProcAddress
lstrlenA
RaiseException
FlushInstructionCache
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
lstrcmpW
MulDiv
GlobalFree
GlobalHandle
lstrcpyW
FreeResource
GetPrivateProfileIntW
GetPrivateProfileStringW
GlobalDeleteAtom
GlobalGetAtomNameW
TerminateProcess
RemoveDirectoryW
GetProcessId
CreateDirectoryW
GlobalAddAtomW
WritePrivateProfileStringW
GetTempFileNameW
CreateEventW
InitializeCriticalSection
CreateSemaphoreW
ReleaseSemaphore
ExitProcess
LoadLibraryW
CreateThread
WaitForSingleObject
SetEvent
GetACP
HeapSize
HeapReAlloc
GetTimeZoneInformation
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
HeapCreate
FindResourceW
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
GetCPInfo
GetStdHandle
GetFileType
WriteConsoleW
GetDateFormatA
GetTimeFormatA
GetStartupInfoW
HeapSetInformation
GetSystemTimeAsFileTime
RtlUnwind
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
ReadFile
MoveFileW
WriteFile
FindFirstFileW
FindClose
LocalFree
GetCommandLineW
GetProcessAffinityMask
IsValidCodePage
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetCurrentProcessId
SetFilePointer
GetUserDefaultLCID
GetLocaleInfoA
GetOEMCP
LoadResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
SetLastError
CreateFileW
CloseHandle
EnumSystemLocalesA
IsValidLocale
GetLastError
GetSystemDirectoryW
Sleep
GetTickCount
GetVersionExW
GetTempPathW
DeleteFileW
GetCurrentThreadId
WideCharToMultiByte
TlsFree
lstrlenW
SetStdHandle
CreateFileA
SetEndOfFile
SetEnvironmentVariableA
CompareStringW

user32

UnregisterClassA
PtInRect
LoadIconW
IsWindow
GetWindowThreadProcessId
PostQuitMessage
GetSystemMetrics
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
PostMessageW
DialogBoxIndirectParamW
CallWindowProcW
InvalidateRgn
SetCapture
ReleaseCapture
ClientToScreen
CreateAcceleratorTableW
GetDC
ReleaseDC
GetDesktopWindow
GetParent
GetClassNameW
RedrawWindow
BeginPaint
FillRect
EndPaint
IsChild
SetFocus
GetFocus
GetSysColor
DestroyAcceleratorTable
DefWindowProcW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetWindowTextLengthW
GetWindowTextW
GetWindowLongW
SetWindowContextHelpId
MessageBoxW
GetDlgItem
SendDlgItemMessageW
SetActiveWindow
KillTimer
ShowWindow
ScreenToClient
GetClientRect
SetWindowPos
SetWindowTextW
SendMessageW
CreateWindowExW
SetWindowLongW
CharNextW
MapDialogRect
GetWindow
EndDialog
MoveWindow
DestroyWindow
wsprintfW
InvalidateRect
GetForegroundWindow

gdi32

GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateFontW

shell32

Shell_NotifyIconW
CommandLineToArgvW

ole32

CoReleaseServerProcess
CoAddRefServerProcess
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoInitialize
OleLockRunning
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateInstance
OleUninitialize
CoTaskMemFree

oleaut32

UnRegisterTypeLi
SafeArrayCreateVector
SysAllocString
SysStringLen
SysFreeString
VariantInit
VariantClear
VariantCopy
DispCallFunc
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
OleCreateFontIndirect
RegisterTypeLi

advapi32

RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW

shlwapi

PathFileExistsW

secur32

GetUserNameExW

winhttp

WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpSendRequest
WinHttpOpen
WinHttpSetOption
WinHttpCloseHandle

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 505KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f854763ac39e1222d111c47251de8986

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

shlwapi

secur32

winhttp

version

Sections

.text Size: 505KB - Virtual size: 505KB

.rdata Size: 95KB - Virtual size: 95KB

.data Size: 13KB - Virtual size: 22KB

.rsrc Size: 215KB - Virtual size: 214KB

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 505KB - Virtual size: 505KB

.rdata
Size: 95KB - Virtual size: 95KB

.data
Size: 13KB - Virtual size: 22KB

.rsrc
Size: 215KB - Virtual size: 214KB

.reloc
Size: 28KB - Virtual size: 28KB