2024-05-30_ce407d91dd74df1b948f08cd7dc399d9_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-30_ce407d91dd74df1b948f08cd7dc399d9_mafia
Size

11.6MB
MD5

ce407d91dd74df1b948f08cd7dc399d9
SHA1

0f1a5c54c9c1704d356af265171519fffcd018b8
SHA256

7da2b88537247d3bd6c23f2af5e5a69c6cb123f023aa06840dc507be4c414a01
SHA512

9627874f8f6a6faf49bb53e48ef3891f050fe6b79e58e28c3a5b78fd16dcebfb3d565b729eb5fe21218f6a3b3d885ca490f65e38993c853b2dff697b2db0aa0a
SSDEEP

196608:DC2BsHU7k8l5lmFUsHPqdj72P0vNikKaLAAM7UMNdGy5FiIMGp67WrejzQO5GX7U:DP6Z4dn2CKaLAAeUMrGy5oIMGp67SCEw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-30_ce407d91dd74df1b948f08cd7dc399d9_mafia

Files

2024-05-30_ce407d91dd74df1b948f08cd7dc399d9_mafia
.exe windows:5 windows x86 arch:x86

5ed0c10cca34a00f50c733902a46765e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\data\Software.MFC\iSemestertreffenHelper\Ver32\iSemestertreffenHelper.pdb

Imports

fontsub

CreateFontPackage

kernel32

IsProcessorFeaturePresent
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
IsValidCodePage
GetLocaleInfoW
GetConsoleCP
HeapQueryInformation
CompareStringW
GetStringTypeW
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEnvironmentVariableA
GetDriveTypeW
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
FindFirstFileExA
SetConsoleCtrlHandler
GetProcessHeap
PeekNamedPipe
GetFileInformationByHandle
CreateThread
ExitThread
HeapReAlloc
HeapAlloc
GetStartupInfoW
HeapSetInformation
HeapFree
DecodePointer
EncodePointer
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathA
GetProfileIntA
GetNumberFormatA
GetOEMCP
LocalReAlloc
GlobalFlags
lstrcpyA
GetSystemDirectoryW
GetFileAttributesExA
GetFileSize
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiA
ReleaseActCtx
CreateActCtxW
GlobalFindAtomA
InitializeCriticalSectionAndSpinCount
lstrcmpW
lstrlenW
GetPrivateProfileIntA
ResumeThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
ActivateActCtx
DeactivateActCtx
lstrcmpA
InterlockedExchange
GetTempFileNameW
InterlockedExchangeAdd
SetVolumeLabelA
GetDriveTypeA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
GetDiskFreeSpaceExA
OutputDebugStringA
CreateEventA
DisableThreadLibraryCalls
EnumCalendarInfoA
FileTimeToDosDateTime
GetACP
GetCPInfo
GetDateFormatA
GetDiskFreeSpaceA
GetFullPathNameA
GetFullPathNameW
GetProfileStringA
GetStringTypeExA
GlobalHandle
LoadLibraryW
LocalFileTimeToFileTime
ResetEvent
SetErrorMode
SetEvent
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
RaiseException
RtlUnwind
UnhandledExceptionFilter
GetCommandLineA
GetLocaleInfoA
SetUnhandledExceptionFilter
SetStdHandle
DuplicateHandle
HeapSize
GetStartupInfoA
GetThreadLocale
LoadLibraryExA
VirtualQuery
LocalAlloc
VirtualAlloc
VirtualFree
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalSize
GlobalReAlloc
OpenProcess
MulDiv
CompareStringA
GetFileAttributesA
lstrcpynA
ExitProcess
GetVolumeInformationA
GetFileSizeEx
SetFilePointerEx
ReadFile
FindResourceA
FreeResource
GetCurrentProcess
CreateFileA
CreateProcessA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
IsDebuggerPresent
DebugBreak
GetLocalTime
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalAddAtomA
WritePrivateProfileStringA
MoveFileA
FlushConsoleInputBuffer
FindNextFileA
SetLastError
GetStdHandle
GetFileType
GetVersion
GetPrivateProfileStringA
GlobalMemoryStatus
GetSystemInfo
GetSystemTimeAsFileTime
FindNextFileW
GetCurrentDirectoryW
GetVersionExA
ReleaseSemaphore
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToLocalFileTime
TerminateProcess
GetExitCodeProcess
CreateProcessW
WaitForSingleObject
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetCurrentProcessId
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
CreateDirectoryW
DeleteFileW
MoveFileW
Sleep
CopyFileW
GetFileTime
SetFileTime
FileTimeToSystemTime
FindFirstFileW
FindFirstFileA
FindClose
GetTempPathW
SetFileAttributesW
GetFileAttributesW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FormatMessageA
LocalFree
SetFilePointer
SetEndOfFile
WriteFile
CreateFileW
GetCurrentThreadId
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenA
InterlockedDecrement
InterlockedIncrement
LoadResource
LockResource
SizeofResource
FindResourceW
WinExec
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeleteFileA
WideCharToMultiByte
MultiByteToWideChar
CopyFileA
GetCurrentThread
SetThreadPriority
GetLastError
CloseHandle
GetModuleFileNameA
GetWindowsDirectoryA
LCMapStringW

user32

InvertRect
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadImageA
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFocusRect
DrawFrameControl
DrawEdge
SetClassLongA
DestroyAcceleratorTable
SetParent
UnregisterClassA
CopyImage
GetMenuDefaultItem
SetMenuDefaultItem
GetMenuItemInfoA
CreatePopupMenu
IsMenu
DestroyMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
NotifyWinEvent
SetWindowRgn
GetSystemMenu
LoadMenuW
InflateRect
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IntersectRect
IsRectEmpty
CopyAcceleratorTableA
OffsetRect
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
RealChildWindowFromPoint
GetSysColorBrush
LoadCursorW
SetLayeredWindowAttributes
SystemParametersInfoA
SetRectEmpty
DeleteMenu
MapVirtualKeyA
GetKeyNameTextA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetPropA
GetPropA
RemovePropA
SetFocus
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
RedrawWindow
GetClassInfoExA
GetClassInfoA
HideCaret
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
DrawStateA
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
UnhookWindowsHookEx
ScreenToClient
ClientToScreen
PtInRect
SetWindowContextHelpId
SetWindowPos
RegisterWindowMessageA
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
CharUpperBuffA
CharLowerBuffA
CharUpperBuffW
CreateIcon
DestroyIcon
DrawIconEx
GetIconInfo
wvsprintfA
CharNextA
LoadStringA
GetKeyboardType
PostMessageA
GetWindowThreadProcessId
GetParent
GetWindow
LockWindowUpdate
GetWindowRect
IsZoomed
MonitorFromWindow
EnumDisplayMonitors
UnionRect
CopyRect
GetMonitorInfoA
SetRect
RegisterClipboardFormatA
LoadImageW
FrameRect
CopyIcon
PostThreadMessageA
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
GetDoubleClickTime
IsCharLowerA
MapVirtualKeyExA
SubtractRect
ShowScrollBar
SendMessageW
GetWindowTextLengthA
GetSysColor
EnumChildWindows
InvalidateRect
UpdateWindow
MapDialogRect
SetForegroundWindow
DestroyCursor
GetWindowRgn
RegisterClassA
KillTimer
BringWindowToTop
FillRect
SetTimer
GetMessageA
GetAsyncKeyState
GetFocus
GetDlgCtrlID
CreateWindowExA
LoadIconA
GetWindowTextA
GetWindowLongA
GetClassNameA
GetClipboardData
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
GetWindowTextW
SetWindowTextW
CharLowerA
CharUpperA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
CharToOemA
LoadIconW
EnableWindow
GetClientRect
IsIconic
DrawIcon
GetDC
ReleaseDC
GetCursor
LoadCursorA
SetCursor
SendMessageA
GetSystemMetrics
GetClassLongA

gdi32

SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetObjectType
GetWindowOrgEx
CreateHatchBrush
CopyMetaFileA
CreateRectRgnIndirect
EnumFontFamiliesA
GetBkColor
GetRgnBox
CreateRoundRectRgn
SetRectRgn
GetMapMode
DPtoLP
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
GetNearestPaletteIndex
OffsetRgn
Rectangle
ExtFloodFill
LPtoDP
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
SetPixelV
IntersectClipRect
MaskBlt
PatBlt
ExcludeClipRect
GetClipBox
GetTextCharsetInfo
SetMapMode
PlayEnhMetaFile
PolyBezierTo
RemoveFontResourceW
SetAbortProc
SetPolyFillMode
RestoreDC
SaveDC
AddFontResourceW
BeginPath
CloseEnhMetaFile
CloseFigure
CombineTransform
CopyEnhMetaFileA
CreateBitmap
CreateBrushIndirect
CreateDIBitmap
CreateEnhMetaFileA
CreateICA
CreatePalette
CreatePenIndirect
CreateScalableFontResourceW
DeleteEnhMetaFile
EndDoc
EndPage
EndPath
EnumEnhMetaFile
EnumFontFamiliesExA
EnumFontsA
ExtEscape
ExtTextOutA
FillPath
GdiFlush
GetBrushOrgEx
GetCharWidth32W
GetCharWidthW
GetCurrentPositionEx
GetDIBColorTable
GetEnhMetaFileBits
GetEnhMetaFileDescriptionA
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetFontData
GetFontLanguageInfo
GetGlyphIndicesA
GetGlyphIndicesW
GetGlyphOutlineW
GetKerningPairs
GetOutlineTextMetricsA
GetOutlineTextMetricsW
GetPaletteEntries
GetPixel
GetSystemPaletteEntries
GetTextFaceA
GetTextColor
SetBkColor
DeleteDC
DeleteObject
GetBitmapBits
BitBlt
GetObjectA
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
GetStockObject
GetTextMetricsA
GetTextExtentPoint32A
CreateFontIndirectA
CreateSolidBrush
GetTextExtentPointW
CreateHalftonePalette
StretchBlt
LineTo
MoveToEx
CreatePen
CombineRgn
CreateDIBSection
GetDIBits
RealizePalette
SelectPalette
UnrealizeObject
StrokePath
StrokeAndFillPath
StretchDIBits
StartPage
StartDocW
StartDocA
SetWinMetaFileBits
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetPaletteEntries
SetICMMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
GetWinMetaFileBits

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetOpenFileNameA
GetFileTitleA

winspool.drv

EnumPrintersA
DocumentPropertiesA
DeviceCapabilitiesA
ClosePrinter
ord203
OpenPrinterA
GetJobA
SetJobA
EnumPrintersW

advapi32

ReportEventA
RegisterEventSourceA
RegQueryValueA
RegEnumKeyA
DeregisterEventSource
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHFileOperationA
SHAppBarMessage
ShellExecuteA
DragQueryFileA
DragFinish
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW

ole32

CoRevokeClassObject
CoCreateGuid
CoInitialize
CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysStringLen
SysAllocStringByteLen
GetErrorInfo
VariantCopy
VariantCopyInd
VariantChangeType
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
SysReAllocStringLen
VariantClear
VariantInit
SysFreeString
SafeArrayDestroy

oledlg

ord8

gdiplus

GdipDrawImageI
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipCreateBitmapFromHBITMAP
GdipSetInterpolationMode
GdipCreateFromHDC
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipFree
GdipAlloc
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipFillRectangleI
GdipDrawImageRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDisposeImage
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdiplusStartup
GdiplusShutdown
GdipDrawString
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipSaveImageToFile

winmm

PlaySoundA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

accept
send
recv
select
__WSAFDIsSet
shutdown
listen
connect
WSASetLastError
htonl
htons
bind
ioctlsocket
setsockopt
closesocket
socket
gethostname
inet_addr
gethostbyname
WSAGetLastError
inet_ntoa
WSACleanup
WSAStartup
ntohl
ntohs
getsockopt

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 411KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ed0c10cca34a00f50c733902a46765e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

fontsub

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

winmm

version

ws2_32

oleacc

imm32

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

CODE Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 411KB - Virtual size: 1.8MB

DATA Size: 134KB - Virtual size: 134KB

BSS Size: 12KB - Virtual size: 12KB

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 439KB - Virtual size: 439KB

.text
Size: 4.4MB - Virtual size: 4.4MB

CODE
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 411KB - Virtual size: 1.8MB

DATA
Size: 134KB - Virtual size: 134KB

BSS
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 439KB - Virtual size: 439KB