D:\2019SRC\001.SVN\Live\src\LSAutoUpgrade\Shipping\autoupgrade.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-05-30_b9f9d7e68ddafbfe3a1e5621ff4fc8b2_mafia.exe
Resource
win7-20240508-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-05-30_b9f9d7e68ddafbfe3a1e5621ff4fc8b2_mafia.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
2024-05-30_b9f9d7e68ddafbfe3a1e5621ff4fc8b2_mafia
-
Size
12.0MB
-
MD5
b9f9d7e68ddafbfe3a1e5621ff4fc8b2
-
SHA1
e31ecde9c350050e32947d8e7d5c31a86cdabc23
-
SHA256
f57aa3c7dc727157c79c94728376e846283777d17efb9b1c802f32f7dec0bb4b
-
SHA512
573657e962907467c014f7748b51057319f2908b51d4eaa01661fc883ed5f45b6b2dc26f295272a5adbca102ebcc57cf258f5d4247777d58563b58ede83ef47f
-
SSDEEP
98304:inHM4p9MkUPpWdEoaqZypWqJqh/Q+3JUcC3Ea+qCPORnROeIKdJT9vinm7/7ZmN8:inHM4W2h/PU538ynceIKd/YULd
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-05-30_b9f9d7e68ddafbfe3a1e5621ff4fc8b2_mafia
Files
-
2024-05-30_b9f9d7e68ddafbfe3a1e5621ff4fc8b2_mafia.exe windows:5 windows x86 arch:x86
af82711e43ffc4e9a7310d0cd720a6ce
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ws2_32
closesocket
sendto
inet_addr
ntohs
socket
recvfrom
connect
recv
send
WSAAsyncSelect
WSAIoctl
htonl
htons
setsockopt
bind
WSACleanup
gethostbyname
WSAGetLastError
gethostname
WSAStartup
winmm
PlaySoundA
timeGetTime
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
kernel32
SetStdHandle
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetConsoleCP
GetConsoleMode
FatalAppExitA
CompareStringW
LCMapStringW
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetConsoleCtrlHandler
GetStringTypeW
GetTimeZoneInformation
GetDriveTypeW
WriteConsoleW
EnumSystemLocalesA
IsValidLocale
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
GetProcessHeap
SetEnvironmentVariableA
PeekNamedPipe
GetFileInformationByHandle
SetCurrentDirectoryA
FindFirstFileExA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
HeapSize
ReadConsoleInputA
SetVolumeLabelA
GetLastError
GetSystemInfo
CreateMutexA
ReleaseMutex
SizeofResource
LockResource
LoadResource
FindResourceW
WideCharToMultiByte
GlobalMemoryStatus
CreateDirectoryA
GetCurrentDirectoryA
CopyFileA
DeleteFileA
SetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
lstrlenA
Sleep
MoveFileA
GetFileAttributesA
CreateProcessA
FindResourceA
GetModuleHandleA
GetCurrentProcessId
GetDiskFreeSpaceExA
TerminateProcess
GetExitCodeProcess
OpenProcess
CloseHandle
Process32Next
Process32First
HeapQueryInformation
HeapReAlloc
SetConsoleMode
VirtualQuery
VirtualAlloc
ExitThread
ExitProcess
HeapAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapFree
GetSystemTimeAsFileTime
RaiseException
DecodePointer
EncodePointer
RtlUnwind
LocalLock
LocalUnlock
FindResourceExW
GetDiskFreeSpaceA
ReplaceFileA
GetUserDefaultLCID
VirtualProtect
SearchPathA
GetTickCount
GetNumberFormatA
GetWindowsDirectoryA
GetTempPathA
GetTempFileNameA
GetFileTime
AllocConsole
lstrcatA
GetLocalTime
FreeConsole
GetDriveTypeA
GetFileSizeEx
SetFileTime
CreateToolhelp32Snapshot
LocalFree
WaitForSingleObject
LocalFileTimeToFileTime
GetFileAttributesExA
SetErrorMode
SystemTimeToFileTime
GetACP
GetAtomNameA
GetOEMCP
GetCPInfo
lstrcpyA
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetProfileIntA
LocalAlloc
InitializeCriticalSectionAndSpinCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
lstrcmpiA
GetStringTypeExA
GetThreadLocale
InterlockedIncrement
GlobalSize
lstrlenW
GlobalUnlock
GlobalFree
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
LoadLibraryW
lstrcmpW
GlobalAddAtomA
SuspendThread
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
CompareStringA
InterlockedExchange
GlobalLock
CreateEventA
lstrcmpA
GlobalAlloc
GetModuleHandleW
InterlockedDecrement
GetModuleFileNameW
ActivateActCtx
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
IsDBCSLeadByte
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
ReadFile
LoadLibraryA
FreeLibrary
MulDiv
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
CreateThread
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
RemoveDirectoryA
CreateFileA
GetFileSize
GetModuleFileNameA
SetLastError
FormatMessageA
SetEvent
user32
CreateMenu
InSendMessage
IsMenu
UpdateLayeredWindow
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
RegisterClipboardFormatA
CopyImage
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
UnpackDDElParam
ReuseDDElParam
LoadMenuA
GetMenuBarInfo
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateA
GetSystemMenu
LoadMenuW
SetClassLongA
GetAsyncKeyState
NotifyWinEvent
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
GetDialogBaseUnits
DestroyMenu
GetMenuItemInfoA
DestroyIcon
WaitMessage
GetSysColorBrush
SetLayeredWindowAttributes
EnumDisplayMonitors
RealChildWindowFromPoint
DeleteMenu
UnregisterClassA
WindowFromPoint
LoadBitmapA
ReleaseCapture
LoadCursorW
SetCapture
GetDCEx
SetRectEmpty
SetRect
IntersectRect
CharUpperA
EndPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
CharNextA
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
PostThreadMessageA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
SetWindowContextHelpId
MapDialogRect
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetWindowsHookExA
CallNextHookEx
SetMenuDefaultItem
IsClipboardFormatAvailable
SendNotifyMessageA
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
GetTabbedTextExtentA
GetTabbedTextExtentW
EnumChildWindows
GetWindowRgn
WindowFromDC
DestroyCursor
SubtractRect
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
ShowCursor
GetKeyNameTextA
IsCharLowerA
GetDoubleClickTime
CharUpperBuffA
CopyIcon
SetDlgItemTextA
LoadImageW
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
UnhookWindowsHookEx
SetCursor
LoadCursorA
GetFocus
DrawFocusRect
GetSysColor
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetActiveWindow
GetParent
UpdateWindow
FillRect
OffsetRect
InflateRect
LoadImageA
IsWindow
GetWindowLongA
SetWindowLongA
RedrawWindow
PostMessageA
LoadBitmapW
wsprintfA
GetDesktopWindow
WaitForInputIdle
MessageBoxA
SystemParametersInfoA
GetSystemMetrics
EnableWindow
LoadIconW
KillTimer
SetTimer
IsWindowVisible
InvalidateRect
GetClientRect
GetWindowRect
IsIconic
SendMessageA
DrawIcon
CopyRect
RegisterWindowMessageA
FindWindowA
SetForegroundWindow
GetClassInfoA
BeginPaint
MapVirtualKeyExA
gdi32
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetLayout
SetLayout
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
GetPixel
StartDocA
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
CreatePatternBrush
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateHatchBrush
GetTextColor
SetRectRgn
CombineRgn
PatBlt
Rectangle
UnrealizeObject
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
GetRgnBox
GetCharWidthA
StretchDIBits
GetCurrentObject
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
GetDIBits
SetPixel
RoundRect
EnumFontFamiliesExA
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetTextExtentPoint32W
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
SetPixelV
CopyMetaFileA
GetBkColor
SetBkColor
SetTextColor
CreateBitmap
GetTextExtentPoint32A
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateDCA
GetDeviceCaps
DeleteDC
GetTextMetricsA
LPtoDP
DPtoLP
GetMapMode
CreateCompatibleBitmap
CreateFontIndirectA
SelectObject
GetObjectA
DeleteObject
StretchBlt
BitBlt
GetStockObject
CreateCompatibleDC
CreateRectRgnIndirect
CreateSolidBrush
CreateFontA
msimg32
TransparentBlt
AlphaBlend
comdlg32
GetFileTitleA
winspool.drv
ClosePrinter
OpenPrinterA
GetJobA
DocumentPropertiesA
advapi32
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegSetValueA
GetFileSecurityA
SetFileSecurityA
RegCloseKey
RegEnumValueA
RegOpenKeyExW
shell32
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
DragAcceptFiles
DragFinish
DragQueryFileA
ShellExecuteA
SHGetFileInfoA
ShellExecuteExA
SHBrowseForFolderA
SHGetMalloc
SHAppBarMessage
SHFileOperationA
SHGetPathFromIDListA
SHGetDesktopFolder
ExtractIconA
SHAddToRecentDocs
comctl32
_TrackMouseEvent
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Remove
ImageList_DrawEx
shlwapi
PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathFindExtensionA
PathRemoveFileSpecW
ole32
StgCreateDocfile
CreateFileMoniker
StgOpenStorage
StgIsStorageFile
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleInitialize
CreateStreamOnHGlobal
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
CoFreeUnusedLibraries
OleUninitialize
OleRun
StringFromGUID2
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoDisconnectObject
OleSaveToStream
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleSetMenuDescriptor
CoInitializeEx
CoInitialize
CoCreateInstance
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
PropVariantCopy
OleSave
WriteClassStm
CreateDataAdviseHolder
CreateOleAdviseHolder
CoGetMalloc
GetRunningObjectTable
OleIsRunning
OleQueryLinkFromData
OleQueryCreateFromData
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
OleRegGetMiscStatus
OleRegEnumVerbs
CreateGenericComposite
CreateItemMoniker
OleGetIconOfClass
OleCreateLinkToFile
OleCreateFromFile
OleSetContainedObject
GetHGlobalFromILockBytes
OleLoad
OleCreate
oleaut32
VariantClear
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringLen
SysStringByteLen
SysAllocStringByteLen
OleCreateFontIndirect
VariantInit
SysAllocStringLen
VariantChangeType
SysAllocString
SafeArrayDestroy
SysFreeString
oledlg
ord8
urlmon
URLDownloadToFileA
wininet
InternetOpenA
HttpSendRequestA
InternetReadFile
InternetConnectA
HttpOpenRequestA
FtpRenameFileA
InternetQueryDataAvailable
InternetOpenUrlA
HttpQueryInfoA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetSetOptionExA
InternetSetCookieA
InternetGetCookieA
FtpDeleteFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpPutFileA
FtpGetFileA
InternetErrorDlg
HttpAddRequestHeadersA
InternetFindNextFileA
GopherFindFirstFileA
InternetGetLastResponseInfoA
InternetSetStatusCallback
InternetSetFilePointer
GopherOpenFileA
FtpFindFirstFileA
GopherCreateLocatorA
FtpCommandA
FtpOpenFileA
GopherGetAttributeA
HttpSendRequestExA
HttpEndRequestA
InternetWriteFile
InternetCloseHandle
oleacc
LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject
gdiplus
GdipDrawImageRectI
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
imm32
ImmGetOpenStatus
ImmReleaseContext
ImmGetContext
Exports
Exports
??0CLog@@QAE@ABV0@@Z
??0CLog@@QAE@XZ
??1CLog@@UAE@XZ
??4CLog@@QAEAAV0@ABV0@@Z
??_7CLog@@6B@
?CloseAndRelease@CLog@@QAEXXZ
?CloseLog@CLog@@QAEXXZ
?DebugLog@CLog@@QAAXHPADH0ZZ
?DebugMBox@@YAXPADHPAUHWND__@@0ZZ
?LOG@@3VCLog@@A
?MBox@@YAXPAUHWND__@@PAD1ZZ
?OpenConsole@CLog@@QAEXH@Z
?OpenLog@CLog@@QAEXHPBD_N@Z
?PrintConsoleLog@CLog@@QAAXHPADZZ
?PrintLog@CLog@@QAAXHPADZZ
?PrintNoEnterLog@CLog@@QAAXHPADZZ
?PrintTimeAndLog@CLog@@QAAXHPADZZ
?WriteReadyFolderAndFiles@CLog@@IAEXPBD@Z
Sections
.text Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 695KB - Virtual size: 695KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 39KB - Virtual size: 102KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8.6MB - Virtual size: 8.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 217KB - Virtual size: 216KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ