2024-05-31_7004fd3925f71e4af7b7cf468864d1c7_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-31_7004fd3925f71e4af7b7cf468864d1c7_mafia
Size

827KB
MD5

7004fd3925f71e4af7b7cf468864d1c7
SHA1

00b0d9154b425d00cd21da38fe85252fac050db6
SHA256

0edfc54fd4ff551f204642bb655cb4ee729e3a0743d3ef0f0495e1fab87078c2
SHA512

d5a34f2eba4aabdab66ddf07cb823cbd205d8ee8691185617619986b20382d27ede5613f190aa5a5f33633b03d6b8ebae4c59e9f9edea77b946daf27befefd75
SSDEEP

24576:4IZAt7uv3ThUMYiZTpR1OHHqbwosMMSrs9:NKuvD2MHTpR1OHHqEas9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-31_7004fd3925f71e4af7b7cf468864d1c7_mafia

Files

2024-05-31_7004fd3925f71e4af7b7cf468864d1c7_mafia
.exe windows:5 windows x86 arch:x86

c6a0b5b2cf04d743719a9a8ca3e949bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

LZOpenFileA
LZCopy
LZClose

user32

GetDialogBaseUnits
SetParent
KillTimer
GetClassInfoA
RegisterClassA
RegisterWindowMessageA
FindWindowA
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMDISysAccel
TranslateMessage
DispatchMessageA
CharNextA
MessageBoxA
wsprintfA
TrackPopupMenu
CreatePopupMenu
CreateMenu
IsMenu
AppendMenuA
CharUpperA
WaitMessage
SetTimer
GetWindowPlacement
PostQuitMessage
GetSysColor
CopyRect
IntersectRect
GetKeyState
ScrollWindowEx
FlashWindow
SetPropA
CreateWindowExA
GetWindowDC
RemovePropA
GetDesktopWindow
SetRect
UpdateWindow
SetForegroundWindow
CharLowerA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
CallWindowProcA
BeginPaint
EndPaint
GetPropA
SetWindowTextA
SetWindowLongA
SetWindowPos
LoadImageA
ShowWindow
SetLayeredWindowAttributes
EnableWindow
InvalidateRect
GetWindowRect
SetRectEmpty
DrawEdge
InflateRect
DrawTextA
GetFocus
IsWindowVisible
SetFocus
GetWindowLongA
IsWindowEnabled
GetWindow
GetParent
LoadCursorA
SetCursor
DestroyIcon
GetDC
ReleaseDC
ScreenToClient
IsRectEmpty
GetClientRect
ClipCursor
ClientToScreen
IsWindow
GetClassNameA
SendMessageA
GetWindowTextLengthA
GetWindowTextA
GetCursorPos

gdi32

SetBkColor
MoveToEx
LineTo
Rectangle
CreatePatternBrush
CreateSolidBrush
CreateFontIndirectA
GetTextMetricsA
CreateRectRgnIndirect
GetStockObject
GetTextExtentPoint32A
SetBkMode
SetTextColor
SetBrushOrgEx
PatBlt
StretchDIBits
CreateCompatibleDC
GetObjectA
SelectObject
StretchBlt
BitBlt
DeleteObject
CreatePen
CreateICA
GetDeviceCaps
DeleteDC

comctl32

FlatSB_SetScrollRange
ImageList_Duplicate
ImageList_GetIcon
_TrackMouseEvent
ord13
ord15
FlatSB_SetScrollPos
ImageList_Create
ImageList_Add
InitCommonControlsEx
FlatSB_SetScrollProp
InitializeFlatSB
FlatSB_GetScrollRange
ImageList_ReplaceIcon
ord14
FlatSB_GetScrollPos
ImageList_Destroy

comdlg32

CommDlgExtendedError
PageSetupDlgA
GetSaveFileNameA
GetOpenFileNameA
PrintDlgA

advapi32

SetSecurityDescriptorDacl
GetUserNameA
InitializeSecurityDescriptor

shell32

DragQueryFileA
DragAcceptFiles
CommandLineToArgvW
ExtractIconA
FindExecutableA
ShellExecuteExA
DragFinish

mpr

WNetEnumResourceA
WNetCloseEnum
WNetOpenEnumA

odbc32

ord12
ord18
ord59
ord1
ord39
ord41
ord7
ord45
ord50
ord22
ord4
ord40
ord8
ord72
ord11
ord3
ord17
ord36
ord10
ord29
ord9
ord14
ord19
ord30
ord47
ord16
ord76
ord54
ord13
ord43
ord2
ord57
ord15

zkernel

?zDBGetPKkey@@YGFPAXPBDPAPAU_pkey_@@G@Z
?zGridBrowse@@YG_NPAUHWND__@@PAXPBD2222222222H2@Z
?zGridPrepare@@YGPAXPAUHWND__@@PBD@Z
?zGridExec@@YGPAXPAUHWND__@@PBD@Z
?zGridAggregate@@YGNPAUHWND__@@HPBD11_N@Z
?zGridPutLong@@YGXPAUHWND__@@JHJ@Z
?zDBError@@YGXPAX00PBD@Z
?zKernelInit@@YGXXZ
?zGridGetSuffix@@YGPBDPAUHWND__@@H@Z
?zGridGetPrefix@@YGPBDPAUHWND__@@H@Z
?zGridPutText@@YGXPAUHWND__@@JHPBD@Z
?zGridGetText@@YGPBDPAUHWND__@@JH_N@Z
?zGridGetCellRect@@YGXPAUHWND__@@JHPAUtagRECT@@@Z
?zDBExecScript@@YGHPAX0PBDFPAD@Z

wsock32

ioctlsocket

ole32

CreateStreamOnHGlobal
CoCreateGuid
StringFromGUID2

oleaut32

OleLoadPicture

shlwapi

StrStrIA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

msimg32

GradientFill

gdiplus

GdipDrawImageRectI
GdipDrawImageI
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipCloneImage
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdiplusShutdown
GdiplusStartup
GdipGetImageHeight

uxtheme

OpenThemeData
CloseThemeData
SetWindowTheme
DrawThemeBackground

crpe32

ord72
ord6
ord47
ord135
ord30
ord17
ord40
ord9
ord62
ord53
ord98
ord63
ord41
ord75
ord29
ord59
ord60
ord58
ord129
ord130
ord1000
ord1001
ord1002
ord1004
ord11
ord35
ord36
ord37
ord48
ord19
ord20
ord7
ord10

_dll0

?SingleInstance@@YA_NAAV?$xsharedmemory@VshMem@@@@HH@Z
?ZeroDBcontext@@YA_NAAVzDB@@AAVcZero@@@Z
?ZeroContext@@YA_NAAVcZero@@@Z
?VirtuaWinCurrentDesktopNumber@@YAHXZ
?SeekReport@@YA?AVxstring@@AAVzDB@@AAVcZero@@V1@2AAV1@AAH4@Z
?RunListini@@YAXAAVzDB@@Vxstring@@1H11H@Z
?RunListini4@@YAXAAVzDB@@Vxstring@@1HHH11@Z
?ZeroOwner@@YA?AVxstring@@XZ
?K4@@YA_NPBDPAD0@Z
?Guid@@YA?AVxstring@@XZ
?RunListini2@@YAXAAVzDB@@Vxstring@@1HH11@Z
?RunListini3@@YAXAAVzDB@@Vxstring@@1HH11@Z

_dll

?OpenReport@@YA_NAAVcZero@@AAVxcrpejob@@Vxstring@@22FF@Z

kernel32

UnhandledExceptionFilter
GetStartupInfoW
GetLocalTime
GetLastError
GetTempFileNameA
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
LockResource
LoadResource
FindResourceA
Sleep
SizeofResource
MoveFileExA
CloseHandle
GetFileSize
WritePrivateProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
CopyFileA
CreateFileA
SetUnhandledExceptionFilter
SetFileAttributesA
CreateDirectoryA
RemoveDirectoryA
HeapSetInformation
FileTimeToSystemTime
SystemTimeToFileTime
LockFile
UnlockFile
GetDiskFreeSpaceExA
GlobalHandle
GlobalReAlloc
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetEnvironmentVariableA
GetProfileStringA
GetProfileIntA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetComputerNameA
GetCurrentDirectoryA
GetPrivateProfileStringA
FindClose
FindFirstFileA
GetDateFormatA
LocalFree
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
FormatMessageA
GetModuleHandleA
FlushFileBuffers
ReadFile
WriteFile
OpenEventA
CreateEventA
SetCurrentDirectoryA
GetShortPathNameA
FindNextFileA
SetFilePointer
GetUserDefaultLangID
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
GlobalSize
SetEvent
UnmapViewOfFile
LocalUnlock
LocalLock
LocalAlloc
RtlUnwind
RaiseException
GetCurrentDirectoryW
SetCurrentDirectoryW
InterlockedDecrement
InterlockedIncrement
HeapAlloc
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
GetFileType
GetStdHandle
SetHandleCount
SetEnvironmentVariableA
CompareStringW
CreateFileW
GetProcessHeap
SetEndOfFile
WriteConsoleW
LoadLibraryW
SetStdHandle
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
DeleteFileA
SetLastError
GetCurrentThreadId
HeapCreate
GetModuleFileNameW
GetStringTypeW
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
ExitProcess
GetTimeZoneInformation
LCMapStringW
DeleteCriticalSection
LeaveCriticalSection

Sections

.text
Size: 454KB - Virtual size: 454KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6a0b5b2cf04d743719a9a8ca3e949bb

Headers

DLL Characteristics

File Characteristics

Imports

lz32

user32

gdi32

comctl32

comdlg32

advapi32

shell32

mpr

odbc32

zkernel

wsock32

ole32

oleaut32

shlwapi

winspool.drv

msimg32

gdiplus

uxtheme

crpe32

_dll0

_dll

kernel32

Sections

.text Size: 454KB - Virtual size: 454KB

.rdata Size: 139KB - Virtual size: 138KB

.data Size: 18KB - Virtual size: 34KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 54KB - Virtual size: 54KB

.text
Size: 454KB - Virtual size: 454KB

.rdata
Size: 139KB - Virtual size: 138KB

.data
Size: 18KB - Virtual size: 34KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 54KB - Virtual size: 54KB