2024-05-31_81ba5842c5945cec7bfe562afc9a5bcd_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-31_81ba5842c5945cec7bfe562afc9a5bcd_mafia
Size

624KB
MD5

81ba5842c5945cec7bfe562afc9a5bcd
SHA1

0dd5ce37f4ddfd0a7b066b5f6aaec0b56e6a5115
SHA256

5b60277f3d80346aba05268207b8bd66278760eb64dfb9a55098eb3b3f7396e6
SHA512

530314526e09cfaa9680076828cb29deddf3cafec8296672ebb7293cfcc41d31cdc042742950808d91cb436b5ea707ab060a2eebdc9a54b848e358d49b387058
SSDEEP

12288:UpqUMYp6myf+g7OzuM3g/cUP08JBWRSnOvwZKKUoI3U8/yarM8WOZsYKD:kMbXO/UsoBWRBvnKUoI3U8/TLhsYKD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-31_81ba5842c5945cec7bfe562afc9a5bcd_mafia

Files

2024-05-31_81ba5842c5945cec7bfe562afc9a5bcd_mafia
.exe windows:5 windows x86 arch:x86

eaa1bf9e99cdea6ad2cc1e3f25d48f53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\TutuHelper\duoduo_v1\Module\Ipa2exe_v2\ipa2exe\Release\ipa2exe.pdb

Imports

kernel32

DeviceIoControl
GetSystemInfo
LoadLibraryW
GlobalMemoryStatus
FreeLibrary
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateFileA
GetFileSize
ReadFile
SetDllDirectoryW
DeleteFileA
GetLastError
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpW
Process32NextW
OpenProcess
TerminateProcess
CreateThread
GetLocalTime
GetCommandLineW
CreateMutexW
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
GlobalFree
GetTickCount
OutputDebugStringA
TerminateThread
SetFilePointer
SystemTimeToFileTime
InterlockedDecrement
DosDateTimeToFileTime
WriteFile
SetFileTime
SetEnvironmentVariableA
LoadLibraryA
GetComputerNameA
ReleaseMutex
GetFileSizeEx
VirtualQuery
GetFullPathNameA
FindFirstFileExA
GetDriveTypeA
FindClose
GetFileInformationByHandle
FileTimeToLocalFileTime
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ExpandEnvironmentStringsA
PeekNamedPipe
GetVersionExA
SleepEx
FormatMessageA
LocalFree
lstrlenA
CompareStringW
SetEndOfFile
WriteConsoleW
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
Sleep
CloseHandle
SetEvent
WaitForMultipleObjects
GetCurrentDirectoryW
CreateEventW
CreateDirectoryA
CreateFileW
GetEnvironmentVariableA
WideCharToMultiByte
MultiByteToWideChar
CreateDirectoryW
GetTempPathA
GetTempPathW
GetModuleFileNameA
GetModuleFileNameW
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetFileType
GetVersionExW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
IsProcessorFeaturePresent
GetStdHandle
SetHandleCount
GetTimeZoneInformation
IsDebuggerPresent
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
MoveFileA
GetDateFormatA
GetTimeFormatA
RtlUnwind
GetStartupInfoW
HeapSetInformation
ExitThread
GetSystemTimeAsFileTime
SetLastError
FileTimeToSystemTime
GetSystemDefaultLangID
GetCurrentProcessId
GetFileTime
SuspendThread
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
GetCurrentThreadId
VirtualAlloc
VirtualProtect
GetDriveTypeW
GetCurrentThread
CreateProcessW
SetUnhandledExceptionFilter
ExitProcess
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InterlockedCompareExchange
DecodePointer
EncodePointer
InterlockedExchange
InterlockedIncrement

user32

PostThreadMessageW
GetDesktopWindow
MessageBoxW
SendMessageW
UpdateLayeredWindow
GetWindowRect
GetDC
MoveWindow
PostQuitMessage
SetTimer
UpdateWindow
ShowWindow
CreateWindowExW
LoadStringW
PostMessageW
GetSystemMetrics
DefWindowProcW
DestroyWindow
RegisterClassExW
LoadCursorW
LoadIconW
KillTimer
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW

gdi32

DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt

advapi32

RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
StartServiceW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CryptCreateHash
CryptAcquireContextA
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
RegOpenKeyExA

shell32

ShellExecuteA
ShellExecuteExA
CommandLineToArgvW
ShellExecuteW
SHGetFolderPathA

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitialize
CoInitializeSecurity
CoUninitialize
CreateStreamOnHGlobal
CoCreateGuid

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocString

shlwapi

PathFileExistsA
PathFindExtensionA
PathFileExistsW

wininet

InternetOpenUrlW
InternetOpenW
InternetCanonicalizeUrlW
InternetReadFileExA
InternetCloseHandle
InternetCanonicalizeUrlA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoW
InternetReadFile
HttpQueryInfoA
InternetSetOptionA
InternetOpenA
InternetGetCookieA

gdiplus

GdipGetPathWorldBoundsI
GdipDrawImagePointRectI
GdipFillPath
GdipDrawPath
GdipSetSmoothingMode
GdipSetInterpolationMode
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipLoadImageFromStream
GdipGraphicsClear
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipAddPathStringI
GdipDeletePath
GdipCreatePath
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetPenLineJoin
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipFree
GdipAlloc

ws2_32

WSAGetLastError
inet_ntoa
socket
WSACleanup
WSAStartup
WSASetLastError
__WSAFDIsSet
WSAIoctl
getsockname
ntohs
bind
getsockopt
getpeername
freeaddrinfo
getaddrinfo
accept
listen
gethostname
gethostbyname
connect
htons
ioctlsocket
setsockopt
send
recv
select
recvfrom
sendto
closesocket

wldap32

ord301
ord33
ord200
ord79
ord35
ord32
ord27
ord26
ord50
ord60
ord143
ord211
ord22
ord30
ord46
ord41

Exports

Exports

?OBJECTID_GUID@@YAPAVDeviceManager@@PAVNotify@1@@Z
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 490KB - Virtual size: 490KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eaa1bf9e99cdea6ad2cc1e3f25d48f53

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

gdiplus

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 490KB - Virtual size: 490KB

.rdata Size: 102KB - Virtual size: 102KB

.data Size: 9KB - Virtual size: 20KB

.rsrc Size: 3.2MB - Virtual size: 3.2MB

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 490KB - Virtual size: 490KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 9KB - Virtual size: 20KB

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

.reloc
Size: 40KB - Virtual size: 39KB