2024-05-31_ffa4af7adf27bb1ccdbe20c49cfe2b92_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-31_ffa4af7adf27bb1ccdbe20c49cfe2b92_mafia
Size

8.4MB
MD5

ffa4af7adf27bb1ccdbe20c49cfe2b92
SHA1

dffeaacc38c70d59b263095a38bbe0770c83ba56
SHA256

b1577a1a83f863db137f4e23b04c25a99e440646151035ecacbac6c95481629c
SHA512

dd4b5fe64fd3b095c0e117d539f671be82b18dc6a2b033da62f572e2dd0536e0954ab99509a62e13e46c5e930aba4ba207f7f33ca311db671b43ed24455d1121
SSDEEP

196608:nc0FPSFS3hbFWiI2R7yj04cBzbu+K955:ncUakxZxRd80tK955

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-31_ffa4af7adf27bb1ccdbe20c49cfe2b92_mafia

Files

2024-05-31_ffa4af7adf27bb1ccdbe20c49cfe2b92_mafia
.exe windows:5 windows x86 arch:x86

e8f08bb09c0d04422cbf2aa529109674

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\C++\ScarAngel\srchybrid\release\emule.pdb

Imports

kernel32

GetLocaleInfoA
GetFullPathNameA
IsProcessorFeaturePresent
GetOEMCP
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapCreate
SetHandleCount
HeapSize
HeapQueryInformation
SetStdHandle
CreateThread
ExitThread
FindFirstFileExA
GetDriveTypeA
GetStdHandle
RtlUnwind
VirtualQuery
VirtualAlloc
GetDateFormatA
GetTimeFormatA
FindFirstFileExW
GetFileType
PeekNamedPipe
GetConsoleMode
GetConsoleCP
HeapReAlloc
DecodePointer
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA
SizeofResource
LockResource
GetModuleHandleA
CompareStringA
GetSystemInfo
OpenProcess
GlobalMemoryStatus
GetProcessTimes
GetSystemTimeAsFileTime
ReleaseMutex
LocalAlloc
LocalLock
LocalUnlock
MoveFileExW
InterlockedExchange
FreeResource
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocalTime
GetACP
GetOverlappedResult
GetProcessHeap
HeapFree
HeapAlloc
lstrlenA
IsBadReadPtr
DeviceIoControl
SetThreadPriority
Beep
TerminateThread
LocalFree
FindClose
SetLastError
DeactivateActCtx
GetTimeZoneInformation
MulDiv
ActivateActCtx
GetVersion
GetFileInformationByHandle
ReadFile
WriteFile
InterlockedDecrement
InterlockedIncrement
SetFilePointer
GetCurrentProcessId
SetUnhandledExceptionFilter
ExitProcess
ResumeThread
WritePrivateProfileStringA
GetPrivateProfileStringA
GetThreadLocale
SetThreadLocale
WaitForMultipleObjects
FindNextChangeNotification
EncodePointer
HeapSetInformation
GetCommandLineW
GetUserDefaultLCID
SetErrorMode
GlobalFlags
VirtualProtect
ReleaseActCtx
CreateActCtxW
LocalReAlloc
GlobalHandle
GlobalReAlloc
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GlobalDeleteAtom
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
FileTimeToSystemTime
UnlockFile
LockFile
FlushFileBuffers
lstrcmpA
SuspendThread
GetThreadContext
SetThreadContext
TlsFree
CreateSemaphoreA
TlsSetValue
ReleaseSemaphore
DuplicateHandle
GetThreadPriority
TlsGetValue
TlsAlloc
GetProcessAffinityMask
InterlockedExchangeAdd
CreateEventA
SleepEx
GetVersionExA
lstrcmpiA
GlobalSize
SetEndOfFile
CreateFileA
GetCurrentThread
SetConsoleCtrlHandler
LoadLibraryA
GlobalFree
GlobalUnlock
GlobalAlloc
FindCloseChangeNotification
GlobalLock
GetCurrentProcess
FreeLibrary
Sleep
WaitForSingleObject
CloseHandle
InitializeCriticalSection
SetPriorityClass
ResetEvent
RaiseException
SetEvent
InitializeCriticalSectionAndSpinCount
GetFileSize
GetTickCount
GetCurrentThreadId
DeleteCriticalSection
EnterCriticalSection
GetLastError
LeaveCriticalSection
LoadResource

advapi32

QueryServiceConfigW
RegOpenKeyExA
CryptAcquireContextA
CryptGenRandom
FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
CryptReleaseContext
ControlService
RegisterServiceCtrlHandlerW
SetServiceStatus
ChangeServiceConfigW
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExA

user32

CloseClipboard
UnhookWindowsHookEx
CallNextHookEx
IsRectEmpty
ExitWindowsEx
SetTimer
ReleaseDC
GetDC
GetIconInfo
GetClassNameA
ClientToScreen
FillRect
GetDesktopWindow
GetDlgItem
SetForegroundWindow
IsWindow
CopyRect
IsWindowVisible
FrameRect
CreatePopupMenu
DestroyMenu
GetActiveWindow
DestroyCursor
TrackPopupMenuEx
OffsetRect
InflateRect
DrawFocusRect
CreateIconIndirect
GetClientRect
GetSubMenu
SetCursor
GetNextDlgTabItem
MapWindowPoints
SetWindowPos
RedrawWindow
GetAsyncKeyState
DrawFrameControl
DrawEdge
GetMessagePos
ReleaseCapture
SetRect
SetCapture
GetWindow
GetFocus
GetWindowDC
GetKeyState
EnumWindows
GetDoubleClickTime
MessageBoxA
EmptyClipboard
OpenClipboard
GetSystemMetrics
SetClipboardData
DestroyIcon
ScreenToClient
GetWindowRect
KillTimer
GetParent
ChildWindowFromPointEx
IsWindowEnabled
WindowFromPoint
PtInRect
GetCapture
InvalidateRect
GetSysColor
GetCursorPos
IntersectRect
DestroyWindow
UpdateWindow
CheckMenuItem
RegisterHotKey
UnregisterHotKey
CreateMenu
DrawIcon
MessageBeep
GetUpdateRect
UpdateLayeredWindow
TranslateMDISysAccel
DrawMenuBar
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
SetCursorPos
GetKeyboardState
ToUnicodeEx
NotifyWinEvent
DestroyAcceleratorTable
LockWindowUpdate
GetDCEx
GetNextDlgGroupItem
SetLayeredWindowAttributes
EnumDisplayMonitors
RealChildWindowFromPoint
MonitorFromPoint
UnpackDDElParam
ReuseDDElParam
SetParent
DeleteMenu
InvalidateRgn
EndDialog
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemInt
CheckRadioButton
BringWindowToTop
EnableMenuItem
GetSysColorBrush
EnumChildWindows
SendDlgItemMessageA
GetForegroundWindow
GetTopWindow
GetMessageTime
MonitorFromWindow
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
GetMenuItemCount
SetScrollPos
GetScrollPos
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
GetMenu
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuState
IsMenu
GetScrollInfo
IsZoomed
IsIconic
SetActiveWindow
GetSystemMenu
SetMenuDefaultItem
CopyImage
DrawIconEx
ShowScrollBar
CopyIcon
GetKeyboardLayout
GetMenuItemID
AdjustWindowRectEx
CheckMenuRadioItem
ScrollDC
SetDlgItemTextA
SetWindowTextA
GetWindowTextA
EnumThreadWindows
GetWindowThreadProcessId
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
EqualRect
FlashWindow
RemoveMenu
SetRectEmpty
IsChild
SubtractRect
UnionRect
EndPaint
PostQuitMessage
GetLastActivePopup
SetFocus
BeginPaint
WaitMessage
CheckDlgButton
GetDialogBaseUnits
MoveWindow
ShowWindow
GetWindowRgn
TranslateMessage
SetWindowRgn
ShowCursor

gdi32

RectVisible
GetViewportExtEx
GetBitmapBits
SetBitmapBits
CreateDIBSection
SetDIBColorTable
GdiFlush
CreateRectRgnIndirect
CreatePalette
Rectangle
RealizePalette
CreatePen
Polygon
Escape
CreateSolidBrush
GetTextColor
SetTextColor
DeleteDC
SetBkColor
SetPixel
GetPixel
GetStockObject
BitBlt
SelectObject
CreateCompatibleDC
SetBitmapDimensionEx
CreateCompatibleBitmap
GetBkColor
PtVisible
GetMapMode
GetWindowExtEx
CreateDIBitmap
GetDIBColorTable
SetDIBits
PatBlt
GetDIBits
CreateRectRgn
GetViewportOrgEx
GetWindowOrgEx
GetBrushOrgEx
CreatePatternBrush
CreateRoundRectRgn
SetPixelV
CreatePolygonRgn
OffsetRgn
CombineRgn
GetBitmapDimensionEx
SetBrushOrgEx
GetBkMode
SetBoundsRect
GetDeviceCaps
DPtoLP
SetTextAlign
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
PtInRegion
GetSystemPaletteEntries
GetNearestPaletteIndex
GetPaletteEntries
Polyline
GetTextCharsetInfo
Ellipse
LPtoDP
CreateEllipticRgn
GetRgnBox
CreateHatchBrush
GetObjectType
SelectPalette
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectClipRgn
SetLayout
GetLayout
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
SaveDC
GetClipBox
ExtSelectClipRgn
RestoreDC
SetBkMode
FillRgn
SetRectRgn
CreateBitmap
CreateBrushIndirect
StretchBlt
DeleteObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragFinish
SHAppBarMessage

winmm

timeGetTime
timeGetDevCaps
timeBeginPeriod
timeEndPeriod

ws2_32

WSACloseEvent
FreeAddrInfoW
WSASocketW
WSAConnect
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent
GetAddrInfoW
sendto
WSAAsyncGetHostByAddr
WSAAccept
WSAStartup
WSACleanup
ntohl
getpeername
ioctlsocket
connect
WSACancelAsyncRequest
htonl
getsockname
shutdown
setsockopt
recv
bind
socket
closesocket
send
getsockopt
WSAAsyncSelect
WSAAsyncGetHostByName
listen
accept
inet_ntoa
inet_addr
WSAGetLastError
htons
ntohs
WSASetLastError
gethostbyname
gethostname
getaddrinfo
freeaddrinfo
recvfrom

crypt32

CertGetCertificateContextProperty
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenSystemStoreW
CertGetNameStringW
CertNameToStrW
CryptEncryptMessage

msimg32

GradientFill
AlphaBlend
TransparentBlt

comctl32

ImageList_Draw
ImageList_GetIcon
CreatePropertySheetPageW
DestroyPropertySheetPage
ImageList_Destroy
ImageList_GetIconSize
_TrackMouseEvent
ord17

shlwapi

PathFileExistsW
StrStrIW
PathRenameExtensionW
PathIsRelativeW
PathRemoveFileSpecW
PathRemoveExtensionW
PathFindExtensionW
PathFindFileNameW
PathRemoveBackslashW
PathAddBackslashW
PathStripToRootW
PathBuildRootW
PathCanonicalizeW
PathIsURLW
PathStripPathW
PathGetDriveNumberW
PathGetArgsW
PathIsRootW
PathCombineW
PathIsUNCW
UrlUnescapeW
StrStrW

ole32

CoGetClassObject
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitialize
CoTaskMemFree
StgOpenStorage
CoCreateGuid
CoTaskMemAlloc
CreateStreamOnHGlobal
OleCreateStaticFromData
OleSetContainedObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
ReleaseStgMedium
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoRevokeClassObject
StgOpenStorageOnILockBytes

oleaut32

OleCreateFontIndirect
VarBstrFromDate
SafeArrayCreate
SafeArrayGetElemsize
LoadRegTypeLi
DispCallFunc
VariantCopy
VariantChangeType
OleLoadPicture
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreateVector
SysStringLen
SysAllocStringLen
VarBstrCmp
VariantInit
VariantClear
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString

urlmon

FindMimeFromData

wsock32

select
__WSAFDIsSet

wininet

InternetQueryDataAvailable
InternetCrackUrlW
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
HttpQueryInfoW
InternetCanonicalizeUrlW
InternetConnectW
HttpSendRequestW
InternetSetStatusCallbackW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetQueryOptionW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetWriteFile

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winspool.drv

ClosePrinter

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_test_features_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8f08bb09c0d04422cbf2aa529109674

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

shell32

winmm

ws2_32

crypt32

msimg32

comctl32

shlwapi

ole32

oleaut32

urlmon

wsock32

wininet

imm32

winspool.drv

Exports

Exports

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 103KB - Virtual size: 560KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 523KB - Virtual size: 523KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 103KB - Virtual size: 560KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 523KB - Virtual size: 523KB