2024-06-01_5630211bdc0209cd8afaa945a1da0382_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-01_5630211bdc0209cd8afaa945a1da0382_mafia
Size

19.3MB
MD5

5630211bdc0209cd8afaa945a1da0382
SHA1

9839a93282d3f3cf81e9c02cb4c92a3db2e70692
SHA256

5339b36e20999cf8fb1d905ce76e970790186c1c863203eccb2135202d956827
SHA512

b5873fedab71104f7bff00d338532f604170a806493699326086dfa29f75df5b0fa1c94807e4b9de2a83c6fc7fa9748c661e4a2012015ee151c0767a3ff5fe11
SSDEEP

393216:LzbAW5JUs1iXJss6Z4oKLqSVeVPtsJ7xGDvJA2TLf3+/Vf:zAyJdcqZ4oIq5w7KXf0f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-01_5630211bdc0209cd8afaa945a1da0382_mafia

Files

2024-06-01_5630211bdc0209cd8afaa945a1da0382_mafia
.exe windows:5 windows x86 arch:x86

78c05834fb64d50d2019f37f9b771f90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\DUOWAN_BUILD\yypublish_build\console\source\yy\packages\tools\setupV2\bin\YYSetup.pdb

Imports

kernel32

CreateProcessW
WideCharToMultiByte
MultiByteToWideChar
FindClose
FindNextFileW
DeleteFileW
RemoveDirectoryW
FindFirstFileW
GetDiskFreeSpaceExW
InterlockedIncrement
InterlockedDecrement
MoveFileExW
CreateMutexW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
lstrlenW
GetProcAddress
LoadLibraryW
GetSystemInfo
GetModuleHandleW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
TerminateProcess
OpenProcess
FreeResource
Process32NextW
Module32FirstW
Process32FirstW
CreateToolhelp32Snapshot
Sleep
VirtualAlloc
DebugBreak
IsBadReadPtr
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
InterlockedCompareExchange
DeleteCriticalSection
GetCurrentThreadId
lstrcmpiW
LoadLibraryExW
FlushInstructionCache
GetCurrentProcess
SetLastError
GetTickCount
LoadLibraryA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
GetVersion
GetFullPathNameW
GetFileAttributesW
CopyFileW
GetSystemDirectoryW
GetWindowsDirectoryW
GetLocalTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
SetEndOfFile
GetFileAttributesExW
IsProcessorFeaturePresent
MoveFileW
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetLocaleInfoW
InterlockedExchange
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleHandleA
LCMapStringW
GetConsoleMode
GetConsoleCP
RtlUnwind
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
HeapSize
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateThread
ExitThread
HeapFree
HeapAlloc
ResumeThread
WaitForSingleObject
GetLastError
SetFilePointer
WriteFile
ReadFile
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
CloseHandle
CreateFileW
CreateFileA
SetFilePointerEx

user32

GetClassNameW
GetWindowThreadProcessId
EnumWindows
EnableMenuItem
GetSystemMenu
PostQuitMessage
PostMessageW
MessageBoxW
EmptyClipboard
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
SetClipboardData
SetClipboardViewer
GetActiveWindow
GetKeyState
IsZoomed
SetWindowLongW
GetWindowLongW
LoadImageW
DestroyCursor
SetCursor
GetCursor
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CharNextW
DestroyWindow
ClientToScreen
ScreenToClient
SetTimer
KillTimer
GetClassInfoExW
LoadCursorW
DefWindowProcW
RegisterClassExW
CreateWindowExW
CallWindowProcW
SetWindowTextW
SetWindowPos
GetWindowRect
GetClientRect
ShowWindow
SetActiveWindow
SendMessageW
IsWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
LoadIconW
SetClassLongW
SystemParametersInfoW
InvalidateRect
ReleaseDC
UpdateLayeredWindow
GetDC
EndPaint
BeginPaint
UnregisterClassA
GetUpdateRect
SetCapture
ReleaseCapture
ChangeClipboardChain
CloseClipboard

gdi32

CreateDIBSection
SelectObject
CreateRoundRectRgn
CreateCompatibleDC
DeleteDC
BitBlt
DeleteObject

advapi32

RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegCreateKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW

shell32

ShellExecuteW
SHGetFolderPathW
DragAcceptFiles
DragFinish
SHFileOperationW
ord165
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation

ole32

CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocStringByteLen
VariantInit
VarUI4FromStr

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW

gdiplus

GdipDrawRectangle
GdipFillRectangle
GdipDrawString
GdipDrawImageRect
GdipDrawImageRectRect
GdipSetClipRect
GdipSetClipRegion
GdipSaveGraphics
GdipRestoreGraphics
GdipCloneBrush
GdipSetWorldTransform
GdipGetCompositingMode
GdipSetCompositingMode
GdipCreateSolidFill
GdipSetMatrixElements
GdipGetGenericFontFamilySansSerif
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipDeleteMatrix
GdipDrawImageRectRectI
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipSetImageAttributesColorMatrix
GdipCreateBitmapFromScan0
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdiplusShutdown
GdiplusStartup
GdipDrawLine
GdipCreateRegionHrgn
GdipDeleteRegion
GdipCloneImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipFree
GdipAlloc
GdipCreateFont
GdipMeasureString
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetCompositingQuality
GdipCreateFromHDC
GdipGetStringFormatFlags
GdipSetStringFormatFlags
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipStringFormatGetGenericDefault
GdipDeleteStringFormat
GdipCloneStringFormat
GdipCloneRegion
GdipCreateMatrix

Sections

.text
Size: 460KB - Virtual size: 459KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 475KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18.3MB - Virtual size: 18.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78c05834fb64d50d2019f37f9b771f90

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

Sections

.text Size: 460KB - Virtual size: 459KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 475KB - Virtual size: 512KB

.rsrc Size: 18.3MB - Virtual size: 18.3MB

.reloc Size: 77KB - Virtual size: 77KB

.text
Size: 460KB - Virtual size: 459KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 475KB - Virtual size: 512KB

.rsrc
Size: 18.3MB - Virtual size: 18.3MB

.reloc
Size: 77KB - Virtual size: 77KB