2024-06-01_aea45824336818b2c57ccb11c98189ba_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-01_aea45824336818b2c57ccb11c98189ba_mafia
Size

823KB
MD5

aea45824336818b2c57ccb11c98189ba
SHA1

a28a7be33143e89b1adb3f7aa2686ae182b273e7
SHA256

c29b1524b4d2036bb28fbe00f792939fe96327d36e48aa4f3f2c3b511089a68e
SHA512

15f10148c5dafea69b31ea046e511e7038fd1e28ebaf82bc7a0df7f6c8b826321fd8b3ead9bfe0d353ff9e465984567913147ab906b8b6245c310d899df7cd49
SSDEEP

12288:99z9eLC5ySdK3+WdwiIf3xrQaKEXwrdDE0HRPLb:Cb3+WmZhXwLv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-01_aea45824336818b2c57ccb11c98189ba_mafia

Files

2024-06-01_aea45824336818b2c57ccb11c98189ba_mafia
.exe windows:5 windows x86 arch:x86

865d7cf8fd89b24fe3c7cb1ec852eb40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

slamcl.pdb

Imports

wsock32

WSACleanup
WSAStartup
inet_addr
socket
shutdown
__WSAFDIsSet
select
sendto
send
recvfrom
recv
listen
ioctlsocket
getsockname
htons
getservbyport
ntohs
getservbyname
getprotobynumber
getprotobyname
getpeername
gethostname
gethostbyname
gethostbyaddr
connect
closesocket
inet_ntoa
bind
getsockopt
setsockopt
accept
WSAGetLastError

kernel32

MoveFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateFileW
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
SetCurrentDirectoryW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
GetTimeZoneInformation
HeapSize
LCMapStringW
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetEndOfFile
RtlUnwind
RaiseException
IsValidLocale
EnumSystemLocalesA
GetLastError
CloseHandle
DuplicateHandle
GetCurrentProcess
FormatMessageA
GetTickCount
GetProcAddress
GetModuleHandleA
LockFileEx
UnlockFileEx
GetVersionExA
SetFilePointer
CreateFileA
CreatePipe
ReadFile
MoveFileExA
Sleep
WriteFile
CreateProcessA
GetStartupInfoA
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
WaitForSingleObject
SearchPathA
LoadLibraryA
FreeLibrary
SetConsoleCtrlHandler
GetModuleFileNameA
CreateDirectoryA
GetModuleHandleW
ExitProcess
DecodePointer
SetStdHandle
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetFileType
HeapReAlloc
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
SetEnvironmentVariableW
GetSystemTimeAsFileTime
EncodePointer
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
MultiByteToWideChar
GetCommandLineA
HeapSetInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
LoadLibraryW
SetHandleCount
GetStdHandle
GetStartupInfoW
DeleteCriticalSection
FatalAppExitA
InterlockedExchange
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
GetModuleFileNameW
GetDriveTypeA
GetFileAttributesA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapCreate
HeapDestroy
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA

Sections

.text
Size: 562KB - Virtual size: 562KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

865d7cf8fd89b24fe3c7cb1ec852eb40

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsock32

kernel32

Sections

.text Size: 562KB - Virtual size: 562KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 146KB - Virtual size: 164KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 52KB - Virtual size: 51KB

.text
Size: 562KB - Virtual size: 562KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 146KB - Virtual size: 164KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 52KB - Virtual size: 51KB