2024-06-03_935912c06997a8f013d146ae97a732d4_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-03_935912c06997a8f013d146ae97a732d4_mafia
Size

1.6MB
MD5

935912c06997a8f013d146ae97a732d4
SHA1

830839b068ae05008095192661f07d1da2327bd2
SHA256

c2c5cff8f7311b8eb9d0bc9f6c9509d1ce1e51e897cbe1a7e77ce6395571e73b
SHA512

52227a2a338418b3d7754a0f692a4f87e5bd542b452b06ae8a0626233eb6197058ec2c33fffc8113f454bcaff4ddbe9f36b58eecc6e3ebbfb4e5494d0ad1ec2c
SSDEEP

49152:uX7qjaLLPNssKbggn1m9XyEk/Ceygu1x/S5:uXeaa7bL1mAd/CzVQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-03_935912c06997a8f013d146ae97a732d4_mafia

Files

2024-06-03_935912c06997a8f013d146ae97a732d4_mafia
.exe windows:5 windows x86 arch:x86

8ccddcd9bd9f470347d61589b1af28c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Develop\Builder\Release\DGExtractor.pdb

Imports

kernel32

FlushInstructionCache
lstrcmpA
MulDiv
GetModuleFileNameA
RaiseException
GetCurrentThreadId
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetTempPathA
FindResourceA
GetVersion
GlobalFree
GlobalHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedCompareExchange
InterlockedPushEntrySList
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
HeapDestroy
HeapReAlloc
HeapSize
CreateFileW
WriteConsoleW
SetStdHandle
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
GetStringTypeW
lstrlenW
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
SetFilePointer
ReadFile
FlushFileBuffers
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapCreate
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleW
GetProcAddress
VirtualProtect
GetLastError
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
SetEndOfFile
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
InitializeCriticalSection
Sleep
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetCurrentProcess
IsWow64Process
FindResourceExW
FindResourceW
LoadResource
LockResource
GetCurrentProcessId
SizeofResource

user32

SetWindowTextA
SetTimer
KillTimer
SendDlgItemMessageA
EndDialog
SetWindowLongA
GetWindowLongA
CreateWindowExA
SetWindowPos
GetWindow
GetDlgItem
SetWindowContextHelpId
SendMessageA
MapDialogRect
DefWindowProcA
GetSysColor
CharNextA
MoveWindow
GetClientRect
ClientToScreen
ScreenToClient
UnregisterClassA
GetActiveWindow
DialogBoxIndirectParamA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
CreateAcceleratorTableA
RegisterClassExA
LoadCursorA
GetClassInfoExA
IsWindow
GetDesktopWindow
SetFocus
GetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
DestroyWindow
FillRect
ReleaseCapture
GetClassNameA
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC

advapi32

RegCloseKey
RegOpenKeyExA

ole32

OleInitialize
CreateStreamOnHGlobal
StringFromGUID2
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
OleUninitialize
CoUninitialize
CoInitialize
OleLockRunning

shell32

ShellExecuteExA

oleaut32

OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

gdi32

CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateCompatibleBitmap
GetObjectA
GetStockObject
DeleteDC
CreateSolidBrush
DeleteObject
SelectObject

wininet

InternetSetOptionA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetCrackUrlA
InternetOpenA
InternetReadFile

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ccddcd9bd9f470347d61589b1af28c0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

gdi32

wininet

Sections

.text Size: 123KB - Virtual size: 123KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 303KB - Virtual size: 302KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 123KB - Virtual size: 123KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 303KB - Virtual size: 302KB

.reloc
Size: 11KB - Virtual size: 11KB