2024-06-03_b223524f1a25ffd13bd2cca81084caa7_karagany_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-03_b223524f1a25ffd13bd2cca81084caa7_karagany_mafia
Size

4.9MB
MD5

b223524f1a25ffd13bd2cca81084caa7
SHA1

44f3766e4828a2a22c4fed99b66e0ffaaed01137
SHA256

8f9fa6246ccdda326f17f60382a1fd3af97e7fd3c4c7adbf857eac2b5e3f0054
SHA512

b92815d800564a0979dd50c6316e8797013dae4fa20cbf8853955260142c997cbe9b4730adbb8eaafe06551087c51d20752aedb387aa0792188615622bfcd268
SSDEEP

98304:12V2P2/ZWoGGUi532XM+DSXl/Ek54RXl/Ek54NkP2cEOc1SlfNT:12AP2/Z9UsGXM+DSXl/h4RXl/h4NkPT/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-03_b223524f1a25ffd13bd2cca81084caa7_karagany_mafia

Files

2024-06-03_b223524f1a25ffd13bd2cca81084caa7_karagany_mafia
.exe windows:5 windows x86 arch:x86

de376434c9fe2f51eab471f2d61fbf1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Program\NewAstroInstall\AstroInstall\Release\xy_2_12.pdb

Imports

kernel32

LocalFree
GetVersionExA
GetModuleFileNameA
GetSystemInfo
WritePrivateProfileStringW
Sleep
CreateDirectoryW
CreateThread
MultiByteToWideChar
lstrlenA
ExitProcess
CloseHandle
CreateSemaphoreW
GetProcAddress
GetTempPathW
CreateFileW
TerminateProcess
SizeofResource
WriteFile
GetModuleHandleW
GetCurrentProcess
LoadResource
GetLocalTime
MulDiv
SetFileTime
DosDateTimeToFileTime
SystemTimeToFileTime
DuplicateHandle
FreeResource
LockResource
GetFileSize
ReadFile
GetCurrentDirectoryW
FindResourceW
GetLastError
SetEnvironmentVariableA
CompareStringW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSize
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
HeapReAlloc
GetFileAttributesW
DecodePointer
EncodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetModuleFileNameW
HeapCreate
WideCharToMultiByte
GetTimeZoneInformation
GetStringTypeW
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
IsProcessorFeaturePresent
RaiseException
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryW
RtlUnwind
LCMapStringW

user32

IsWindow
GetDesktopWindow
CreateWindowExW
ShowWindow
GetKeyState
SetWindowLongW
GetWindowLongW
SetCapture
ReleaseCapture
PostMessageW
PtInRect
ReleaseDC
DestroyWindow
SetFocus
GetFocus
MapWindowPoints
GetWindowRect
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
GetCursorPos
GetParent
DispatchMessageW
TranslateMessage
GetMessageW
IntersectRect
SetCursor
LoadCursorW
SendMessageW
EnableWindow
SystemParametersInfoW
LoadImageW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
GetMonitorInfoW
MonitorFromWindow
SetWindowRgn
IsZoomed
InflateRect
wvsprintfW
FillRect
DrawTextW
CharPrevW
SetRect
CreateCaret
HideCaret
ShowCaret
SetCaretPos
ClientToScreen
GetSysColor
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
InvalidateRgn
MoveWindow
CreateAcceleratorTableW
SetWindowPos
OffsetRect
GetDC
KillTimer
SetTimer
MessageBoxW
GetClientRect
IsIconic
PostQuitMessage
ScreenToClient
GetPropW
GetWindow
CharNextW
InvalidateRect
DefWindowProcW
GetSystemMetrics
SetPropW

gdi32

GetObjectA
SelectClipRgn
ExtSelectClipRgn
CreateRectRgnIndirect
CreateCompatibleBitmap
BitBlt
CreateRoundRectRgn
SetWindowOrgEx
DeleteDC
GetStockObject
GetObjectW
CreateFontIndirectW
GetTextMetricsW
Rectangle
CreateCompatibleDC
MoveToEx
AngleArc
SaveDC
SelectObject
CombineRgn
GetDeviceCaps
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
SetBkMode
SetTextColor
RoundRect
CreatePenIndirect
LineTo
CreateSolidBrush
SetBkColor
ExtTextOutW
SetStretchBltMode
CreateDIBSection
StretchBlt
CreatePen
GetClipBox
RestoreDC
DeleteObject

advapi32

RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CLSIDFromProgID
CLSIDFromString
CoInitialize
CoUninitialize
CoCreateInstance
OleLockRunning

gdiplus

GdipDeleteGraphics
GdiplusShutdown
GdipCreateFromHDC
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteFont
GdipCreateLineBrushI
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDrawString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCloneBrush
GdiplusStartup

wininet

InternetOpenUrlW
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenW

iphlpapi

GetAdaptersInfo

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

comctl32

_TrackMouseEvent
ord17

Sections

.text
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de376434c9fe2f51eab471f2d61fbf1f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

wininet

iphlpapi

oleaut32

comctl32

Sections

.text Size: 304KB - Virtual size: 303KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 4.5MB - Virtual size: 4.5MB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 304KB - Virtual size: 303KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

.reloc
Size: 35KB - Virtual size: 35KB