2024-06-03_192e44d9e62e2a12a370501efebe93d9_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-03_192e44d9e62e2a12a370501efebe93d9_mafia
Size

3.6MB
MD5

192e44d9e62e2a12a370501efebe93d9
SHA1

4ae54c53d645603447f44fc9a1f2e26499072db4
SHA256

74ac81960e9ca2f0e7c3bce5dd0bbcffa6bd410c5555e8b04219ccd63ada895e
SHA512

930a1b628f1f3a30ab449d7d70c721b061c2a936cb9e741c1f0ed18bd7634808b14054cf01500053da6b142c67075e5b314dc80ccc274edb8cf1f59ee212a099
SSDEEP

98304:wR6nIslMveybGoO97KO0IWbDnCDPsoPI7cWDmH8ozJmvaym4SeXdJ+seWLO7dXi:wYIqMveybGoOBf/UvUVsipyXdJ+seWLW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-03_192e44d9e62e2a12a370501efebe93d9_mafia

Files

2024-06-03_192e44d9e62e2a12a370501efebe93d9_mafia
.exe windows:5 windows x86 arch:x86

4d202192a2b77b73ecd63e87a1a8b682

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

K:\working\ESUNSec-TCEM\ESUNSec-TCEM\Release\TCEM.pdb

Imports

rpcrt4

UuidToStringA
UuidCreate

crypt32

CryptExportPublicKeyInfo
CryptSignAndEncodeCertificate
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgGetParam
CertCreateCertificateContext
CryptDecodeObject
CertSetCertificateContextProperty
CryptEncodeObject
CertAddCertificateContextToStore
CertNameToStrW
CryptAcquireCertificatePrivateKey
CryptMsgOpenToEncode
CryptMsgClose
PFXExportCertStoreEx
PFXImportCertStore
CertEnumCertificatesInStore
CertGetCertificateChain
CertFreeCertificateChain
CertCompareCertificateName
CertGetNameStringW
CertFindExtension
CryptDecodeObjectEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA
CreateFileA
WriteConsoleW
GetProcessHeap
IsDebuggerPresent
UnhandledExceptionFilter
FindResourceW
LoadResource
SizeofResource
LockResource
LocalFree
MultiByteToWideChar
GetLocalTime
GetProcAddress
GetModuleHandleW
lstrlenW
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenA
GetLastError
WideCharToMultiByte
FindFirstFileW
FindNextFileW
Sleep
GetTempPathW
GetTempFileNameW
DeleteFileW
CreateFileW
WriteFile
CloseHandle
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
CreateProcessW
CopyFileW
CreateDirectoryW
FormatMessageW
IsWow64Process
GetCurrentProcess
GetCurrentThreadId
GetModuleHandleA
GetVersion
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
SetLastError
MulDiv
GlobalUnlock
TerminateProcess
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
SetStdHandle
HeapSize
HeapQueryInformation
CreateThread
ExitThread
VirtualQuery
GetSystemInfo
VirtualAlloc
RtlUnwind
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
ExitProcess
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
GetDateFormatW
GetTimeFormatW
MoveFileA
DeleteFileA
GetFileAttributesA
HeapReAlloc
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetStartupInfoW
GlobalLock
GlobalAlloc
GlobalSize
HeapSetInformation
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetNumberFormatW
GetWindowsDirectoryW
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesW
GetFileAttributesExW
GlobalFlags
GetCurrentDirectoryW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalGetAtomNameW
GetFullPathNameW
GetVolumeInformationW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
lstrcmpiW
GetThreadLocale
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseActCtx
CreateActCtxW
GlobalFindAtomW
GetVersionExW
CompareStringW
GlobalAddAtomW
WaitForSingleObject
ResumeThread
SetThreadPriority
RaiseException
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcpyW
FreeResource
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
ActivateActCtx
LoadLibraryW
DeactivateActCtx
lstrcmpW
InterlockedExchange
GlobalFree

user32

FrameRect
EmptyClipboard
SetClipboardData
OpenClipboard
CopyImage
GetIconInfo
HideCaret
InvertRect
RegisterClipboardFormatW
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongW
DestroyAcceleratorTable
SetParent
UnpackDDElParam
ReuseDDElParam
LoadImageW
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
UnregisterClassW
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsZoomed
GetAsyncKeyState
NotifyWinEvent
RedrawWindow
SetWindowRgn
DestroyIcon
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IntersectRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
OffsetRect
CharNextW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
LoadCursorW
GetSysColorBrush
LoadMenuW
MapVirtualKeyW
GetKeyNameTextW
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
CharUpperW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
CopyIcon
InvalidateRect
FillRect
DrawStateW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
EnableWindow
SendMessageW
UpdateWindow
LoadIconW
GetSystemMenu
GetScrollPos
SetForegroundWindow
ShowScrollBar
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
CharUpperBuffW
PostThreadMessageW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
ShowOwnedPopups
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
SubtractRect
DestroyCursor
GetWindowRgn
TabbedTextOutW
AppendMenuW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetWindowRect
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
GetMenuStringW
GetMenuState
PostMessageW
PostQuitMessage
SetWindowPos
MapDialogRect
GetParent
SetWindowContextHelpId
GetWindow
RegisterWindowMessageW
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
CloseClipboard

gdi32

GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
PatBlt
CreateDIBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
GetTextColor
SetTextAlign
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateRoundRectRgn
CreateDIBSection
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
MoveToEx
LineTo
BitBlt
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetStockObject
CreateSolidBrush
GetObjectW
SetBkColor
SetTextColor
CreateBitmap
CreateDCW
CopyMetaFileW
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
GetRgnBox
SelectObject
DeleteObject
DeleteDC

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetOpenFileNameW
GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegDeleteValueW
CryptGenKey
RegCloseKey
CryptExportKey
RegCreateKeyExW
RegSetValueExW
CryptDestroyKey
CryptReleaseContext
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
CryptAcquireContextW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW

shell32

DragQueryFileW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHAppBarMessage
SHBrowseForFolderW
DragFinish

comctl32

ImageList_GetIconSize
InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathFileExistsW

ole32

CoRegisterMessageFilter
CLSIDFromString
CoCreateInstance
CoUninitialize
CoTaskMemFree
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateGuid
CLSIDFromProgID
CoInitializeEx
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoInitialize
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRevokeClassObject
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard

oleaut32

SysAllocStringByteLen
SysStringLen
SysAllocString
SysAllocStringLen
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
VariantChangeType
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage

ws2_32

freeaddrinfo
inet_ntop
getaddrinfo
gethostname

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW
InternetQueryOptionW
InternetSetOptionExW
HttpOpenRequestW
InternetOpenUrlW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetQueryDataAvailable

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 531KB - Virtual size: 531KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 755KB - Virtual size: 755KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d202192a2b77b73ecd63e87a1a8b682

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

crypt32

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

ws2_32

oleacc

wininet

imm32

winmm

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 531KB - Virtual size: 531KB

.data Size: 46KB - Virtual size: 84KB

.rsrc Size: 755KB - Virtual size: 755KB

.reloc Size: 223KB - Virtual size: 223KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 531KB - Virtual size: 531KB

.data
Size: 46KB - Virtual size: 84KB

.rsrc
Size: 755KB - Virtual size: 755KB

.reloc
Size: 223KB - Virtual size: 223KB