2024-06-04_81310b22863c148b043139f1961fb76b_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-04_81310b22863c148b043139f1961fb76b_mafia
Size

3.9MB
MD5

81310b22863c148b043139f1961fb76b
SHA1

4846bc618adadbe3adc712ff8a4e403349cb251f
SHA256

e5681546b7319aeee92e802b3e5982f62d8a20c68bd5d7379b1fe5a761eb8af7
SHA512

ba6f36273904ad6c478f6ecb2f8a3e91a98689225b086a9eb8a3cc194e65f11ed2bb857a913007636b295f399f6d8d9465353367769f07dacbb60f7b07ac5c5d
SSDEEP

98304:5UTV8C9MIse/FdkgF8mM7poJFBdmWAngJQi/zsEYF:5GqIr16kFBBAngJQ6sEYF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-04_81310b22863c148b043139f1961fb76b_mafia

Files

2024-06-04_81310b22863c148b043139f1961fb76b_mafia
.exe windows:5 windows x86 arch:x86

2b68740ba0d8a07fba6ebe8f451d6cbb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\duoduo_dev\branch\duoduov2\bin\duoduo.pdb

Imports

ws2_32

setsockopt
closesocket
send
freeaddrinfo
__WSAFDIsSet
recv
getsockopt
connect
ntohl
getaddrinfo
htonl
ioctlsocket
inet_ntoa
recvfrom
select
WSAGetLastError
htons
sendto
socket
gethostbyname
WSAStartup
WSACleanup

kernel32

WriteFile
OpenProcess
WideCharToMultiByte
GetVersionExW
TerminateProcess
CreateFileW
CreateDirectoryA
GetFileSizeEx
FindFirstFileA
GetCurrentDirectoryW
FindClose
Process32FirstW
SetCurrentDirectoryW
GetModuleFileNameA
Process32NextW
FindNextFileW
CreateToolhelp32Snapshot
DeviceIoControl
SetFilePointer
SystemTimeToFileTime
SetFileTime
ReadFile
LocalFileTimeToFileTime
OutputDebugStringA
CreateEventA
CopyFileA
WritePrivateProfileStringW
GetCurrentProcessId
LocalFree
LocalAlloc
GetTempPathW
lstrlenA
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
WriteConsoleW
SetStdHandle
CreateFileA
GetStringTypeW
IsValidLocale
MultiByteToWideChar
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
FlushFileBuffers
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
SetHandleCount
CreateDirectoryW
GetConsoleCP
GetLocaleInfoW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
GetStdHandle
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
lstrcmpW
GetModuleFileNameW
CopyFileW
GetPrivateProfileStringW
GetTickCount
GetModuleHandleW
OutputDebugStringW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
CreateMutexW
DeleteFileA
EnterCriticalSection
GetFileAttributesW
LeaveCriticalSection
GetLastError
lstrcpyW
lstrcatW
LockResource
lstrlenW
lstrcpynW
SizeofResource
LoadResource
FindResourceW
MoveFileA
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetCurrentThreadId
ExitThread
GetLocalTime
MulDiv
DuplicateHandle
GetFileType
GetCurrentProcess
FindFirstFileW
GetConsoleMode
GetVersionExA
DosDateTimeToFileTime
ExitProcess
FreeResource
GetACP
GetFileSize
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
GetFileAttributesA
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DecodePointer
EncodePointer
InterlockedExchange
FindResourceExW
PulseEvent
CreateThread
DeleteFileW
CloseHandle
CreateEventW
ResetEvent
GetProcAddress
Sleep
TerminateThread
LoadLibraryW
GetSystemDirectoryW
SetEvent
WaitForSingleObject
EnumSystemLocalesA

user32

ShowCaret
HideCaret
GetWindowTextW
MessageBoxW
IsZoomed
SetCaretPos
CreateCaret
GetCaretPos
GetSysColor
CreateAcceleratorTableW
InvalidateRgn
PostMessageW
GetParent
SendMessageW
SetTimer
KillTimer
SetWindowTextW
GetWindowTextLengthW
wsprintfW
MoveWindow
InvalidateRect
ClientToScreen
DestroyWindow
IsMenu
SetActiveWindow
PostQuitMessage
IsIconic
GetSubMenu
SetForegroundWindow
GetMenuItemInfoW
PtInRect
GetForegroundWindow
LoadIconW
TrackPopupMenuEx
LoadMenuW
SystemParametersInfoW
MonitorFromWindow
GetCursorPos
GetActiveWindow
IsWindowVisible
DestroyMenu
SetMenuItemInfoW
GetMonitorInfoW
GetDesktopWindow
FindWindowW
ShowWindow
IsWindow
GetSystemMetrics
UpdateLayeredWindow
SetWindowRgn
ScreenToClient
GetWindowRect
AnimateWindow
GetClientRect
SetFocus
GetDC
InflateRect
ReleaseDC
SetWindowPos
CharNextW
DispatchMessageW
GetWindow
DefWindowProcW
CallWindowProcW
GetPropW
EnableWindow
RegisterClassW
CreateWindowExW
SetWindowLongW
GetWindowLongW
RegisterClassExW
TranslateMessage
SetPropW
GetClassInfoExW
LoadCursorW
LoadImageW
GetMessageW
IntersectRect
SetCursor
IsRectEmpty
MapWindowPoints
ReleaseCapture
GetUpdateRect
BeginPaint
GetFocus
GetKeyState
SetCapture
EndPaint
OffsetRect
SetRect
CharPrevW
DrawTextW
FillRect
FindWindowExW

gdi32

MoveToEx
GetDeviceCaps
GetTextExtentPoint32W
SetStretchBltMode
CreateRoundRectRgn
LineTo
CreatePenIndirect
StretchBlt
SetBkMode
Rectangle
CreateCompatibleBitmap
GetTextMetricsW
BitBlt
SetWindowOrgEx
GetObjectA
CreateSolidBrush
TextOutW
ExtSelectClipRgn
RoundRect
GetCharABCWidthsW
GetClipBox
SetTextColor
CreateFontIndirectW
SetBkColor
ExtTextOutW
DeleteDC
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
CreateRectRgnIndirect
CombineRgn
SelectClipRgn
RestoreDC
GetStockObject
CreatePen
GetObjectW
SaveDC

comdlg32

GetOpenFileNameW

advapi32

LookupPrivilegeValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CloseServiceHandle
OpenProcessToken
OpenSCManagerW
OpenServiceW
AdjustTokenPrivileges
StartServiceW
QueryServiceStatus

shell32

SHGetFolderPathW
SHBrowseForFolderW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
DragQueryFileW
DragAcceptFiles
SHGetPathFromIDListW
SHGetFolderPathA

ole32

CoInitializeSecurity
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoUninitialize
CoInitialize
CoSetProxyBlanket
CoCreateInstance

oleaut32

VariantInit
SysAllocStringByteLen
VariantClear
SysAllocString
SysFreeString
SysStringByteLen

shlwapi

PathAddBackslashA
PathAppendA
PathCanonicalizeW
PathRemoveFileSpecW
PathIsDirectoryW
PathCombineW
PathAppendW
PathFileExistsW
PathFileExistsA
PathAddBackslashW

gdiplus

GdipCreateStringFormat
GdipCreateFontFromDC
GdipCreateFromHDC
GdipDrawString
GdipAlloc
GdipCreateLineBrushI
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipDeleteGraphics
GdipDeleteFont
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdiplusStartup
GdiplusShutdown
GdipCreateFontFromLogfontA
GdipCloneBrush
GdipDeleteBrush
GdipFree

urlmon

URLDownloadToFileW

devicemanager

?OBJECTID_GUID@@YAPAVDeviceManager@@PAVNotify@1@@Z

sqlite3

sqlite3_free_table
sqlite3_errmsg
sqlite3_get_table
sqlite3_open_v2
sqlite3_free
sqlite3_close
sqlite3_exec

wininet

InternetSetOptionW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
InternetOpenW

comctl32

_TrackMouseEvent
ord17

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

Sections

.text
Size: 788KB - Virtual size: 787KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b68740ba0d8a07fba6ebe8f451d6cbb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

urlmon

devicemanager

sqlite3

wininet

comctl32

imm32

Sections

.text Size: 788KB - Virtual size: 787KB

.rdata Size: 181KB - Virtual size: 181KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 58KB - Virtual size: 58KB

.text
Size: 788KB - Virtual size: 787KB

.rdata
Size: 181KB - Virtual size: 181KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 58KB - Virtual size: 58KB