2024-06-04_ac0b6122e67dfda917fc22142655eef1_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-04_ac0b6122e67dfda917fc22142655eef1_mafia
Size

1021KB
MD5

ac0b6122e67dfda917fc22142655eef1
SHA1

157a1f64e388f53169ca0529976e45d6ee80fa1f
SHA256

1ae2ee393b25537aa64899cbd9e3a0d5fcf4fe1aeec14a78911d1cf4d724bc86
SHA512

9469f18f8fc405c4f87aa233c69c9bbb8fc2325249e82085367e5ec9294673299f97d595b3974d687b741873d508310ef65b0f7d4ea00b6c7e778d5389b61d17
SSDEEP

24576:qtNwndzunhoAfE7JKiNfqqO1EEgqvfkfD5rQ3lrlpa:1fuE7IiNf6gqvMfdQa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-04_ac0b6122e67dfda917fc22142655eef1_mafia

Files

2024-06-04_ac0b6122e67dfda917fc22142655eef1_mafia
.exe windows:5 windows x86 arch:x86

cfaa9f86aff59044a6cc76dfb5308463

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

activeds

ord5
ord6
ord4
ord9
ord15
ord18
ord3
ord17
ord13

ntdsapi

DsMakeSpnA

secur32

InitSecurityInterfaceA
GetUserNameExA

mswsock

AcceptEx

ws2_32

getaddrinfo
bind
getsockopt
setsockopt
WSASocketA
send
WSAGetLastError
listen
ioctlsocket
ntohs
getnameinfo
getsockname
WSAStartup
WSACleanup
closesocket
recv
connect
gethostbyname
inet_addr
WSARecv
WSASend
shutdown
accept
WSASetLastError
gethostname
htons
freeaddrinfo

mpr

WNetAddConnection2A
WNetCancelConnection2A
WNetGetConnectionA
WNetOpenEnumA
WNetGetUniversalNameA
WNetCloseEnum
WNetEnumResourceA
WNetGetLastErrorA

rpcrt4

UuidCreate

crypt32

CryptProtectData
CryptHashMessage
CryptUnprotectData

kernel32

EncodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
SetHandleCount
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetConsoleCP
HeapSetInformation
LoadLibraryW
GetFileType
PeekNamedPipe
GetFileInformationByHandle
WideCharToMultiByte
HeapReAlloc
HeapFree
FindFirstFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
HeapAlloc
DecodePointer
GetModuleHandleW
LeaveCriticalSection
InterlockedIncrement
GetCommandLineA
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
Sleep
TerminateThread
WaitForSingleObject
CloseHandle
GetStdHandle
SetEvent
SetConsoleCtrlHandler
GetLastError
CreateThread
CreateEventA
GetComputerNameExA
SetErrorMode
GetConsoleScreenBufferInfo
FreeConsole
QueryPerformanceCounter
QueryPerformanceFrequency
ExitProcess
InterlockedDecrement
PostQueuedCompletionStatus
GetQueuedCompletionStatus
GetProcAddress
LoadLibraryA
CreateProcessA
GetModuleFileNameA
GetModuleHandleA
GetCurrentDirectoryA
LocalFree
FormatMessageA
DuplicateHandle
FlushFileBuffers
GetCurrentProcessId
CreateMutexA
ReleaseMutex
SetConsoleMode
GetConsoleMode
SetEnvironmentVariableA
ReadFile
WriteFile
ResumeThread
FreeEnvironmentStringsA
SetThreadAffinityMask
SetProcessAffinityMask
SetThreadPriority
SetCurrentDirectoryA
GetEnvironmentStrings
SetStdHandle
CreatePipe
GetExitCodeProcess
GetExitCodeThread
SuspendThread
SetLastError
CreateRemoteThread
SearchPathA
GetFullPathNameA
AssignProcessToJobObject
GetStartupInfoA
CreateJobObjectA
TerminateJobObject
GlobalFree
GlobalAlloc
GetDriveTypeA
GetLogicalDriveStringsA
GetProcessAffinityMask
MultiByteToWideChar
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetFilePointer
GetOverlappedResult
WaitForMultipleObjects
CreateFileA
SetEndOfFile
UnlockFileEx
LockFileEx
GetModuleFileNameW
GetFileAttributesA
HeapCreate
IsProcessorFeaturePresent
GetCurrentDirectoryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
WriteConsoleW
HeapSize
CompareStringW
GetDriveTypeW
GetProcessHeap
GetTimeZoneInformation
GetStringTypeW
CreateFileW
DeleteFileA
CreateIoCompletionPort
EnterCriticalSection
SetEnvironmentVariableW

advapi32

ImpersonateLoggedOnUser
CreateProcessAsUserA
RevertToSelf
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
DuplicateTokenEx
LogonUserA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
CryptDecrypt
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
GetUserNameA

ole32

CoInitialize
CoUninitialize

Exports

Exports

MPI_F_STATUSES_IGNORE
MPI_F_STATUS_IGNORE

Sections

.text
Size: 639KB - Virtual size: 639KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfaa9f86aff59044a6cc76dfb5308463

Headers

DLL Characteristics

File Characteristics

Imports

activeds

ntdsapi

secur32

mswsock

ws2_32

mpr

rpcrt4

crypt32

kernel32

advapi32

ole32

Exports

Exports

Sections

.text Size: 639KB - Virtual size: 639KB

.rdata Size: 250KB - Virtual size: 250KB

.data Size: 65KB - Virtual size: 267KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 65KB - Virtual size: 64KB

.text
Size: 639KB - Virtual size: 639KB

.rdata
Size: 250KB - Virtual size: 250KB

.data
Size: 65KB - Virtual size: 267KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 65KB - Virtual size: 64KB