2024-06-04_8e965312529c8071c2b0569a5e0ff52e_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-04_8e965312529c8071c2b0569a5e0ff52e_mafia
Size

7.0MB
MD5

8e965312529c8071c2b0569a5e0ff52e
SHA1

938f92ea4d4601cc4dc7e1eb17f3d276258bb945
SHA256

aa463fd95783b083a5cefac3aa86b4ec700ece8f62d7be410b2d4395919ff911
SHA512

5c8d294f7d88b2f3d86441764fef0358436cb7a455a32fa2b4359f9d770b9dd1536d7e224b53706ab40c1b075df393f278a0b38bd7fb63fae6a85498d126e59f
SSDEEP

196608:FiTHU1a52QI5I210Zv3C2DkuZ6X64vZKCjrmJ:EZKIdR3C3KYJO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-04_8e965312529c8071c2b0569a5e0ff52e_mafia

Files

2024-06-04_8e965312529c8071c2b0569a5e0ff52e_mafia
.exe windows:5 windows x86 arch:x86

9a36514aa8343a7a047e92dfc6eaa8b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\build2.8.6\Funshion\Rel\src\toolkits_publish\bin_inst\Release\Install.pdb

Imports

gdiplus

GdipAddPathString
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePath
GdipCreatePath
GdipGetFamilyName
GdipGetFamily
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawString
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipGetFontSize
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromFileICM
GdipDrawLine
GdipDeletePen
GdipCreatePen1
GdipSetTextRenderingHint
GdipResetClip
GdipEndContainer
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipBeginContainer2
GdipSetClipRect
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromStream
GdipGetPathWorldBounds
GdipGetFontStyle
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateImageAttributes
GdipReleaseDC
GdiplusShutdown
GdipDisposeImage
GdiplusStartup

ws2_32

htons
htonl

iphlpapi

GetIfTable

dbghelp

MiniDumpWriteDump

kernel32

FindResourceExW
GetCurrentThreadId
GetCurrentProcessId
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedExchange
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetModuleHandleExA
WaitForSingleObject
SetEvent
ResetEvent
CreateEventW
CloseHandle
Sleep
CreateEventA
CreateMutexW
GetLastError
GetVersionExW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
GetCommandLineW
LocalFree
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
TerminateProcess
lstrcmpW
GetSystemInfo
WideCharToMultiByte
GetModuleHandleW
CreateFileW
WriteFile
GlobalAlloc
GlobalLock
GlobalUnlock
SetHandleCount
Module32FirstW
Module32NextW
FreeEnvironmentStringsW
GetPrivateProfileStringW
FindResourceW
GetTempPathW
GetFileAttributesW
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
DeleteFileW
FindNextFileW
FindClose
CopyFileW
GetDriveTypeW
GetDiskFreeSpaceExW
GetSystemDirectoryW
GetLogicalDrives
MoveFileExW
FreeLibrary
MoveFileW
CreateProcessW
GetSystemDefaultLangID
CopyFileExW
GetProcessId
GetTickCount
GetProcessHeap
HeapFree
HeapAlloc
SetUnhandledExceptionFilter
ExitProcess
CompareStringW
LCMapStringW
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetCPInfo
GetDateFormatW
GetTimeFormatW
CreateThread
ExitThread
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
InterlockedCompareExchange
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
HeapSize
LoadResource
LockResource
SizeofResource
WritePrivateProfileStringW
HeapCreate
GetStdHandle
GetCurrentProcess
GetEnvironmentStringsW
GetFileType
SetLastError
GlobalMemoryStatusEx
HeapReAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
RaiseException
QueryPerformanceCounter
IsProcessorFeaturePresent
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetFilePointer
ReadFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
CreateFileA
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
OutputDebugStringW
OpenEventA
ResumeThread
GetPrivateProfileIntW
lstrlenW
CreateDirectoryW
FormatMessageA
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
SystemTimeToFileTime

user32

LoadCursorW
RegisterClassW
IsWindow
DefWindowProcW
DispatchMessageW
PeekMessageW
PostQuitMessage
GetWindowDC
UpdateLayeredWindow
ReleaseDC
SetCapture
GetDC
ShowWindow
SetWindowLongW
GetWindowRect
SetWindowPos
LoadIconW
SendMessageW
SystemParametersInfoW
GetWindowLongW
wsprintfW
MessageBoxExW
MessageBoxW
FindWindowW
DestroyWindow
SetTimer
UnregisterClassW
PostMessageW
KillTimer
WaitMessage
GetQueueStatus
TranslateMessage
RegisterClassExW
CallMsgFilterW
MsgWaitForMultipleObjectsEx
CreateWindowExW

gdi32

DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleDC
EnumFontFamiliesW
DeleteObject

advapi32

RegDeleteKeyW
RegEnumValueW
RegOpenKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
ord165
SHCreateDirectoryExW
SHGetPathFromIDListW
SHChangeNotify
SHBrowseForFolderW

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize

wininet

InternetSetOptionA
InternetOpenA
InternetGetConnectedState
HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetGetCookieExW
InternetSetCookieW
InternetGetCookieW
InternetCloseHandle
HttpQueryInfoA

shlwapi

PathRemoveBackslashW
PathIsFileSpecW
PathIsURLW
PathRemoveFileSpecW
SHDeleteKeyW
SHSetValueW
SHGetValueW
PathRemoveExtensionW
PathFindFileNameW
PathAppendW
PathFileExistsW
SHDeleteValueW
PathCanonicalizeW
PathIsRootW

urlmon

UrlMkGetSessionOption

Exports

Exports

??_B?1??get_instance@?$singleton@VCFpFunshionIni@@@serialization@boost@@CAAAVCFpFunshionIni@@XZ@51
??_B?1??get_instance@?$singleton@VCFpInstallAppMgr@@@serialization@boost@@CAAAVCFpInstallAppMgr@@XZ@51
??_B?1??get_instance@?$singleton@VCFpInstallPath@@@serialization@boost@@CAAAVCFpInstallPath@@XZ@51
??_B?1??get_instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@CAAAVCFpSysLanguage@@XZ@51
?get_instance@?$singleton@VCFpFunshionIni@@@serialization@boost@@CAAAVCFpFunshionIni@@XZ
?get_instance@?$singleton@VCFpInstallAppMgr@@@serialization@boost@@CAAAVCFpInstallAppMgr@@XZ
?get_instance@?$singleton@VCFpInstallPath@@@serialization@boost@@CAAAVCFpInstallPath@@XZ
?get_instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@CAAAVCFpSysLanguage@@XZ
?get_mutable_instance@?$singleton@VCFpFunshionIni@@@serialization@boost@@SAAAVCFpFunshionIni@@XZ
?get_mutable_instance@?$singleton@VCFpInstallAppMgr@@@serialization@boost@@SAAAVCFpInstallAppMgr@@XZ
?get_mutable_instance@?$singleton@VCFpInstallPath@@@serialization@boost@@SAAAVCFpInstallPath@@XZ
?get_mutable_instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@SAAAVCFpSysLanguage@@XZ
?instance@?$singleton@VCFpFunshionIni@@@serialization@boost@@0AAVCFpFunshionIni@@A
?instance@?$singleton@VCFpInstallAppMgr@@@serialization@boost@@0AAVCFpInstallAppMgr@@A
?instance@?$singleton@VCFpInstallPath@@@serialization@boost@@0AAVCFpInstallPath@@A
?instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@0AAVCFpSysLanguage@@A
?t@?1??get_instance@?$singleton@VCFpFunshionIni@@@serialization@boost@@CAAAVCFpFunshionIni@@XZ@4V?$singleton_wrapper@VCFpFunshionIni@@@detail@34@A
?t@?1??get_instance@?$singleton@VCFpInstallAppMgr@@@serialization@boost@@CAAAVCFpInstallAppMgr@@XZ@4V?$singleton_wrapper@VCFpInstallAppMgr@@@detail@34@A
?t@?1??get_instance@?$singleton@VCFpInstallPath@@@serialization@boost@@CAAAVCFpInstallPath@@XZ@4V?$singleton_wrapper@VCFpInstallPath@@@detail@34@A
?t@?1??get_instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@CAAAVCFpSysLanguage@@XZ@4V?$singleton_wrapper@VCFpSysLanguage@@@detail@34@A

Sections

.text
Size: 642KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a36514aa8343a7a047e92dfc6eaa8b7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

ws2_32

iphlpapi

dbghelp

kernel32

user32

gdi32

advapi32

shell32

ole32

wininet

shlwapi

urlmon

Exports

Exports

Sections

.text Size: 642KB - Virtual size: 642KB

.rdata Size: 164KB - Virtual size: 163KB

.data Size: 32KB - Virtual size: 51KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 6.1MB - Virtual size: 6.1MB

.reloc Size: 76KB - Virtual size: 75KB

.text
Size: 642KB - Virtual size: 642KB

.rdata
Size: 164KB - Virtual size: 163KB

.data
Size: 32KB - Virtual size: 51KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 6.1MB - Virtual size: 6.1MB

.reloc
Size: 76KB - Virtual size: 75KB