2024-06-04_6d2336c38829b7745fbc56aed1f07f03_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-04_6d2336c38829b7745fbc56aed1f07f03_mafia
Size

382KB
MD5

6d2336c38829b7745fbc56aed1f07f03
SHA1

db875c741d894f9fcf5b3d3319ee359825298ae9
SHA256

c8c46f7d6264e75eedab6e4ab7609d39689cf679de091e1b350ebd118625b3cf
SHA512

0523cf35903e68120964cace0437ce5818efa4bffc74367a9f7573b23c726a88bbfa75549f18a4bcfe9b2ccda475009e6bd3d138c11ff5d8765bbc9fbbc45f5b
SSDEEP

6144:IqcdvMOhw0wcEflTLLQBozPcAapfmVxdBqiG1yUa7RR:7Ohw0wcETLLQE7kmVxdBqiGwUc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-04_6d2336c38829b7745fbc56aed1f07f03_mafia

Files

2024-06-04_6d2336c38829b7745fbc56aed1f07f03_mafia
.exe windows:5 windows x86 arch:x86

9885827ec6805ac84feb23c7b5ac1292

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\teambuilds\TDW\TDW_V22.01.A\Sources\oen\Release\b00moena.pdb

Imports

kernel32

GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetLastError
GetCurrentThread
GetProcAddress
ExitProcess
WriteFile
InterlockedDecrement
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
MultiByteToWideChar
GetStringTypeW
LeaveCriticalSection
GetCPInfo
EnterCriticalSection
HeapFree
Sleep
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
RtlUnwind
HeapAlloc
HeapReAlloc
SetStdHandle
WriteConsoleW
HeapSize
CreateFileW
CloseHandle
FlushFileBuffers
GlobalUnlock
lstrcmpA
GetTickCount
lstrcpyA
lstrcatA
lstrlenA
InterlockedIncrement
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GlobalFree
IsProcessorFeaturePresent
IsDebuggerPresent
FatalAppExitA
SetUnhandledExceptionFilter
HeapDestroy

user32

GetMessageA
SendMessageA
LoadImageA
CreateWindowExA
TranslateAcceleratorA
IsDialogMessageA
TranslateMessage
DispatchMessageA
MessageBeep
IsWindow
GetSystemMetrics
LoadMenuA
UpdateWindow
ShowWindow
RegisterClassA
LoadAcceleratorsA
IsWindowEnabled
EnableWindow
MessageBoxA
GetParent
GetCapture
SetActiveWindow
GetDlgItemInt
InvalidateRect
SendDlgItemMessageA
CharUpperA
GetKeyState
GetNextDlgTabItem
CallWindowProcA
GetMenuItemCount
MoveWindow
CheckMenuItem
GetMenuState
EnableMenuItem
RemoveMenu
IsWindowVisible
DestroyWindow
GetClientRect
MapWindowPoints
RedrawWindow
UnionRect
GetWindowLongA
SetWindowLongA
GetWindowTextA
GetSubMenu
PeekMessageA
GetDlgItemTextA
ScreenToClient
GetWindowRect
SetWindowPos
IsIconic
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
DrawMenuBar
SetDlgItemTextA
SetCapture
SetCursor
ReleaseCapture
wsprintfA
PostQuitMessage
PostMessageA
SetWindowTextA
GetDlgItem
SetFocus
GetFocus
GetActiveWindow
GetAsyncKeyState
GetClassNameA
LoadIconA
LoadCursorA
GetSysColorBrush

gdi32

GetObjectA
CreateFontIndirectA
DeleteObject

ole32

CoInitialize
CoUninitialize

b00mstra

ord3
ord1

b00mkrna

_GlobalAlloc_00MEMO@8
_GlobalFree_00MEMO@4
_GlobalUnlock_00MEMO@4
_GlobalLock_00MEMO@4
_Unlock_00MEMO@4
_Free_00MEMO@4
_Alloc_00MEMO@4
_Lock_00MEMO@4
IsNavigationBarOnRightSide_00PARM
SharedAlloc_00SHAR
SharedLock_00SHAR
SharedFree_00SHAR
MoveAllMainWindows_00DISP
CreateWnd_00DISP
_RegisterHelp_00HELP@12
GetSecondNameLabel_00DISP
GetKeyNext
Mosaique_00DISP
SharedUnlock_00SHAR
_CloseHelp_00HELP@4
DestroyWnd_00DISP
_Help_00HELP@4
_GetTDCPath_00PARM@8
_GetString_00PARM@8
_GetInt_00PARM@4
SetHandle_00XHNG
_InitGPFault@0
_GetBool_00PARM@4
GetHandle_00XHNG
GiveHandle_00DISP
TrimLeft_00LONG
TrimRight_00LONG
GetKeyGreaterOrEqual
_GlobalReAlloc_00GMEM@12
_atoi_00LONG@4
Request
FormatDate_00TIME
_GetPCDate_00TIME@4
_FormatTime_00TIME@8
_GetPCTime_00TIME@4
_ecvt_00LONG@20
_strtod_00LONG@8
_SetInt_00PARM@8
ExitWorkStation_00DISP
_UIWErreur_00ERRE@20
CreateDialog_00JAPD

b00maiwa

CheckSeqNumber_11TRAN
FormatAndVerifyAge_01AGEP
Demog_01AGEP
_NoDataBaseCheck_00VRIF@4
AgeStringToAgeDay_01AGEP
ControlOrPatient_11TRAN
StringToTubePos_11TRAN
TubePosToString_11TRAN
StringToTubeId_11TRAN
_WantDataBaseCheck_00VRIF@24
TubeIdToString_11TRAN
GetSeqNumParam_11TRAN

b00mliba

ord290
ord292
ord208
ord153
ord197
ord265
ord140
ord264
ord263
ord207
ord288
ord447
ord448
ord138
ord50
ord139
ord158
ord142
ord291
ord293
ord145
ord102
ord196
ord54
ord56
ord55
ord198
ord1
ord4
ord199
ord154
ord137
ord163
ord105
ord100
ord101
ord93
ord439
ord430
ord356
ord397
ord363
ord200
ord195
ord185
ord95
ord437
ord429
ord381
ord92
ord422
ReAnalyseSample_00ANAS
ord83
ord357
ord362
ord370
ord201
ord273
ord272
ord274
ord52
ord182
ord299
ord94
ord96
ord441
ord442
ord410
ord396
ord339
ord146
ord156
ord157
ord330
ord409
ord384
ord289

b00mctla

GdiplusStartup
GdiplusShutdown

tdwdictmet

ExitTDWDictMet
InitTDWDictMet
GetLocationFullText
GetDoctorFullText
GetCommentFullText

b00mctle

DeleteStatusbar_SDK
DeleteToolbar_SDK
DisplayDlgDlcSelection
DoIndicatorsBarPreTranslateMessage
DoDashboardBarCtrlPreTranslateMessage
DeleteToolbarButton_SDK
DoNavigationBarCtrlPreTranslateMessage
EnableToolbarButton_SDK
SetTDWBarCtrlPosition_SDK
ProcessSpecificMessages
CreateToolbar_SDK
CreateStatusbar_SDK
IsNavigationBarCtrChild

tdwnavbar

CreateNavigationBarCtrl
DestroyNavigationBarCtrl

tdwdashbar

CreateDashboardBarCtrl
DestroyDashboardBarCtrl
GetDlgComInfo

tdwindbar

CreateIndicatorsBarCtrl
DestroyIndicatorsBarCtrl

b00mmdla

_DeleteDilutedSampleOrder_00MDOR@4
_VerifyTestsInDilSample_00MDOR@8
_ProcessManualDilutionInOrg_00MDOR@20
_UpdateDeletedDilutedTestList_00MDOR@16
_GetDilutedTestsOrder_00MDOR@12
_DilutedSampleOrder_00MDOR@16
_MoveDilutedSamplesWindow_00MDOR@12
_ResetDilutedSampleOrder_00MDOR@4
_GetNumberOfDilutedSamplesOrder_00MDOR@4
_ProcessDilutedSampleOrder_00MDOR@16
_TestInDilNotInOrgOrder_00MDOR@8
_UndoManualDilution_00MDOR@20
_CreateDilutedSampleInBDDOrder_00MDOR@16
_CanTestBeDiluted_00MDOR@8

tdwrulemet

Create_Rule
ReceptResult_Interprate
Delete_Rule

Exports

Exports

CommandeTask_10E
TaskForHOMO_21E
TaskForTBLS_21E

Sections

.textbss
Size: - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TDW_SHA
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9885827ec6805ac84feb23c7b5ac1292

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

b00mstra

b00mkrna

b00maiwa

b00mliba

b00mctla

tdwdictmet

b00mctle

tdwnavbar

tdwdashbar

tdwindbar

b00mmdla

tdwrulemet

Exports

Exports

Sections

.textbss Size: - Virtual size: 146KB

.text Size: 306KB - Virtual size: 306KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 6KB - Virtual size: 28KB

.idata Size: 11KB - Virtual size: 10KB

.TDW_SHA Size: 512B - Virtual size: 260B

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 14KB - Virtual size: 14KB

.textbss
Size: - Virtual size: 146KB

.text
Size: 306KB - Virtual size: 306KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 6KB - Virtual size: 28KB

.idata
Size: 11KB - Virtual size: 10KB

.TDW_SHA
Size: 512B - Virtual size: 260B

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 14KB - Virtual size: 14KB