2024-06-05_5999046ef6d3ca4210455035eb2ed311_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-05_5999046ef6d3ca4210455035eb2ed311_mafia
Size

1.8MB
MD5

5999046ef6d3ca4210455035eb2ed311
SHA1

d1aa945ef4bd4ec72e3a846ce6f9969f4867b8fd
SHA256

2b7d4ce2c7d4bc74f4a3161cdc70bb2faa03c24cf3cbe71b62ad76d461a15cc8
SHA512

498dfa0482276dd45a7314849d8c281b5444ed6e70b2ba6021df96f4d44878ee3a2fc50bcd241c81807a8c0f124a883d92288f8aa098147e9f700f006e2a6515
SSDEEP

49152:pmVix6yNEvY81m8cKbvUr884BlrgdEjljEEjyHW5Lxo1f0EW5Hb:p961vNmBKbvUr88slcEjl3WH4o1f0EY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-05_5999046ef6d3ca4210455035eb2ed311_mafia

Files

2024-06-05_5999046ef6d3ca4210455035eb2ed311_mafia
.exe windows:5 windows x86 arch:x86

c73c62e4070ae0e546f9be4a13b34f8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\perforce\build_scm_medstation_7.3\Station\Release\Registryhandler.pdb

Imports

userenv

LoadUserProfileW
UnloadUserProfile

printerreg

PyxisLogonUser

kernel32

EnumSystemLocalesA
GetLocaleInfoA
GetTimeZoneInformation
QueryPerformanceCounter
GetStartupInfoW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
InterlockedCompareExchange
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
CreateThread
ExitThread
HeapReAlloc
RaiseException
ExitProcess
RtlUnwind
HeapAlloc
HeapSetInformation
HeapFree
DecodePointer
EncodePointer
FindResourceExW
GetUserDefaultLCID
VirtualProtect
GetNumberFormatW
GetWindowsDirectoryW
SearchPathW
Sleep
GetProfileIntW
GetTickCount
GetTempPathW
GetTempFileNameW
FreeResource
GlobalFindAtomW
InitializeCriticalSectionAndSpinCount
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
FileTimeToSystemTime
lstrlenA
GlobalGetAtomNameW
GetCurrentProcessId
IsValidLocale
WriteConsoleW
GlobalAddAtomW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
InterlockedIncrement
TlsFree
GetProcessHeap
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
CompareStringW
GlobalFlags
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
lstrcpyW
GetSystemDirectoryW
GetCurrentDirectoryW
ResumeThread
SetThreadPriority
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileW
CreateFileW
lstrcmpiW
GlobalFree
CopyFileW
GlobalSize
GlobalUnlock
MulDiv
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameW
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
ActivateActCtx
LoadLibraryW
DeactivateActCtx
SetLastError
MultiByteToWideChar
WideCharToMultiByte
GlobalLock
lstrcmpW
GlobalAlloc
GetProcAddress
FreeLibrary
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
LocalFree
GetModuleHandleW
GetCommandLineW
GetVersionExW
WaitForSingleObject
CreateProcessW
DeleteFileW
CloseHandle
FindResourceW
LoadResource
LockResource
SizeofResource
GetComputerNameW
FormatMessageW
FindFirstFileW
lstrlenW
GetLastError
GetCurrentProcess
DeleteCriticalSection
SetEnvironmentVariableA

user32

CloseClipboard
SetClipboardData
OpenClipboard
GetMenuDefaultItem
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
PostThreadMessageW
CreateMenu
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
LoadImageW
InsertMenuItemW
TranslateAcceleratorW
CopyImage
DestroyIcon
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
MessageBeep
ReleaseCapture
SetCapture
GetSystemMenu
LoadMenuW
IntersectRect
SetClassLongW
GetAsyncKeyState
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
IsIconic
OffsetRect
IsRectEmpty
DestroyMenu
GetMenuItemInfoW
InflateRect
ShowWindow
MoveWindow
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
EmptyClipboard
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
GetWindowTextLengthW
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
KillTimer
SetTimer
InvalidateRect
UpdateWindow
GetDesktopWindow
RealChildWindowFromPoint
GetWindow
GetDlgCtrlID
GetWindowRect
GetWindowLongW
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
GetIconInfo
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
InvertRect
HideCaret
GetNextDlgGroupItem
MapDialogRect
DrawIcon
FillRect
UnhookWindowsHookEx
GetSysColorBrush
GetClassInfoW
DefWindowProcW
MapWindowPoints
GetClientRect
LoadCursorW
SetLayeredWindowAttributes
GetSysColor
DestroyCursor
GetWindowRgn
SendDlgItemMessageA
EnumDisplayMonitors
SystemParametersInfoW
GetMonitorInfoW
SetRectEmpty
CopyRect
DeleteMenu
ShowOwnedPopups
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
CharUpperW
GetSystemMetrics
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
PostMessageW
PostQuitMessage
ScrollWindow
NotifyWinEvent

gdi32

CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CombineRgn
GetBkColor
GetTextColor
PatBlt
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetRectRgn
DPtoLP
OffsetRgn
GetRgnBox
SetDIBColorTable
RealizePalette
StretchBlt
SetPixel
Rectangle
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
GetTextExtentPoint32W
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExW
GetTextFaceW
SetPixelV
CreateRectRgn
SelectClipRgn
LPtoDP
SetLayout
CreateHatchBrush
GetObjectType
SelectPalette
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateDCW
CopyMetaFileW
GetPixel
GetWindowExtEx
GetWindowOrgEx
GetDeviceCaps
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
BitBlt
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
GetObjectW
CreateFontIndirectW
CreatePatternBrush
CreateSolidBrush
CreatePen
GetStockObject
CreateDIBitmap
CreateBitmap
GetViewportExtEx

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
LookupAccountNameW
IsValidSid
ConvertSidToStringSidW
LogonUserW
RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegEnumValueW
RegSetValueExW
RegQueryValueExW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegCreateKeyExW
DuplicateToken

shell32

SHGetSpecialFolderLocation
ShellExecuteW
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetDesktopFolder
SHAppBarMessage

comctl32

ImageList_GetIconSize

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW

ole32

CoInitializeEx
DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoUninitialize
CoInitialize
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoCreateGuid

oleaut32

SysFreeString
VariantInit
VarBstrFromDate
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
VariantClear
SysStringLen
SysAllocString

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c73c62e4070ae0e546f9be4a13b34f8e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

userenv

printerreg

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 453KB - Virtual size: 453KB

.data Size: 25KB - Virtual size: 55KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 166KB - Virtual size: 166KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 453KB - Virtual size: 453KB

.data
Size: 25KB - Virtual size: 55KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 166KB - Virtual size: 166KB