2024-06-05_e217cc37edb0583a1d605b0b51a4b868_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-05_e217cc37edb0583a1d605b0b51a4b868_mafia
Size

540KB
MD5

e217cc37edb0583a1d605b0b51a4b868
SHA1

2a62d35801921edab4add32218279868fde1bcc3
SHA256

4dd6cdc130e5cb22ecea7f688bc9561ad4d03512537ab2b73bfbe80aafbd1669
SHA512

80017145d0baed5955c135b12c4c6b3e72323299d95605cd4a58bc48aac28af6aff48362aa969cc437e638e3ea876b944f1bdb87c71471e5f7c42f306b85a34e
SSDEEP

6144:GcfMCNOlTfB7n3slKcm7UIc+IXEoMqKvrCv2Wu9uhYe+00dv4/:GcteTWlKNUIB6BMqKvrCv/u9uhN+1dc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-05_e217cc37edb0583a1d605b0b51a4b868_mafia

Files

2024-06-05_e217cc37edb0583a1d605b0b51a4b868_mafia
.exe windows:5 windows x86 arch:x86

8f11e988c4dec6b622b50049f97acf93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CreateProcessW
CopyFileW
ExpandEnvironmentStringsW
FormatMessageW
LoadLibraryExW
CreateEventW
CreateThread
ReadProcessMemory
OpenProcess
TerminateProcess
SleepEx
ResumeThread
GetThreadContext
VirtualFreeEx
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
CreateRemoteThread
CreateFileW
HeapFree
HeapAlloc
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentVariableW
GetFullPathNameW
LoadLibraryW
FreeLibrary
SetFilePointer
ReadFile
GetFileAttributesW
SetEnvironmentVariableW
GetSystemTimeAsFileTime
ExitProcess
DecodePointer
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
GetFileType
GetStdHandle
GetExitCodeProcess
GetCommandLineA
HeapSetInformation
GetStringTypeW
CreateDirectoryA
RemoveDirectoryA
EncodePointer
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FatalAppExitA
SetConsoleCtrlHandler
InterlockedExchange
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStartupInfoW
Sleep
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
HeapDestroy
IsProcessorFeaturePresent
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringW
SetStdHandle
SetEndOfFile
HeapSize
HeapReAlloc
CreateFileA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetDriveTypeW
GetFullPathNameA
LocalAlloc
FindNextFileW
RemoveDirectoryW
CreateDirectoryW
CloseHandle
GetSystemDirectoryW
GetShortPathNameW
GetModuleHandleW
GetProcAddress
LocalFree
DeleteFileW
MoveFileW
MoveFileExW
FindFirstFileW
FindClose
GetCurrentThread
GetCurrentProcess
FormatMessageA
GetModuleFileNameW
GetLastError

drconfiglib

dr_register_process
dr_process_is_registered
dr_register_client
dr_num_registered_clients
dr_get_config_dir
dr_unregister_process

drinjectlib

dr_inject_using_debug_key
dr_inject_print_stats
dr_inject_process_exit
dr_inject_process_run
dr_inject_process_inject
dr_inject_get_image_name
dr_inject_get_process_id
dr_inject_process_create
dr_inject_wait_for_child

advapi32

IsValidSecurityDescriptor
RegSetKeySecurity
GetSecurityInfo
ClearEventLogW
OpenEventLogW
NotifyChangeEventLog
GetNumberOfEventLogRecords
GetOldestEventLogRecord
ReadEventLogW
CloseEventLog
RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetLengthSid
InitializeAcl
AddAccessAllowedAce
LookupAccountNameW
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
InitiateSystemShutdownW
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SetSecurityDescriptorDacl

Sections

.text
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f11e988c4dec6b622b50049f97acf93

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

drconfiglib

drinjectlib

advapi32

Sections

.text Size: 424KB - Virtual size: 423KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 6KB - Virtual size: 15KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 424KB - Virtual size: 423KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 6KB - Virtual size: 15KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB