2024-06-05_1412fbff2baeb20bf12665c47b774750_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-05_1412fbff2baeb20bf12665c47b774750_mafia
Size

911KB
MD5

1412fbff2baeb20bf12665c47b774750
SHA1

4aca6d40804b3394f824ea0a481c968f5916183c
SHA256

ca4258f96da89144f4d8e07227e8cc530745f7f7f4bda38921ded358d4fc22e3
SHA512

de675ddc54f314a699faf22c7e353d3a9759d3b52ff6ffdad1f540d1a170073975b24e48989a593fc6857052071505425cf40475d6a98a35c389f707c95ee70f
SSDEEP

12288:skYK1ICmmqpOLb3C+4k9kxUp62p6NzrxMFnm+XvUjljChZvH1uUkBFb3KN284EWI:su1VmmqpOLzJNqml1UF+NZ4HTchLzh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-05_1412fbff2baeb20bf12665c47b774750_mafia

Files

2024-06-05_1412fbff2baeb20bf12665c47b774750_mafia
.exe windows:5 windows x86 arch:x86

77b6a52a586327309c392e59efc208a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\autobuild\browser-tools-guard\output\Release\nethost.pdb

Imports

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

kernel32

CreateProcessW
DeleteFileW
WaitForSingleObject
GetCurrentProcessId
CreateToolhelp32Snapshot
CloseHandle
Process32FirstW
Process32NextW
OpenProcess
MoveFileExW
CreateDirectoryW
CreateMutexW
FindResourceW
LoadResource
VerSetConditionMask
GetTickCount
SizeofResource
FormatMessageW
Sleep
GetVersionExW
GetFileAttributesW
TerminateProcess
GetTempPathW
VerifyVersionInfoW
FindClose
LockResource
GetSystemInfo
ReleaseMutex
WideCharToMultiByte
FileTimeToSystemTime
GetCurrentThreadId
GetCurrentProcess
InterlockedCompareExchange
OutputDebugStringW
GetProcAddress
IsWow64Process
CreateFileW
FormatMessageA
CreateFileA
LocalFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
GetProcessId
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
UnregisterWait
SetThreadPriority
OpenThread
RegisterWaitForSingleObject
ResumeThread
CreateThread
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
SystemTimeToFileTime
GetLocalTime
GetDriveTypeW
InterlockedDecrement
CopyFileW
GetLastError
GetModuleFileNameW
GetCommandLineW
HeapFree
HeapSetInformation
GetStartupInfoW
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetFileInformationByHandle
ExitThread
GetFullPathNameA
GetCurrentDirectoryW
MultiByteToWideChar
ExpandEnvironmentStringsA
WaitForMultipleObjects
LoadLibraryA
PeekNamedPipe
GetVersionExA
SleepEx
SetEnvironmentVariableA
GetProcessHeap
SetEndOfFile
SetStdHandle
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedIncrement
FreeLibrary
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
HeapReAlloc
GetUserDefaultLCID
LoadLibraryW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
ReadFile
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetLastError
HeapCreate
GetLocaleInfoW
WriteFile
ExitProcess
GetModuleHandleW
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CompareStringW
GetCPInfo
LCMapStringW
RaiseException
RtlUnwind
GetStdHandle
GetFileType
WriteConsoleW
GetDateFormatA
GetTimeFormatA
HeapAlloc

advapi32

CryptCreateHash
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidW
LookupAccountNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegCloseKey
RegFlushKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyW
GetUserNameW
CryptDestroyHash
CryptHashData
CryptGetHashParam

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

shlwapi

PathAppendW

ws2_32

WSASetLastError
closesocket
getsockopt
WSAStartup
WSACleanup
bind
recv
setsockopt
getsockname
gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
listen
accept
recvfrom
sendto
send
ntohs
htons
WSAGetLastError
connect
WSAIoctl
getpeername
__WSAFDIsSet
select
socket

wldap32

ord35
ord32
ord200
ord50
ord79
ord143
ord33
ord26
ord60
ord27
ord301
ord211
ord46
ord30
ord22
ord41

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 693KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tvxsjmy
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

77b6a52a586327309c392e59efc208a1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 693KB - Virtual size: 692KB

.rdata Size: 137KB - Virtual size: 137KB

.data Size: 20KB - Virtual size: 31KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 58KB - Virtual size: 86KB

tvxsjmy Size: - Virtual size: 4KB

.text
Size: 693KB - Virtual size: 692KB

.rdata
Size: 137KB - Virtual size: 137KB

.data
Size: 20KB - Virtual size: 31KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 58KB - Virtual size: 86KB

tvxsjmy
Size: - Virtual size: 4KB