2024-06-06_831221945acf0d86c2fb76abbb33f44b_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-06_831221945acf0d86c2fb76abbb33f44b_mafia
Size

649KB
MD5

831221945acf0d86c2fb76abbb33f44b
SHA1

37ead6c40f16f34a3f8819eb769b8cf9f722ad24
SHA256

59786366afba2fb2a6ebfba9e03932007a443549a049d1629af2b83374097aae
SHA512

196e6da319d7fc068e092a61a05e5be89e2bbffe184fa36d0ca9dfdf4dc6a1b8cb4f2908721cf974a0cebda4183ae0b80d1128c11d6417c11660dba64bfb6f83
SSDEEP

12288:QTK+4zK75xoWsJYRh8tXbklOupDN1jnQNjsDghiO1GgHMnSuC7Sv8TfKkS:GoWdOupDN1rQNj2fO1PMaTf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-06_831221945acf0d86c2fb76abbb33f44b_mafia

Files

2024-06-06_831221945acf0d86c2fb76abbb33f44b_mafia
.exe windows:5 windows x86 arch:x86

56d54515d669588df828cb18c07ca68b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\jenkins-slave\workspace\advflow2\xIcon\Bin\Release\ShellExe\ShellExe.pdb

Imports

iphlpapi

GetAdaptersInfo

advapi32

CryptReleaseContext
CryptGenRandom
CryptCreateHash
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptGetHashParam
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
CryptHashData
CryptDestroyHash
CryptAcquireContextA

ws2_32

setsockopt
listen
ioctlsocket
gethostname
htonl
ntohl
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
recvfrom
connect
getpeername
getsockopt
bind
ntohs
getsockname
accept
WSAIoctl
send
recv
select
__WSAFDIsSet
WSASetLastError
htons
sendto
socket
closesocket
getaddrinfo

crypt32

CertFreeCertificateContext

wldap32

ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord22
ord211
ord143
ord60

kernel32

EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
GetFullPathNameA
GetLocaleInfoW
GetModuleFileNameW
GetStartupInfoW
SetHandleCount
HeapCreate
ExitProcess
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
HeapReAlloc
ExitThread
LoadLibraryW
GetCurrentDirectoryW
WriteConsoleW
GetTimeZoneInformation
RtlUnwind
RaiseException
HeapSetInformation
Sleep
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetFileSize
CreateDirectoryA
GetModuleFileNameA
GetModuleHandleExA
CompareStringW
SetFilePointer
CreateFileA
SetEndOfFile
SystemTimeToFileTime
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
WriteFile
FileTimeToSystemTime
OutputDebugStringA
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
EnterCriticalSection
GetTickCount
GetProcAddress
GetModuleHandleA
GetNativeSystemInfo
GetComputerNameExA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
QueryDosDeviceA
GetLogicalDriveStringsA
LocalFree
FormatMessageA
GetCurrentProcess
OpenProcess
WaitForSingleObject
CreateToolhelp32Snapshot
ResumeThread
TerminateProcess
CreateProcessA
Process32Next
Process32First
GetFileAttributesExA
ReadFile
HeapFree
GetProcessHeap
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateEventA
LoadLibraryA
HeapAlloc
CreateFileW
TlsGetValue
TlsSetValue
TlsAlloc
SetEvent
TerminateThread
CreateThread
GetModuleHandleW
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
TlsFree
PostQueuedCompletionStatus
InterlockedExchangeAdd
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
VerifyVersionInfoA
VerSetConditionMask
SetWaitableTimer
CreateIoCompletionPort
QueueUserAPC
WaitForMultipleObjects
GetQueuedCompletionStatus
SetLastError
InterlockedCompareExchange
GetSystemTimeAsFileTime
ReleaseSemaphore
OpenEventA
ResetEvent
FreeLibrary
SleepEx
GetSystemDirectoryA
PeekNamedPipe
GetFileType
GetStdHandle
GetCommandLineA
DecodePointer
EncodePointer
SetEnvironmentVariableA
CloseHandle
GetDriveTypeW

user32

GetWindowThreadProcessId
FindWindowA
wsprintfA

psapi

GetModuleFileNameExA
GetProcessImageFileNameA

Sections

.text
Size: 472KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56d54515d669588df828cb18c07ca68b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

advapi32

ws2_32

crypt32

wldap32

kernel32

user32

psapi

Sections

.text Size: 472KB - Virtual size: 472KB

.rdata Size: 113KB - Virtual size: 112KB

.data Size: 19KB - Virtual size: 28KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 42KB - Virtual size: 42KB

.text
Size: 472KB - Virtual size: 472KB

.rdata
Size: 113KB - Virtual size: 112KB

.data
Size: 19KB - Virtual size: 28KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 42KB - Virtual size: 42KB