2024-06-07_8063be6505b10b47cdb2a2cfeb346799_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-07_8063be6505b10b47cdb2a2cfeb346799_mafia
Size

500KB
MD5

8063be6505b10b47cdb2a2cfeb346799
SHA1

547e2cd6b2e8239155d580b5af33b5435b4fe255
SHA256

5852ebfe11b7c817478281282e6a584bde15b8a69d2e467b1a77088d7d00b5d1
SHA512

7a53d1c58e458a4dac957b0c53e86e4e2a11bb9c52f9c13fc84bc99f0b5ae228f00bc7c067ce0c6f9a8436be31062083b5e9fc07f2abaca653f64cd8673dd99a
SSDEEP

6144:GJZOuXLXu92O6bQAQm4kdb9GRcX5Ea+PCiyme6:qZOuXL+oUAQL2b9GRcX6a+P5y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-07_8063be6505b10b47cdb2a2cfeb346799_mafia

Files

2024-06-07_8063be6505b10b47cdb2a2cfeb346799_mafia
.exe windows:5 windows x86 arch:x86

6149c71c29779d61db8310d3d52f9191

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\derek\dr\build_package\build_release-32\bin32\DRview.pdb

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
InitiateSystemShutdownW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
LookupAccountNameW
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegSetKeySecurity
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegOpenKeyExW
GetSecurityInfo
RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegOpenKeyW
CloseEventLog
ReadEventLogW
GetOldestEventLogRecord
GetNumberOfEventLogRecords
NotifyChangeEventLog
OpenEventLogW
ClearEventLogW

kernel32

GetProcAddress
GetModuleHandleW
Sleep
GetLastError
ReadProcessMemory
CloseHandle
OpenProcess
TerminateProcess
SleepEx
GetCurrentProcess
GetCurrentThread
FindClose
FindFirstFileW
MoveFileExW
MoveFileW
DeleteFileW
LocalFree
GetShortPathNameW
GetSystemDirectoryW
CreateDirectoryW
RemoveDirectoryW
FindNextFileW
LocalAlloc
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
CopyFileW
ResumeThread
GetThreadContext
CreateThread
VirtualFreeEx
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
CreateRemoteThread
CreateFileW
ExpandEnvironmentStringsW
FormatMessageW
LoadLibraryExW
CreateEventW
GetCurrentProcessId
HeapFree
HeapAlloc
GetProcessHeap
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
ExitProcess
DecodePointer
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapSetInformation
GetStringTypeW
MultiByteToWideChar
ReadFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
SetConsoleCtrlHandler
LoadLibraryW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FatalAppExitA
FreeLibrary
InterlockedExchange
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
SetHandleCount
GetStartupInfoW
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetStdHandle
SetFilePointer
SetEndOfFile
HeapSize
HeapReAlloc
CreateFileA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale

Sections

.text
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6149c71c29779d61db8310d3d52f9191

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

Sections

.text Size: 390KB - Virtual size: 390KB

.rdata Size: 82KB - Virtual size: 81KB

.data Size: 5KB - Virtual size: 15KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 390KB - Virtual size: 390KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 5KB - Virtual size: 15KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB