2024-06-07_edcd14e902781aaef136524b506de3ed_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-07_edcd14e902781aaef136524b506de3ed_mafia
Size

1.2MB
MD5

edcd14e902781aaef136524b506de3ed
SHA1

434c01b2b3c9963de7270649ad3781e8bef907d9
SHA256

045ec0772bb18ae3fb578d31e8fd0c2916752697833372d6c3ebc430c277c8ca
SHA512

a88485c3e0d2573fd90a14faac6e8cbd66aee2c346dfdb7c8693bd180f21716fb7200a9e4f1e0c482d70f963d674886c896a67ec103f17a72dc968232cc923dc
SSDEEP

24576:mfTcRpfMbgV+eA+ZJpqRkdP1x/pb7pxCWp7H8mnvWK+s4Gxhsvd:3pmVkJpQcf7fCKj8mvnoGxhg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-07_edcd14e902781aaef136524b506de3ed_mafia

Files

2024-06-07_edcd14e902781aaef136524b506de3ed_mafia
.exe windows:5 windows x86 arch:x86

ea6d69725b2fe3e06cf78df39372328e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\SEP_12.1\Output\SEPClientProtection\Bin.iru\Checksum.pdb

Imports

setupapi

SetupIterateCabinetW

kernel32

GetTempFileNameW
SetEvent
WideCharToMultiByte
GetSystemTimeAsFileTime
SetConsoleCursorPosition
WriteConsoleW
GetTempPathW
GetStdHandle
GetConsoleScreenBufferInfo
CreateEventW
GetVersion
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
GetFileSizeEx
GetFileTime
GetFileInformationByHandle
FormatMessageW
VerifyVersionInfoW
VerSetConditionMask
VirtualFree
HeapSize
VirtualAlloc
HeapReAlloc
SetFilePointer
WriteFile
FlushFileBuffers
GetFileSize
GetFullPathNameW
lstrcpyW
TryEnterCriticalSection
DuplicateHandle
GetCurrentThreadId
GetLocalTime
GetModuleFileNameW
OutputDebugStringW
GlobalUnlock
GlobalLock
GlobalSize
GetCurrentDirectoryW
GetShortPathNameW
GetLongPathNameW
TerminateProcess
ReleaseSemaphore
CreateSemaphoreW
OpenSemaphoreW
PulseEvent
ResetEvent
SetUnhandledExceptionFilter
GetThreadContext
WaitForMultipleObjects
WaitForMultipleObjectsEx
SetConsoleMode
ReadConsoleInputA
LocalFree
DeleteCriticalSection
OpenEventW
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LockResource
MultiByteToWideChar
SizeofResource
LoadLibraryExW
LoadResource
FindResourceW
FindResourceExW
lstrlenA
GetDriveTypeW
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
GetCurrentProcessId
DeleteFileW
GetWindowsDirectoryW
FindNextFileW
GetSystemInfo
FindClose
GlobalFree
GetStartupInfoW
lstrlenW
CreateFileW
GetFileAttributesW
GetVersionExW
Sleep
LoadLibraryW
GlobalAlloc
GetTickCount
WaitForSingleObject
CreateDirectoryW
CreateProcessW
FreeLibrary
FindFirstFileW
CloseHandle
GetLastError
OpenProcess
GetCurrentThread
GetProcAddress
GetSystemDirectoryW
GetModuleHandleW
GetCurrentProcess
SetEndOfFile
FlushConsoleInputBuffer
LoadLibraryA
GlobalMemoryStatus
GetModuleHandleA
SetEnvironmentVariableA
CreateFileA
SetStdHandle
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
ExitProcess
HeapCreate
IsProcessorFeaturePresent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
LCMapStringW
CompareStringW
GetCPInfo
VirtualQuery
VirtualProtect
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
HeapSetInformation
GetCommandLineW
CreateThread
ExitThread
HeapDestroy
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
RaiseException

user32

PeekMessageW
GetSystemMetrics
CharNextW
CharPrevW
DispatchMessageW
GetMessageA
IsWindowUnicode
DispatchMessageA
GetMessageW
GetClassNameW
GetWindowTextW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
MsgWaitForMultipleObjectsEx
TranslateMessage

advapi32

RegOpenKeyExW
LookupPrivilegeNameW
QueryServiceStatusEx
ConvertSidToStringSidW
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumValueW
RegSetValueExW
RegDeleteValueW
LookupAccountNameW
SetTokenInformation
RevertToSelf
ImpersonateLoggedOnUser
RegEnumKeyExW
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
RegCloseKey
AdjustTokenPrivileges
StartServiceW
LookupPrivilegeValueW
EqualSid
OpenServiceW
OpenSCManagerW
CloseServiceHandle
FreeSid
AllocateAndInitializeSid
DuplicateTokenEx
LookupAccountSidW
GetTokenInformation
OpenThreadToken
OpenProcessToken
RegQueryValueExW
TraceMessage
ReportEventA
DeregisterEventSource
RegisterEventSourceA

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

GetHGlobalFromStream
OleLoadFromStream
CLSIDFromString
IIDFromString
CoInitializeEx
OleSaveToStream
CreateStreamOnHGlobal
CoUninitialize
StringFromGUID2

oleaut32

SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SafeArrayLock
SafeArrayAccessData
SafeArrayCreateVector
VariantCopyInd
SafeArrayRedim
SafeArrayUnlock
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayCreate

shlwapi

PathIsUNCServerW
SHDeleteEmptyKeyW
PathAppendW
PathSkipRootW
PathIsUNCW
SHDeleteKeyW
PathRemoveFileSpecW
PathAddBackslashW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

userenv

GetDefaultUserProfileDirectoryW
UnloadUserProfile

Sections

.text
Size: 906KB - Virtual size: 905KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea6d69725b2fe3e06cf78df39372328e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

userenv

Sections

.text Size: 906KB - Virtual size: 905KB

.rdata Size: 217KB - Virtual size: 216KB

.data Size: 17KB - Virtual size: 35KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 70KB - Virtual size: 69KB

.text
Size: 906KB - Virtual size: 905KB

.rdata
Size: 217KB - Virtual size: 216KB

.data
Size: 17KB - Virtual size: 35KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 70KB - Virtual size: 69KB