2024-06-08_b021eb7cff66ec78dea27ac95ad31be3_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-08_b021eb7cff66ec78dea27ac95ad31be3_mafia
Size

12.5MB
MD5

b021eb7cff66ec78dea27ac95ad31be3
SHA1

a6b72b4f362cbebd62491c95670a64d2d6a50013
SHA256

0b10758e18104b156c048d483bdf2c1d5b860b8ccfa6f4f1082653719844eb79
SHA512

15ab5a5d4c7ffaf8f3d41fc4123c0993c944444876bab5f02e7328a30fa958e8876931993c5e666894bba84a7f3486107953e39a2a221da43dd733d53a565bfd
SSDEEP

196608:i61wdRCLtoVZz0Wn4DJutZXDNu/N1Cp3mqj8HDTv13IyNS2ZZnXQsAlGom8f/Apk:k0W4NQFD/3mqj8jz13Ib0ZXQsVDB2qWp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-08_b021eb7cff66ec78dea27ac95ad31be3_mafia

Files

2024-06-08_b021eb7cff66ec78dea27ac95ad31be3_mafia
.exe windows:5 windows x86 arch:x86

a4893f80aa717f463148baefebe0696f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\svnwork\stormplayer\branches\bf1128_delbug\Setup\BF_NewInstall\src\BF_InstallEngine\bin\Release\B5_Install.pdb

Imports

kernel32

GetLocalTime
CreateToolhelp32Snapshot
Process32FirstW
FindResourceExW
Process32NextW
OpenProcess
TerminateProcess
lstrcpynW
GetFileAttributesW
lstrcatW
lstrcmpiW
HeapAlloc
GetProcessHeap
GetModuleHandleA
HeapFree
MoveFileExW
Sleep
CopyFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
FlushInstructionCache
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetLastError
CreateFileMappingW
InitializeCriticalSectionAndSpinCount
RaiseException
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
GlobalFree
TerminateThread
lstrcpyW
GetDiskFreeSpaceExW
CreateMutexW
OpenMutexW
OutputDebugStringW
LoadResource
SizeofResource
FindResourceW
CreateProcessW
lstrlenA
CreateEventW
CreateSemaphoreW
ResetEvent
ReleaseSemaphore
InitializeCriticalSection
SetEvent
WaitForSingleObject
VirtualAlloc
VirtualFree
SystemTimeToFileTime
GetSystemTime
FileTimeToDosDateTime
GlobalMemoryStatus
GetModuleHandleW
GetSystemInfo
FileTimeToSystemTime
SetEndOfFile
SetFilePointer
GetFileSize
GetLogicalDriveStringsW
FindNextFileW
FindFirstFileW
FindClose
GetTempFileNameW
GetTempPathW
SearchPathW
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
CreateFileA
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetErrorMode
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FlushFileBuffers
GetConsoleCP
RtlUnwind
SetHandleCount
GetCurrentDirectoryW
lstrlenW
GetFullPathNameW
DeleteFileW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
SetFileAttributesW
SetFileTime
CreateFileW
GetSystemDirectoryW
GetWindowsDirectoryW
LocalFree
FormatMessageW
GetModuleFileNameW
LoadLibraryW
LoadLibraryExW
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
SetConsoleMode
GetConsoleMode
GetVersionExW
GetCommandLineW
SetFileApisToOEM
GetDriveTypeW
CompareFileTime
SetCurrentDirectoryW
GetProcAddress
FileTimeToLocalFileTime
GetCurrentProcess
GetProcessTimes
GetTickCount
OpenEventW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CloseHandle
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
WriteFile
GetStdHandle
HeapCreate
GetLocaleInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetSystemTimeAsFileTime
ExitProcess
VirtualQuery
VirtualProtect
CreateThread
ExitThread
EncodePointer
DecodePointer
InterlockedPopEntrySList
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
GetLastError
HeapReAlloc
ReadFile
GetStringTypeW
LockResource
lstrcmpiA
GlobalReAlloc
GetVersion
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
LoadLibraryA
GetVersionExA
HeapDestroy
DeleteCriticalSection

user32

InvalidateRect
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
GetDesktopWindow
DestroyAcceleratorTable
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RedrawWindow
SetWindowPos
CharNextW
UnregisterClassA
MessageBoxA
GetProcessWindowStation
LoadCursorW
GetDC
TrackMouseEvent
EnableWindow
SetWindowRgn
PostQuitMessage
KillTimer
SetTimer
EqualRect
SetMenuItemInfoW
RemoveMenu
GetMenuState
SetMenuInfo
GetMenuInfo
GetClassNameA
CallNextHookEx
GetCursorPos
SetWindowsHookExW
SetPropA
SetClassLongW
GetClassLongW
RegisterClassExW
CallWindowProcW
GetWindowLongW
SetWindowLongW
DefWindowProcW
IsWindowEnabled
ReleaseDC
IsWindowVisible
UnhookWindowsHookEx
GetMenuItemInfoW
OffsetRect
CopyRect
InflateRect
SetWindowTextA
FindWindowA
GetWindowDC
GetMenuItemCount
SetParent
UpdateWindow
GetPropA
EndDialog
wsprintfW
SetForegroundWindow
CharUpperA
CharNextA
CharLowerW
CharUpperW
GetUserObjectInformationW
IsZoomed
GetWindowRect
LoadIconW
FindWindowExW
SendMessageTimeoutW
FindWindowW
WaitForInputIdle
MessageBoxW
PostMessageW
EnableMenuItem
GetSystemMenu
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
GetDlgItem
SendMessageW
IsWindow
GetClassNameW
GetSysColor
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
SystemParametersInfoW
ShowWindow
SetRectEmpty
DrawTextW
MonitorFromWindow
GetMonitorInfoW
GetSystemMetrics
IsDialogMessageW
IsIconic
MapWindowPoints
GetWindowThreadProcessId
IsRectEmpty
SetRect
PtInRect
SetCursor
DrawIconEx
DialogBoxParamW

gdi32

DeleteDC
GetStockObject
DeleteObject
SetTextColor
SetBkColor
ExtTextOutW
CreatePen
CreateFontIndirectW
SetBkMode
GetClipBox
ExcludeClipRect
Rectangle
GetRgnBox
StretchBlt
GetPixel
CreateFontW
RoundRect
GetTextExtentPoint32W
Ellipse
CreateDCW
SelectPalette
RealizePalette
GetDIBits
CreateDIBitmap
CreateDIBSection
ExtCreateRegion
CombineRgn
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetDeviceCaps
GetObjectW
CreateSolidBrush
BitBlt

advapi32

RegisterEventSourceA
RegEnumKeyExW
RegSetValueExW
RegEnumValueW
GetUserNameW
BuildExplicitAccessWithNameW
DeleteAce
GetExplicitEntriesFromAclW
SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegOpenKeyW
SetFileSecurityW
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAccessAllowedAce
AddAce
EqualSid
GetAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityW
LookupAccountNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ReportEventA
DeregisterEventSource
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
CoInitialize
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemRealloc
PropVariantClear

oleaut32

OleCreateFontIndirect
SysStringLen
VariantInit
SysStringByteLen
LoadRegTypeLi
VariantCopy
VariantClear
SysAllocStringByteLen
SysAllocString
LoadTypeLi
SysAllocStringLen
SysFreeString
VarUI4FromStr

wininet

InternetGetConnectedState

sensapi

IsNetworkAlive

psapi

GetModuleFileNameExW

shlwapi

SHDeleteValueW
StrCmpW
PathAddBackslashW
PathRemoveFileSpecW
StrStrIW
StrChrIW
SHStrDupW
PathIsSameRootW
PathSkipRootW
SHDeleteKeyW
PathAppendW
PathFileExistsW
PathIsDirectoryW
PathStripToRootW
SHGetValueW
SHSetValueW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

TransparentBlt

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

winhttp

WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpConnect
WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpWriteData

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winmm

timeKillEvent
timeSetEvent

iphlpapi

GetAdaptersInfo

gdiplus

GdipDisposeImage
GdipCloneImage
GdipFillRectangle
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipLoadImageFromStream
GdipReleaseDC
GdipFree
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStreamICM
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipDrawImageRectRect
GdipAlloc

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36.1MB - Virtual size: 36.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4893f80aa717f463148baefebe0696f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

sensapi

psapi

shlwapi

comctl32

msimg32

wtsapi32

winhttp

version

winmm

iphlpapi

gdiplus

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 227KB - Virtual size: 226KB

.data Size: 61KB - Virtual size: 86KB

.rsrc Size: 36.1MB - Virtual size: 36.1MB

.reloc Size: 179KB - Virtual size: 178KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 227KB - Virtual size: 226KB

.data
Size: 61KB - Virtual size: 86KB

.rsrc
Size: 36.1MB - Virtual size: 36.1MB

.reloc
Size: 179KB - Virtual size: 178KB