2024-06-08_000f9ab4b0304f976d582977041838c5_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-08_000f9ab4b0304f976d582977041838c5_mafia
Size

549KB
MD5

000f9ab4b0304f976d582977041838c5
SHA1

eeb51979da17019f72540fefc70d4851528c2ae7
SHA256

3805feab2a7be12d2715abf43efe412e94036ed6d2af70b96837a0909aa49d6b
SHA512

e7e8938ddc82d8febcdfd06f212e001ed1605cfe294ad67057effda3d9f66e282b6f9bacd124a45756005911dfa0d5db4fa38213b65fb38a8acee3f87b7b14d3
SSDEEP

12288:biLQLCkqe2b2/sYO2QRdx36BZL/kTp0L/x:bEQrqv8Jux6BZLv/x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-08_000f9ab4b0304f976d582977041838c5_mafia

Files

2024-06-08_000f9ab4b0304f976d582977041838c5_mafia
.exe windows:5 windows x86 arch:x86

e280e6c9f920ea66f07c65f2f25e5f19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\YYClient\build\11Client\Release\11homepageEx.pdb

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GetLastError
EnterCriticalSection
LeaveCriticalSection
IsBadReadPtr
IsBadWritePtr
OutputDebugStringW
lstrcpynW
lstrlenW
InterlockedExchange
TerminateThread
Sleep
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
lstrcmpW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetCurrentThreadId
GetModuleFileNameW
lstrcatW
CreateDirectoryW
GetTickCount
SetProcessWorkingSetSize
GetCurrentProcess
GetCurrentProcessId
SetLastError
DecodePointer
HeapAlloc
ExitThread
CreateThread
SetNamedPipeHandleState
TransactNamedPipe
ResetEvent
SetEvent
WaitForMultipleObjects
WaitNamedPipeW
CreateSemaphoreW
RtlCaptureContext
VirtualQueryEx
GetProcessId
ReleaseSemaphore
WaitForSingleObject
LocalFree
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapReAlloc
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
HeapFree
HeapSize
GetFullPathNameW
GetUserDefaultLCID
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryW
FreeLibrary
InitializeCriticalSectionAndSpinCount
GetDriveTypeW
GetCurrentDirectoryW
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapCreate
GetLocaleInfoW
GetStdHandle
WriteFile
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
RtlUnwind
RaiseException
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineW
ExitProcess
GetModuleHandleW
GetProcAddress
EncodePointer

user32

TranslateMessage
DispatchMessageW
AttachThreadInput
SetTimer
PostMessageW
GetParent
PeekMessageW
MoveWindow
PostQuitMessage
CreateWindowExW
RegisterClassW
LoadCursorW
SetWindowLongW
DefWindowProcW
GetWindowLongW
KillTimer
GetKeyState
PostThreadMessageW
GetFocus
ShowWindow
DestroyWindow
wsprintfW
IsWindow

shell32

ShellExecuteExW
SHGetFolderPathW

ole32

CoCreateInstance
CoUninitialize
OleInitialize
OleUninitialize
CLSIDFromProgID
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantClear

webproxyhelp

StartHook
SetWebProxy

winmm

timeGetTime

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW

procproxy

GetYYPPObj

libcef

cef_string_map_free
cef_string_map_alloc
cef_string_multimap_free
cef_string_multimap_alloc
cef_string_list_copy
cef_register_extension
cef_register_scheme_handler_factory
cef_initialize
cef_api_hash
cef_execute_process
cef_string_map_size
cef_shutdown
cef_time_delta
cef_time_now
cef_string_utf16_cmp
cef_string_utf16_set
cef_string_utf8_to_utf16
cef_string_utf16_to_utf8
cef_string_utf16_clear
cef_string_utf8_clear
cef_string_map_key
cef_string_map_value
cef_string_list_size
cef_string_list_value
cef_string_multimap_append
cef_string_map_append
cef_string_list_append
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_browser_host_create_browser
cef_cookie_manager_get_global_manager
cef_process_message_create
cef_v8context_get_current_context
cef_string_list_alloc
cef_string_list_free
cef_v8value_create_function
cef_v8value_create_array
cef_v8value_create_object
cef_v8value_create_string
cef_v8value_create_date
cef_v8value_create_double
cef_v8value_create_uint
cef_v8value_create_bool
cef_v8value_create_null
cef_v8value_create_undefined
cef_list_value_create
cef_string_userfree_utf16_free
cef_v8value_create_int

Sections

.text
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e280e6c9f920ea66f07c65f2f25e5f19

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

oleaut32

webproxyhelp

winmm

shlwapi

procproxy

libcef

Sections

.text Size: 367KB - Virtual size: 367KB

.rdata Size: 63KB - Virtual size: 62KB

.data Size: 10KB - Virtual size: 31KB

.rsrc Size: 79KB - Virtual size: 79KB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 367KB - Virtual size: 367KB

.rdata
Size: 63KB - Virtual size: 62KB

.data
Size: 10KB - Virtual size: 31KB

.rsrc
Size: 79KB - Virtual size: 79KB

.reloc
Size: 28KB - Virtual size: 27KB