2024-06-09_940dc2846d1f28d107fa5966f694cbd2_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-09_940dc2846d1f28d107fa5966f694cbd2_mafia
Size

1.0MB
MD5

940dc2846d1f28d107fa5966f694cbd2
SHA1

aed6d6742c5500b5df7457215abf1d9c0205c2cc
SHA256

718dec00c2a79bb7f46127aff8f2f5e1d65db22aaaf393f451f3a9ad323d4057
SHA512

7190fb90f5a6dd1c68b5cc37fd4f0fd8b677ad99c4abd6cc4e9e4a01ad2bbecaed3bc3095b5b184433134153defacc3a5763ee0102b4ca58ab902efca277b82a
SSDEEP

24576:6xxznqAdQ3NlYFjR6HwzI4yrrHKQOV/ynK8Bw5D5s3TPF6t2RiZ:6xxpKwE4cHK5V/8q5DKTd6tvZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-09_940dc2846d1f28d107fa5966f694cbd2_mafia

Files

2024-06-09_940dc2846d1f28d107fa5966f694cbd2_mafia
.exe windows:5 windows x86 arch:x86

9578ec39c60c9c40ac8cc3f0fa8cb5cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpQueryInfoW
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestW
HttpOpenRequestW
InternetAttemptConnect
InternetConnectW
InternetSetOptionW
InternetOpenW
InternetCrackUrlW
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetOpenUrlW
InternetQueryOptionW
InternetGetConnectedState
DeleteUrlCacheEntryW
InternetSetCookieW
InternetCloseHandle

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

comctl32

ImageList_Add
ImageList_Draw
ImageList_GetIconSize
_TrackMouseEvent
InitCommonControlsEx
ImageList_Create
ImageList_Destroy

advapi32

OpenProcessToken
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
GetUserNameW
RegEnumKeyW
RegQueryInfoKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteKeyW

kernel32

CreateFileW
lstrcpynW
MulDiv
lstrcmpW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
GetTempPathW
TerminateThread
WaitForSingleObject
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventW
lstrlenA
GetTempFileNameA
GetTempPathA
GetProcAddress
GetModuleHandleW
LocalFree
lstrcmpiW
FreeLibrary
LoadLibraryExW
CreateMutexW
OpenMutexW
LoadLibraryW
ReleaseMutex
CreateDirectoryW
GetCurrentProcessId
GetShortPathNameA
LocalAlloc
TerminateProcess
GetTimeZoneInformation
CreateThread
SetFilePointer
CreateIoCompletionPort
SuspendThread
ResumeThread
GetQueuedCompletionStatus
GetSystemDefaultLangID
InitializeCriticalSection
lstrcmpA
ReadFile
GetComputerNameW
GetLocalTime
IsBadStringPtrW
WriteFile
FlushFileBuffers
OpenFile
GetFileSize
DeleteFileW
GetSystemInfo
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
WideCharToMultiByte
IsBadReadPtr
InterlockedCompareExchange
InterlockedPushEntrySList
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
HeapDestroy
HeapReAlloc
HeapSize
GetStringTypeW
EncodePointer
DecodePointer
RtlUnwind
ExitThread
VirtualProtect
VirtualQuery
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CreateFileA
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTickCount
QueryPerformanceCounter
GetFileType
GetStartupInfoW
ExitProcess
GetTimeFormatW
GetDateFormatW
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GlobalAlloc
GlobalFree
lstrlenW
InterlockedExchange
GlobalLock
GlobalUnlock
OutputDebugStringW
Sleep
SetLastError
GetCurrentThreadId
MultiByteToWideChar
CloseHandle
GetVersionExW
GetCurrentProcess
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetEnvironmentStringsW
SetHandleCount
PostQueuedCompletionStatus

user32

DestroyAcceleratorTable
GetDesktopWindow
FillRect
GetClassNameW
IsChild
InvalidateRgn
CharNextW
MessageBoxW
GetSysColor
GetFocus
CreateAcceleratorTableW
PostQuitMessage
ExitWindowsEx
FindWindowExW
SetWindowRgn
RegisterWindowMessageW
SendMessageTimeoutW
DispatchMessageW
LoadImageW
MonitorFromWindow
TranslateMessage
MapWindowPoints
GetDlgItem
IsDlgButtonChecked
CheckDlgButton
RedrawWindow
SetWindowTextW
MessageBoxA
SystemParametersInfoW
ClientToScreen
DrawEdge
DrawFocusRect
GetCapture
AdjustWindowRectEx
GetDlgCtrlID
GetMenu
SetCursor
GetWindowRect
GetSystemMetrics
SetParent
CopyRect
OffsetRect
GetWindow
IsWindowVisible
GetCursorPos
PtInRect
KillTimer
SetTimer
EnableWindow
SetCapture
ReleaseDC
GetDC
GetMessageW
PeekMessageW
CreateDialogParamW
LoadIconW
FindWindowW
GetActiveWindow
GetMonitorInfoW
IsRectEmpty
SetScrollInfo
GetScrollInfo
ScrollWindow
ScreenToClient
ReleaseCapture
InflateRect
SetRect
SetFocus
MoveWindow
DrawStateW
LoadBitmapW
GetWindowTextLengthW
GetWindowTextW
DefWindowProcW
GetWindowLongW
CallWindowProcW
EndPaint
BeginPaint
PostMessageW
GetParent
IsWindowEnabled
InvalidateRect
UpdateWindow
GetClientRect
SetWindowPos
TrackMouseEvent
DrawTextW
SendMessageW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
IsWindow
ShowWindow
SetWindowLongW
UnregisterClassA
DestroyWindow

gdi32

Rectangle
CreateFontIndirectW
BitBlt
CreateCompatibleBitmap
SetViewportOrgEx
SetBkColor
ExtTextOutW
GetObjectType
SetTextColor
CreateSolidBrush
MoveToEx
LineTo
SetTextAlign
GetStockObject
DPtoLP
GetDeviceCaps
CombineRgn
CreateRectRgn
CreateDCW
CreateDIBitmap
SetDIBitsToDevice
SetStretchBltMode
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
GetObjectW
GetDIBColorTable
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject
StretchBlt
SetDIBColorTable
CreateDIBSection
CreateFontW
CreatePen
SetBkMode

shell32

DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteW

ole32

OleInitialize
RegisterDragDrop
ReleaseStgMedium
CoCreateInstance
OleDuplicateData
CoInitializeSecurity
DoDragDrop
StringFromGUID2
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CreateStreamOnHGlobal
OleUninitialize
CoInitializeEx
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize
CoGetClassObject

oleaut32

SysAllocString
VariantInit
VariantClear
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysAllocStringLen
SysStringLen
OleCreateFontIndirect
SysFreeString

shlwapi

PathFileExistsW
PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathIsDirectoryW
PathAppendW

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipFree
GdiplusShutdown
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipCreateFromHDC
GdipAlloc
GdipGetImageWidth
GdipDeleteGraphics
GdipGetImagePalette
GdipDisposeImage
GdipGetImagePixelFormat
GdipLoadImageFromFile
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipGetImageHeight
GdipGetImagePaletteSize
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertFindCertificateInStore
CertGetNameStringW
CertCloseStore
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam
CryptMsgClose
CryptDecodeObject

wintrust

WinVerifyTrust

Exports

Exports

_GetCheckBoxInfoW
_GetCheckBoxShortInfoW
_GetFirstCheckBoxTypeW
_GetLeverageDownSetupPathW
_GetLeverageSetupFileUrlW
_GetNextCheckBoxTypeW
_GetSecondCheckBoxTypeW
_InitializeW
_ReloadW
_SendNClickTagW
_SetCheckBoxCheckW
_SetLeverageW

Sections

.text
Size: 678KB - Virtual size: 678KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9578ec39c60c9c40ac8cc3f0fa8cb5cf

Headers

DLL Characteristics

File Characteristics

Imports

wininet

urlmon

comctl32

advapi32

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

msimg32

gdiplus

version

crypt32

wintrust

Exports

Exports

Sections

.text Size: 678KB - Virtual size: 678KB

.rdata Size: 162KB - Virtual size: 162KB

.data Size: 23KB - Virtual size: 35KB

.rsrc Size: 394KB - Virtual size: 393KB

.reloc Size: 46KB - Virtual size: 45KB

.text
Size: 678KB - Virtual size: 678KB

.rdata
Size: 162KB - Virtual size: 162KB

.data
Size: 23KB - Virtual size: 35KB

.rsrc
Size: 394KB - Virtual size: 393KB

.reloc
Size: 46KB - Virtual size: 45KB