2024-06-10_e1560516ce59b2638dc6435494e63947_mafia_nionspy

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-10_e1560516ce59b2638dc6435494e63947_mafia_nionspy
Size

305KB
MD5

e1560516ce59b2638dc6435494e63947
SHA1

1c5441e05404d8d2c04d30f403113d4196cd7c40
SHA256

acefc851e7345e59aff6781f25972e6bca31a21176e2ea3767163f6e7ed10ee3
SHA512

0d1fe5d85b87468464896ce1d2578c114bbf667d12cfc3571722d60b5e180c71e73d9fe779a37adee99a8b3bd3ff9bafc43e688737a84e96dceb0c4e422c785a
SSDEEP

6144:WF6xeFUWNSs6zPlIQ/slZjA3ZwLWRtYV9Wt2aPU+0siF1ZpAV1u2r8gjzzDKph:W8xeFUWNSsYPlIQ/slZjIZbmV9WnULsS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-10_e1560516ce59b2638dc6435494e63947_mafia_nionspy

Files

2024-06-10_e1560516ce59b2638dc6435494e63947_mafia_nionspy
.exe windows:5 windows x86 arch:x86

d96b126a1a3a7c229d1b024bc90b4312

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetLocalTime
GlobalMemoryStatusEx
GetSystemTime
GetDriveTypeA
GetFileAttributesA
SetFileAttributesA
LoadLibraryA
GetModuleFileNameA
IsDebuggerPresent
GetVersionExA
OpenFile
SetFileTime
GetFileTime
GetComputerNameA
CreateFileA
WriteFile
ReadFile
CreateMailslotA
GetCurrentProcessId
GlobalLock
GlobalUnlock
GetTickCount
CompareStringW
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
GetDriveTypeW
WriteConsoleW
SetStdHandle
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetProcAddress
GetACP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreatePipe
GetLocaleInfoW
LoadLibraryW
GetLastError
GetCurrentProcess
CreateThread
CreateToolhelp32Snapshot
Process32Next
TerminateProcess
CreateProcessA
TerminateThread
OpenProcess
WaitForSingleObject
Process32First
EndUpdateResourceA
LoadLibraryExA
BeginUpdateResourceA
LockResource
UpdateResourceA
LoadResource
FreeLibrary
FreeResource
FindResourceA
OpenFileMappingA
CloseHandle
UnmapViewOfFile
HeapSize
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleFileNameW
CreateFileW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapCreate
IsProcessorFeaturePresent
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetOEMCP
MapViewOfFile
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
HeapAlloc
HeapReAlloc
DeleteFileA
FindNextFileA
GetSystemTimeAsFileTime
GetModuleHandleW
ExitProcess
CreateDirectoryA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
DuplicateHandle
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar

user32

SetWindowsHookExA
TranslateMessage
GetMessageA
GetDesktopWindow
ReleaseDC
GetDC
DispatchMessageA
MessageBoxA
GetRawInputDeviceList
GetRawInputDeviceInfoA
UnhookWindowsHookEx
GetKeyState
CallNextHookEx
GetForegroundWindow
GetWindowTextA
OpenClipboard
GetClipboardData
CloseClipboard
GetWindowRect
GetWindowThreadProcessId
GetKeyboardLayout

gdi32

GetPixel
BitBlt
DeleteDC
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegOpenKeyExA
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
GetTokenInformation
OpenProcessToken
RegCloseKey
RegDeleteValueA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
SetKernelObjectSecurity

shell32

ShellExecuteA

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit

shlwapi

SHDeleteKeyA

wininet

InternetConnectA
InternetReadFile
HttpOpenRequestA
InternetGetConnectedState
HttpSendRequestA
InternetOpenA
InternetCloseHandle

winmm

mciSendStringA

wsock32

send
gethostbyname
closesocket
socket
recv
htons
WSAStartup
connect

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d96b126a1a3a7c229d1b024bc90b4312

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

winmm

wsock32

iphlpapi

Sections

.text Size: 236KB - Virtual size: 235KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 236KB - Virtual size: 235KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 14KB - Virtual size: 13KB