2024-06-11_1f62e59110a3f4ae58529123d31bbf02_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-11_1f62e59110a3f4ae58529123d31bbf02_mafia
Size

6.5MB
MD5

1f62e59110a3f4ae58529123d31bbf02
SHA1

216872d4f5b9c255fd33f3090daf8b254c31a346
SHA256

d52756c8192348567cc66528b033a451853aaa4cd0a0d15240f713dd909725e6
SHA512

2b11055ee5da8410912dc6973c2bf82f89e4df88f8a8c8bd5f2c5e37955b97b64d36616b525e637b8a218ef874abaca78b1305486b53607330a83df9b7ec7979
SSDEEP

196608:aDOeSwGJY+YHkMjVe19Qnt60sJSarv3l9Dg9VQBWG:nehyYHBIQntvAV9sIB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-11_1f62e59110a3f4ae58529123d31bbf02_mafia

Files

2024-06-11_1f62e59110a3f4ae58529123d31bbf02_mafia
.exe windows:5 windows x86 arch:x86

55fe5ba225f59edd84354ee244daa2e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

p:\p\agents\hpam2.eem\recipes\201152726\base\branches\inputtools_win_release_branch\googleclient\ime\goopy\scons-out\opt\obj\installer\hindi_installer.pdb

Imports

kernel32

GetStringTypeW
IsValidLocale
WriteConsoleW
CreateFileA
SetEndOfFile
GetFileAttributesW
CreateDirectoryW
GetUserDefaultUILanguage
CreateThread
GetCurrentThreadId
LockResource
EnterCriticalSection
RaiseException
FlushInstructionCache
LeaveCriticalSection
SizeofResource
GetCurrentProcess
LoadResource
FindResourceW
FindResourceExW
SetStdHandle
GetCommandLineW
InitializeCriticalSection
GlobalAlloc
WideCharToMultiByte
DeleteCriticalSection
LocalFree
lstrlenW
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
DeleteFileW
GetLastError
MoveFileExW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetSystemWow64DirectoryW
LoadLibraryW
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
GetVersionExW
GetModuleFileNameW
CreateFileW
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenEventW
SetEvent
GetTempFileNameW
HeapAlloc
HeapFree
InterlockedCompareExchange
GetProcessHeap
GetTempPathW
SetFileAttributesW
GetFileSize
ReadFile
CreateProcessW
GetTickCount
GetModuleFileNameA
IsDebuggerPresent
OutputDebugStringA
GetCurrentProcessId
DebugBreak
GetTempPathA
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InterlockedExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapSetInformation
GetStartupInfoW
ExitProcess
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
LCMapStringW
HeapCreate
GetStdHandle
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
QueryPerformanceCounter
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA

shell32

SHCreateDirectoryExW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW

shlwapi

PathCompactPathExW
PathAppendW
PathRemoveExtensionW
PathStripPathW
PathCombineW
PathFileExistsW

user32

CharUpperW
GetWindowTextW
GetWindowTextLengthW
IsWindowVisible
GetWindowThreadProcessId
CharLowerW
EnumWindows
ExitWindowsEx
UnregisterClassA
DefWindowProcW
CallWindowProcW
SendMessageW
SetDlgItemTextW
GetSystemMetrics
MessageBoxW
DestroyWindow
PostMessageW
GetParent
GetWindowLongW
GetDlgItem
SetWindowLongW
LoadStringW
ShowWindow
IsDlgButtonChecked
GetActiveWindow
CheckRadioButton

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

ole32

CoCreateGuid

comctl32

PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
InitCommonControlsEx

advapi32

RegCreateKeyExW
ControlService
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegEnumKeyW
EqualSid
GetTokenInformation
FreeSid
AllocateAndInitializeSid
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCloseKey

psapi

GetModuleFileNameExW
EnumProcessModules

winmm

timeGetTime

Sections

.text
Size: 642KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 624KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

55fe5ba225f59edd84354ee244daa2e6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

shlwapi

user32

wtsapi32

ole32

comctl32

advapi32

psapi

winmm

Sections

.text Size: 642KB - Virtual size: 642KB

.rdata Size: 103KB - Virtual size: 103KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 5.1MB - Virtual size: 5.1MB

.reloc Size: 624KB - Virtual size: 628KB

.text
Size: 642KB - Virtual size: 642KB

.rdata
Size: 103KB - Virtual size: 103KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 5.1MB - Virtual size: 5.1MB

.reloc
Size: 624KB - Virtual size: 628KB