2024-06-12_eaca9155b72c7036d7e4317b56e6ae9a_mafia_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-12_eaca9155b72c7036d7e4317b56e6ae9a_mafia_revil
Size

3.8MB
MD5

eaca9155b72c7036d7e4317b56e6ae9a
SHA1

66c919a055c32ef93548c00976de880f5cb84b03
SHA256

b9e0a9c3d4f6e774385f76f3ec657d51100c907afc1fbad93fcbccac5cee13f1
SHA512

2a8d54456648c47427303f7375428dde48134261dd8acbc631e104c489c366c6613bc103f6d15e79cb2bb3643732bfee1767b15c92d94bac5d30fe0d6a7a71e6
SSDEEP

98304:v+usYKNx+NXFQtV3w68Lfe676W9l/IZSxrcDQt7Oumfx1Lay3i+siRR/R1RRLIxF:PsYKN5tOp9u+o0NOumfx1Lay3i+siRRe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-12_eaca9155b72c7036d7e4317b56e6ae9a_mafia_revil

Files

2024-06-12_eaca9155b72c7036d7e4317b56e6ae9a_mafia_revil
.exe windows:5 windows x86 arch:x86

2e5aa61662988db6821b384f800d64ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

S:\btm\19112021_BTM_2.8.0.30_DownloadCert\Release\BkavCATokenManager.pdb

Imports

crypt32

CertFindCertificateInStore
PFXIsPFXBlob
CertOpenSystemStoreW
CertNameToStrW
CertAddCertificateContextToStore
CertSetCertificateContextProperty
CertOpenStore
CertCloseStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
PFXImportCertStore
PFXVerifyPassword
CertFreeCertificateContext
CertCreateCertificateContext

cryptui

CryptUIDlgViewContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winhttp

WinHttpOpen
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpConnect
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpSetOption
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryOption

sqlite3

sqlite3_open
sqlite3_errmsg
sqlite3_close
sqlite3_exec
sqlite3_free

pdfnetc

TRN_PDFDocSave
TRN_PDFDocInitSecurityHandler
TRN_PDFDocCreateFromBuffer
TRN_PDFDocDestroy
TRN_UStringCreateFromCharString
TRN_UStringDestroy
TRN_PDFNetInitialize
TRN_PDFNetTerminate
TRN_GetFullMessage

iphlpapi

GetAdaptersInfo

netapi32

NetApiBufferFree
NetWkstaTransportEnum

kernel32

GetDateFormatW
DeleteFileA
WriteConsoleW
ExitThread
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
RtlUnwind
RaiseException
SetStdHandle
HeapQueryInformation
HeapSize
VirtualAlloc
GetSystemInfo
VirtualQuery
FreeEnvironmentStringsW
GetStartupInfoW
SetHandleCount
HeapCreate
GetTimeFormatW
IsDebuggerPresent
GetCPInfo
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
LCMapStringW
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetFileAttributesA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
GetExitCodeProcess
CreateProcessA
SetEnvironmentVariableA
GetSystemTimeAsFileTime
ExitProcess
DecodePointer
EncodePointer
UnhandledExceptionFilter
HeapReAlloc
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
CreateMutexW
GetLastError
LoadLibraryW
SetCurrentDirectoryW
MultiByteToWideChar
CloseHandle
InterlockedIncrement
HeapSetInformation
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetNumberFormatW
GetWindowsDirectoryW
GetTempFileNameW
SetErrorMode
GetSystemDirectoryW
GlobalFlags
GetCurrentDirectoryW
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InitializeCriticalSectionAndSpinCount
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
DeleteFileW
lstrcmpiW
GetThreadLocale
GlobalFindAtomW
CompareStringW
GlobalAddAtomW
SuspendThread
SetThreadPriority
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
ReleaseActCtx
CreateActCtxW
lstrcmpA
GlobalDeleteAtom
InterlockedDecrement
lstrlenW
GetModuleFileNameW
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
CopyFileW
GlobalSize
FlushConsoleInputBuffer
LoadLibraryA
FreeLibrary
GlobalMemoryStatus
QueryPerformanceCounter
GetStdHandle
GetFileType
GetModuleHandleA
GetProcessId
TerminateProcess
InitializeCriticalSection
SetFileAttributesW
GetTempPathW
WaitForMultipleObjects
CreateThread
InterlockedExchangeAdd
DeleteCriticalSection
GetVersion
GetVersionExW
lstrcmpW
FindClose
FindNextFileW
FindFirstFileW
LocalFree
GetFileInformationByHandle
GetComputerNameW
lstrcpyW
SetEvent
WaitForSingleObject
FreeResource
ResumeThread
MulDiv
CreateEventW
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
WriteFile
HeapFree
HeapAlloc
GetProcessHeap
ReadFile
SetNamedPipeHandleState
WaitNamedPipeW
GetCurrentProcess
GetCurrentThreadId
CreateFileW
GetLocalTime
SetUnhandledExceptionFilter
GetCurrentProcessId
GetACP
GetFullPathNameW
GetFileAttributesW
GetTickCount
GlobalFree
lstrlenA
FormatMessageW
LocalAlloc
ActivateActCtx
GetModuleHandleW
DeactivateActCtx
SetLastError
GetProcAddress
Sleep
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateProcessW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalUnlock
GlobalLock
GlobalAlloc
TerminateThread
CreateDirectoryW
GetEnvironmentStringsW

user32

NotifyWinEvent
IsMenu
GetAsyncKeyState
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
SetWindowRgn
DrawFrameControl
DrawEdge
MessageBeep
InvalidateRgn
IntersectRect
CopyAcceleratorTableW
UnregisterClassW
PostThreadMessageW
SetLayeredWindowAttributes
EnumDisplayMonitors
RealChildWindowFromPoint
WaitMessage
CharNextW
DrawStateW
CharUpperW
DestroyMenu
CopyImage
GetNextDlgGroupItem
DrawFocusRect
SetRectEmpty
IsRectEmpty
MapVirtualKeyW
GetKeyNameTextW
EndPaint
BeginPaint
GetWindowDC
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
ScrollWindow
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetClassInfoExW
GetClassInfoW
RegisterClassW
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
GetMenu
ShowOwnedPopups
SetWindowsHookExW
CallNextHookEx
GetMessageW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
GetKeyboardLayout
GetLastActivePopup
IsWindowEnabled
UnhookWindowsHookEx
RegisterClipboardFormatW
GetMenuState
GetMenuStringW
GetMenuItemID
RemoveMenu
MessageBoxA
GetProcessWindowStation
IsZoomed
GetMenuItemCount
DestroyWindow
SendNotifyMessageW
DefWindowProcW
RegisterClassExW
InsertMenuW
SetActiveWindow
FindWindowW
SetMenuDefaultItem
RegisterWindowMessageW
GetFocus
UpdateWindow
SystemParametersInfoW
CopyRect
SetRect
CreateWindowExW
MessageBoxW
MessageBoxIndirectW
GetWindowThreadProcessId
DeleteMenu
OffsetRect
MapDialogRect
GetClassNameW
GetWindow
GetKeyboardState
CreateAcceleratorTableW
SetCursorPos
LockWindowUpdate
ShowWindow
KillTimer
WindowFromPoint
MapWindowPoints
TrackMouseEvent
ShowCursor
ReleaseDC
CreateIconIndirect
GetDC
GetIconInfo
DrawIconEx
InflateRect
FillRect
GetSysColorBrush
DestroyIcon
DispatchMessageW
TranslateMessage
PostQuitMessage
PeekMessageW
GetDlgItem
SetPropW
SetCursor
LoadCursorW
ReleaseCapture
PtInRect
ClientToScreen
SetCapture
GetCapture
RemovePropW
CallWindowProcW
GetPropW
GetSysColor
SetWindowLongW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetFocus
GetParent
CloseWindow
CheckMenuItem
ModifyMenuW
GetMenuItemInfoW
CloseClipboard
SetClipboardData
EmptyClipboard
GetWindowRgn
DestroyCursor
SubtractRect
MapVirtualKeyExW
IsCharLowerW
GetUpdateRect
IsClipboardFormatAvailable
CreateMenu
TranslateMDISysAccel
InvertRect
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
CharUpperBuffW
OpenClipboard
GetKeyState
PostMessageW
TrackPopupMenu
GetCursorPos
GetSubMenu
LoadMenuW
IsWindowVisible
BringWindowToTop
SetForegroundWindow
SetParent
GetMenuDefaultItem
TranslateAcceleratorW
InsertMenuItemW
LoadAcceleratorsW
ReuseDDElParam
UnpackDDElParam
DestroyAcceleratorTable
SetClassLongW
GetUserObjectInformationW
ToUnicodeEx
FrameRect
GetDoubleClickTime
CopyIcon
HideCaret
SetWindowPos
IsWindow
SendMessageW
EnableWindow
LoadIconW
GetWindowRect
GetSystemMenu
AppendMenuW
RegisterDeviceNotificationW
LoadImageW
GetClientRect
AdjustWindowRectEx
GetWindowLongW
InvalidateRect
RedrawWindow
EnableMenuItem
SetTimer
IsIconic
GetSystemMetrics
DrawIcon
CreatePopupMenu

gdi32

GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreateHatchBrush
CreateRectRgnIndirect
GetBkColor
GetTextColor
CreateDIBitmap
GetTextMetricsW
GetTextCharsetInfo
GetRgnBox
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
SetDIBColorTable
RealizePalette
StretchBlt
SetPixel
CreateDIBSection
CreateEllipticRgn
CreatePolygonRgn
Polyline
Ellipse
Polygon
CreateRoundRectRgn
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
OffsetRgn
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetWindowExtEx
GetTextFaceW
SetPixelV
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
SetBkColor
CreateBitmap
CreateDCW
CopyMetaFileW
SetBkMode
PatBlt
GetDeviceCaps
GetStockObject
SetDIBits
GetDIBits
Rectangle
CreatePen
SetTextColor
CreateSolidBrush
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
SetBoundsRect
BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontW
GetTextExtentPoint32W
CreateFontIndirectW
GetViewportExtEx
EnumFontFamiliesW
GetObjectW

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyExW
RegCloseKey
OpenProcessToken
GetUserNameW
CreateProcessAsUserW
RegCreateKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptGetUserKey
CryptExportKey
CryptReleaseContext
CryptImportKey
CryptSetKeyParam
CryptSetProvParam
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
CryptHashData
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegEnumKeyExW
StartServiceW
ChangeServiceConfigW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptGetHashParam
RegSetValueExW

shell32

SHGetFileInfoW
DragFinish
SHAppBarMessage
Shell_NotifyIconW
SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteW
SHGetDesktopFolder
SHBrowseForFolderW
SHFileOperationW
DragQueryFileW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW
StrFormatKBSizeW
PathFileExistsW
UrlUnescapeW

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
OleCreateMenuDescriptor
RegisterDragDrop
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
CoRevokeClassObject
CoGetClassObject
CoCreateInstance
CoCreateGuid
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoInitializeEx
CoTaskMemFree
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CLSIDFromString
OleGetClipboard
RevokeDragDrop
CoLockObjectExternal
DoDragDrop
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
SysAllocStringLen
SysAllocString
VariantChangeType
OleCreateFontIndirect
VariantInit
SysFreeString
SafeArrayDestroy
VarBstrFromDate
SysAllocStringByteLen
VariantClear
VariantCopy
SysStringLen

oledlg

OleUIBusyW

urlmon

ObtainUserAgentString

gdiplus

GdipGetImageGraphicsContext
GdiplusStartup
GdipDrawImageI
GdipBitmapLockBits
GdipDrawImageRectI
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipAlloc
GdipFree
GdipDeleteGraphics
GdiplusShutdown

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetOpenW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 620KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 781KB - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e5aa61662988db6821b384f800d64ab

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

cryptui

version

winhttp

sqlite3

pdfnetc

iphlpapi

netapi32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

urlmon

gdiplus

wininet

userenv

oleacc

imm32

winmm

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 620KB - Virtual size: 619KB

.data Size: 34KB - Virtual size: 73KB

.rsrc Size: 781KB - Virtual size: 780KB

.reloc Size: 241KB - Virtual size: 241KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 620KB - Virtual size: 619KB

.data
Size: 34KB - Virtual size: 73KB

.rsrc
Size: 781KB - Virtual size: 780KB

.reloc
Size: 241KB - Virtual size: 241KB