2024-06-13_4f0541b85172923cf0fc32d48c49569b_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-13_4f0541b85172923cf0fc32d48c49569b_mafia
Size

567KB
MD5

4f0541b85172923cf0fc32d48c49569b
SHA1

6527c9a18a6a1a448357d662251c283348db2618
SHA256

b4fef36f1da8848dfdf031cbfacb8c90efcdd4e618169e0375a5c6f041054c03
SHA512

cdf657aaa1fbb18013a9b73865eef22aa87767649c7a89180328e9703e8f1364f900b14771bffe5c40e5bfe660a5a6e0c68e617c4f2e34ed599ece83ab0cfe43
SSDEEP

12288:IjuO+k7Xk2KulFy8tbq50AAsB7MoC+J5B3VQCelqZ6dv5ZhdWbTy3O6+hSLLYb:IjuO+MXkFx5B3VRqP539ASLLYb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-13_4f0541b85172923cf0fc32d48c49569b_mafia

Files

2024-06-13_4f0541b85172923cf0fc32d48c49569b_mafia
.exe windows:5 windows x86 arch:x86

a6e0565eb5c77291c63933eec05c1549

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\qci_workspace\root-workspaces\__qci-pipeline-58369-1\Misc\Setup3\build\Release\Uninstall.pdb

Imports

msi

ord70
ord195

psapi

GetModuleFileNameExW
EnumProcessModules

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

htons
WSACleanup
recv
inet_addr
closesocket
gethostbyname
send
WSAStartup
inet_ntoa
socket
connect

kernel32

IsValidCodePage
GetOEMCP
GetACP
HeapCreate
IsProcessorFeaturePresent
CreateDirectoryW
GetFileAttributesW
GetTempPathW
GetLongPathNameW
DeleteFileW
WaitForSingleObject
GetModuleHandleW
Sleep
GetVersionExW
GetLastError
GetProcAddress
MoveFileExW
GetTickCount
MoveFileW
RemoveDirectoryW
CreateMutexW
LoadLibraryW
WideCharToMultiByte
CreateProcessW
OpenProcess
GetExitCodeProcess
Process32FirstW
Process32NextW
lstrcmpiW
CreateToolhelp32Snapshot
CloseHandle
TerminateProcess
MultiByteToWideChar
FindFirstFileW
FindResourceW
LoadResource
WriteFile
SizeofResource
CreateFileW
FindClose
SetUnhandledExceptionFilter
InterlockedExchangeAdd
GetStdHandle
GetCurrentProcessId
GetCurrentProcess
ResumeThread
AssignProcessToJobObject
ReadFile
GetSystemTimeAsFileTime
InterlockedCompareExchange
GetNativeSystemInfo
CreateEventW
ExpandEnvironmentStringsW
GetLocaleInfoW
CopyFileW
GetFileAttributesExW
FindNextFileW
GetCurrentDirectoryW
SetLastError
LocalFree
GetCommandLineW
ReleaseMutex
GetModuleFileNameW
SetFilePointer
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsFree
TlsSetValue
TlsAlloc
InterlockedExchange
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
QueryPerformanceCounter
QueryPerformanceFrequency
SetEndOfFile
FreeEnvironmentStringsW
FlushFileBuffers
IsDebuggerPresent
RaiseException
CreateThread
GetCurrentThreadId
GetSystemDirectoryW
GetWindowsDirectoryW
InterlockedIncrement
SetEvent
ExitProcess
FreeResource
LockResource
LCMapStringW
RtlUnwind
GetCPInfo
HeapReAlloc
GetProcessHeap
HeapAlloc
GetConsoleMode
GetConsoleCP
GetFullPathNameW
GetFileType
SetStdHandle
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
HeapFree
InitializeCriticalSection
DecodePointer
EncodePointer
InterlockedDecrement
GetEnvironmentStringsW
SetHandleCount
GetTimeZoneInformation
WriteConsoleW
GetStringTypeW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeW
CompareStringW
SetEnvironmentVariableA

user32

MessageBoxW
SendMessageW
FindWindowW
PostMessageW
KillTimer
DispatchMessageW
TranslateMessage
CallMsgFilterW
DestroyWindow
UnregisterClassW
MsgWaitForMultipleObjectsEx
WaitMessage
RegisterClassExW
CreateWindowExW
SetTimer
DefWindowProcW
GetQueueStatus
PeekMessageW
PostQuitMessage

advapi32

RegCreateKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegOpenKeyW
ControlService
DeleteService
RegDeleteKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
CreateProcessAsUserW
RegSetValueExW

shell32

SHGetSpecialFolderLocation
CommandLineToArgvW
SHFileOperationW
SHGetSpecialFolderPathW
SHChangeNotify
SHGetFolderPathW
SHGetPathFromIDListW

ole32

CoTaskMemFree
StringFromCLSID
CLSIDFromProgID
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

shlwapi

PathStripToRootW
wnsprintfW
SHDeleteKeyW
PathCanonicalizeW

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

Sections

.text
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6e0565eb5c77291c63933eec05c1549

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

psapi

version

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

userenv

shlwapi

winmm

Sections

.text Size: 423KB - Virtual size: 422KB

.rdata Size: 78KB - Virtual size: 78KB

.data Size: 10KB - Virtual size: 23KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 423KB - Virtual size: 422KB

.rdata
Size: 78KB - Virtual size: 78KB

.data
Size: 10KB - Virtual size: 23KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 29KB - Virtual size: 29KB