2024-06-13_79d5ef61686e6a07241395358db3b800_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-13_79d5ef61686e6a07241395358db3b800_mafia
Size

4.8MB
MD5

79d5ef61686e6a07241395358db3b800
SHA1

d6951fa9f19614bf28296877b35aa23389fb223c
SHA256

36b83b8cedb04c9f82d8752f1139c7b0385a1a3a430e4a7a284f3964c5c12055
SHA512

744ddf69579b580115c186cbe150a03f0f34b95d785001f10577d39815e0ea5ee681c9f7b2d63d8033a848a6ff09b8b5917819c9da35888c249725787f864a4c
SSDEEP

98304:NE5tOi30nYBynMXWHSR/CZZqQg5ounH3AWneEqK70Bl6e61o8S:NE5tOiQqy+ramf511neC0KE8S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-13_79d5ef61686e6a07241395358db3b800_mafia

Files

2024-06-13_79d5ef61686e6a07241395358db3b800_mafia
.exe windows:5 windows x86 arch:x86

2c249b0e6e58031d6f455ddf67bc0098

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\workspace\slow_space\weishi_41_pref\basic\Tools\weishinsis\src\build\urelease\stub_lzma\stub_lzma.pdb

Imports

kernel32

CloseHandle
SetFileTime
SetEndOfFile
SetFilePointer
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
HeapAlloc
GetModuleFileNameW
GetProcAddress
TerminateProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
UnregisterWaitEx
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringW
lstrcpynA
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
RegisterWaitForSingleObject
GetEnvironmentVariableW
CreateEventW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetSystemDirectoryW
GetSystemTimeAsFileTime
InterlockedExchange
OpenProcess
lstrcpyW
LoadLibraryA
GetVersionExW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
SetConsoleCtrlHandler
FileTimeToLocalFileTime
SetConsoleMode
GetConsoleMode
GetStdHandle
DeleteCriticalSection
lstrcmpiW
LeaveCriticalSection
LocalFree
FormatMessageW
GetCurrentDirectoryW
SetLastError
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLogicalDriveStringsW
FileTimeToSystemTime
WaitForMultipleObjects
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
LCMapStringW
CreateFileA
WriteConsoleW
SetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleCP
FatalAppExitA
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
HeapSize
GetLocaleInfoW
IsProcessorFeaturePresent
VirtualQuery
HeapDestroy
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThread
InterlockedDecrement
InterlockedIncrement
IsValidLocale
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStartupInfoW
HeapSetInformation
HeapReAlloc
RtlUnwind
EncodePointer
DecodePointer
RaiseException
ExitThread
lstrcmpW
GlobalFree
ExpandEnvironmentStringsW
GlobalAlloc
GetExitCodeProcess
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
WriteFile
MultiByteToWideChar
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
SetDllDirectoryW
LoadLibraryW
GetModuleHandleW
GetCurrentProcess
VirtualAlloc
VirtualFree
WaitForSingleObject
GetFileSize
ReadFile
GetProcessHeap
EnterCriticalSection
HeapFree

user32

CharPrevW
CharUpperW
CharNextA
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
wvsprintfW
SystemParametersInfoW
DispatchMessageW
GetClassInfoW
DialogBoxParamW
SetWindowPos
EndPaint
DrawTextW
FillRect
GetClientRect
BeginPaint
DefWindowProcW
SendMessageW
InvalidateRect
EnableWindow
PeekMessageW
CreateWindowExW
wsprintfA
CharPrevExA
CharLowerW
CharToOemW
RegisterClassW
DestroyWindow
IsWindowEnabled
SetClassLongW
GetDC
LoadImageW
SetWindowLongW
CallWindowProcW
GetSystemMenu
EnableMenuItem
CreateDialogParamW
EndDialog
GetSystemMetrics
CreatePopupMenu
AppendMenuW
GetWindowRect
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
LoadBitmapW
IsWindowVisible
GetMessagePos
ScreenToClient
IsDlgButtonChecked
GetAsyncKeyState
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
ExitWindowsEx
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem

gdi32

SetBkColor
GetDeviceCaps
CreateBrushIndirect
DeleteObject
SelectObject
SetTextColor
CreateFontIndirectW
SetBkMode

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
ShellExecuteW
SHFileOperationW
SHGetFileInfoW

advapi32

RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegCloseKey
RegDeleteKeyW

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_Create
ord17

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemFree

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

oleaut32

SysAllocStringByteLen
VariantCopy
VariantClear
SysFreeString
SysAllocString

psapi

GetModuleInformation

dnsapi

DnsQuery_A
DnsFree

ws2_32

inet_addr
htonl
inet_ntoa

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo

Sections

.text
Size: 550KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c249b0e6e58031d6f455ddf67bc0098

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

oleaut32

psapi

dnsapi

ws2_32

iphlpapi

Sections

.text Size: 550KB - Virtual size: 550KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 16KB - Virtual size: 2.9MB

.idata Size: 9KB - Virtual size: 9KB

.ndata Size: - Virtual size: 2.1MB

.rsrc Size: 90KB - Virtual size: 90KB

.reloc Size: 31KB - Virtual size: 31KB

.text
Size: 550KB - Virtual size: 550KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 16KB - Virtual size: 2.9MB

.idata
Size: 9KB - Virtual size: 9KB

.ndata
Size: - Virtual size: 2.1MB

.rsrc
Size: 90KB - Virtual size: 90KB

.reloc
Size: 31KB - Virtual size: 31KB