D:\usr\sqlite-src-3160200\build\sqlite3sh.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-14_b4e201dbe513d22456beccbed3b96075_mafia.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
2024-06-14_b4e201dbe513d22456beccbed3b96075_mafia.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-06-14_b4e201dbe513d22456beccbed3b96075_mafia
-
Size
1.1MB
-
MD5
b4e201dbe513d22456beccbed3b96075
-
SHA1
8c170979ff7850bb7ec76f808f7ab2643e9c2491
-
SHA256
e9d2f3c56d6c89f13e3c2105fc93b410f2d1aca95868edc348c2c22af8bd621d
-
SHA512
084cf1d5d2a4e72d0133a7155cee17eb54f1b1660594d4f747a71b095fc8cd12e4cd83cb308340441080776b3a9d5e96af5562763d3251afe262f4b6f2040a65
-
SSDEEP
24576:V6MCwqmXs6Naw8/2eHL7qaXHpmy00pQYIEM+6X4I6EDaq46Qe1SoCshlhaBYBZWN:wMBDNawtMiC3R2q
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-06-14_b4e201dbe513d22456beccbed3b96075_mafia
Files
-
2024-06-14_b4e201dbe513d22456beccbed3b96075_mafia.exe windows:5 windows x86 arch:x86
fad9518847cbb3b71d80f69347cf1d40
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcess
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStdHandle
FlushViewOfFile
InterlockedCompareExchange
GetProcessHeap
OutputDebugStringW
OutputDebugStringA
WaitForSingleObjectEx
WaitForSingleObject
WriteFile
WideCharToMultiByte
UnmapViewOfFile
UnlockFileEx
UnlockFile
SystemTimeToFileTime
Sleep
SetFilePointer
SetEndOfFile
ReadFile
QueryPerformanceCounter
MultiByteToWideChar
MapViewOfFile
LockFileEx
LockFile
LocalFree
LoadLibraryW
HeapCompact
HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVersionExW
GetVersionExA
GetTickCount
GetTempPathW
GetTempPathA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileW
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateFileA
CloseHandle
AreFileApisANSI
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
InterlockedExchange
GetModuleHandleW
ExitProcess
DecodePointer
CreateProcessA
DuplicateHandle
ExitThread
CreateThread
EncodePointer
GetCommandLineW
HeapSetInformation
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetStdHandle
GetConsoleCP
GetConsoleMode
FatalAppExitA
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
SetConsoleCtrlHandler
GetLocaleInfoW
GetModuleFileNameW
RtlUnwind
CreatePipe
GetExitCodeProcess
LCMapStringW
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteConsoleW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA
Sections
.text Size: 1001KB - Virtual size: 1001KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 95KB - Virtual size: 94KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ