2024-06-14_f21c33cde80ae2aec3c9172ff639cdf2_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-14_f21c33cde80ae2aec3c9172ff639cdf2_mafia
Size

2.2MB
MD5

f21c33cde80ae2aec3c9172ff639cdf2
SHA1

c223828c1e5fc60292e38de32d2f1705dfb80046
SHA256

0ce46a0bf1f028e80aee04d94981dd21c6a4fbcd9e7d50d4f0f191ce7300fe92
SHA512

e3b9a4f3eaf5358cca88f631eee5ebbf201331e61abd9d2b0245ee1ad14ba2c93cb508c65f612397db8ff4e8344f89f8ff3dfbd136fa4a26f55e9ad596ee9be6
SSDEEP

49152:yj+v+b95Nv+VgPElvsmho6HQXuWNxDYDC4n12XcIWgacDb7+tr7Zg:yivu9ylOXPNxDY/rav+Vy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-14_f21c33cde80ae2aec3c9172ff639cdf2_mafia

Files

2024-06-14_f21c33cde80ae2aec3c9172ff639cdf2_mafia
.exe windows:5 windows x86 arch:x86

f0b87cc45c2fb25cecfabb22dfefc55d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

S:\rc_v9_personal_20150310_branch\Build\Release\WPSOffice\office6\KPacket.pdb

Imports

kernel32

GlobalLock
GlobalAlloc
GetPrivateProfileStringW
Sleep
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemDefaultLangID
SetCurrentDirectoryW
GetLongPathNameW
lstrcmpW
GetModuleFileNameW
OpenProcess
TerminateProcess
ProcessIdToSessionId
CreateThread
GetExitCodeProcess
GetPrivateProfileIntW
OutputDebugStringW
GetDiskFreeSpaceExW
CreateMutexW
ReleaseMutex
GetLocalTime
InitializeCriticalSectionAndSpinCount
MapViewOfFileEx
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
TerminateThread
GetUserDefaultLCID
GetSystemWow64DirectoryW
GetLocaleInfoW
GetUserDefaultUILanguage
InterlockedExchange
MulDiv
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedCompareExchange
GlobalUnlock
GetProcessHeap
WriteConsoleW
FlushFileBuffers
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
GetStringTypeW
HeapSize
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
QueryPerformanceCounter
HeapDestroy
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
VirtualQuery
VirtualProtect
ExitProcess
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
EncodePointer
DecodePointer
ExitThread
HeapFree
HeapAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GlobalFree
FreeResource
SetLastError
WritePrivateProfileStringW
GetCurrentThreadId
GetVersion
LoadLibraryW
FreeLibrary
GetCurrentProcess
FlushInstructionCache
RaiseException
lstrlenA
GetModuleHandleW
GetProcAddress
GetSystemInfo
SetEndOfFile
SetFilePointer
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
GetWindowsDirectoryW
MoveFileW
RemoveDirectoryW
SetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
WaitForMultipleObjects
GetStdHandle
ReadFile
CreateDirectoryW
GetTickCount
DeleteFileW
MoveFileExW
CopyFileW
GetSystemDirectoryW
CreateFileMappingW
MapViewOfFile
VirtualAlloc
UnmapViewOfFile
WriteFile
GetCurrentProcessId
GetFileSize
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
FindNextFileW
GetFileAttributesW
FindFirstFileW
FindClose
CreateFileW
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
CloseHandle
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
VirtualFree

user32

ReleaseCapture
GetNextDlgTabItem
SetFocus
SetCapture
GetKeyState
WindowFromPoint
GetScrollPos
SetWindowRgn
ClientToScreen
OffsetRect
SetCursor
RemoveMenu
LoadIconW
DrawFrameControl
EqualRect
DestroyIcon
GetDlgCtrlID
PtInRect
PostThreadMessageW
SetRectEmpty
GetSystemMenu
DrawTextW
PostQuitMessage
PostMessageW
SetWindowLongW
ScreenToClient
SetTimer
KillTimer
GetSystemMetrics
GetWindowDC
CreateWindowExW
DrawIconEx
GetWindowLongW
MoveWindow
SetWindowPos
GetWindowRect
GetClientRect
InvalidateRect
IsChild
IsWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
GetClassInfoExW
LoadCursorW
CopyRect
SetRect
InflateRect
GetDlgItem
ShowWindow
IsDialogMessageW
GetFocus
ReleaseDC
UnregisterClassA
GetDC
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
RegisterClassExW
LoadBitmapW
LoadImageW
SetActiveWindow
FindWindowExW
GetWindowThreadProcessId
IsWindowVisible
MessageBoxW
CharNextW
GetWindowTextW
SetWindowTextW
SendMessageTimeoutW
FindWindowW
CallWindowProcW
SendMessageW
wsprintfW
SetForegroundWindow
AttachThreadInput
SystemParametersInfoW
GetForegroundWindow
CharLowerW
CharUpperW
DestroyWindow
EnableWindow
IsWindowEnabled
GetDesktopWindow
GetActiveWindow
BeginPaint
EndPaint
DefWindowProcW

gdi32

SaveDC
RestoreDC
SelectObject
SelectClipRgn
Rectangle
ExtTextOutW
CreatePen
CreateRectRgn
DeleteObject
DeleteDC
BitBlt
CreateDIBSection
CreateCompatibleDC
GetObjectW
SetTextColor
StretchBlt
CreateBitmap
CreateCompatibleBitmap
SetStretchBltMode
GetStockObject
CreateFontIndirectW
CreateFontW
SetBkMode
CreateRectRgnIndirect
CombineRgn
RectInRegion
RoundRect
GetClipRgn
MoveToEx
LineTo
TextOutW
GetTextExtentPoint32W
SetRectRgn
OffsetRgn
CreateSolidBrush
SetDIBColorTable
GetDIBColorTable
DPtoLP
GetDeviceCaps
SetBkColor

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
ord680
SHGetPathFromIDListW

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantCopy
VarUI4FromStr
QueryPathOfRegTypeLi
SysFreeString
LoadTypeLibEx

advapi32

RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteKeyW
ImpersonateLoggedOnUser
RevertToSelf
RegOpenCurrentUser
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyW
RegDeleteValueW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
ControlService
RegOpenKeyW
GetTokenInformation
IsValidSid
EqualSid
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumKeyExW
RegOpenKeyExW

shlwapi

StrStrIW
PathRemoveFileSpecW
PathRemoveBackslashW
PathAppendW
StrToIntW
PathAddBackslashW
ord176
StrToIntA
PathFileExistsW

gdiplus

GdipFree
GdipAlloc
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipLoadImageFromFileICM
GdipDrawImageI
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdiplusStartup
GdiplusShutdown
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipCloneImage
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDeleteGraphics
GdipLoadImageFromFile

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_SetBkColor
ImageList_GetImageInfo
ImageList_Draw
_TrackMouseEvent
InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
EnumProcessModules

ws2_32

socket
WSAStartup
sendto
closesocket
setsockopt
recvfrom
htons
gethostbyname

urlmon

URLDownloadToFileW

Sections

.text
Size: 528KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0b87cc45c2fb25cecfabb22dfefc55d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

shlwapi

gdiplus

msimg32

comctl32

version

psapi

ws2_32

urlmon

Sections

.text Size: 528KB - Virtual size: 527KB

.rdata Size: 121KB - Virtual size: 121KB

.data Size: 17KB - Virtual size: 37KB

.rsrc Size: 36KB - Virtual size: 36KB

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 528KB - Virtual size: 527KB

.rdata
Size: 121KB - Virtual size: 121KB

.data
Size: 17KB - Virtual size: 37KB

.rsrc
Size: 36KB - Virtual size: 36KB

.reloc
Size: 42KB - Virtual size: 41KB