2024-06-15_aedef67ce33c45ebfdca1cebfce7ca28_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-15_aedef67ce33c45ebfdca1cebfce7ca28_mafia
Size

250KB
MD5

aedef67ce33c45ebfdca1cebfce7ca28
SHA1

48d26ff3c6749bfa47ed072cf89d3b23e6a99c15
SHA256

444417465338dc4e83a9a780d41abec92002d6ab56870daf5594d104d9f8203c
SHA512

6041be8a96b1aa4bb0a18d19834d478ffdc0bbc3db45aae8530efc9882bc0ba8ecac13dad9b9a607972dd66001797eed7ddbfd04830e1d89672ea7c993fd57d5
SSDEEP

3072:gn/FvKKf9mR9pkYJOIYCCm9gHDCLugfdza6SMsaOFv/A69/pg/:wFkDuY8IYCCm9gjCMJhnFvYz/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-15_aedef67ce33c45ebfdca1cebfce7ca28_mafia

Files

2024-06-15_aedef67ce33c45ebfdca1cebfce7ca28_mafia
.exe windows:5 windows x86 arch:x86

6f43d2368326ae0575b5c98399a49907

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
OpenProcess
InitializeCriticalSectionAndSpinCount
Sleep
LeaveCriticalSection
CreateDirectoryA
SetCurrentDirectoryA
GetLastError
EnterCriticalSection
GetModuleFileNameA
CreateMutexA
CloseHandle
SetEndOfFile
CreateFileA
InitializeCriticalSection
CreateFileW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
ExpandEnvironmentStringsA
SetStdHandle
LoadLibraryW
InterlockedExchange
HeapReAlloc
GetStringTypeW
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
GetLocaleInfoW
GetModuleFileNameW
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
GetCurrentProcess
WriteConsoleW
SetPriorityClass
ReadFile
ExitProcess
HeapCreate
IsProcessorFeaturePresent
HeapAlloc
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
GetProcAddress
GetCurrentThreadId
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
HeapFree
GetProcessHeap

user32

LoadCursorA
InsertMenuA
DestroyWindow
GetMessageA
SetTimer
RegisterClassExA
PostQuitMessage
TrackPopupMenu
KillTimer
SetForegroundWindow
LoadStringA
LoadIconA
wsprintfA
RegisterWindowMessageA
GetDC
TranslateMessage
SetWindowLongA
MessageBoxA
GetWindowLongA
CreateWindowExA
ReleaseDC
DefWindowProcA
GetDesktopWindow
SetWindowPos
GetCursorPos
ShowWindow
CreatePopupMenu
PostMessageA
DispatchMessageA
SystemParametersInfoA
GetSystemMetrics
AllowSetForegroundWindow

gdi32

CreateSolidBrush
GetDeviceCaps

shell32

Shell_NotifyIconA

strokesplus

clearMyHook
sethWndServer
openSettings
setLastActive
setLearningMode
getHookBtn
setPreviousTrainingModeState
disableHotkey
getGesturesDisabled
getOnlyDefinedApps
loadHookConfig
reloadLuaState
getTrayIconVisible
popupMenu
openHotkeys
setWindowState
openHelp
openConfig
setTrayID
openIgnored
getCheckForOtherGesturePrograms
getReInitOnResume
clearCaptureVars
FireHotkey
setTrayIconVisible
LoadHotkeys
openPrefs
openGestureName
getHideAdditionalInstanceMessage
getCheckForegroundTimeout
setDrawGesture
initLua
DestroySynaptics
openPassword
setDPIModifier
enableHotkey
getLearningMode
openAbout
setGesturesDisabled
saveConfig
getResumeDelay
getShowCopyData
setOSVersion
setWindowTransparency
setMyHook
setHookBtn
getDrawGesture

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

gdiplus

GdiplusStartup
GdiplusShutdown

Exports

Exports

ptConfig
ptLang

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f43d2368326ae0575b5c98399a49907

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

strokesplus

psapi

gdiplus

Exports

Exports

Sections

.text Size: 157KB - Virtual size: 156KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 157KB - Virtual size: 156KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 14KB - Virtual size: 13KB