2024-06-16_bc2b70214d3a4ab2b491f7fb2409fcd8_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-16_bc2b70214d3a4ab2b491f7fb2409fcd8_mafia
Size

1.5MB
MD5

bc2b70214d3a4ab2b491f7fb2409fcd8
SHA1

b93a54df453f6433907b45a419ac7c211d1fa09f
SHA256

bf9315b221e26f8a912d144ffc5630fab51c7d97c7321b6e587f1ce438cc66b4
SHA512

ac131d46c55a9d67e02c0e14dd51b9597bbc60c099759551e7a335a1648b680df28ea0c55757ee47f0e26b39d60606951364b6c421c475f50b97fee5621ea168
SSDEEP

12288:gnPuf8D+cvXHGC+nS1niErUwgLyf4uKrIe9qKom2MaJZZRiulNKAwSR2VeA71Xvx:KD/QDXvP7lXMasrAD+A6XlVahBjZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-16_bc2b70214d3a4ab2b491f7fb2409fcd8_mafia

Files

2024-06-16_bc2b70214d3a4ab2b491f7fb2409fcd8_mafia
.exe windows:5 windows x86 arch:x86

6bfe6e00d239ba21012dba4a25821ca1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Product_Staging\FlowMan\TRI-Phase2\Audit\ReleaseMinDependency\Audit.pdb

Imports

kernel32

GlobalLock
CreateFileA
ReadFile
SetFilePointer
LocalFree
FormatMessageA
OutputDebugStringA
GetComputerNameA
GetVersionExA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetVersion
GetQueuedCompletionStatus
GetExitCodeThread
ResumeThread
GlobalSize
SetThreadPriority
GetCurrentDirectoryA
DecodePointer
RtlUnwind
WriteConsoleW
SetEndOfFile
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
WriteFile
GlobalUnlock
CreateIoCompletionPort
PostQueuedCompletionStatus
Sleep
GetSystemInfo
WaitForSingleObject
GetCommandLineA
GetCurrentThreadId
ResetEvent
SetEvent
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
IsDBCSLeadByte
GetModuleHandleW
GetCurrentThread
GetCurrentProcess
lstrcmpiA
GetModuleHandleA
GetProcAddress
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetProcessHeap
lstrlenA
HeapAlloc
lstrcpyA
GetLocalTime
HeapFree
InterlockedExchange
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
CreateEventA
InterlockedDecrement
FreeLibrary
GetLocaleInfoA
GetModuleFileNameA
LoadLibraryA
GetLastError
InterlockedIncrement
DuplicateHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
CreateFileW
SetStdHandle
GetLocaleInfoW
LoadLibraryW
SetConsoleCtrlHandler
FatalAppExitA
HeapDestroy
HeapCreate
GetModuleFileNameW
GetFileType
GetStdHandle
SetHandleCount
HeapSize
ExitProcess
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemTimeAsFileTime
ExitThread
CreateThread
HeapReAlloc
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
IsProcessorFeaturePresent
EncodePointer

user32

KillTimer
DispatchMessageA
MessageBoxA
GetMessageA
LoadStringA
CharNextW
CharNextA
SetTimer
wsprintfA
PostThreadMessageA

advapi32

CryptGenKey
GetUserNameA
CryptDecrypt
CryptEncrypt
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptExportKey
CryptAcquireContextA
CryptGetProvParam
CryptGetUserKey
CryptDestroyKey
CryptReleaseContext
RegConnectRegistryA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegQueryInfoKeyA
OpenThreadToken
OpenProcessToken
RegEnumKeyExA
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
ControlService
DeleteService
CreateServiceA
ChangeServiceConfig2A
OpenSCManagerA
OpenServiceA
CloseServiceHandle
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyW
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA

ole32

CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoInitializeSecurity
CoInitializeEx
GetHGlobalFromStream
CoCreateGuid
CoCreateInstanceEx
OleRun
CreateStreamOnHGlobal
CLSIDFromString
StringFromGUID2

oleaut32

VarBstrFromDate
SafeArrayGetVartype
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayCreate
VariantCopy
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringByteLen
VariantClear
VariantChangeType
VariantInit
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysAllocStringByteLen
SysStringLen
SysFreeString
GetErrorInfo
SetErrorInfo
CreateErrorInfo

odbc32

ord13
ord75
ord16
ord11
ord12
ord54
ord40
ord67
ord18
ord8
ord20
ord43
ord72
ord4
ord39
ord32
ord29
ord9
ord24
ord19
ord57
ord41
ord7
ord26
ord36
ord31
ord76
ord45

mpr

WNetCancelConnection2A

shlwapi

PathFileExistsA
PathAppendA

ws2_32

WSACreateEvent
getpeername
recv
send
WSAConnect
WSASocketA
socket
ioctlsocket
getsockopt
setsockopt
getaddrinfo
WSAGetOverlappedResult
WSACleanup
gethostbyname
WSAStartup
WSAEnumNetworkEvents
WSAAccept
inet_ntoa
ntohs
shutdown
closesocket
WSAGetLastError
WSASetLastError
WSASend
inet_addr
gethostbyaddr
gethostname
WSASetEvent
htons
bind
listen
WSAWaitForMultipleEvents
WSARecv
WSAEventSelect
WSACloseEvent
freeaddrinfo
WSAResetEvent

Sections

.text
Size: 828KB - Virtual size: 827KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 635KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bfe6e00d239ba21012dba4a25821ca1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

odbc32

mpr

shlwapi

ws2_32

Sections

.text Size: 828KB - Virtual size: 827KB

.rdata Size: 635KB - Virtual size: 634KB

.data Size: 27KB - Virtual size: 41KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 64KB - Virtual size: 63KB

.text
Size: 828KB - Virtual size: 827KB

.rdata
Size: 635KB - Virtual size: 634KB

.data
Size: 27KB - Virtual size: 41KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 64KB - Virtual size: 63KB