2024-06-19_b884420b909933f3ab83ce6c9c32432b_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-19_b884420b909933f3ab83ce6c9c32432b_mafia
Size

1.4MB
MD5

b884420b909933f3ab83ce6c9c32432b
SHA1

f0db7489aa0b40a4ed894414fff71b3e8b7c54aa
SHA256

5b3125b81f4c05effb7eb5ad6b4247cef130dcee1e7a510a91898fdd20cad20d
SHA512

77905441d31391abbeaf902e4d2a283b1191ced2797b5e8e1fff44f13195aef19b0a90c84671c7b499c9e8ed567752d49c7d0d6e754bd20cba050bcadd8b0af8
SSDEEP

24576:TgaUjNDK6rbXF25LFcZXzDC27WVzx1SlF:Tgaf6v1255cZXf97WV3SlF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-19_b884420b909933f3ab83ce6c9c32432b_mafia

Files

2024-06-19_b884420b909933f3ab83ce6c9c32432b_mafia
.exe windows:5 windows x86 arch:x86

bac17b534c3c338035bd3f0b2916764e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

L:\ShutMeDown 1.0 - Archive\ShutMeDown 1.0 - 90\Part 7 - ShutMeDown Control Service\x64\Release\ShutMeDown.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
HeapSize
GetModuleFileNameW
GetStdHandle
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetUserDefaultLCID
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
HeapAlloc
RtlUnwind
RaiseException
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapFree
DecodePointer
EncodePointer
GetStringTypeW
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
CreateEventW
GetProcAddress
LoadLibraryW
SetEvent
WaitForSingleObject
FreeLibrary
GetLocaleInfoW
CreateDirectoryW
FindNextFileW
FindClose
FindFirstFileW
GetFileSize
DeleteCriticalSection
GetModuleHandleW
CreateFileW
ReadFile
InitializeCriticalSection
WriteFile
WaitNamedPipeW
GlobalUnlock
GlobalAlloc
GlobalLock
lstrcpyW
GetLocalTime
CompareFileTime
SystemTimeToFileTime
CreateThread
CloseHandle
EnterCriticalSection
LeaveCriticalSection
Sleep
LocalFree
GetLastError
GetVersionExW
GetCurrentProcess
GetCommandLineW
FlushFileBuffers

user32

IsClipboardFormatAvailable
GetKeyState
HideCaret
CloseClipboard
IsCharAlphaNumericW
MessageBoxA
SetWindowTextW
EnableWindow
GetFocus
SetForegroundWindow
DefWindowProcW
SendMessageW
GetSystemMetrics
GetCursorPos
ReleaseDC
LoadMenuW
GetDC
PtInRect
LoadCursorW
TrackMouseEvent
DrawTextW
SetCapture
LoadImageW
GetWindowRect
ScreenToClient
UpdateLayeredWindow
SetCursor
RegisterWindowMessageW
CheckMenuItem
ShowCaret
GetClipboardData
EmptyClipboard
DestroyCaret
CreateCaret
OpenClipboard
SetCaretPos
SetClipboardData
SystemParametersInfoW
ValidateRect
GetWindowDC
FillRect
GetSubMenu
GetMenuItemInfoW
TrackPopupMenuEx
DestroyMenu
SetMenuItemInfoW
CopyRect
EnableMenuItem
ScrollWindowEx
SetTimer
KillTimer
SetActiveWindow
PostMessageW
InvalidateRect
UpdateWindow
GetMessageW
FindWindowW
TranslateMessage
DispatchMessageW
RegisterClassExW
LoadIconW
SetWindowPos
ShowWindow
CreateWindowExW
EndPaint
DestroyWindow
PostQuitMessage
GetClientRect
BeginPaint
SetLayeredWindowAttributes
SetFocus
ClientToScreen

gdi32

CreatePen
GdiGradientFill
RoundRect
BeginPath
BitBlt
Pie
SetTextColor
DeleteDC
LineTo
SetBkMode
DeleteObject
SelectObject
SelectClipRgn
PtInRegion
CreateCompatibleDC
Rectangle
Ellipse
EndPath
CreateFontW
CreateRectRgn
GetStockObject
PathToRegion
MoveToEx
CreateCompatibleBitmap
CreateSolidBrush
RestoreDC
CreatePatternBrush
SaveDC
GetTextMetricsW
GetTextExtentPoint32W
GetObjectW
TextOutW
SetBkColor
CreateDIBSection

advapi32

GetTokenInformation
OpenProcessToken
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
RegCloseKey
RegOpenKeyExW
RegEnumValueW
ConvertSidToStringSidW

shell32

ShellExecuteW
SHGetFolderPathW
Shell_NotifyIconW
CommandLineToArgvW

msimg32

AlphaBlend
GradientFill

gdiplus

GdiplusStartup
GdipCloneImage
GdipDeleteMatrix
GdipCreateFromHDC
GdipRotateMatrix
GdipResetWorldTransform
GdipDisposeImage
GdipSetMatrixElements
GdipAlloc
GdipTranslateMatrix
GdipDrawImage
GdipSetWorldTransform
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipCreateMatrix
GdipFree
GdiplusShutdown

shlwapi

PathAppendW

Sections

.text
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 950KB - Virtual size: 949KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bac17b534c3c338035bd3f0b2916764e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

msimg32

gdiplus

shlwapi

Sections

.text Size: 385KB - Virtual size: 384KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 950KB - Virtual size: 949KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 385KB - Virtual size: 384KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 950KB - Virtual size: 949KB

.reloc
Size: 25KB - Virtual size: 25KB