2024-06-24_55719953287b9b1e0cc4e58202656744_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-24_55719953287b9b1e0cc4e58202656744_mafia
Size

250KB
MD5

55719953287b9b1e0cc4e58202656744
SHA1

76aa235baa5338a9c688919a6cf3b746130d6660
SHA256

f9368d38f7a7984d6abe5a09e62781ade51fd2313de478d8ba5e99b6ef39c469
SHA512

359f7ab519b912ca2d515b74cb5d1ef547f5231c7d2c62b2159197a52a601c66e44b0653ef4752424772271f131e6ef3129e1efa25c1907ac255a64e4dc90d98
SSDEEP

3072:yPMguWxkMRDHYsM9v37CDAfyzibe0OaYDKCgq90J/:2buRM1HYsM9vrCaUxWh7/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-24_55719953287b9b1e0cc4e58202656744_mafia

Files

2024-06-24_55719953287b9b1e0cc4e58202656744_mafia
.exe windows:5 windows x86 arch:x86

097abdf271458f6f4cd710f3105c6694

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
OpenProcess
InitializeCriticalSectionAndSpinCount
Sleep
LeaveCriticalSection
CreateDirectoryA
SetCurrentDirectoryA
GetLastError
EnterCriticalSection
GetModuleFileNameA
CreateMutexA
CloseHandle
SetEndOfFile
CreateFileA
InitializeCriticalSection
CreateFileW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
ExpandEnvironmentStringsA
SetStdHandle
LoadLibraryW
InterlockedExchange
HeapReAlloc
GetStringTypeW
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
GetLocaleInfoW
GetModuleFileNameW
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
GetCurrentProcess
WriteConsoleW
SetPriorityClass
ReadFile
ExitProcess
HeapCreate
IsProcessorFeaturePresent
HeapAlloc
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
GetProcAddress
GetCurrentThreadId
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
HeapFree
GetProcessHeap

user32

LoadCursorA
InsertMenuA
DestroyWindow
GetMessageA
SetTimer
RegisterClassExA
PostQuitMessage
TrackPopupMenu
KillTimer
SetForegroundWindow
LoadStringA
LoadIconA
wsprintfA
RegisterWindowMessageA
GetDC
TranslateMessage
SetWindowLongA
MessageBoxA
GetWindowLongA
CreateWindowExA
ReleaseDC
DefWindowProcA
GetDesktopWindow
SetWindowPos
GetCursorPos
ShowWindow
CreatePopupMenu
PostMessageA
DispatchMessageA
SystemParametersInfoA
GetSystemMetrics
AllowSetForegroundWindow

gdi32

CreateSolidBrush
GetDeviceCaps

shell32

Shell_NotifyIconA

strokesplus

openSettings
clearMyHook
setLearningMode
getGesturesDisabled
setLastActive
getHookBtn
setPreviousTrainingModeState
disableHotkey
getOnlyDefinedApps
sethWndServer
reloadLuaState
loadHookConfig
getTrayIconVisible
popupMenu
openHotkeys
setWindowState
openHelp
openConfig
setTrayID
openIgnored
getCheckForOtherGesturePrograms
getReInitOnResume
clearCaptureVars
FireHotkey
setTrayIconVisible
LoadHotkeys
openPrefs
openGestureName
getHideAdditionalInstanceMessage
getCheckForegroundTimeout
setDrawGesture
initLua
DestroySynaptics
openPassword
setDPIModifier
enableHotkey
getLearningMode
openAbout
setGesturesDisabled
initLua2
saveConfig
getResumeDelay
getShowCopyData
setOSVersion
setWindowTransparency
setMyHook
setHookBtn
getDrawGesture

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

gdiplus

GdiplusStartup
GdiplusShutdown

Exports

Exports

ptConfig
ptLang

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

097abdf271458f6f4cd710f3105c6694

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

strokesplus

psapi

gdiplus

Exports

Exports

Sections

.text Size: 157KB - Virtual size: 156KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 157KB - Virtual size: 156KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 14KB - Virtual size: 13KB