2024-06-24_013c318d0b080a9fa6215a10a6cbf5be_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-24_013c318d0b080a9fa6215a10a6cbf5be_mafia
Size

3.5MB
MD5

013c318d0b080a9fa6215a10a6cbf5be
SHA1

d4c71d9dd01d2f6e97987ca4088520025ae63a01
SHA256

1de6bb2ffeb14f527a6de8162aac011d7f2589e199b83dd12b244cdaae5a5e71
SHA512

136bd0d16d8f01a88d5868e560858cbc6d239381de0b89494e4bcc61eb8f3c9305989e92eaa075017a93c83b42e4d640c2bbc6acde20e0d5f420f46405d7734c
SSDEEP

98304:+tH9aBFCiqi9Ov2TNkEuNWzmO5oymBkmD8GOWx8X5B:+H9aBFGBGFofkmD8GOG8p

Score

10^/10

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-24_013c318d0b080a9fa6215a10a6cbf5be_mafia

Files

2024-06-24_013c318d0b080a9fa6215a10a6cbf5be_mafia
.exe windows:5 windows x86 arch:x86

c865ac7e39a527fbb433f01345600c2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
EnumSystemLocalesA
IsValidLocale
CompareStringW
CreateFileW
SetEnvironmentVariableA
SetFileAttributesW
CreateDirectoryW
AreFileApisANSI
GetLocaleInfoW
GetEnvironmentStringsW
QueryPerformanceCounter
FreeEnvironmentStringsW
GetStringTypeW
HeapCreate
GetTimeZoneInformation
LCMapStringW
IsValidCodePage
GetConsoleMode
GetConsoleCP
GetStdHandle
SetHandleCount
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
HeapQueryInformation
HeapSize
ExitProcess
GetFileType
SetStdHandle
RaiseException
RtlUnwind
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitThread
VirtualQuery
GetSystemInfo
VirtualAlloc
DecodePointer
EncodePointer
HeapFree
HeapAlloc
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
FindResourceExW
VirtualProtect
SearchPathA
GetProfileIntA
GetTickCount
SetErrorMode
GetNumberFormatA
GetWindowsDirectoryA
GetTempPathA
GetTempFileNameA
GetUserDefaultLCID
GetCurrentDirectoryA
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
lstrcmpiA
GetACP
lstrcpyA
GetSystemDirectoryW
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedIncrement
GetThreadLocale
ResumeThread
SetThreadPriority
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
GetModuleHandleW
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
CompareStringA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalSize
FormatMessageA
LocalFree
lstrlenW
MulDiv
GetExitCodeThread
CreateThread
SetCurrentDirectoryA
lstrcatA
GetFullPathNameA
WriteFile
lstrlenA
TerminateProcess
FreeLibrary
InitializeCriticalSection
WinExec
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
GetFileAttributesA
WaitForSingleObject
OpenEventA
DeviceIoControl
GetSystemDirectoryA
SetFileAttributesA
lstrcmpA
Sleep
CopyFileA
MultiByteToWideChar
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
FindResourceA
SetUnhandledExceptionFilter
CreateProcessA
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
GetModuleFileNameA
ActivateActCtx
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetLastError
DeactivateActCtx
SetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetProcessHeap
DeleteFileA

user32

CharUpperA
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
UnregisterClassA
RealChildWindowFromPoint
GetSysColorBrush
DestroyMenu
GetMenuItemInfoA
LoadCursorW
SystemParametersInfoA
ShowOwnedPopups
GetMessageA
TranslateMessage
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
IntersectRect
WindowFromPoint
GetCursorPos
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
FillRect
DrawStateA
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
DestroyWindow
GetMessageTime
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
MonitorFromPoint
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
DeleteMenu
SetForegroundWindow
ShowScrollBar
IsWindowVisible
ValidateRect
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
UnhookWindowsHookEx
MapVirtualKeyA
GetKeyNameTextA
CopyRect
GetMenuState
GetMenuStringA
IsMenu
SetMenuDefaultItem
GetMenuDefaultItem
GetMenuItemID
InsertMenuA
SendMessageA
EnableWindow
InvalidateRect
LoadCursorA
PtInRect
GetMenuItemCount
GetSubMenu
RemoveMenu
GetWindow
GetWindowThreadProcessId
GetTopWindow
AppendMenuA
CreatePopupMenu
CreateMenu
GetMessagePos
PostMessageA
IsRectEmpty
InflateRect
EndPaint
BeginPaint
LoadImageA
SetWindowRgn
DrawIcon
IsIconic
MessageBoxA
UpdateLayeredWindow
GetWindowRect
GetDC
GetSystemMetrics
LoadIconW
KillTimer
WaitMessage
CharNextA
CopyAcceleratorTableA
SetRect
InvalidateRgn
GetNextDlgGroupItem
DestroyIcon
TranslateAcceleratorA
BringWindowToTop
InsertMenuItemA
LoadAcceleratorsA
ReuseDDElParam
GetParent
SetTimer
SetWindowLongA
DrawTextA
OffsetRect
SetCursor
ReleaseCapture
SetCapture
IsWindow
RedrawWindow
ReleaseDC
GetWindowDC
LoadMenuW
GetSystemMenu
MessageBeep
NotifyWinEvent
GetAsyncKeyState
IsZoomed
UnionRect
GetScrollPos
EnableScrollBar
GetWindowLongA
GetClientRect
LoadMenuA
GetWindowRgn
DestroyCursor
SubtractRect
MapVirtualKeyExA
IsCharLowerA
GetDoubleClickTime
GetUpdateRect
IsClipboardFormatAvailable
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
PostThreadMessageA
CharUpperBuffA
CopyIcon
FrameRect
RegisterClipboardFormatA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetIconInfo
HideCaret
InvertRect
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongA
DestroyAcceleratorTable
SetParent
UnpackDDElParam

gdi32

LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
CreateFontIndirectA
SetRectRgn
GetMapMode
DPtoLP
IntersectClipRect
LPtoDP
Ellipse
CreateDIBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
CreateRoundRectRgn
GetBkColor
GetTextColor
GetRgnBox
CreatePolygonRgn
Polyline
Polygon
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
OffsetRgn
SetPixel
Rectangle
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceA
SetPixelV
GetClipBox
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateSolidBrush
CreateBitmap
SetBkColor
SetTextColor
PatBlt
CreateRectRgnIndirect
CreateDCA
CopyMetaFileA
CreatePalette
CreateHalftonePalette
RealizePalette
GetDeviceCaps
CombineRgn
GetDIBColorTable
StretchBlt
CreateRectRgn
BitBlt
GetStockObject
GetTextExtentPoint32A
CreateCompatibleBitmap
CreateFontA
CreateDIBSection
GetObjectA
CreateCompatibleDC
SetDIBColorTable
SelectObject
CreateEllipticRgn
DeleteObject
DeleteDC

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegEnumKeyExA
RegEnumValueA
OpenProcessToken
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteA
SHGetFileInfoA
DragQueryFileA
SHAppBarMessage
DragFinish

comctl32

_TrackMouseEvent
InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathFileExistsA
PathFindFileNameA
PathRemoveFileSpecW

ole32

IsAccelerator
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateGuid
CLSIDFromProgID
CLSIDFromString
OleDraw
CoCreateInstance
CoInitialize
CoUninitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoInitializeEx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
RevokeDragDrop
OleLockRunning
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
CoTaskMemFree
CreateStreamOnHGlobal
CoRegisterMessageFilter
CoRevokeClassObject

oleaut32

SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
VariantCopy
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VarBstrFromDate
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SafeArrayDestroy
SysFreeString

oledlg

ord8

gdiplus

GdipSetInterpolationMode
GdipReleaseDC
GdipLoadImageFromStream
GdipSetSmoothingMode
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipCreateBitmapFromHBITMAP
GdipGraphicsClear
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipFree
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight

dbghelp

MiniDumpWriteDump

wininet

InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryDataAvailable
HttpSendRequestA

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 326KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 919KB - Virtual size: 919KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 744KB - Virtual size: 745KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

eihjcqh
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c865ac7e39a527fbb433f01345600c2a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

dbghelp

wininet

oleacc

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 326KB - Virtual size: 325KB

.data Size: 51KB - Virtual size: 89KB

.vmp0 Size: 919KB - Virtual size: 919KB

.reloc Size: 123KB - Virtual size: 122KB

.rsrc Size: 744KB - Virtual size: 745KB

eihjcqh Size: - Virtual size: 4KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 326KB - Virtual size: 325KB

.data
Size: 51KB - Virtual size: 89KB

.vmp0
Size: 919KB - Virtual size: 919KB

.reloc
Size: 123KB - Virtual size: 122KB

.rsrc
Size: 744KB - Virtual size: 745KB

eihjcqh
Size: - Virtual size: 4KB