2024-06-25_c33757acea3bc9b4b00a3e99e58a3918_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-25_c33757acea3bc9b4b00a3e99e58a3918_mafia
Size

2.6MB
MD5

c33757acea3bc9b4b00a3e99e58a3918
SHA1

2030893b78da0a5b27851644c70bde75f763c7ea
SHA256

70ecd9d0f34ff493dc355bbef8f29b52b1a3e6d9d7ccd8b00f9e41e6d042526d
SHA512

d595ad34a9c595b44bba580a2dec9e0b8ba16fbea197f949f2ee209675d06686fdd53235376ee6cff0e0e4a5ec6173d422333625d2e7200d36eb048bd236dfe1
SSDEEP

49152:5EJgSYwC24GntfcSQOia9OyRvbmuqbbwMYw:IbQit9Qi9j1rqbb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-25_c33757acea3bc9b4b00a3e99e58a3918_mafia

Files

2024-06-25_c33757acea3bc9b4b00a3e99e58a3918_mafia
.exe windows:5 windows x86 arch:x86

bb3f9e78f297111d9ba49b58f159adb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\projects\vim-win32-installer\vim\src\gvim.pdb

Imports

kernel32

SearchPathA
SetFileAttributesA
LoadLibraryA
Process32Next
GetProcessId
GetFileType
MoveFileA
GlobalMemoryStatusEx
SetCurrentDirectoryW
WaitForMultipleObjects
CreatePipe
GetModuleFileNameA
SetConsoleTitleW
GetConsoleTitleW
GetCurrentDirectoryA
CreateToolhelp32Snapshot
GetVersionExA
TerminateJobObject
CloseHandle
DeleteFileW
GetCurrentProcessId
GetFileInformationByHandle
ResumeThread
SetFileAttributesW
lstrlenA
LocalHandle
MoveFileW
LocalAlloc
InterlockedIncrement
InterlockedDecrement
GetStartupInfoA
AttachConsole
BackupRead
GetCurrentDirectoryW
SetCurrentDirectoryA
CreateJobObjectA
SetConsoleTitleA
ReadFile
TerminateProcess
CreateProcessA
GetFileAttributesW
GetExitCodeProcess
GetFileAttributesA
FreeConsole
AssignProcessToJobObject
OpenProcess
WriteFile
GetConsoleTitleA
GenerateConsoleCtrlEvent
WriteConsoleW
FlushFileBuffers
RtlUnwind
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringW
GetProcessHeap
SetEndOfFile
BackupSeek
GetComputerNameW
WaitForSingleObject
SetHandleInformation
Process32First
GetCurrentProcess
CreateProcessW
SetErrorMode
PeekNamedPipe
SearchPathW
GetTempFileNameW
GetFullPathNameA
GetComputerNameA
GetCommandLineW
GetFullPathNameW
GlobalFree
Sleep
GlobalAlloc
GlobalSize
LocalFree
GetSystemInfo
GlobalUnlock
CreateFileW
MulDiv
FormatMessageA
IsBadReadPtr
GlobalLock
VirtualQuery
CreateFileA
GetLocaleInfoA
GetTickCount
FindNextFileW
FindNextFileA
FindClose
FindFirstFileA
FindFirstFileW
IsValidCodePage
GetProcAddress
IsDBCSLeadByteEx
GetLastError
GetACP
FreeLibrary
GetCPInfo
GetModuleHandleA
DeleteFileA
GetTempPathA
GetTempFileNameA
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceFrequency
HeapSize
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoW
GetUserDefaultLCID
RaiseException
GetTimeZoneInformation
LCMapStringW
GetModuleFileNameW
HeapDestroy
HeapCreate
FatalAppExitA
GetCurrentThread
QueryPerformanceCounter
GetLongPathNameA
IsDBCSLeadByte
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetOEMCP
DeleteCriticalSection
GetStdHandle
SetHandleCount
IsProcessorFeaturePresent
SetEnvironmentVariableA
InterlockedExchange
GetConsoleMode
GetConsoleCP
DuplicateHandle
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetShortPathNameA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
RemoveDirectoryA
CreateDirectoryA
CreateThread
GetCurrentThreadId
ExitThread
RemoveDirectoryW
CreateDirectoryW
SetConsoleCtrlHandler
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
SetStdHandle
FindFirstFileExW
GetDriveTypeW
SetEnvironmentVariableW
EncodePointer
VirtualAlloc
VirtualProtect
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
DecodePointer
ExitProcess
GetModuleHandleW
SetFilePointer
GetSystemTimeAsFileTime
HeapReAlloc
GetDateFormatA
GetTimeFormatA
HeapAlloc
HeapFree

advapi32

OpenProcessToken
RegCloseKey
RegOpenKeyExA
SetNamedSecurityInfoA
GetUserNameW
GetAclInformation
LookupPrivilegeValueA
SetNamedSecurityInfoW
GetAce
GetNamedSecurityInfoW
GetUserNameA
AdjustTokenPrivileges
GetNamedSecurityInfoA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyExA
RegCreateKeyExA

shell32

DragQueryPoint
DragQueryFileW
DragAcceptFiles
DragQueryFileA
CommandLineToArgvW
Shell_NotifyIconA
DragFinish

gdi32

CreateSolidBrush
EndPage
GetTextExtentPoint32W
StartPage
SetPixel
DeleteDC
GetDeviceCaps
CreateFontIndirectA
SetBkColor
CreateDCA
SetAbortProc
SetBkMode
DeleteObject
SelectObject
ExtTextOutA
EnumFontFamiliesA
GetNearestColor
GetTextMetricsA
SetTextAlign
TextOutW
EndDoc
TextOutA
GdiFlush
CreateFontA
LineTo
BitBlt
MoveToEx
GetObjectW
GetStockObject
GetObjectA
GetPixel
CreatePen
GetTextExtentPointA
GetTextExtentPointW
ExtTextOutW
CreateCompatibleDC
StartDocA
GetDCOrgEx
SetTextColor
CreateBitmap

comdlg32

GetSaveFileNameW
ReplaceTextW
GetOpenFileNameW
FindTextA
ReplaceTextA
CommDlgExtendedError
PrintDlgA
ChooseFontA
FindTextW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
StringFromCLSID
OleUninitialize
CoTaskMemFree
CoRevokeClassObject
CoRegisterClassObject
OleInitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

comctl32

CreateToolbarEx
ord17

oleaut32

SetErrorInfo
LoadRegTypeLi
RegisterActiveObject
UnRegisterTypeLi
LoadTypeLi
RevokeActiveObject
SysAllocString
RegisterTypeLi

user32

MapWindowPoints
GetDlgItemTextW
InsertMenuA
IsWindowVisible
GetSystemMetrics
RegisterClassW
ScrollWindowEx
ReleaseCapture
InsertMenuW
RemoveMenu
ShowScrollBar
GetMenuItemCount
GetClassInfoA
DrawMenuBar
FrameRect
CreatePopupMenu
SetMenu
ShowWindow
GetCursorPos
SetWindowPos
GetSysColor
DestroyCursor
RedrawWindow
EndDialog
GetDlgItem
GetMenuState
SetClassLongA
MonitorFromWindow
SetCursorPos
InvalidateRect
IntersectRect
SetWindowLongA
TrackPopupMenuEx
GetKeyboardLayout
GetMenuItemRect
UpdateWindow
GetWindowPlacement
CreateDialogIndirectParamA
ShowCursor
GetDC
InsertMenuItemW
GetClassInfoW
GetMonitorInfoA
PtInRect
BeginPaint
RegisterWindowMessageA
CreateMenu
GetClientRect
SetParent
WindowFromPoint
FindWindowExA
MessageBeep
LoadBitmapA
DrawIconEx
GetKeyState
KillTimer
SetCapture
GetScrollPos
IsIconic
TrackPopupMenu
GetMessageW
InsertMenuItemA
SetActiveWindow
GetWindowRect
ScreenToClient
SetTimer
InvertRect
SetWindowPlacement
EndPaint
CallWindowProcA
DialogBoxIndirectParamA
EnableWindow
DestroyMenu
LoadCursorA
SetWindowTextW
DestroyIcon
OffsetRect
SetScrollInfo
GetDialogBaseUnits
DefWindowProcW
GetMessageTime
mouse_event
GetWindow
MessageBoxA
MessageBoxW
CloseClipboard
IsClipboardFormatAvailable
RegisterClipboardFormatA
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
GetClassNameA
GetSystemMenu
CreateDialogParamA
SendDlgItemMessageA
GetWindowDC
MsgWaitForMultipleObjects
GetParent
wsprintfA
SetFocus
SendMessageA
EnumWindows
TranslateMessage
IsDialogMessageW
GetWindowTextA
CharUpperBuffA
PeekMessageW
CreateWindowExA
ReleaseDC
EnableMenuItem
DefWindowProcA
CharLowerBuffA
GetDesktopWindow
PostMessageA
SystemParametersInfoA
SetWindowTextA
LoadImageA
SetDlgItemTextW
GetDlgItemTextA
SetDlgItemTextA
RegisterClassA
DispatchMessageW
DestroyWindow
IsWindow
SetForegroundWindow
LoadIconA
MapVirtualKeyA
MoveWindow
IsRectEmpty
FillRect
GetFocus

wsock32

WSAGetLastError
select
connect
inet_ntoa
WSACleanup
WSAStartup
gethostbyname
closesocket
__WSAFDIsSet
send
socket
recv
htons

Exports

Exports

boot_VIM
scheme_external_get_thread_local_variables

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb3f9e78f297111d9ba49b58f159adb0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

gdi32

comdlg32

ole32

version

comctl32

oleaut32

user32

wsock32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 268KB - Virtual size: 319KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 161KB - Virtual size: 160KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 268KB - Virtual size: 319KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 161KB - Virtual size: 160KB