2024-06-25_7d45b44b8002234f04379d86bf3e12f8_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-25_7d45b44b8002234f04379d86bf3e12f8_mafia
Size

957KB
MD5

7d45b44b8002234f04379d86bf3e12f8
SHA1

5b69661a5e8f529c59e917b6a8403b95fc477bdb
SHA256

64bd414417575fc68e3d084e6ea5ae503dba42e3cbfc684f802f686ae30d3c4c
SHA512

30160aafeb26d03ec652dbad2932fd1645a837a899d7c7dc13f6f0bc855b446fa578d25d7ecff654e338763f1ec22c10af793227a0dcea41d0e35cc7644fb7a1
SSDEEP

24576:rNfZ1hrU295hP1DgI7kUERagOGvTlFBfO:Bf22959tPT2agOklFB2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-25_7d45b44b8002234f04379d86bf3e12f8_mafia

Files

2024-06-25_7d45b44b8002234f04379d86bf3e12f8_mafia
.exe windows:5 windows x86 arch:x86

a95bd04c5961f0a781fb207c5578f419

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILDS\Build_ShopperPro_VA\ShopperPro\Release_YTA\YTAHelper.pdb

Imports

kernel32

DeleteCriticalSection
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
IsWow64Process
MoveFileExW
WaitForSingleObject
SetEvent
OutputDebugStringW
TerminateThread
Sleep
GetModuleFileNameW
ExitThread
SetThreadPriority
InterlockedExchange
ResetEvent
GetLocalTime
CreateEventW
WaitForMultipleObjects
CreateThread
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
CreateMutexW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
InterlockedCompareExchange
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
LoadLibraryW
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
MultiByteToWideChar
GetTempPathW
GetProcAddress
HeapSize
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
InitializeCriticalSection
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
OpenProcess
CopyFileW
EncodePointer
Process32NextW
CreateToolhelp32Snapshot
lstrlenA
GetModuleHandleW
FileTimeToSystemTime
GetPrivateProfileStringW
WritePrivateProfileStringW
FindNextFileW
RemoveDirectoryW
Process32FirstW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
SetStdHandle
RaiseException
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetVersionExW
GetSystemDirectoryW
GetEnvironmentVariableW
SetLastError
lstrlenW
FormatMessageW
GetComputerNameW
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
LocalFree
DeleteFileW
CloseHandle
DuplicateHandle
GetFileType
FindClose
GetLastError
FlushFileBuffers
CreateFileW
ReadFile
GetFileAttributesW
WriteFile
LockFile
UnlockFile
CreateDirectoryW
GetCurrentProcess
SetEndOfFile
SetFilePointer
FindFirstFileW
GetFileSize
DecodePointer
CreateFileMappingA
TerminateProcess
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetTimeZoneInformation
GetLocaleInfoW
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
GetCPInfo
RtlUnwind
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent

user32

wsprintfW
DefWindowProcW
LoadStringW
EndDialog
RegisterClassExW
LoadAcceleratorsW
BeginPaint
LoadCursorW
DialogBoxParamW
PostQuitMessage
DestroyWindow
EndPaint
GetSystemMetrics
LoadIconW

advapi32

GetUserNameW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegEnumValueW
RegQueryValueW
RegDeleteKeyW
RegOpenKeyW
RegEnumKeyW
IsValidSid
LookupAccountNameW
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

wininet

InternetWriteFile
InternetCloseHandle
HttpEndRequestW
InternetGetLastResponseInfoW
HttpOpenRequestW
InternetOpenW
HttpSendRequestExW
InternetQueryDataAvailable
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpAddRequestHeadersW
HttpQueryInfoW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 746KB - Virtual size: 746KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a95bd04c5961f0a781fb207c5578f419

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

version

Sections

.text Size: 746KB - Virtual size: 746KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 16KB - Virtual size: 26KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 746KB - Virtual size: 746KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 16KB - Virtual size: 26KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 40KB - Virtual size: 39KB