2024-06-25_9830f8376e4430e368fd1ad98c6a93bd_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-25_9830f8376e4430e368fd1ad98c6a93bd_mafia
Size

4.9MB
MD5

9830f8376e4430e368fd1ad98c6a93bd
SHA1

b44ebf9cbda3143821d6dccbb1d7abc5e2f681df
SHA256

db6d3c6739cd279580ab5e85eb0d0243d3bec58c7596d9b874d3323618a78b97
SHA512

9ff3eb43a6605232f47db89639ae0c923f92031c23b9f7e98402fd993cfa3fa09f16307d9b47c62429de258bb74a9a422ac9457fb27d5622c2274352e1340a25
SSDEEP

98304:pDDcoXlaMdVzsKQTwo5VzjpTtkkh/toP19owl063Qhsy:pXmMdVV0xTt3h/toPwwl5Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-25_9830f8376e4430e368fd1ad98c6a93bd_mafia

Files

2024-06-25_9830f8376e4430e368fd1ad98c6a93bd_mafia
.exe windows:5 windows x86 arch:x86

f21a281077ac1bdb48e4a18ba6fc1bb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN\install.v3\src\ikucmc_v521\build_vs2010\bin\Publish\YoukuMediaCenter.pdb

Imports

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CheckTokenMembership
GetTokenInformation
CreateWellKnownSid
SetNamedSecurityInfoA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetUserNameA

kernel32

GetACP
AllocConsole
FreeConsole
SetConsoleTitleW
GetModuleHandleW
Sleep
GetModuleFileNameW
CopyFileW
MoveFileExW
GetTickCount
GetSystemDirectoryW
GetTempPathW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDrives
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
CreateMutexW
OpenMutexW
GetQueuedCompletionStatus
SetLastError
InterlockedCompareExchange
CreateEventW
GetProcessHeap
WideCharToMultiByte
DeleteCriticalSection
TlsGetValue
SetConsoleOutputCP
InitializeCriticalSectionAndSpinCount
CreateIoCompletionPort
QueueUserAPC
TerminateThread
WaitForMultipleObjects
GlobalFree
GlobalAlloc
GetFullPathNameA
SetConsoleMode
ReadConsoleInputA
GetDriveTypeA
InterlockedExchangeAdd
Process32FirstW
EnterCriticalSection
GetProcAddress
GetLastError
InterlockedExchange
TerminateProcess
LeaveCriticalSection
GetSystemTimeAsFileTime
SetEvent
WaitForSingleObject
GetCurrentProcess
CreateProcessW
MultiByteToWideChar
TlsFree
CloseHandle
TlsAlloc
GetCurrentThreadId
CreateToolhelp32Snapshot
CreateWaitableTimerW
TlsSetValue
SetConsoleCtrlHandler
Process32NextW
Module32FirstW
HeapFree
PostQueuedCompletionStatus
OutputDebugStringW
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
DuplicateHandle
OutputDebugStringA
GetSystemTime
GetFileSize
GetThreadLocale
VerifyVersionInfoW
FlushConsoleInputBuffer
GetVersion
CreateEventA
LoadLibraryW
OpenProcess
SleepEx
QueryPerformanceCounter
InterlockedDecrement
InterlockedIncrement
SetWaitableTimer
FreeLibrary
HeapAlloc
ExpandEnvironmentStringsA
VerSetConditionMask
VerifyVersionInfoA
SetEnvironmentVariableA
CompareStringW
SetStdHandle
CreateFileA
HeapReAlloc
LoadLibraryA
QueryPerformanceFrequency
FindResourceExW
GetVersionExW
lstrlenW
GetModuleHandleA
DeleteFileW
DeleteFileA
SetEndOfFile
SetFilePointerEx
FormatMessageA
WriteFile
ReadFile
CreateFileW
FlushFileBuffers
DeviceIoControl
LocalFree
GlobalMemoryStatus
VirtualQuery
SetUnhandledExceptionFilter
GetCurrentThread
InitializeCriticalSection
GetLocalTime
GetVersionExA
GetCurrentProcessId
ReleaseMutex
GetEnvironmentVariableW
GetThreadContext
ReadProcessMemory
GetFileAttributesW
GetEnvironmentVariableA
GetModuleFileNameA
GetCurrentDirectoryA
SuspendThread
ResumeThread
GetLogicalDriveStringsW
GetSystemDefaultLCID
GlobalMemoryStatusEx
GetWindowsDirectoryW
UnmapViewOfFile
ReleaseSemaphore
CreateSemaphoreA
GetTempFileNameW
SetInformationJobObject
GetNativeSystemInfo
PeekNamedPipe
CreateJobObjectW
AssignProcessToJobObject
OpenEventA
ResetEvent
GetExitCodeProcess
GetStartupInfoW
CreatePipe
GetSystemInfo
GetStringTypeW
EncodePointer
DecodePointer
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
LCMapStringW
SystemTimeToFileTime
CreateWaitableTimerA
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileW
FindNextFileW
CreateDirectoryW
AreFileApisANSI
ExitProcess
ExitThread
CreateThread
GetCommandLineW
HeapSetInformation
RtlUnwind
RaiseException
SetEnvironmentVariableW
FindFirstFileExA
FindNextFileA
FindFirstFileExW
MoveFileW
MoveFileA
GetTimeFormatA
GetDateFormatA
UnhandledExceptionFilter
IsDebuggerPresent
WriteConsoleW
GetFileType
GetStdHandle
GetCPInfo
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetLocaleInfoW
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetOEMCP
IsValidCodePage
SetFilePointer
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale

user32

SendMessageW
ExitWindowsEx
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
FindWindowW
LoadStringA
PostMessageW
SendMessageTimeoutW
MessageBoxA
GetSystemMetrics

ws2_32

WSASendTo
WSARecvFrom
inet_ntoa
WSAAddressToStringA
WSCEnumProtocols
shutdown
gethostname
listen
accept
recvfrom
send
sendto
getaddrinfo
freeaddrinfo
inet_addr
bind
ntohs
getsockname
WSAIoctl
ioctlsocket
connect
ntohl
htonl
WSARecv
WSASocketW
WSASend
select
WSAGetLastError
htons
setsockopt
WSASetLastError
__WSAFDIsSet
recv
socket
gethostbyname
closesocket
getsockopt
WSAStartup
WSACleanup
WSAStringToAddressA
getpeername

iphlpapi

NotifyAddrChange
GetAdaptersInfo

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
SHChangeNotify
SHGetFolderPathW
ord680

ole32

CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

oleaut32

SysStringLen
VariantInit
VariantClear
SysFreeString
SysAllocString

mswsock

AcceptEx
GetAcceptExSockaddrs

wininet

InternetCloseHandle
InternetSetFilePointer
InternetReadFile
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpSendRequestW
HttpQueryInfoA
InternetTimeToSystemTimeA
InternetTimeFromSystemTimeA
InternetSetCookieA
HttpQueryInfoW
HttpOpenRequestW

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 996KB - Virtual size: 995KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 169KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f21a281077ac1bdb48e4a18ba6fc1bb6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

ws2_32

iphlpapi

setupapi

psapi

version

shell32

ole32

oleaut32

mswsock

wininet

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 996KB - Virtual size: 995KB

.data Size: 169KB - Virtual size: 210KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 163KB - Virtual size: 162KB

.reloc Size: 202KB - Virtual size: 202KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 996KB - Virtual size: 995KB

.data
Size: 169KB - Virtual size: 210KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 163KB - Virtual size: 162KB

.reloc
Size: 202KB - Virtual size: 202KB