2024-06-27_31fe3b4d01199d55d8d807b36907a7d8_mafia_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-27_31fe3b4d01199d55d8d807b36907a7d8_mafia_revil
Size

11.2MB
MD5

31fe3b4d01199d55d8d807b36907a7d8
SHA1

517e9f5d027ed1d232584e2995f7a8e595d499f9
SHA256

150b0f104c5a024af620203a465335539deafca4f1480f3121be293d199deb7d
SHA512

1fa4982c640cfc3809b9b5c2c196962e88ba249d10c3b8b4df8e28b20c46ef80e7dbec389e597dc8970a3c30cdb33bb5acc869723b6938ede0b5f547285ec81b
SSDEEP

196608:kISiu71OP5k+oqSF7fE73MGhJGyuj6JJkjnfB1Oq534U3k3k0ZXIeCr:kXORk57ccyuuUfPURHC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-27_31fe3b4d01199d55d8d807b36907a7d8_mafia_revil

Files

2024-06-27_31fe3b4d01199d55d8d807b36907a7d8_mafia_revil
.exe windows:5 windows x86 arch:x86

12f5ee5a8260b11246a85c69fa7e2ac4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
CompareStringW
GetStringTypeW
GetDriveTypeW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
FindFirstFileExA
GetDriveTypeA
SetConsoleCtrlHandler
GetPrivateProfileSectionNamesA
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
GetEnvironmentVariableW
ReadConsoleW
ReadConsoleA
SetConsoleMode
ConvertFiberToThread
GetSystemTime
FindFirstFileW
FindNextFileW
GetVersion
DeleteFiber
ReleaseSemaphore
CreateSemaphoreA
WaitForMultipleObjects
InterlockedExchangeAdd
GetNativeSystemInfo
SwitchToThread
MapViewOfFileEx
GetExitCodeThread
ResetEvent
InterlockedCompareExchange
CreateFileW
SetEnvironmentVariableA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsProcessorFeaturePresent
LCMapStringW
HeapDestroy
HeapCreate
GetStdHandle
GetTimeZoneInformation
IsValidCodePage
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
HeapReAlloc
VirtualQuery
RaiseException
RtlUnwind
ExitProcess
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitThread
DecodePointer
EncodePointer
HeapFree
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
FindResourceExW
VirtualProtect
SearchPathA
GetProfileIntA
InitializeCriticalSectionAndSpinCount
GetTempPathA
GetNumberFormatA
GetWindowsDirectoryA
GetCurrentDirectoryA
GetFileSizeEx
LocalFileTimeToFileTime
SetFileAttributesA
GetFileAttributesExA
SetErrorMode
GetOEMCP
GetCPInfo
GetACP
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalLock
LocalUnlock
GetDiskFreeSpaceA
GetTempFileNameA
GetFileTime
SetFileTime
ReplaceFileA
SystemTimeToFileTime
SetThreadPriority
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
GetModuleHandleW
GetShortPathNameA
GetFullPathNameA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
MoveFileA
lstrcmpiA
GetThreadLocale
GetStringTypeExA
lstrcmpA
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
CompareStringA
LoadLibraryW
lstrcmpW
FreeResource
CopyFileA
FormatMessageA
lstrlenW
MulDiv
LocalSize
GlobalSize
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteCriticalSection
CreateEventA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
CancelIo
InterlockedExchange
OutputDebugStringA
GetQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
PostQueuedCompletionStatus
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
VirtualAlloc
VirtualFree
ActivateActCtx
GetModuleHandleA
DeactivateActCtx
SetLastError
InterlockedDecrement
InterlockedIncrement
GetTickCount
GetProcessHeap
HeapAlloc
FindResourceA
GetVolumeInformationA
GetComputerNameA
GetLastError
CreateDirectoryA
GetFileAttributesA
lstrcpyA
DeleteFileA
ReadFile
WriteFile
SetFilePointer
GetFileSize
CreateFileA
GetModuleFileNameA
FindClose
FindFirstFileA
MultiByteToWideChar
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
LocalAlloc
lstrlenA
FreeLibrary
GetProcAddress
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
LoadLibraryA
lstrcatA
ResumeThread
Sleep
CreateThread
WaitForSingleObject
SetEvent
CloseHandle
TerminateThread

user32

LoadBitmapW
ModifyMenuA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
LoadAcceleratorsA
DestroyIcon
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetMenuCheckMarkDimensions
DrawIcon
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetMenuItemBitmaps
GetWindowThreadProcessId
GetKeyNameTextA
MapVirtualKeyA
GetMenuItemInfoA
DestroyMenu
IsZoomed
SetRectEmpty
CharUpperA
PostQuitMessage
DrawStateA
TabbedTextOutA
DrawTextExA
GrayStringA
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetWindowDC
BeginPaint
EndPaint
ValidateRect
ShowOwnedPopups
IsIconic
IsClipboardFormatAvailable
GetTabbedTextExtentA
MapDialogRect
SubtractRect
IntersectRect
TranslateAcceleratorA
BringWindowToTop
GetWindowRgn
GetMessageA
TranslateMessage
InsertMenuItemA
DispatchMessageA
EnableWindow
RedrawWindow
SendMessageA
InvalidateRect
LoadMenuW
GetSubMenu
GetCursorPos
SetRect
GetClientRect
GetWindow
LoadCursorW
SetCapture
ClientToScreen
WindowFromPoint
UpdateWindow
ScreenToClient
SetCursor
LoadCursorA
ReleaseCapture
IsWindowVisible
GetParent
GetDlgCtrlID
SetWindowPos
wsprintfA
MessageBoxA
InvalidateRgn
SetWindowContextHelpId
GetClipboardFormatNameA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
GetCursor
GetMenuStringW
LoadBitmapA
LookupIconIdFromDirectoryEx
GetKeyboardLayoutList
OpenInputDesktop
GetUserObjectInformationA
CloseDesktop
ShowCaret
CreateIconFromResourceEx
CreateIconIndirect
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
MsgWaitForMultipleObjects
GetMenuItemCount
EnableMenuItem
DeleteMenu
CharNextA
LoadImageA
CreatePopupMenu
AppendMenuA
CheckMenuItem
GetDesktopWindow
InflateRect
LoadIconA
GetSystemMetrics
OffsetRect
MessageBeep
GetSystemMenu
ShowScrollBar
GetFocus
SetTimer
LoadMenuA
ReuseDDElParam
UnpackDDElParam
GetSysColorBrush
RealChildWindowFromPoint
GetDialogBaseUnits
UnregisterClassA
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadAcceleratorsW
SetWindowRgn
NotifyWinEvent
GetAsyncKeyState
IsRectEmpty
UnionRect
EnableScrollBar
UpdateLayeredWindow
MonitorFromPoint
IsMenu
SetMenuDefaultItem
GetMenuDefaultItem
SetParent
InvertRect
DrawFocusRect
HideCaret
GetIconInfo
CopyImage
GetNextDlgGroupItem
DestroyAcceleratorTable
DrawEdge
DrawFrameControl
CopyAcceleratorTableA
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableA
SetCursorPos
LockWindowUpdate
LoadImageW
RegisterClipboardFormatA
FrameRect
CopyIcon
LoadIconW
PostMessageA
GetWindowRect
GetSysColor
GetWindowLongA
SetWindowLongA
DestroyCursor
ReleaseDC
SetClassLongA
ClipCursor
SendMessageTimeoutA
CheckMenuRadioItem
GetDC
GetMenuState
GetKeyState
DrawIconEx
GetScrollBarInfo
KillTimer
DrawTextA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClipboardData
SystemParametersInfoA
FillRect
RegisterWindowMessageA
PtInRect
GetDoubleClickTime
GetUpdateRect
CreateMenu
RemoveMenu
InsertMenuA
GetMenuItemID
GetMenuStringA
EndDialog
GetNextDlgTabItem
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
MapVirtualKeyExA
IsCharLowerA
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
GetDCEx
CallWindowProcA
WaitMessage
PostThreadMessageA
CharUpperBuffA
IsWindowEnabled
GetDlgItem
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetMenu

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
ScaleWindowExtEx
GetCurrentPositionEx
PolyBezierTo
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreateHatchBrush
GetBkColor
DPtoLP
SetRectRgn
CombineRgn
GetMapMode
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
CreateRoundRectRgn
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreatePolygonRgn
GetTextColor
SaveDC
Polyline
Ellipse
Polygon
OffsetRgn
GetRgnBox
SetDIBColorTable
GetDIBits
SelectClipRgn
SetViewportOrgEx
EnumFontFamiliesExA
RoundRect
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
SetPixelV
GetTextAlign
GetTextFaceA
GetTextExtentPoint32W
Escape
RectVisible
PtVisible
GetStockObject
CreateFontA
GetCharWidthA
GetTextMetricsA
GetTextExtentPoint32A
PatBlt
CreateRectRgnIndirect
CreateBitmap
GetObjectA
CreateSolidBrush
GetCurrentObject
CreateFontIndirectA
DeleteDC
DeleteObject
SetStretchBltMode
CreateCompatibleDC
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
Rectangle
GetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
CreateDCA
GetBitmapBits
ExtCreateRegion
SetBrushOrgEx
ExtTextOutW
StrokePath
FillPath
StrokeAndFillPath
EndPath
SetPixel
RestoreDC
CreateDIBSection
SelectObject
StretchDIBits
StretchBlt
SetBkColor
SetTextColor
ExtTextOutA
SetBkMode
TextOutA
CreatePen
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
CopyMetaFileA
CreateEllipticRgn
SetWindowExtEx
BeginPath
CloseFigure

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetOpenFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
GetJobA
OpenPrinterA

advapi32

CryptEnumProvidersW
CryptDestroyKey
CryptGetProvParam
CryptAcquireContextW
CryptGetUserKey
CryptExportKey
CryptDestroyHash
CryptSignHashW
CryptSetHashParam
CryptCreateHash
CryptDecrypt
DeregisterEventSource
ReportEventW
RegisterEventSourceW
CryptGenRandom
RegEnumKeyExA
RegEnumValueA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegSetValueA
RegCloseKey
CryptReleaseContext

shell32

Shell_NotifyIconA
ExtractIconA
SHBrowseForFolderA
SHGetPathFromIDListA
SHAppBarMessage
DragFinish
DragQueryFileA
SHAddToRecentDocs
SHGetDesktopFolder
SHGetSpecialFolderLocation
ShellExecuteA
SHGetMalloc
SHGetFileInfoA

comctl32

ImageList_Draw
ImageList_DrawEx
ImageList_AddMasked
ImageList_Destroy
ImageList_GetImageCount
ImageList_Create
ImageList_GetIconSize
_TrackMouseEvent

shlwapi

PathRemoveFileSpecW
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
StrPBrkA
SHAutoComplete
StrChrA

ole32

CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoRevokeClassObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
CLSIDFromString
CoDisconnectObject
CoCreateGuid
CoInitializeEx
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
StringFromCLSID
CoTaskMemFree
CoUninitialize
CoInitialize
CoRegisterMessageFilter
CLSIDFromProgID
StgCreateDocfileOnILockBytes

oleaut32

OleLoadPicturePath
VarUdateFromDate
VariantChangeTypeEx
OleCreateFontIndirect
SysAllocString
VarBstrFromDate
VarDateFromStr
SafeArrayDestroy
VariantCopy
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadTypeLi
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime

ws2_32

recv
WSAAddressToStringA
WSASetLastError
WSAStringToAddressA
send
getsockopt
WSAGetOverlappedResult
getpeername
inet_ntoa
closesocket
gethostname
gethostbyname
WSAStartup
socket
WSACleanup
ioctlsocket
htons
connect
select
listen
WSAGetLastError
WSARecv
WSASend
setsockopt
shutdown
ntohs
getsockname
WSAIoctl
bind

crypt32

CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext

oledlg

ord8
ord1

winmm

waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
PlaySoundA
timeGetTime
timeBeginPeriod
timeGetDevCaps
timeEndPeriod
waveInGetNumDevs
waveOutWrite
waveOutClose
waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop

avifil32

AVIStreamSetFormat
AVIFileRelease
AVIStreamRelease
AVIStreamWrite
AVIFileInit
AVIFileCreateStreamA
AVIFileOpenA
AVIFileExit

msvfw32

DrawDibOpen
ICOpen
ICSeqCompressFrameStart
ICDecompress
ICSeqCompressFrameEnd
ICCompressorFree
ICClose
DrawDibClose
DrawDibDraw
ICSendMessage

imm32

ImmAssociateContext
ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipFree
GdipAlloc
GdipDeleteGraphics

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 130KB - Virtual size: 617KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12f5ee5a8260b11246a85c69fa7e2ac4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

crypt32

oledlg

winmm

avifil32

msvfw32

imm32

oleacc

gdiplus

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rodata Size: 12KB - Virtual size: 11KB

.rotext Size: 108KB - Virtual size: 107KB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 130KB - Virtual size: 617KB

.rsrc Size: 5.1MB - Virtual size: 5.1MB

.reloc Size: 416KB - Virtual size: 415KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rodata
Size: 12KB - Virtual size: 11KB

.rotext
Size: 108KB - Virtual size: 107KB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 130KB - Virtual size: 617KB

.rsrc
Size: 5.1MB - Virtual size: 5.1MB

.reloc
Size: 416KB - Virtual size: 415KB