2024-06-28_56c705af1c5db8267c8169407f14d21b_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-28_56c705af1c5db8267c8169407f14d21b_mafia
Size

357KB
MD5

56c705af1c5db8267c8169407f14d21b
SHA1

210a1ca75f7af01bf0dd13e2d23723e31d3da61f
SHA256

ac187999f128fa376f17b3851683c295087ee8e6261f06380509e543d16ff3bb
SHA512

39cbd3d1e6e3d279faf4a000ee280d1c3b0817c5a102e36c11eedcd14fb5e787c4f33aab36011a8b88be88479e8e0d85933a0f31ce77584f375dc9d3e0065974
SSDEEP

6144:l1fBpJX+2uwTLrrmqQXgW/WiXsNUdk77gsKxtaq5mwodztio4ehScwncYEF5iYzp:l1fBpJO2uwPrr9QXgW/zXo7Qoq5mwoGa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-28_56c705af1c5db8267c8169407f14d21b_mafia

Files

2024-06-28_56c705af1c5db8267c8169407f14d21b_mafia
.exe windows:5 windows x86 arch:x86

d978162f3beeb6cbe01a7beb8cd1b304

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\codes\VS2010\SogouDownLoad-SogouExplorer\Src\DownLoadDlg\Release\DownLoadDlg.pdb

Imports

h�

GetModuleFileNameW
GetPrivateProfileIntW
GetModuleHandleW
WaitForSingleObject
Sleep
GetTickCount
GetDiskFreeSpaceExW
GetCommandLineW
GetCurrentProcess
FlushInstructionCache
SetLastError
GetCurrentThreadId
RaiseException
GetExitCodeThread
lstrcmpiA
MultiByteToWideChar
LoadLibraryW
GetProcAddress
FreeLibrary
CreateDirectoryW
WideCharToMultiByte
DeleteCriticalSection
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
o
$lo
LeaveCriticalSection
�*��F
�Q�
��t��ヽ��
dPoP.��
EnterCriticalSection
InterlockedExchange
lstrlenA
OutputDebugStringW
DebugBreak
Process32NextW
lstrcmpiW
�M#-vT�E��
�
t=
��D
(�snnRdu:�

0�
��
8�9�|
U
o
X9�ding
�
=zSuntoW�� D
Process32FirstW
CreateToolhelp32Snapshot
GetPrivateProfileStringW
GetFileSize
CreateFileW
DeleteFileW
GetTempPathW
LocalFree
CloseHandle
GetLastError
WTSGetActiveConsoleSessionId
lstrcpynW
InterlockedIncrement
lstrlenW
$lo
InterlockedDecrement
rD eXp<_ErrobcpQp(y=zSuntoW�� D
P�rrorD e ptyorD eXp<_ErrobcpQp(y=zSuntoW�� D
��j��E�P�rrorD e ptyorD eXp<_ErrobcpQp(y=zSuntoW�� D
eCon t�E�P��D
TRuVoGctivlConIntuYiveCon t�E�P��D
B
H)�
��9�E

R�
tU�D
one
�ding
8+,��9�|
eoDpH�E��8+,��9�|
�D�lN��ToDrneoDpH�E��8+,��9�|
p(y=zSuntoW��D�lN��ToDrneoDpH�E��8+,��9�|
UorD eXp<_ErrobcpQp(y=zSuntoW��D�lN��ToDrneoDpH�E��8+,��9�|
iveCon tivoCon#
pynW
ent
erlockedIncrement
Decrement
�
�
ܪE
.E

�uy��ye��
��pHapH��8+8�9�|
�standalone
H8+��9�ding
�E��8+,��9�|
�lN��ToDrneoDpH�E��8+,��9�|
(y=zSuntoW��D�lN��ToDrneoDpH�E��8+,��9�|
��
0�Mu�Ƌ��6
oDunto>
t��nn
��iW��it��nn
�iticalS�Ƌ��6
ToDuntount�iticalS�Ƌ��6
RTs u@0bWYL[j��nn(�"
tetoant��(S0W��u@0eW�L[jRTs u@0bWYL[j��nn(�"

i�8�;xeepa�;snnrduy��ye"

ty
SeP��
*�
RyaryExW
;zte:ing="
D
P
a
�
*�
GetProcAdU��t<A3��
A3��
D
�
�
e
/r<1Lok
rlO��I+�� /r<1Lok
Alsree hIGlG��lN��
ټls �AlsreeLi/r\�Alsree hIGlG��lN��
t�P��ynؼlsA�lsټls �AlsreeLi/r\�Alsree hIGlG��lN��
�ye"
uat�P�ؼlsؼls2�lsټls �ye"
a"IgoV�hH�}^uat�P�ؼlsؼls2�lsټls �ye"
��
nnRdFuy��ye"
��
uy��ye"
P��P�ؼlsnnRduy��ye"
�E��
�yoV�ye"
�lSeP
�y
y

�

�eteoitcu�

rn e"
ye"
PSؼtsnnRdFuy��ye"
��
Vdued��ye"
alProcX
rR��DennRdFuy�use
��R�ؼP a"�lsB}rR��DennRdFuy�use
DnYX[eXa�^DnYX[eXa�^DnYX[��R�ؼP a"�lsB}rR��DennRdFuy�use
re8�;Xbepa�^snYXbeXa�^DnYX[eXa�^DnYX[eXa�^DnYX[��R�ؼP a"�lsB}rR��DennRdFuy�use
��
��
nRduy��ye"
��ϰ0K�U��t��ヽ��
��t��ヽ��
��
��Pj�E�P��PK��1z
K��1z
FseE�cep��Id

��ttter`�

ord680
�؂�nn(�"
tsnnRdFuy��ye"
�
H��8u8ヽ��3��ω0K�U��t��ヽ��
t

h�e��8+,�h�|

N��
d��
� ;
�
��N��)E
�E��8+,�H��H�E��8+,�H�|
(E�

,�h�|

ord314
ord277
ord7
ord6
ord2

indrtsou@0ewl[jdrtsou@0ewl[jdrtsou@0ewl[alsecwt

�cD M']G��lN��ttteR`�
��ヽ��
aGRddResou:ce
?��)��O+^+jaGRddResou:ce
��D
R`�
n(�"
�ye"
0�P��PSؼtsnnRdFuy��ye"
T�E��
��Id
aFseE�cep��Id
e"
e"
�PSؼtsnnRdFuy��ye"
E��
K�U��t��ヽ��

[jdrtsou@0ewl[alsecwt

L[jdRTsou@0eWL[jdRTsou@0eWL[alSecWt

t

ye"
S%
rn ��t-te0tount
��I{F4(��|_,
PS��tsnnRdFuy��ye"
[alSecWt
tount

rn ��t-te0tount

h�ye"

d �uyh�ye"

0tount
t-te0tount

��D �uyh�ye"
��

Sections

.text
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d978162f3beeb6cbe01a7beb8cd1b304

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

h�

i�8�;xeepa�;snnrduy��ye"

�eteoitcu�

���ttter`�

h�e��8+,�h�|

,�h�|

indrtsou@0ewl[jdrtsou@0ewl[jdrtsou@0ewl[alsecwt

[jdrtsou@0ewl[alsecwt

t

rn �����t-te 0tount

d �uyh�ye"

Sections

.text Size: 293KB - Virtual size: 292KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 10KB - Virtual size: 19KB

.rsrc Size: 349KB - Virtual size: 349KB

.reloc Size: 23KB - Virtual size: 22KB

h�

i�8�;xeepa�;snnrduy��ye"

��ttter`�

h�e��8+,�h�|

,�h�|

indrtsou@0ewl[jdrtsou@0ewl[jdrtsou@0ewl[alsecwt

[jdrtsou@0ewl[alsecwt

rn ��t-te0tount

d �uyh�ye"

.text
Size: 293KB - Virtual size: 292KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 10KB - Virtual size: 19KB

.rsrc
Size: 349KB - Virtual size: 349KB

.reloc
Size: 23KB - Virtual size: 22KB