2024-06-30_b79fb98965cd69d14e9a77c82dc3ae90_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-30_b79fb98965cd69d14e9a77c82dc3ae90_mafia
Size

8.2MB
MD5

b79fb98965cd69d14e9a77c82dc3ae90
SHA1

917941c0c5c85292daf47582bfb7ce1b731ef662
SHA256

935770a0057c2f3cf287ff098410d53718f07200c0d42ac81647fb5382a652d0
SHA512

e97b86d060259866fd3e52fbc027c35c0b1e826fb2c265f6618d8433de2ddc464825045b1fc6b0fb8420183ac27a80b23511c0463044a85c66900647591a99c8
SSDEEP

98304:KDqMfNN//UC61VTiIsLFD96eqASrlaiOZe/YGG+zx26S/LawYIr:YZfrH61VTSCEMaiOswGG0HS/Lxr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-30_b79fb98965cd69d14e9a77c82dc3ae90_mafia

Files

2024-06-30_b79fb98965cd69d14e9a77c82dc3ae90_mafia
.exe windows:5 windows x86 arch:x86

f8eb19f6f4594d3358d941b388e57865

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\SRCV444\trunk\CC2SRC\ControlCore\Release\tmp_cc.pdb

Imports

gdiplus

GdipDeleteGraphics
GdipFillRectangleI
GdipFillPieI
GdipDrawImageI
GdipImageRotateFlip
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipCloneImage
GdipCreatePen1
GdipSetSmoothingMode
GdipDrawPath
GdipDeletePen
GdipCreateFromHDC
GdipSetPathGradientCenterPointI
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipAddPathPieI
GdipDeletePath
GdipCreatePath
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdiplusStartup
GdipAddPathArcI
GdipClosePathFigure
GdipResetPath

kernel32

PeekNamedPipe
GetFileInformationByHandle
GetExitCodeProcess
SetCurrentDirectoryW
GetCurrentDirectoryW
WriteConsoleW
FlushFileBuffers
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
FreeLibrary
HeapReAlloc
LoadLibraryW
SetConsoleCtrlHandler
FindFirstFileExA
GetDriveTypeA
InterlockedExchange
GetProcessHeap
SetEndOfFile
SetStdHandle
VirtualQuery
FatalAppExitA
GetDriveTypeW
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
SetHandleCount
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
HeapSize
IsProcessorFeaturePresent
GetLocaleInfoW
GetModuleFileNameW
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentThread
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
HeapAlloc
HeapFree
GetFullPathNameA
DeleteFileA
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
RaiseException
EncodePointer
DecodePointer
RtlUnwind
GetVersionExA
QueryDosDeviceA
WriteFile
ReadFile
SetLastError
GetVersion
DeviceIoControl
CreateFileA
GetTickCount
OutputDebugStringA
FatalExit
GetTimeZoneInformation
CreateProcessA
SleepEx
CompareStringW
SetEnvironmentVariableA
lstrlenA
GetOverlappedResult
WaitCommEvent
SetCommMask
EscapeCommFunction
SetCommTimeouts
GetCommTimeouts
PurgeComm
GetProcAddress
ExpandEnvironmentStringsA
LoadLibraryA
WideCharToMultiByte
EnumResourceNamesA
CreateFileMappingA
MapViewOfFile
GetWindowsDirectoryA
CompareFileTime
FindResourceA
LoadResource
SizeofResource
LockResource
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
FindNextFileA
CreateDirectoryA
GetModuleFileNameA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
GetFileAttributesA
QueryPerformanceFrequency
QueryPerformanceCounter
CreateSemaphoreA
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseMutex
CreateMutexA
InterlockedIncrement
CreateThread
TerminateThread
InterlockedDecrement
MultiByteToWideChar
GetCurrentThreadId
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
K32GetProcessMemoryInfo
GetTimeFormatA
LocalFree
LocalAlloc
GetLastError
FormatMessageA
GetModuleHandleA
WaitForMultipleObjects
GetLocalTime
SetCommState
GetCommState
CopyFileA
CloseHandle
CreateEventA
SetEvent
WaitForSingleObject
ResetEvent
CreateFileW
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
Sleep
GetSystemTime
GetCurrentProcessId
SystemTimeToFileTime

user32

IntersectRect
FillRect
SetWindowPos
GetWindowRect
SetWindowTextA
GetDlgCtrlID
CreateWindowExA
GetParent
GetClientRect
PtInRect
MessageBoxA
TrackPopupMenu
GetCursorPos
SetForegroundWindow
InsertMenuA
CreatePopupMenu
GetActiveWindow
EqualRect
SetActiveWindow
SetWindowLongA
GetWindowLongA
EndPaint
BeginPaint
TrackMouseEvent
LoadImageA
SetFocus
DrawTextA
SetRect
DefWindowProcA
RegisterClassExA
LoadCursorA
EnableWindow
ShowWindow
ReleaseDC
RemoveMenu
CheckMenuItem
GetMenuState
ModifyMenuA
EnableMenuItem
InflateRect
GetDesktopWindow
SetCursor
SetCapture
ReleaseCapture
InvalidateRect
OffsetRect
SetScrollPos
UnionRect
CheckRadioButton
GetWindowTextLengthA
GetCaretPos
GetKeyState
ChildWindowFromPoint
MapWindowPoints
UpdateWindow
LoadBitmapA
GetScrollInfo
SetScrollInfo
GetWindowTextA
CallWindowProcA
GetMessageA
TranslateMessage
DispatchMessageA
TranslateAcceleratorA
IsDialogMessageA
PostMessageA
IsWindow
IsIconic
OpenIcon
DestroyWindow
GetIconInfo
CreateDialogParamA
CreateDialogIndirectParamA
GetMenu
SetTimer
ChildWindowFromPointEx
ShowCursor
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
GetFocus
GetWindowInfo
LoadIconA
SendMessageA
GetSystemMetrics
EnumChildWindows
LoadAcceleratorsA
GetClassNameA
GetTopWindow
GetWindow
ScreenToClient
GetSysColor
GetDC

gdi32

SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
DPtoLP
GetObjectA
CreateDIBSection
CreateFontIndirectA
PolyBezier
Arc
Polyline
CreatePolygonRgn
MaskBlt
GetPixel
SetPixel
BeginPath
EndPath
StrokeAndFillPath
ArcTo
SetBkColor
CreateHatchBrush
CreateBitmap
CreateRectRgn
SelectClipRgn
RestoreDC
SaveDC
Ellipse
CreateDCA
StartDocA
GetDeviceCaps
StartPage
EndPage
EndDoc
DeleteDC
RoundRect
SetBkMode
GetTextExtentPoint32A
CreateCompatibleDC
CreateCompatibleBitmap
GetNearestColor
Polygon
GetTextMetricsA
SetTextAlign
TextOutA
CreateSolidBrush
SetTextColor
Rectangle
DeleteObject
CreatePen
GetStockObject
SelectObject
MoveToEx
LineTo
BitBlt

winspool.drv

ord201

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegEnumValueA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegQueryInfoKeyA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA

shell32

SHChangeNotify
ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA

ws2_32

WSACreateEvent
ioctlsocket
connect
send
WSAResetEvent
WSARecv
WSAGetOverlappedResult
shutdown
WSACloseEvent
recvfrom
sendto
socket
WSAGetLastError
bind
setsockopt
closesocket
inet_addr
gethostbyname
htons
WSACleanup
WSAStartup
ntohs
htonl
WSAWaitForMultipleEvents

winhttp

WinHttpReadData
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpCloseHandle

iphlpapi

GetAdaptersInfo

comctl32

ImageList_DragShowNolock
ord17
InitCommonControlsEx
ImageList_DragEnter
ImageList_Create
ImageList_ReplaceIcon
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_EndDrag
ImageList_SetOverlayImage
ImageList_BeginDrag
ImageList_Add

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceDetailA

crypt32

CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertOpenStore
CryptVerifyMessageSignature
CryptSignMessage

Exports

Exports

Java_JMain_GETLASTKEYERROR
Java_JMain_KEYBD
Java_JMain_KFUNC
Java_kl_JMain_GETLASTKEYERROR
Java_kl_JMain_KEYBD
Java_kl_JMain_KFUNC

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 444KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8eb19f6f4594d3358d941b388e57865

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ws2_32

winhttp

iphlpapi

comctl32

setupapi

crypt32

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 444KB - Virtual size: 444KB

.data Size: 156KB - Virtual size: 314KB

.idata Size: 14KB - Virtual size: 13KB

.rsrc Size: 4.7MB - Virtual size: 4.7MB

.reloc Size: 141KB - Virtual size: 141KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 444KB - Virtual size: 444KB

.data
Size: 156KB - Virtual size: 314KB

.idata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

.reloc
Size: 141KB - Virtual size: 141KB