2024-07-03_8bb30922d530fa05ea021bfd8b1d3f08_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-03_8bb30922d530fa05ea021bfd8b1d3f08_mafia
Size

243KB
MD5

8bb30922d530fa05ea021bfd8b1d3f08
SHA1

6f1ee417a566ebf71581950321807c34f8008295
SHA256

703ab7ea49c3ba51dece4582fa942e54fa077fe09240ac75c8f51c7c685beef6
SHA512

8899cbe35f5991c105942306ccb2aab295822dd0be830e80e065f63529d9822463a912e70b0128c5b5fc45712587bfc57037def517fd0ab3527990e13ef1e6f5
SSDEEP

3072:rIOJ+/dEU6nXK3yqb6aUwvSPfbvBacuWkhacjTp3mR9gVb:H+/uUiXK3yqb6aUwvSH2HTfp2+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-03_8bb30922d530fa05ea021bfd8b1d3f08_mafia

Files

2024-07-03_8bb30922d530fa05ea021bfd8b1d3f08_mafia
.exe windows:5 windows x86 arch:x86

98f4f36ca9df530389093d778b970821

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
SetCurrentDirectoryA
GetLastError
GetModuleFileNameA
CreateMutexA
CloseHandle
SetEndOfFile
CreateFileA
InitializeCriticalSection
CreateFileW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
WriteConsoleW
SetStdHandle
LoadLibraryW
InterlockedExchange
GetCommandLineA
HeapReAlloc
GetStringTypeW
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
GetLocaleInfoW
GetModuleFileNameW
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
ReadFile
GetCurrentProcess
SetPriorityClass
ExitProcess
Sleep
HeapCreate
IsProcessorFeaturePresent
HeapAlloc
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
GetProcAddress
GetCurrentThreadId
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
LeaveCriticalSection
GetProcessHeap
EnterCriticalSection
HeapFree

user32

RegisterHotKey
LoadCursorA
DestroyWindow
GetMessageA
SetTimer
RegisterClassExA
PostQuitMessage
TrackPopupMenu
KillTimer
SetForegroundWindow
LoadStringA
LoadIconA
RegisterWindowMessageA
GetDC
TranslateMessage
GetForegroundWindow
SetWindowLongA
MessageBoxA
GetWindowLongA
CreateWindowExA
ReleaseDC
DefWindowProcA
GetDesktopWindow
SetWindowPos
GetCursorPos
ShowWindow
CreatePopupMenu
PostMessageA
DispatchMessageA
SystemParametersInfoA
GetSystemMetrics
AllowSetForegroundWindow
InsertMenuA
UnregisterHotKey

gdi32

CreateSolidBrush
GetDeviceCaps

shell32

Shell_NotifyIconA

strokesplus

loadHookConfig
setLastActive
sethWndServer
clearMyHook
openSettings
setLearningMode
getHookBtn
setPreviousTrainingModeState
getDrawGesture
reloadLuaState
getTrayIconVisible
openHotkeys
setWindowState
openHelp
openConfig
openIgnored
getCheckForOtherGesturePrograms
getReInitOnResume
clearCaptureVars
FireHotkey
setTrayIconVisible
LoadHotkeys
openPrefs
openGestureName
getHideAdditionalInstanceMessage
getCheckForegroundTimeout
setDrawGesture
openPassword
setDPIModifier
getLearningMode
openAbout
setGesturesDisabled
saveConfig
setOSVersion
setWindowTransparency
setMyHook
setHookBtn
getGesturesDisabled

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

gdiplus

GdiplusStartup
GdiplusShutdown

Exports

Exports

ptConfig
ptLang

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98f4f36ca9df530389093d778b970821

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

strokesplus

psapi

gdiplus

Exports

Exports

Sections

.text Size: 153KB - Virtual size: 153KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 30KB - Virtual size: 29KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 153KB - Virtual size: 153KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 30KB - Virtual size: 29KB

.reloc
Size: 13KB - Virtual size: 13KB