2024-07-04_477fd046db7b924d3ed304a16ca5a950_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-04_477fd046db7b924d3ed304a16ca5a950_mafia
Size

4.4MB
MD5

477fd046db7b924d3ed304a16ca5a950
SHA1

88dab6e17ea98f12718c0478ec07254e765aa9c9
SHA256

bfe6aad625770d0a6c48870a37c941204c7f97f3a6d60c80541a4715f605735c
SHA512

d26d8421564c8446303ac606a4b39d1c3772b71549c000cb250ea0cc921341f96107b67c16749ce96ab83c2abe57b7ad134af022cf0d1fd55c9030cd62f0646e
SSDEEP

98304:vbgagpZ7zkpjKzmNWIcCOizjlVSBQvpKgGpj9UUr0rxXtbKZYMMc:dgHz6xFYQtGpj9UrxXtWGMM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-04_477fd046db7b924d3ed304a16ca5a950_mafia

Files

2024-07-04_477fd046db7b924d3ed304a16ca5a950_mafia
.exe windows:5 windows x86 arch:x86

c47d7414ff84a99a9d19506adaec8b0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work\Tun2Proxy\trunk\Release\SSTap.pdb

Imports

libintl3

ord26
ord51
ord49
ord35
ord27

kernel32

ExitThread
HeapReAlloc
GetTimeZoneInformation
RtlUnwind
ExitProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatW
GetDateFormatW
GetFileInformationByHandle
PeekNamedPipe
GetFileType
HeapQueryInformation
HeapSize
SetStdHandle
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
DecodePointer
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEnvironmentVariableA
GetUserDefaultLCID
DeleteFileW
SetLastError
DeactivateActCtx
GetLastError
LoadLibraryW
GetWindowsDirectoryW
GetModuleHandleW
GetProcAddress
ActivateActCtx
SizeofResource
LockResource
LoadResource
FindResourceW
TerminateThread
CloseHandle
CreateThread
GetThreadLocale
Sleep
GetTickCount
FreeLibrary
InterlockedIncrement
WriteFile
lstrlenW
OutputDebugStringW
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
GetLocaleInfoA
RaiseException
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetModuleFileNameW
CreateFileW
GetFileSize
GetFileTime
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
lstrcpyW
GlobalMemoryStatus
SearchPathW
GetProfileIntW
GetNumberFormatW
GetLocalTime
SetFilePointer
GetTempPathW
GetTempFileNameW
SetErrorMode
GetFileSizeEx
GetFileAttributesExW
GetCurrentDirectoryW
GetSystemDirectoryW
GlobalFlags
LocalReAlloc
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalGetAtomNameW
GetFullPathNameW
GetVolumeInformationW
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetPrivateProfileIntW
lstrcmpA
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
ReleaseActCtx
CreateActCtxW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
InitializeCriticalSectionAndSpinCount
lstrcmpW
GetCPInfo
GetVersion
SetUnhandledExceptionFilter
FindFirstFileW
FindNextFileW
CreateDirectoryW
FreeResource
MulDiv
CreateProcessW
WaitForSingleObject
WideCharToMultiByte
GlobalSize
WinExec
lstrcatW
FileTimeToSystemTime
GetUserDefaultLangID
OpenMutexW
CreateMutexW
lstrcmpiW
lstrcpynW
HeapAlloc
GetProcessHeap
HeapFree
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
VerifyVersionInfoW
VerSetConditionMask
TerminateProcess
GetVersionExW
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
CopyFileW
GetFileAttributesW
lstrlenA
GetModuleFileNameA
VirtualAlloc
VirtualProtect
CreateEventW
InterlockedDecrement
GetSystemDirectoryA
LoadLibraryA
GetThreadContext
SetThreadContext
ResetEvent
ResumeThread
GetCurrentThread
DuplicateHandle
GetThreadPriority
SetThreadPriority
TlsFree
TlsAlloc
TlsGetValue
TlsSetValue
InterlockedExchange
InterlockedExchangeAdd
CreateEventA
InterlockedCompareExchange
SetEvent
CancelIo
DeviceIoControl
ReadFile
CreateFileA
DeleteCriticalSection
PostQueuedCompletionStatus
SetConsoleCtrlHandler
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
CreateIoCompletionPort
GetQueuedCompletionStatus
QueryPerformanceCounter
LocalFree
FormatMessageW
MultiByteToWideChar

user32

SetClassLongW
DestroyAcceleratorTable
SetParent
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
TranslateAcceleratorW
PostThreadMessageW
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
IsClipboardFormatAvailable
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsRectEmpty
NotifyWinEvent
GetSystemMenu
UnregisterClassW
SetLayeredWindowAttributes
EnumDisplayMonitors
CopyImage
RealChildWindowFromPoint
SetRectEmpty
CharUpperW
ShowOwnedPopups
WaitMessage
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
IntersectRect
GetMessageW
CreateDialogIndirectParamW
EndDialog
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
MapVirtualKeyW
GetKeyNameTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
IsWindowEnabled
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
DrawFrameControl
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
GetWindowRgn
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
ValidateRect
UpdateWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
GetWindow
GetMenuStringW
GrayStringW
DrawTextExW
TabbedTextOutW
DeleteMenu
RemoveMenu
GetSysColorBrush
CreateMenu
GetMenuState
ModifyMenuW
InsertMenuW
GetMenuItemCount
AppendMenuW
GetDesktopWindow
SystemParametersInfoW
DrawTextW
GetMenuItemInfoW
DrawEdge
GetMenuItemID
RegisterWindowMessageW
DispatchMessageW
TranslateMessage
ScreenToClient
GetAsyncKeyState
BringWindowToTop
SetRect
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
SetCursorPos
LockWindowUpdate
InvertRect
HideCaret
CopyIcon
CharUpperBuffW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
GetUpdateRect
FrameRect
LoadMenuW
CreateIconIndirect
GetIconInfo
DrawStateW
DrawFocusRect
TrackPopupMenuEx
GetSubMenu
DestroyIcon
DestroyMenu
DestroyCursor
MessageBeep
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
SubtractRect
GetForegroundWindow
ReleaseDC
SetCapture
ReleaseCapture
GetActiveWindow
WindowFromPoint
ClientToScreen
GetParent
GetNextDlgTabItem
GetSysColor
InflateRect
GetFocus
SetCursor
DrawIconEx
CopyRect
SetWindowRgn
GetWindowLongW
IsZoomed
PtInRect
OffsetRect
CloseClipboard
SetClipboardData
EmptyClipboard
MonitorFromWindow
OpenClipboard
ShowWindow
FindWindowW
GetClassInfoW
SendMessageA
GetDC
wsprintfW
wvsprintfW
GetCursorPos
CreatePopupMenu
GetKeyState
IsWindow
MessageBoxW
DrawIcon
IsIconic
SetFocus
SetForegroundWindow
SetActiveWindow
LoadIconW
LoadImageW
GetClientRect
InvalidateRect
GetSystemMetrics
PostMessageW
KillTimer
SetTimer
GetWindowRect
LoadCursorW
RedrawWindow
LoadBitmapW
SendMessageW
FillRect
EnableWindow
GetClassNameW

gdi32

MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
LineTo
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
CreatePolygonRgn
CreateEllipticRgn
Polyline
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateRectRgnIndirect
CopyMetaFileW
CreateDCW
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
Rectangle
CreateHatchBrush
PatBlt
CreateDIBSection
Ellipse
GetBkMode
CreatePen
GetDeviceCaps
GetPixel
DeleteDC
SetTextColor
SetBkColor
CreateBitmap
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
StretchBlt
GetStockObject
DeleteObject
CreateRoundRectRgn
GetObjectW
SetPixel
CreateDIBitmap
GetTextExtentPoint32W
CreateFontIndirectW

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
SystemFunction036
RegEnumKeyExW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
RegQueryValueExW
GetUserNameW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetSpecialFolderLocation
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
SHGetFileInfoW
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteW
SHGetPathFromIDListW
SHGetDesktopFolder
DragQueryFileW
DragFinish

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathRemoveFileSpecW

ole32

RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleCreateMenuDescriptor
CoInitializeEx
DoDragDrop
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoUninitialize
CoInitialize
CoDisconnectObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
OleDestroyMenuDescriptor

oleaut32

SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
SysAllocStringLen
SysAllocString
VariantChangeType
VariantInit
VariantClear
VariantCopy
OleLoadPicture
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
SafeArrayDestroy

oledlg

OleUIBusyW

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipSetInterpolationMode
GdiplusShutdown
GdipSaveImageToStream
GdipDisposeImage
GdipFree
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusStartup
GdipDeleteGraphics
GdipCreateFromHDC

wsock32

getpeername
WSASetLastError
socket
inet_ntoa
sendto
setsockopt
send
select
recvfrom
bind
closesocket
listen
WSAStartup
getsockname
__WSAFDIsSet
accept
htons
connect
recv
ntohs
WSACleanup
gethostname
WSAGetLastError
gethostbyname
inet_addr
ioctlsocket
htonl
ntohl

dbghelp

MiniDumpWriteDump

iphlpapi

DeleteIpForwardEntry
CreateIpForwardEntry
GetIpAddrTable
GetIpForwardTable
GetAdaptersInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

WSARecv
WSASend
WSASocketA
getaddrinfo
freeaddrinfo
WSAIoctl

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

libcurl

curl_free
curl_global_init
curl_version_info
curl_easy_init
curl_easy_cleanup
curl_easy_perform
curl_easy_getinfo
curl_easy_escape
curl_slist_append
curl_global_cleanup
curl_slist_free_all
curl_easy_setopt

Sections

.text
Size: 2.1MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ctors
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dtors
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c47d7414ff84a99a9d19506adaec8b0e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libintl3

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

wsock32

dbghelp

iphlpapi

version

ws2_32

oleacc

imm32

winmm

libcurl

Sections

.text Size: 2.1MB - Virtual size: 2.0MB

.rdata Size: 472KB - Virtual size: 471KB

.data Size: 57KB - Virtual size: 162KB

.ctors Size: 512B - Virtual size: 4B

.dtors Size: 512B - Virtual size: 4B

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 283KB - Virtual size: 283KB

.text
Size: 2.1MB - Virtual size: 2.0MB

.rdata
Size: 472KB - Virtual size: 471KB

.data
Size: 57KB - Virtual size: 162KB

.ctors
Size: 512B - Virtual size: 4B

.dtors
Size: 512B - Virtual size: 4B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 283KB - Virtual size: 283KB