2024-07-06_0247b9407f55fce3d654932cca207def_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-06_0247b9407f55fce3d654932cca207def_mafia
Size

804KB
MD5

0247b9407f55fce3d654932cca207def
SHA1

841622de027e6cc9754fc0f3fa5e3f28d5b4c8ff
SHA256

23e77e869b541859f46bd6f0160e37bb497995edebf38d0b25aaee2827b25cda
SHA512

cd6b4444bbaa50dfca4b54eb4494c75614a16adb9f908c765d1ad8381a347c6c384d6f4cda45b60488d8b5df55f5636b68da4b162f4708d90e48cdfae745ccf3
SSDEEP

24576:HPotp+V/S3/Mxb7DFdvdQsWeTeOaZH4oHHqbw31OeNYmsR:DG/27xdv2sW0eOaZH4oHHqEymsR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-06_0247b9407f55fce3d654932cca207def_mafia

Files

2024-07-06_0247b9407f55fce3d654932cca207def_mafia
.exe windows:5 windows x86 arch:x86

f321b0806478b7e22f2adb574bca71bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

LZClose
LZOpenFileA
LZCopy

user32

KillTimer
GetClassInfoA
RegisterClassA
RegisterWindowMessageA
FindWindowA
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMDISysAccel
TranslateMessage
DispatchMessageA
SetParent
GetDialogBaseUnits
CharUpperA
WaitMessage
SetTimer
GetWindowPlacement
PostQuitMessage
GetSysColor
CopyRect
IntersectRect
GetKeyState
ScrollWindowEx
FlashWindow
SetPropA
CreateWindowExA
GetWindowDC
RemovePropA
GetDesktopWindow
SetRect
UpdateWindow
SetForegroundWindow
CharLowerA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
CallWindowProcA
BeginPaint
EndPaint
GetPropA
SetWindowTextA
SetWindowLongA
SetWindowPos
LoadImageA
ShowWindow
SetLayeredWindowAttributes
EnableWindow
InvalidateRect
GetWindowRect
SetRectEmpty
DrawEdge
InflateRect
DrawTextA
GetFocus
IsWindowVisible
SetFocus
GetWindowLongA
IsWindowEnabled
GetWindow
GetParent
LoadCursorA
SetCursor
DestroyIcon
GetDC
ReleaseDC
ScreenToClient
IsRectEmpty
GetClientRect
ClipCursor
ClientToScreen
IsWindow
GetClassNameA
SendMessageA
GetWindowTextLengthA
GetWindowTextA
MessageBoxA
CharNextA
wsprintfA

gdi32

GetDeviceCaps
MoveToEx
LineTo
Rectangle
CreatePatternBrush
CreateSolidBrush
CreateFontIndirectA
GetTextMetricsA
CreateRectRgnIndirect
SetBkColor
GetStockObject
GetTextExtentPoint32A
SetBkMode
SetTextColor
SetBrushOrgEx
PatBlt
StretchDIBits
CreateCompatibleDC
GetObjectA
SelectObject
StretchBlt
BitBlt
DeleteObject
CreatePen
DeleteDC
CreateICA

comctl32

FlatSB_SetScrollPos
FlatSB_SetScrollRange
ImageList_Duplicate
ImageList_GetIcon
FlatSB_GetScrollPos
ImageList_Add
InitCommonControlsEx
FlatSB_SetScrollProp
InitializeFlatSB
FlatSB_GetScrollRange
ImageList_ReplaceIcon
ImageList_Create
_TrackMouseEvent
ImageList_Destroy

comdlg32

PrintDlgA
CommDlgExtendedError
PageSetupDlgA

advapi32

SetSecurityDescriptorDacl
GetUserNameA
InitializeSecurityDescriptor

shell32

ExtractIconA
ShellExecuteExA
DragAcceptFiles
DragQueryFileA
DragFinish
FindExecutableA
CommandLineToArgvW

mpr

WNetCloseEnum
WNetEnumResourceA
WNetOpenEnumA

odbc32

ord59
ord1
ord39
ord41
ord7
ord45
ord50
ord22
ord4
ord40
ord8
ord72
ord11
ord3
ord17
ord36
ord10
ord29
ord9
ord12
ord19
ord30
ord47
ord16
ord76
ord54
ord13
ord43
ord2
ord57
ord15
ord18
ord14

zkernel

?zDBGetPKkey@@YGFPAXPBDPAPAU_pkey_@@G@Z
?zGridBrowse@@YG_NPAUHWND__@@PAXPBD2222222222H@Z
?zGridPrepare@@YGPAXPAUHWND__@@PBD@Z
?zGridExec@@YGPAXPAUHWND__@@PBD@Z
?zGridAggregate@@YGNPAUHWND__@@HPBD11_N@Z
?zGridPutLong@@YGXPAUHWND__@@JHJ@Z
?zDBError@@YGXPAX00PBD@Z
?zKernelInit@@YGXXZ
?zGridGetSuffix@@YGPBDPAUHWND__@@H@Z
?zGridGetPrefix@@YGPBDPAUHWND__@@H@Z
?zGridPutText@@YGXPAUHWND__@@JHPBD@Z
?zGridGetText@@YGPBDPAUHWND__@@JH_N@Z
?zGridGetCellRect@@YGXPAUHWND__@@JHPAUtagRECT@@@Z
?zDBExecScript@@YGHPAX0PBDFPAD@Z

wsock32

ioctlsocket

ole32

CreateStreamOnHGlobal
CoCreateGuid
StringFromGUID2

oleaut32

OleLoadPicture

shlwapi

StrStrIA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

msimg32

GradientFill

gdiplus

GdipDrawImageRectI
GdipDrawImageI
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCloneImage
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStreamICM
GdipGetImageWidth

uxtheme

OpenThemeData
CloseThemeData
SetWindowTheme
DrawThemeBackground

crpe32

ord29
ord41
ord63
ord98
ord17
ord72
ord62
ord75
ord135
ord30
ord32
ord53
ord59
ord60
ord58
ord47
ord40
ord7
ord9
ord129
ord130
ord1000
ord1001
ord1002
ord1004
ord19
ord11
ord35
ord36
ord37
ord48
ord10
ord20
ord6

_dll

?OpenReport@@YA_NVxstring@@000AAVxcrpejob@@000FF@Z

_dll0

?RunInventario@@YAXAAVzDB@@Vxstring@@H11Vxdate@@2@Z
?SeekReport@@YA?AVxstring@@AAVzDB@@AAVcZero@@V1@2AAV1@AAH4@Z
?VirtuaWinCurrentDesktopNumber@@YAHXZ
?Guid@@YA?AVxstring@@XZ
?Run@@YA_NVxstring@@0H@Z
?CloseMod@@YA_NVxstring@@@Z
?ZeroContext@@YAHAAVzDB@@AAVcZero@@AAV?$xsharedmemory@VshMem@@@@@Z

kernel32

FindResourceA
Sleep
SizeofResource
CloseHandle
GetFileSize
WritePrivateProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
CopyFileA
CreateFileA
DeleteFileA
MoveFileExA
SetFileAttributesA
CreateDirectoryA
RemoveDirectoryA
FileTimeToSystemTime
SystemTimeToFileTime
LockFile
UnlockFile
GetExitCodeThread
TerminateThread
GetDiskFreeSpaceExA
GlobalHandle
GlobalReAlloc
lstrlenW
TlsFree
GetEnvironmentVariableA
GetProfileStringA
GetProfileIntA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
WideCharToMultiByte
GetComputerNameA
GetCurrentDirectoryA
GetPrivateProfileStringA
FindClose
FindFirstFileA
GetDateFormatA
LocalFree
FormatMessageA
GetModuleHandleA
FlushFileBuffers
ReadFile
WriteFile
LoadResource
LockResource
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
GetTempFileNameA
GetLastError
GetLocalTime
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsSetValue
GetModuleHandleW
OpenEventA
CreateEventA
SetCurrentDirectoryA
GetShortPathNameA
FindNextFileA
SetFilePointer
SuspendThread
ResumeThread
SetThreadPriority
CreateThread
GetUserDefaultLangID
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
TlsAlloc
GlobalSize
SetEvent
UnmapViewOfFile
LocalUnlock
LocalLock
LocalAlloc
RtlUnwind
RaiseException
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableA
CompareStringW
CreateFileW
GetProcessHeap
SetEndOfFile
SetUnhandledExceptionFilter
LoadLibraryW
SetStdHandle
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
HeapAlloc
HeapCreate
GetModuleFileNameW
GetStringTypeW
IsValidLocale
EncodePointer
DecodePointer
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
HeapSetInformation
ExitProcess
GetTimeZoneInformation
LCMapStringW
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
HeapFree
GetCurrentThreadId
SetLastError
GetStartupInfoW
UnhandledExceptionFilter
WriteConsoleW

Sections

.text
Size: 448KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f321b0806478b7e22f2adb574bca71bc

Headers

DLL Characteristics

File Characteristics

Imports

lz32

user32

gdi32

comctl32

comdlg32

advapi32

shell32

mpr

odbc32

zkernel

wsock32

ole32

oleaut32

shlwapi

winspool.drv

msimg32

gdiplus

uxtheme

crpe32

_dll

_dll0

kernel32

Sections

.text Size: 448KB - Virtual size: 448KB

.rdata Size: 150KB - Virtual size: 150KB

.data Size: 24KB - Virtual size: 40KB

.rsrc Size: 120KB - Virtual size: 120KB

.reloc Size: 60KB - Virtual size: 59KB

.text
Size: 448KB - Virtual size: 448KB

.rdata
Size: 150KB - Virtual size: 150KB

.data
Size: 24KB - Virtual size: 40KB

.rsrc
Size: 120KB - Virtual size: 120KB

.reloc
Size: 60KB - Virtual size: 59KB