2024-07-07_2cd4992322d79b043bb9ecc81a76ab5f_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-07_2cd4992322d79b043bb9ecc81a76ab5f_mafia
Size

4.2MB
MD5

2cd4992322d79b043bb9ecc81a76ab5f
SHA1

230f37d6f66ae3cedbfb5106a3e7906b5665567c
SHA256

9ccac4133d2967b9e3781d78e30026f8f034ad90d7e8ffff6f17eb148b5ab9e3
SHA512

0cadcfdd46519daf8c99d4b9a5173b4d8ce1ecec5c61b241cd14ab8d66d8ebdfe3c51ea049daabf364c02a0d6ee06e239ba0a823df71ddaed0b5ad718840ea7e
SSDEEP

49152:94h4hErHmfBV5LOjCqhHMtDwjiMz8KK5TAg2muyiyk8cRhFO8vt:KSarmhLOjfVvjbUR2Wiyk5hF3vt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-07_2cd4992322d79b043bb9ecc81a76ab5f_mafia

Files

2024-07-07_2cd4992322d79b043bb9ecc81a76ab5f_mafia
.exe windows:5 windows x86 arch:x86

85727a54b289a2325d8b3e972c526f14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\git_kcml\07.16.release.msc.x86.c\.debug\kclient.pdb

Imports

comctl32

ImageList_DrawEx
ImageList_GetImageCount
ImageList_Merge
ImageList_Add
CreatePropertySheetPageW
DestroyPropertySheetPage
ImageList_Draw
ImageList_GetIconSize
ImageList_DragShowNolock
ord16
ImageList_LoadImageW
ImageList_DragLeave
ImageList_EndDrag
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragMove
ord17
ImageList_DrawIndirect
ImageList_Remove
ImageList_GetIcon
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW
PropertySheetW

oleaut32

SysFreeString
VariantClear
SysAllocString
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantCopyInd
SysAllocStringLen
SysStringByteLen
VariantCopy
VariantChangeType
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VarUI4FromStr
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPutElement
SafeArrayCreate
VariantInit
SysAllocStringByteLen

imm32

ImmGetContext
ImmReleaseContext
ImmGetConversionStatus
ImmGetOpenStatus
ImmSimulateHotKey
ImmSetConversionStatus
ImmNotifyIME

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeEndPeriod
timeKillEvent
timeSetEvent
timeBeginPeriod
timeGetDevCaps
PlaySoundW

kernel32

InterlockedDecrement
GetTempFileNameW
GetCurrentDirectoryW
FindAtomW
GetFileSizeEx
DeleteCriticalSection
InterlockedIncrement
lstrlenA
GetUserDefaultLCID
IsDBCSLeadByteEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetComputerNameW
RegisterWaitForSingleObject
OpenEventW
GetSystemTimeAsFileTime
HeapCreate
ExitProcess
HeapDestroy
GetCPInfoExW
IsDebuggerPresent
GetFileInformationByHandle
OutputDebugStringW
GetExitCodeProcess
VirtualQuery
GlobalHandle
GetVersion
GetSystemInfo
SetThreadAffinityMask
GetCommState
GetTimeZoneInformation
GetLocaleInfoA
CreateNamedPipeW
WaitNamedPipeW
GetComputerNameA
GetTempFileNameA
DeviceIoControl
GetCurrentThread
SetCommState
GetSystemTime
DebugBreak
SetCommTimeouts
SystemTimeToFileTime
SetFileTime
GetTempPathW
SetThreadPriority
WaitForMultipleObjects
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
GetFileTime
InitializeCriticalSection
CompareFileTime
SetThreadLocale
MapViewOfFileEx
LocalReAlloc
GetPrivateProfileStringW
GetPrivateProfileIntW
SetEnvironmentVariableW
SetCurrentDirectoryW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
GetDiskFreeSpaceW
SetLastError
SetEnvironmentVariableA
GetDriveTypeW
GetEnvironmentVariableW
CreateDirectoryW
InterlockedPopEntrySList
VirtualFree
InterlockedPushEntrySList
InterlockedCompareExchange
WriteConsoleW
CompareStringW
IsValidLocale
EnumSystemLocalesA
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetTimeFormatW
GetLocalTime
GetTickCount
GetFileSize
ReadProcessMemory
GlobalAddAtomW
GlobalDeleteAtom
GetLocaleInfoW
SetErrorMode
WriteFile
SetFilePointer
RtlUnwind
GetStringTypeW
DecodePointer
EncodePointer
GetTimeFormatA
GetDateFormatA
VirtualAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetFileType
CreateFileA
WideCharToMultiByte
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsValidCodePage
LCMapStringW
MultiByteToWideChar
GetConsoleCP
GetConsoleMode
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
SetHandleCount
FlushFileBuffers
GetModuleFileNameA
QueryPerformanceCounter
InterlockedExchange
ReadFile
FindResourceExW
SizeofResource
UnmapViewOfFile
GetCurrentProcessId
CreateFileMappingW
MapViewOfFile
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
GlobalReAlloc
LocalAlloc
LocalLock
LocalUnlock
GetProfileStringW
CreateFileW
GetFileAttributesW
_lwrite
OpenFile
_llseek
_lclose
ReleaseMutex
CreateMutexW
TlsAlloc
TlsSetValue
TlsFree
TlsGetValue
GetFullPathNameW
GetVersionExW
CreateProcessW
GetLastError
LocalFree
LoadLibraryExW
FindResourceW
LoadResource
LockResource
GlobalAlloc
GetModuleHandleW
GetOEMCP
GetACP
GetThreadLocale
GetCurrentThreadId
GetCommandLineW
DeleteFileW
CreateSemaphoreW
CloseHandle
CreateThread
ReleaseSemaphore
CreateEventW
ResetEvent
GetSystemDirectoryA
LoadLibraryA
WaitForSingleObject
SetEvent
Sleep
lstrcatW
GlobalFree
GlobalLock
MulDiv
GlobalUnlock
lstrcmpiW
WinExec
lstrcmpW
lstrcpynW
LoadLibraryW
GetProcAddress
lstrlenW
lstrcpyW
GetModuleFileNameW
FreeLibrary
FormatMessageW
SetStdHandle
SetEndOfFile

user32

GetMenuItemID
IsDlgButtonChecked
CheckDlgButton
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DefFrameProcW
DeleteMenu
EnumWindows
keybd_event
mouse_event
GetMenuItemRect
FindWindowExW
CharNextW
UpdateLayeredWindow
IsCharAlphaW
MonitorFromRect
LoadKeyboardLayoutW
DialogBoxParamW
DrawTextExW
WindowFromDC
DestroyCursor
InsertMenuItemW
IsCharAlphaNumericW
LoadStringW
LoadAcceleratorsW
wvsprintfW
IsMenu
MonitorFromWindow
MapWindowPoints
RegisterWindowMessageW
CopyIcon
SetRectEmpty
TrackPopupMenuEx
SetWindowRgn
GetAsyncKeyState
GetKeyboardState
GetCursor
wsprintfA
DrawEdge
TabbedTextOutW
GetMenuState
SetDlgItemInt
GetDlgItemInt
GetDlgItemTextW
LoadBitmapW
SetScrollInfo
GetClassInfoExW
UnionRect
MonitorFromPoint
GetMonitorInfoW
GetClassInfoW
GetCapture
CreateIconFromResourceEx
GetIconInfo
CreateIconIndirect
TrackMouseEvent
InvalidateRect
WindowFromPoint
GetDoubleClickTime
SetPropW
RemovePropW
GetPropW
GetWindowThreadProcessId
SubtractRect
CreatePopupMenu
ChildWindowFromPoint
SetMenuDefaultItem
GetKeyNameTextW
LoadImageW
GetCursorPos
OffsetRect
IsRectEmpty
MapDialogRect
GetSysColorBrush
DrawStateW
GetMessagePos
PtInRect
GetMenuItemCount
TrackPopupMenu
SetParent
SetMenuItemInfoW
DrawMenuBar
UnregisterClassW
SetMenu
CreateMDIWindowW
ChildWindowFromPointEx
GetMessageTime
SetActiveWindow
GetMenuBarInfo
ScreenToClient
RedrawWindow
DrawIconEx
GetActiveWindow
GetWindowDC
ClientToScreen
SendInput
RemoveMenu
GetWindow
GetDlgCtrlID
DefMDIChildProcW
GetForegroundWindow
MsgWaitForMultipleObjects
BringWindowToTop
SetForegroundWindow
GetScrollInfo
CallWindowProcW
DdeEnableCallback
DdeGetData
GetDesktopWindow
DefDlgProcW
RegisterClipboardFormatW
LoadMenuW
DdeConnect
DdeInitializeW
DdeCreateDataHandle
DdeQueryStringW
DdeNameService
DdeGetLastError
DdeUninitialize
DdeDisconnect
DdeAccessData
DdeUnaccessData
DdeCreateStringHandleW
DdeFreeStringHandle
PeekMessageW
IsWindow
SetCursor
ShowCursor
DestroyCaret
EnumChildWindows
ScrollWindowEx
CreateCaret
SetClassLongW
IntersectRect
InvertRect
EqualRect
GetClipboardData
GetClassLongW
MoveWindow
CheckRadioButton
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
EnableWindow
SetClipboardViewer
GetClassNameW
FindWindowW
RegisterClassExW
DestroyIcon
AdjustWindowRectEx
CreateMenu
CreateWindowExW
GetMenuItemInfoW
VkKeyScanW
LoadCursorW
RegisterClassW
FillRect
InflateRect
FrameRect
DrawFrameControl
DrawTextW
DrawFocusRect
SetCapture
ReleaseCapture
GetSubMenu
ShowCaret
IsWindowVisible
ShowWindow
GetSystemMenu
SetCaretPos
GetMessageW
IsWindowEnabled
TranslateMessage
IsDialogMessageW
DispatchMessageW
SystemParametersInfoW
HideCaret
NotifyWinEvent
GetKeyState
MapVirtualKeyW
SetScrollRange
SetScrollPos
ShowScrollBar
SetWindowPlacement
GetKeyboardLayout
DrawIcon
ChangeClipboardChain
DestroyMenu
PostQuitMessage
WinHelpW
DestroyWindow
GetMenu
IsClipboardFormatAvailable
EnableMenuItem
CheckMenuItem
PostThreadMessageW
SendNotifyMessageW
GetFocus
EndDialog
GetDlgItem
GetWindowTextLengthW
SetFocus
GetWindowTextW
LoadIconW
MessageBeep
PostMessageW
KillTimer
SetTimer
GetWindowRect
GetParent
GetWindowPlacement
UpdateWindow
BeginPaint
GetClientRect
EndPaint
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetWindowLongW
DefWindowProcW
SetWindowPos
GetWindowLongW
SetRect
AdjustWindowRect
GetSystemMetrics
IsIconic
IsZoomed
CopyRect
wsprintfW
GetSysColor
GetDC
ReleaseDC
DialogBoxIndirectParamW
CreateDialogIndirectParamW
InsertMenuW
AppendMenuW
SendMessageW
SendDlgItemMessageW
SetDlgItemTextW
MessageBoxW
SetWindowTextW
DdeClientTransaction
UnregisterClassA

advapi32

RegQueryValueExW
CryptDestroyKey
RegSetValueExA
RegOpenCurrentUser
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
AddAccessAllowedAce
AddAccessDeniedAce
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
LookupAccountNameW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegOpenKeyW
InitializeAcl
RegGetKeySecurity
GetSecurityDescriptorDacl
GetAce
SetSecurityInfo
OpenProcessToken
GetTokenInformation
GetLengthSid
RegQueryInfoKeyW
GetUserNameW
CryptSignHashW
CryptHashData
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
CryptAcquireContextW
CryptReleaseContext
CryptImportKey
CryptCreateHash
CryptDestroyHash

gdi32

GetCurrentObject
CreatePen
Polyline
PatBlt
BitBlt
ExcludeClipRect
Polygon
CreateDIBSection
GdiFlush
CreatePalette
GetNearestPaletteIndex
StretchBlt
SetBrushOrgEx
GetBrushOrgEx
SetMetaFileBitsEx
DeleteMetaFile
GetSystemPaletteEntries
SelectClipRgn
CreateRectRgn
SetViewportOrgEx
GetPixel
SetDIBits
RestoreDC
PlayMetaFile
CreateSolidBrush
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
SaveDC
CombineRgn
GetClipRgn
GetViewportOrgEx
CreateDCW
GetCharWidthW
GetBkColor
GetCharWidth32W
EnumFontFamiliesW
CreateICW
TranslateCharsetInfo
Ellipse
GetObjectA
OffsetRgn
CreateRectRgnIndirect
FillRgn
ExtSelectClipRgn
GetNearestColor
ExtCreatePen
LineTo
RoundRect
SetDIBitsToDevice
Rectangle
SetBkColor
SetTextColor
CreateFontIndirectW
UnrealizeObject
DeleteObject
SetBkMode
SelectPalette
RealizePalette
SetStretchBltMode
StretchDIBits
SelectObject
GetTextFaceW
GetTextMetricsW
GetStockObject
GetObjectW
GetTextExtentPoint32W
GetCurrentPositionEx
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
SetAbortProc
GetTextExtentPointW
AbortDoc
GetDIBits
StartDocW
StartPage
SetTextAlign
MoveToEx
TextOutW
EndPage
EndDoc
GetDeviceCaps
AddFontResourceW
RemoveFontResourceW
GetTextColor
ExtTextOutW

ws2_32

WSACreateEvent
WSAStartup
ntohl
gethostname
getsockopt
WSAWaitForMultipleEvents
bind
ioctlsocket
WSACloseEvent
WSASetEvent
WSAEnumNetworkEvents
WSAResetEvent
WSAEventSelect
getpeername
getsockname
setsockopt
socket
connect
closesocket
shutdown
accept
ntohs
getservbyport
gethostbyaddr
htonl
inet_ntoa
gethostbyname
inet_addr
getservbyname
WSACleanup
htons
recv
WSAGetLastError
select
send
listen
WSASetLastError

shell32

Shell_NotifyIconW
ShellExecuteA
SHGetSpecialFolderLocation
CommandLineToArgvW
SHGetFileInfoW
ExtractIconW
ExtractIconExW
DuplicateIcon
SHChangeNotify
SHFileOperationW
DragAcceptFiles
SHGetSpecialFolderPathW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
DragQueryFileW
DragQueryPoint
DragFinish
ShellExecuteW

winspool.drv

EndDocPrinter
StartDocPrinterW
StartPagePrinter
WritePrinter
GetPrinterW
DocumentPropertiesW
OpenPrinterW
EndPagePrinter
ClosePrinter

comdlg32

PrintDlgW
GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW
ChooseColorW
PageSetupDlgW
ChooseFontW

ole32

CoInitializeEx
OleInitialize
OleUninitialize
CoUninitialize
CLSIDFromString
CreateStreamOnHGlobal
StgCreateDocfile
CoGetClassObject
RevokeDragDrop
CoCreateInstance
CoCreateGuid
CoTaskMemAlloc
ReleaseStgMedium
StgCreateStorageEx
RegisterDragDrop
CoSetProxyBlanket
CoInitializeSecurity
StringFromIID
CreateBindCtx
MkParseDisplayName
CLSIDFromProgID
DoDragDrop
CoTaskMemRealloc
StringFromCLSID
CoTaskMemFree

gdiplus

GdipSetStringFormatAlign
GdipDrawImageI
GdipCloneImage
GdipSetLineBlend
GdipSetStringFormatFlags
GdipCreateTexture
GdipCreateLineBrushFromRectWithAngleI
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipGetSmoothingMode
GdipDrawArcI
GdipFillPath
GdiplusShutdown
GdiplusStartup
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipCreateBitmapFromHICON
GdipGetImageBounds
GdipDisposeImage
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipMeasureString
GdipDrawString
GdipSetStringFormatHotkeyPrefix
GdipDeleteFont
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawLinesI
GdipCloneRegion
GdipCombineRegionRectI
GdipDrawPath
GdipDrawLineI
GdipTranslateWorldTransform
GdipSetSmoothingMode
GdipCreatePen1
GdipCloneBrush
GdipRestoreGraphics
GdipSaveGraphics
GdipSetClipRegion
GdipSetClipRectI
GdipGetPenWidth
GdipCreateSolidFill
GdipDeletePen
GdipCreatePen2
GdipDeleteBrush
GdipAlloc
GdipCreateRegion
GdipGetClip
GdipFillRectangleI
GdipGetWorldTransform
GdipReleaseDC
GdipGetDC
GdipCreateFromHWND
GdipCreateFromHDC
GdipGetMatrixElements
GdipCreateMatrix
GdipFree
GdipIsEmptyRegion
GdipGetRegionHRgn
GdipDeleteRegion
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipDeleteMatrix
GdipLoadImageFromFile

secur32

GetUserNameExW
QueryContextAttributesW

iphlpapi

NotifyAddrChange

oleacc

AccessibleObjectFromWindow
LresultFromObject

crypt32

CertFreeCertificateContext
CertOpenStore
CertAddCertificateContextToStore
CryptDecodeObjectEx
CertCloseStore
CertEnumCertificatesInStore
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertFindCertificateInStore
CertSaveStore
CertCreateCertificateContext

cryptui

CryptUIDlgViewCertificateW

msimg32

GradientFill

Exports

Exports

_KClient@16
_KClientLoadError@16
_KClientSnoop@8
_RegisterAboutControl@8
_RegisterOurDlgControl@8
_SetInternal@0

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

K_BSS
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 897KB - Virtual size: 897KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

K_DATA
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_text
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 817KB - Virtual size: 817KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85727a54b289a2325d8b3e972c526f14

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

oleaut32

imm32

version

winmm

kernel32

user32

advapi32

gdi32

ws2_32

shell32

winspool.drv

comdlg32

ole32

gdiplus

secur32

iphlpapi

oleacc

crypt32

cryptui

msimg32

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

K_BSS Size: - Virtual size: 42KB

.rdata Size: 897KB - Virtual size: 897KB

.data Size: 37KB - Virtual size: 45KB

K_DATA Size: 25KB - Virtual size: 25KB

_text Size: 512B - Virtual size: 1B

.rsrc Size: 817KB - Virtual size: 817KB

.reloc Size: 207KB - Virtual size: 207KB

.text
Size: 2.3MB - Virtual size: 2.3MB

K_BSS
Size: - Virtual size: 42KB

.rdata
Size: 897KB - Virtual size: 897KB

.data
Size: 37KB - Virtual size: 45KB

K_DATA
Size: 25KB - Virtual size: 25KB

_text
Size: 512B - Virtual size: 1B

.rsrc
Size: 817KB - Virtual size: 817KB

.reloc
Size: 207KB - Virtual size: 207KB