2024-07-08_d09babc132890b126c7f4d8321d8e491_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-08_d09babc132890b126c7f4d8321d8e491_mafia
Size

1.1MB
MD5

d09babc132890b126c7f4d8321d8e491
SHA1

b703ee59a939d7223dcabbff1910b124b1d31645
SHA256

e23f09c426f617cf5b6f5dd96317b6b080bad5661d018196c197f183eed965dd
SHA512

83739cf1573b3f64fa2a7a8861d140aafefe967df964294631217b86e77b21ba121308062ac22c7391dfe1ff21b151f138563fe139de53e8cf9a2208f1c875f5
SSDEEP

24576:/D3rD/1Llex2afSjxxmjFmOTVFvYkE9Y:vD/B8xXsxmjFRvY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-08_d09babc132890b126c7f4d8321d8e491_mafia

Files

2024-07-08_d09babc132890b126c7f4d8321d8e491_mafia
.exe windows:5 windows x86 arch:x86

cd5ae305ce5634ff7cb371fa58692666

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\tasks\B.2959\test_win_zero_len_new_opt\tzerolennewopt.pdb

Imports

iphlpapi

GetAdaptersInfo

user32

ValidateRect
SetWindowLongA
InvalidateRect
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
SetScrollRange

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
RegCloseKey
RegQueryValueExA

kernel32

IsValidLocale
EnumSystemLocalesA
CreateFileW
GetUserDefaultLCID
GetStringTypeW
CreateFileA
SetEndOfFile
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoA
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetCurrentProcessId
GetComputerNameA
lstrcmpiA
GetSystemInfo
GetProcAddress
GetModuleHandleA
GetVersionExA
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetLastError
HeapFree
DeleteFileA
GetSystemTimeAsFileTime
RtlUnwind
EncodePointer
SetConsoleCtrlHandler
HeapAlloc
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
MultiByteToWideChar
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FatalAppExitA
FreeLibrary
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
IsProcessorFeaturePresent
CloseHandle
FlushFileBuffers
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
WriteConsoleW
SetStdHandle
GetFileAttributesA
HeapSize
HeapReAlloc

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd5ae305ce5634ff7cb371fa58692666

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

user32

advapi32

kernel32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 67KB - Virtual size: 77KB

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 67KB - Virtual size: 77KB

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 17KB - Virtual size: 16KB