2024-07-08_cd0b50352e227178ce84a517f7421137_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-08_cd0b50352e227178ce84a517f7421137_mafia
Size

1.7MB
MD5

cd0b50352e227178ce84a517f7421137
SHA1

14511da0f94a6279a945db1aa1b21ce435702936
SHA256

1a59ddfa4c06732dbd5000f2067ceddd41f7a2f6f48f513ecee0569d6d86b453
SHA512

195eab54a6118df64972718cd6511b8e774056c15550e0aefb5c7c097e93d5e316cef1657904f7b62fe69d6e805a2ef996c5c9a86b7f1eefd3344243d436233e
SSDEEP

24576:WtRbXTkHIfIG8GboTsKuTeHcdgGuEuyTL4O+xfVwHnPGdH9n51MU8vFK:W7MrxH1XEuynuEPEHD+bk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-08_cd0b50352e227178ce84a517f7421137_mafia

Files

2024-07-08_cd0b50352e227178ce84a517f7421137_mafia
.exe windows:5 windows x86 arch:x86

f7af660efa9feb4b4a9d3438fa805b2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\kjk\src\sumatrapdf\obj-rel\SumatraPDF-no-MuPDF.pdb

Imports

advapi32

RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityA
SetFileSecurityW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyW

kernel32

LeaveCriticalSection
GetFileAttributesW
MulDiv
GetPrivateProfileIntW
GetLastError
EnterCriticalSection
QueryPerformanceFrequency
DeleteCriticalSection
LocalFree
SetFileAttributesW
GetUserDefaultUILanguage
ReadDirectoryChangesW
GetOverlappedResult
ResetEvent
WaitForMultipleObjects
GetTickCount
Sleep
SetThreadExecutionState
GetSystemTime
GetLogicalDrives
GlobalLock
GetProfileStringW
GlobalAlloc
GlobalUnlock
GlobalFree
GlobalDeleteAtom
GlobalAddAtomW
GetDriveTypeW
CreateDirectoryW
SetFileTime
WriteFile
ReadFile
WritePrivateProfileStringW
GetFileSizeEx
GetLongPathNameW
GetFileTime
GetFileAttributesExW
GetShortPathNameW
DeleteFileW
GetFileInformationByHandle
WideCharToMultiByte
MultiByteToWideChar
AllocConsole
CreateProcessW
SetConsoleScreenBufferSize
GetSystemDirectoryW
LoadLibraryW
GetModuleFileNameW
GetStdHandle
GetConsoleScreenBufferInfo
GetVersion
lstrcpyW
InterlockedIncrement
InterlockedDecrement
SetFilePointer
CreateFileA
MoveFileW
FlushFileBuffers
SetEndOfFile
GetFileType
GetModuleHandleW
GetFileAttributesA
SetFileAttributesA
DeviceIoControl
CreateDirectoryA
FindNextFileA
FindFirstFileA
GetFullPathNameA
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
IsDBCSLeadByte
GetCPInfo
GetEnvironmentVariableW
GetTempFileNameW
GetExitCodeProcess
GetTempPathW
CreateEventA
InterlockedExchange
InterlockedCompareExchange
DeleteFileA
GetACP
WriteConsoleW
GetTimeZoneInformation
GetProcessHeap
CreateProcessA
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetConsoleMode
GetConsoleCP
SetHandleCount
GetCurrentDirectoryW
PeekNamedPipe
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
HeapSize
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
DuplicateHandle
MoveFileA
RaiseException
ExitProcess
RtlUnwind
InitializeCriticalSectionAndSpinCount
SetStdHandle
HeapReAlloc
FindFirstFileExW
HeapAlloc
DecodePointer
EncodePointer
HeapFree
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetLocaleInfoW
GetThreadContext
GetLocaleInfoA
VirtualQuery
SetUnhandledExceptionFilter
GetCurrentProcess
CompareStringW
WaitForSingleObject
SetEvent
OutputDebugStringW
GetCurrentThread
FormatMessageA
Thread32First
GetVersionExW
TerminateProcess
Thread32Next
CreateFileW
GetEnvironmentVariableA
GetProcAddress
OpenThread
GlobalMemoryStatusEx
CreateEventW
Module32FirstW
GetSystemInfo
GetModuleFileNameA
GetModuleHandleA
CreateToolhelp32Snapshot
GetCurrentThreadId
Module32NextW
CloseHandle
GetCurrentProcessId
SuspendThread
ResumeThread
CreateThread
FindFirstFileW
FindClose
FindNextFileW
FindResourceW
LoadResource
SizeofResource
LockResource
GetDateFormatW
GetTimeFormatW
GetFullPathNameW
GetCommandLineW
CopyFileExW
SetErrorMode
QueryPerformanceCounter
GetPrivateProfileStringW
InitializeCriticalSection
FormatMessageW

user32

OemToCharBuffA
CharToOemBuffW
OemToCharA
CharUpperW
CharToOemA
CharLowerA
CharUpperA
GetDC
ReleaseDC
DrawFrameControl
HideCaret
LoadImageW
ShowCaret
SetClassLongW
DdeInitializeW
DdeCreateStringHandleW
DdeFreeStringHandle
DdeUninitialize
DdeCreateDataHandle
DdeClientTransaction
DdeConnect
DdeDisconnect
GetMonitorInfoW
DdeFreeDataHandle
MonitorFromRect
FindWindowW
TranslateAcceleratorW
SetTimer
GetMessageW
PostQuitMessage
IsIconic
SetCapture
KillTimer
IsZoomed
GetKeyState
GetFocus
TrackMouseEvent
LoadCursorW
SetParent
IsCharUpperW
GetCapture
TranslateMessage
LoadAcceleratorsW
GetForegroundWindow
RegisterClassExW
LoadIconW
GetScrollInfo
InvalidateRect
SystemParametersInfoW
GetSysColor
SetWindowPos
GetWindowDC
MonitorFromWindow
GetDesktopWindow
SetClipboardData
SetMenuItemInfoW
CloseClipboard
EmptyClipboard
PeekMessageW
GetMenuItemID
ModifyMenuW
CheckMenuRadioItem
InsertMenuW
CheckMenuItem
GetWindowTextLengthW
ShowWindowAsync
FindWindowExW
PostMessageW
GetSystemMetrics
MessageBoxW
wsprintfA
GetMessagePos
CallWindowProcW
DestroyMenu
MapWindowPoints
SendMessageW
CreateWindowExW
SetMenu
RemoveMenu
CreatePopupMenu
RedrawWindow
SetWindowLongW
EnableMenuItem
AppendMenuW
GetWindowLongW
SetFocus
CreateMenu
SetForegroundWindow
TrackPopupMenu
GetWindowRect
DestroyWindow
IsCharAlphaNumericW
CharLowerW
MoveWindow
DefWindowProcW
ShowWindow
GetCursorPos
BeginPaint
GetClientRect
CopyImage
DrawTextW
FillRect
SetActiveWindow
ScreenToClient
SetCursor
EndPaint
EnableWindow
SetDlgItemTextW
CheckRadioButton
IsDlgButtonChecked
CheckDlgButton
SendDlgItemMessageW
EndDialog
GetDlgItem
GetParent
DialogBoxParamW
DialogBoxIndirectParamW
DispatchMessageW
GetScrollPos
UnpackDDElParam
GetWindow
RemovePropW
SetPropW
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
GetPropW
OpenClipboard
ReuseDDElParam
MessageBeep
LoadBitmapW
IsWindow
ShowScrollBar
GetCursor
ReleaseCapture
IsWindowVisible
UpdateWindow
SetScrollInfo
IsWindowUnicode
EnumDisplayMonitors

gdi32

CreateRectRgn
CreateDIBitmap
MoveToEx
SetGraphicsMode
LineTo
GetDIBits
CreateCompatibleBitmap
SetDIBits
SetWorldTransform
SetBkColor
EndPage
StartPage
GetDeviceCaps
CreateDCW
SetMapMode
StartDocW
EndDoc
AbortDoc
GetObjectW
BitBlt
CreateFontIndirectW
CreateSolidBrush
GetTextExtentPoint32W
SetTextColor
DeleteDC
StretchBlt
SetBkMode
SelectObject
SelectClipRgn
CreateCompatibleDC
Rectangle
SetStretchBltMode
CreateRoundRectRgn
CreatePen
RoundRect
TextOutW
GetStockObject
DeleteObject

comdlg32

CommDlgExtendedError
PrintDlgExW
GetSaveFileNameW
GetOpenFileNameW

shell32

SHBindToParent
ShellExecuteExW
SHGetDesktopFolder
SHGetSpecialFolderPathW
DragFinish
DragQueryFileW
DragAcceptFiles
SHAddToRecentDocs
SHChangeNotify
SHGetFileInfoW

gdiplus

GdipSetSmoothingMode
GdipDeleteGraphics
GdipAlloc
GdipSetPageUnit
GdipDeletePen
GdipGetImageWidth
GdipInvertMatrix
GdipDeleteMatrix
GdipSaveImageToFile
GdipTransformMatrixPoints
GdipGetImageEncoders
GdipRotateMatrix
GdipGetImageEncodersSize
GdipTranslateMatrix
GdipDrawImageI
GdipFree
GdipDeleteBrush
GdiplusShutdown
GdipCreateSolidFill
GdipCreateFromHDC
GdipFillRectangleI
GdipDrawLineI
GdipCreatePen1
GdipFillEllipseI
GdiplusStartup
GdipAddPathRectangleI
GdipWindingModeOutline
GdipDrawPath
GdipDeletePath
GdipFillPath
GdipCreatePath
GdipDrawImageRectRectI
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDisposeImage
GdipGetDC
GdipCreateHBITMAPFromBitmap
GdipSetInterpolationMode
GdipCloneImage
GdipReleaseDC
GdipGetImageHorizontalResolution
GdipCloneBitmapAreaI
GdipScaleMatrix
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateMatrix
GdipSetClipRectI
GdipSetWorldTransform
GdipGetImageVerticalResolution
GdipSetCompositingQuality

comctl32

ImageList_Create
ImageList_AddMasked
InitCommonControlsEx
ImageList_Destroy
CreatePropertySheetPageW
ImageList_GetIconSize
ImageList_Draw

winspool.drv

ord203
ClosePrinter
DocumentPropertiesW
OpenPrinterW

wininet

InternetOpenUrlW
InternetReadFile
InternetConnectW
InternetSetOptionW
InternetOpenW
HttpOpenRequestW
HttpSendRequestA
InternetCloseHandle
HttpQueryInfoW

ole32

CoCreateInstance
ReleaseStgMedium
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal
CoUninitialize
OleUninitialize
OleInitialize

oleaut32

VariantClear
VariantInit
SysAllocString

shlwapi

StrRStrIW
StrStrIW
PathIsRelativeW
SHDeleteValueW
SHDeleteKeyW
PathAppendW
SHSetValueW
StrStrW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

libmupdf

fz_new_pixmap_with_rect
fz_new_device
fz_round_rect
pdf_resolve_indirect
xml_att
fz_new_text_span
fz_new_buffer
pdf_from_ucs2
fz_dict_puts
fz_accelerate
fz_matrix_expansion
fz_dict_get_key
fz_transform_rect
fz_free_device
fz_is_null
fz_free_link_dest
fz_throw_imp
fz_dict_len
fz_free_context
fz_to_name
pdf_to_utf8
fz_strdup
fz_is_name
pdf_get_crypt_revision
xps_find_link_target_obj
fz_array_len
pdf_load_outline
pdf_get_crypt_key
fz_list_is_single_image
fz_md5_init
fz_find_device_colorspace
pdf_lookup_dest
fz_new_stream
pdf_load_page_tree
pdf_parse_link_dest
fz_new_null
xml_parse_document
fz_is_indirect
fz_rotate
fz_dict_gets
fz_to_str_buf
pdf_has_permission
pdf_load_stream
pdf_find_page_number
xps_free_context
fz_new_draw_device
fz_is_int
pdf_count_pages
fz_dict_getsa
fz_open_file_w
xps_load_outline
fz_free_display_list
fz_dict_get_val
fz_open_buffer
pdf_authenticate_password
fz_is_string
fz_new_bbox_device
fz_free
pdf_open_xref_with_stream
pdf_is_stream
fz_md5_update
xps_count_pages
fz_new_display_list
pdf_load_name_tree
fz_close
pdf_to_rect
fz_new_context
fz_to_gen
xps_find_link_target
xps_free_page
fz_list_requires_blending
pdf_free_page
fz_execute_display_list
pdf_needs_password
fz_seek
fz_is_dict
pdf_run_page_with_usage
pdf_free_xref
fz_copy_dict
xps_open_stream
fz_drop_buffer
fz_to_real
fz_scale
pdf_load_page
fz_clone_stream
fz_new_gdiplus_device
fz_free_glyph_cache
pdf_to_ucs2
xps_load_page
fz_free_text_span
fz_free_link
fz_new_link
fz_free_outline
gzwopen
jpeg_resync_to_restart
jpeg_finish_decompress
jpeg_read_scanlines
jpeg_start_decompress
jpeg_read_header
jpeg_CreateDecompress
jpeg_destroy_decompress
jpeg_std_error
inflate
crc32
fz_tell
fz_convert_pixmap
fz_transform_point
fz_to_int
xps_free_part
fz_new_glyph_cache
fz_md5_final
fz_bound_pixmap
xps_read_part
xps_parse_fixed_page
fz_malloc
fz_is_array
fz_translate
fz_to_num
fz_new_string
xml_tag
fz_push_try
fz_invert_matrix
fz_new_text_device
fz_drop_obj
xps_extract_doc_props
fz_new_list_device
fz_dict_dels
fz_concat
fz_array_get
fz_read_all
fz_warn_imp
fz_keep_obj
pdf_run_page
xml_free_element
fz_drop_pixmap
gzseek
gzopen
gzclose
gztell
gzerror
gzread
inflateInit2_
inflateEnd
fz_clear_pixmap_with_color

urlmon

CoInternetGetSession

Sections

.text
Size: 1022KB - Virtual size: 1022KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 407KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7af660efa9feb4b4a9d3438fa805b2a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

gdi32

comdlg32

shell32

gdiplus

comctl32

winspool.drv

wininet

ole32

oleaut32

shlwapi

version

libmupdf

urlmon

Sections

.text Size: 1022KB - Virtual size: 1022KB

.rdata Size: 407KB - Virtual size: 406KB

.data Size: 62KB - Virtual size: 112KB

.rsrc Size: 137KB - Virtual size: 137KB

.reloc Size: 90KB - Virtual size: 90KB

.text
Size: 1022KB - Virtual size: 1022KB

.rdata
Size: 407KB - Virtual size: 406KB

.data
Size: 62KB - Virtual size: 112KB

.rsrc
Size: 137KB - Virtual size: 137KB

.reloc
Size: 90KB - Virtual size: 90KB