2024-07-09_b00b2a8dcb9294492bbdbb27ff85c1eb_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-09_b00b2a8dcb9294492bbdbb27ff85c1eb_mafia
Size

1.9MB
MD5

b00b2a8dcb9294492bbdbb27ff85c1eb
SHA1

347ba6ab63cac431a2a7795788988cb0f329bcc6
SHA256

b2af384f8992c7e0ff217fc659c75845e72a6685e2e274dd077756ffbcb49706
SHA512

a201e6e191000670cd9f11ae1301d5b81c1e3af9f483107a3b6dab1c871b50f4b895aca0d279e64f6719fd03a16d855d430428be44e3180340dbfa9de5beb001
SSDEEP

24576:yH8g9uHhqby6D4IdPooXRAu1x2DIO5HMoPhgzH2U4o7s6hc:S8RIdRRAu70xhgyfo7s6hc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-09_b00b2a8dcb9294492bbdbb27ff85c1eb_mafia

Files

2024-07-09_b00b2a8dcb9294492bbdbb27ff85c1eb_mafia
.exe windows:5 windows x86 arch:x86

116dc207caa218f2740c520ecf7dfb2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\SEP_12.1\Output\Install\Bin.iru\SylinkDrop.pdb

Imports

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

kernel32

TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetModuleHandleW
GetProcAddress
GetCurrentProcess
GetSystemDirectoryW
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetLastError
lstrlenA
CloseHandle
CreateFileW
ReadFile
InterlockedDecrement
LoadLibraryW
FreeLibrary
DeleteFileW
MoveFileW
WaitForSingleObject
GetModuleFileNameW
GetFileSize
WriteFile
CreateProcessW
GetExitCodeProcess
GetFileAttributesW
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Sleep
GetEnvironmentVariableW
SetFilePointer
CopyFileW
GetVersionExW
HeapFree
GetProcessHeap
VirtualFree
HeapSize
HeapAlloc
VirtualAlloc
GetSystemInfo
HeapReAlloc
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
TlsSetValue
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
OutputDebugStringW
VerifyVersionInfoW
VerSetConditionMask
GetCurrentThread
LoadLibraryExW
GetWindowsDirectoryW
GetCurrentDirectoryW
GetShortPathNameW
GetLongPathNameW
GetCurrentProcessId
DuplicateHandle
ReleaseSemaphore
CreateSemaphoreW
OpenSemaphoreW
SetEvent
PulseEvent
ResetEvent
CreateEventW
OpenEventW
WaitForMultipleObjects
GetTickCount
WaitForMultipleObjectsEx
FormatMessageA
GetACP
InterlockedIncrement
GetCPInfo
HeapDestroy
GetModuleHandleA
FlushFileBuffers
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
HeapCreate
GetUserDefaultLCID
GetStringTypeW
GetLocaleInfoW
GetSystemTimeAsFileTime
GlobalFree
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetConsoleMode
GetConsoleCP
SetHandleCount
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetCurrentThreadId
SetLastError
GetStdHandle
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetFileType
RaiseException
LoadLibraryA
InterlockedExchange
LocalFree
LocalAlloc
TlsFree

user32

GetMessageW
MessageBoxW
SetDlgItemTextW
FindWindowW
MessageBeep
EndDialog
GetDlgItemTextW
DialogBoxParamW
GetSystemMetrics
DispatchMessageW
GetMessageA
MsgWaitForMultipleObjectsEx
PeekMessageW
IsWindowUnicode
TranslateMessage
DispatchMessageA

comdlg32

GetOpenFileNameW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
IIDFromString
OleLoadFromStream
CreateStreamOnHGlobal
GetHGlobalFromStream
OleSaveToStream
StringFromGUID2
CLSIDFromString

oleaut32

SafeArrayCreate
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnlock
SafeArrayRedim
VariantCopyInd
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantClear
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
GetErrorInfo

Sections

.text
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

116dc207caa218f2740c520ecf7dfb2d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

comdlg32

ole32

oleaut32

Sections

.text Size: 387KB - Virtual size: 386KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 22KB - Virtual size: 99KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 387KB - Virtual size: 386KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 22KB - Virtual size: 99KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1.5MB - Virtual size: 1.5MB