2024-07-09_fd08968d334005b65bffd015608d807c_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-09_fd08968d334005b65bffd015608d807c_mafia
Size

1.9MB
MD5

fd08968d334005b65bffd015608d807c
SHA1

bceb326327d00dc512296621db35f026ec689591
SHA256

3d9105db26f610f01a67b8392bd24075833c9cdc8983dbdea29b7f6c1c350a43
SHA512

2fbb1cdcf81986639f971d1ae35307edbf16374b78983cc2d0add42265cd79058e773810e30e3779508fd50c541c734f7994bd7ae01503e9913e5f9b6b547a8a
SSDEEP

49152:3ewXiAL6VLRY21rgP/+fcKhgyfo7s6hc:8ALGYMtGy+Tc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-09_fd08968d334005b65bffd015608d807c_mafia

Files

2024-07-09_fd08968d334005b65bffd015608d807c_mafia
.exe windows:5 windows x86 arch:x86

ec1abea015486bf5f0674586f647e45d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\SEP_12.1\Output\SISSDK\Bin.iru\RoRu.pdb

Imports

psapi

GetModuleFileNameExW

msi

ord159
ord32
ord49
ord74
ord160
ord118
ord141
ord94
ord47
ord17
ord92
ord70
ord8
ord111
ord167
ord125
ord103
ord34
ord80
ord116
ord158
ord166
ord115

kernel32

SetEndOfFile
InterlockedExchange
LoadLibraryA
RaiseException
SetEnvironmentVariableA
CreateFileA
SetStdHandle
WriteConsoleW
GetVersionExW
GetProcAddress
GetModuleHandleW
GetSystemInfo
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
CloseHandle
GetCurrentProcess
GetWindowsDirectoryW
OpenProcess
FindFirstFileW
FindNextFileW
FindClose
GetStartupInfoW
CreateFileW
CreateProcessW
GetExitCodeProcess
lstrlenW
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
GetLastError
GetFileAttributesW
CreateDirectoryW
CopyFileW
WaitForSingleObject
GetCurrentProcessId
GlobalAlloc
GlobalFree
WideCharToMultiByte
GetCommandLineW
GetShortPathNameW
MoveFileExW
InterlockedDecrement
LocalAlloc
FormatMessageW
OpenEventW
SetEvent
OpenMutexW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
GetProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleFileNameW
VirtualQuery
MultiByteToWideChar
LoadLibraryExW
lstrlenA
ReadProcessMemory
GetLongPathNameW
ExpandEnvironmentStringsW
QueryDosDeviceW
GetTickCount
SetLastError
lstrcmpA
lstrcmpW
DuplicateHandle
GetProcessTimes
GetCurrentDirectoryW
VerifyVersionInfoW
VerSetConditionMask
GetCurrentThread
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
HeapFree
GetProcessHeap
VirtualFree
HeapSize
HeapAlloc
VirtualAlloc
HeapReAlloc
SetFilePointer
ReadFile
WriteFile
FlushFileBuffers
GetFileSize
LocalFree
lstrcpyW
OutputDebugStringW
GlobalUnlock
GlobalLock
GlobalSize
ReleaseSemaphore
CreateSemaphoreW
OpenSemaphoreW
PulseEvent
ResetEvent
CreateEventW
WaitForMultipleObjects
WaitForMultipleObjectsEx
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetTimeZoneInformation
GetStdHandle
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
Sleep
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedIncrement
InterlockedCompareExchange
GetStringTypeW
EncodePointer
DecodePointer
GetLocaleInfoW
GetUserDefaultLCID
GetStringTypeExW
LCMapStringW
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
GetCPInfo
MoveFileW
HeapSetInformation
RtlUnwind
ExitProcess
CompareStringW
GetDateFormatA
GetTimeFormatA
VirtualProtect

user32

wsprintfW
GetSystemMetrics
CharNextW
CharPrevW
GetMessageA
IsWindowUnicode
DispatchMessageA
GetMessageW
MsgWaitForMultipleObjectsEx
DispatchMessageW
PeekMessageW
GetClassNameW
GetWindowTextW
LoadStringW
TranslateMessage

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
OleRun
CoInitialize
CoTaskMemFree
StringFromIID
IIDFromString
CreateStreamOnHGlobal
GetHGlobalFromStream
OleSaveToStream
StringFromGUID2
CLSIDFromString
OleLoadFromStream
CoInitializeSecurity

oleaut32

SafeArrayCreate
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnlock
SafeArrayRedim
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
VariantCopyInd
SysAllocString
SysFreeString

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 644KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ec1abea015486bf5f0674586f647e45d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

msi

kernel32

user32

ole32

oleaut32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 198KB - Virtual size: 198KB

.data Size: 37KB - Virtual size: 55KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 644KB - Virtual size: 648KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 198KB - Virtual size: 198KB

.data
Size: 37KB - Virtual size: 55KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 644KB - Virtual size: 648KB