2024-07-09_455088b335f35faf06ca245ba0540a14_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-09_455088b335f35faf06ca245ba0540a14_mafia
Size

1.2MB
MD5

455088b335f35faf06ca245ba0540a14
SHA1

a84dbc0090b793abcbf5797fe06cf9045db9e8f7
SHA256

b7a06f80cb134b6344966a05144582b472723ebd4f65a5740fd9e397a5abcdec
SHA512

e56080cc4e9ff7eb3ce98f0dc8a03b937417a965119d313e46fc375f2ea4631e42d083d87bc3f59ea95a5360b853c3d60228e71d32288d1fd6f00094ee398233
SSDEEP

24576:5zziqNDVMLGNNvejI9YfjjdJRH3D8dOHMoPhgzH2U4o7s6hc:5zvNDV2wYfHd33Yduhgyfo7s6hc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-09_455088b335f35faf06ca245ba0540a14_mafia

Files

2024-07-09_455088b335f35faf06ca245ba0540a14_mafia
.exe windows:5 windows x86 arch:x86

538b982bb73f2f86e4d4b7cbbbc45935

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bld_area\SymELAM\Src\bin\Win32.Release_Static\ELAMInst.pdb

Imports

kernel32

GetWindowsDirectoryW
GetCurrentProcess
GetUserDefaultLCID
GetVersionExW
GetProcAddress
GetModuleHandleW
SetErrorMode
GetCurrentProcessId
GetTempPathW
CopyFileW
SetFileAttributesW
DeleteFileW
SetStdHandle
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
CreateFileW
CloseHandle
MoveFileExW
GetFileAttributesW
FindClose
GetLastError
CompareStringW
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetACP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetCurrentThreadId
GetLocalTime
SetFilePointer
WriteFile
GetModuleFileNameW
lstrlenW
OutputDebugStringW
OpenProcess
GetProcessTimes
VerifyVersionInfoW
VerSetConditionMask
GetCurrentThread
GetSystemInfo
ReadFile
GetFileSize
FreeLibrary
LoadLibraryW
LoadLibraryExW
DuplicateHandle
lstrlenA
GetSystemDirectoryW
GetCurrentDirectoryW
GetShortPathNameW
GetLongPathNameW
ReadProcessMemory
HeapFree
GetProcessHeap
VirtualFree
HeapSize
HeapAlloc
VirtualAlloc
HeapReAlloc
TryEnterCriticalSection
LocalFree
WaitForSingleObject
CreateProcessW
GetTickCount
TerminateProcess
SetUnhandledExceptionFilter
GetThreadContext
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
FlushFileBuffers
SetEndOfFile
CreateDirectoryW
lstrcpyW
ReleaseSemaphore
CreateSemaphoreW
OpenSemaphoreW
SetEvent
PulseEvent
ResetEvent
CreateEventW
OpenEventW
WaitForMultipleObjects
WaitForMultipleObjectsEx
VirtualQuery
ExpandEnvironmentStringsW
QueryDosDeviceW
SetLastError
lstrcmpA
lstrcmpW
VirtualProtect
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
GetCPInfo
LCMapStringW
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetLocaleInfoW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetConsoleCP

advapi32

OpenProcessToken
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegUnLoadKeyW
RegLoadKeyW
AdjustTokenPrivileges
FreeSid
EqualSid
GetTokenInformation
OpenThreadToken
AllocateAndInitializeSid
ConvertSidToStringSidW
StartServiceW
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
LookupPrivilegeNameW
RegEnumValueW
TraceMessage
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
ControlTraceW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
LookupPrivilegeValueW
RegEnumKeyExW

shell32

SHGetSpecialFolderPathW
ord165
SHGetFolderPathW

shlwapi

PathRemoveBackslashW
PathAppendW
SHDeleteKeyW
SHDeleteEmptyKeyW
PathIsUNCServerW
PathRemoveFileSpecW
PathIsUNCW
PathSkipRootW
PathAddBackslashW

userenv

UnloadUserProfile

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

crypt32

CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertGetEnhancedKeyUsage
CertNameToStrW
CertGetNameStringW
CryptMsgClose

wintrust

WintrustGetRegPolicyFlags
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle

user32

wsprintfW
MsgWaitForMultipleObjectsEx
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageA
IsWindowUnicode
GetMessageA
DispatchMessageW
CharPrevW
CharNextW
GetSystemMetrics

ole32

StringFromIID
CLSIDFromString
StringFromGUID2
OleSaveToStream
GetHGlobalFromStream
CreateStreamOnHGlobal
OleLoadFromStream
IIDFromString
CoTaskMemFree

oleaut32

SafeArrayCreate
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnlock
SafeArrayRedim
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
VariantCopyInd

Sections

.text
Size: 444KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 600KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

538b982bb73f2f86e4d4b7cbbbc45935

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

shlwapi

userenv

version

crypt32

wintrust

user32

ole32

oleaut32

Sections

.text Size: 444KB - Virtual size: 444KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 10KB - Virtual size: 25KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 600KB - Virtual size: 604KB

.text
Size: 444KB - Virtual size: 444KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 10KB - Virtual size: 25KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 600KB - Virtual size: 604KB