2024-07-25_be8cd1c1e9f8b676bbf59de5df3cbc38_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-25_be8cd1c1e9f8b676bbf59de5df3cbc38_mafia
Size

248KB
MD5

be8cd1c1e9f8b676bbf59de5df3cbc38
SHA1

b86c4a79f6670e8eac26ed3c6c59c36a4df7630d
SHA256

63b1aa9f5125264a5aea46730855069a7543a3773a547fff18c747c94dfa5e32
SHA512

3e6e51b94b680cf2ff7267e4b648bdeb7d97d1b2aa000f657c48940b3f356198b17de17260aa71a04691763044739ddf566f7b5ef9b20ef4a096e38e0dc3e421
SSDEEP

3072:eHwCxmO1QsbYgKdKQ/0s/B8nmnQoG5DlGQDDHLri52OjxlNTO8S2GV7b3Fx5K+Ej:U2gX8LZ4TtaLgEUJK/0ddJ+BsfhK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-25_be8cd1c1e9f8b676bbf59de5df3cbc38_mafia

Files

2024-07-25_be8cd1c1e9f8b676bbf59de5df3cbc38_mafia
.exe windows:5 windows x86 arch:x86

f8d443b36d32c0dde034b03f36121c2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\fke_v404\Trafo_Abb\TRAFODLL\CPP-AWP\DEBUG_VC10_32\CPP_PGM.pdb

Imports

kernel32

LeaveCriticalSection
FreeLibrary
GetProcAddress
FormatMessageA
GetLastError
LoadLibraryA
SetDllDirectoryA
GetModuleFileNameA
Sleep
SetConsoleTitleA
GetTickCount
GetCurrentProcessId
GetConsoleTitleA
SetConsoleCtrlHandler
GetStdHandle
AllocConsole
CreateProcessA
GlobalAlloc
GetEnvironmentVariableA
SetEnvironmentVariableA
CloseHandle
ReleaseSemaphore
WaitForSingleObject
OpenSemaphoreA
CreateSemaphoreA
LocalFree
CreateFileA
WaitForMultipleObjects
TerminateProcess
GetExitCodeProcess
OpenProcess
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
CreateFileMappingA
GetVersionExA
HeapAlloc
GetModuleHandleW
ExitProcess
DecodePointer
RtlUnwind
RaiseException
HeapSetInformation
GetStartupInfoW
EncodePointer
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryW
DuplicateHandle
GetCurrentProcess
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
InterlockedDecrement
InterlockedIncrement
GetDriveTypeW
GetFullPathNameA
HeapFree
EnterCriticalSection
CreateDirectoryA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetFileAttributesA
DeleteFileA
WriteFile
GetModuleFileNameW
HeapCreate
HeapDestroy
DeleteCriticalSection
FatalAppExitA
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
IsProcessorFeaturePresent
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
MultiByteToWideChar
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetFileInformationByHandle
PeekNamedPipe
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapReAlloc
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
GetTimeZoneInformation
WriteConsoleW
CompareStringW
CreateFileW
InitializeCriticalSection
GetSystemTimeAsFileTime
GetCommandLineA

user32

MessageBoxA
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
PeekMessageA
ShowWindow
FindWindowA
wsprintfA

wsock32

WSAGetLastError

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

??0TrafoClient@@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1TrafoClient@@QAE@XZ
??_FTrafoClient@@QAEXXZ
?DllBeschreibung@TrafoClient@@QAEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?DllFactory@TrafoClient@@QBEPAVTrafoFactory@@XZ
?DllTyp@TrafoClient@@QBEHXZ
?DllVersion@TrafoClient@@QAEABNXZ
?beendeTransformation@TrafoClient@@QAEXXZ
?clearPP@TrafoClient@@QAE_NXZ
?createDllFactory@TrafoClient@@QAEPAVTrafoFactory@@XZ
?dllIsLocked@TrafoClient@@QBEHXZ
?dllIsNotThreadSafe@TrafoClient@@QBEHXZ
?freeDll@TrafoClient@@QAE_NXZ
?getAnzahlPP@TrafoClient@@QAE_NAAH@Z
?getBerechnungsArt@TrafoClient@@QAE_NAAH@Z
?getEllipsoid@TrafoClient@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV23@AAN2@Z
?getLastError@TrafoClient@@QAEHPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getPPTrafo@TrafoClient@@QAE_NAAW4PPTransformation@TrafoFactoryibR@@@Z
?getPasspunkt1@TrafoClient@@QAE_NHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0AAN110111@Z
?getPasspunkt2@TrafoClient@@QAE_NHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAN11AAH@Z
?getPasspunktxyz@TrafoClient@@QAE_NHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAN11111@Z
?getStreifenbestimmung@TrafoClient@@QAE_NAAH@Z
?getTrafoAusDatei@TrafoClient@@QAE_NAAH@Z
?getTrafoInfo@TrafoClient@@QAE_NAAN0000@Z
?getTrafoParameter@TrafoClient@@QAE_NAAN000000@Z
?initDll4XMLWrite@TrafoClient@@QAE_NXZ
?initDll@TrafoClient@@QAE_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?initialisiereDLL@TrafoClient@@QAE_NXZ
?initialisiereTransformation@TrafoClient@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?lockDll@TrafoClient@@QAEHXZ
?moduleFileName@TrafoClient@@AAE_NPAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV23@@Z
?releaseDllFactory@TrafoClient@@QAE_NXZ
?setAnzahlPP@TrafoClient@@QAE_NH@Z
?setBerechnungsArt@TrafoClient@@QAE_NH@Z
?setKooSystem@TrafoClient@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?setPPTrafo@TrafoClient@@QAE_NW4PPTransformation@TrafoFactoryibR@@@Z
?setPasspunkt@TrafoClient@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0NNN0NNN@Z
?setPasspunkt@TrafoClient@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NNNNNN@Z
?setStreifenbestimmung@TrafoClient@@QAE_NH@Z
?setTrafoInitialized@TrafoClient@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?setTrafoParameter@TrafoClient@@QAE_NNNNNNNN@Z
?trafoInitialized@TrafoClient@@ABE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?transformationVorhanden@TrafoClient@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?transformiereKoordinaten@TrafoClient@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0NNNAAN11@Z
?transformiereRichtung@TrafoClient@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0000NNNNAAN@Z
?unlockDll@TrafoClient@@QAEHH@Z

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8d443b36d32c0dde034b03f36121c2a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

wsock32

advapi32

Exports

Exports

Sections

.text Size: 203KB - Virtual size: 203KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 7KB - Virtual size: 34KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 203KB - Virtual size: 203KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 7KB - Virtual size: 34KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 8KB - Virtual size: 8KB