2024-07-26_f280cc3f49d5588649ba117885f0af49_hijackloader_mafia_revil_sakula

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-26_f280cc3f49d5588649ba117885f0af49_hijackloader_mafia_revil_sakula
Size

8.2MB
MD5

f280cc3f49d5588649ba117885f0af49
SHA1

1d1970326986f543a94e8cc713f951530875fc7a
SHA256

0b2bc98a04e5cf3191e115ff546661a6830aef65f658d2284ddd8a24833094ef
SHA512

e29126d627a25e7c2a97ab74e12aa3b0088e3d15468e9d10c751b620f23d5c6627063fd91be372445cef2ddf0b2b03004eabf7d3876828bdfa923ccfb62ee30b
SSDEEP

98304:xCMIWL8+7xg8/zzjyzUydHo6n6l6aaeFCq4eFPlA3aRLQ1Xo2NTauZrFvJqPD:U4L82Rb36n6lp+aVe1TakrFRq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-26_f280cc3f49d5588649ba117885f0af49_hijackloader_mafia_revil_sakula

Files

2024-07-26_f280cc3f49d5588649ba117885f0af49_hijackloader_mafia_revil_sakula
.exe windows:5 windows x86 arch:x86

1cbd0a15da054a1113aa125aa49713e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapFree
HeapCreate
CreateEventA
CloseHandle
Sleep
WaitForSingleObject
SetEvent
GetLastError
GetCurrentThreadId
SetLastError
InterlockedExchange
CreateEventW
CancelIo
WideCharToMultiByte
lstrlenW
ResetEvent
GetModuleFileNameW
OpenProcess
GetCurrentProcessId
GetProcAddress
GetModuleHandleW
LeaveCriticalSection
GetExitCodeProcess
ResumeThread
SetThreadContext
GetThreadContext
VirtualAllocEx
CreateProcessA
GetFileAttributesA
GetSystemDirectoryA
WriteFile
CreateFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetUserDefaultUILanguage
GetTickCount64
SetErrorMode
FreeLibrary
LoadLibraryW
CreateThread
GetConsoleWindow
MoveFileExA
GetModuleFileNameA
GetCurrentDirectoryA
WinExec
GetTickCount
TlsGetValue
TlsAlloc
LCMapStringW
LocalFree
SetStdHandle
WriteConsoleW
HeapReAlloc
SetFilePointer
ReadFile
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
GetCurrentProcess
VirtualFree
FlushFileBuffers
GetCPInfo
GetConsoleMode
GetConsoleCP
IsValidLocale
HeapSetInformation
GetCommandLineW
ExitProcess
ExitThread
RaiseException
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
HeapSize
GetLocaleInfoW
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
MultiByteToWideChar
InitializeCriticalSection
EncodePointer
DecodePointer
TlsSetValue

user32

MessageBoxW
GetInputState
PostThreadMessageA
ShowWindow

advapi32

RegCreateKeyW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegQueryValueExW

ws2_32

socket
gethostbyname
connect
WSAIoctl
send
setsockopt
closesocket
WSACleanup
WSAStartup
select
htons
recv

winmm

timeGetTime

ntdll

RtlUnwind

Sections

.text
Size: 570KB - Virtual size: 570KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cbd0a15da054a1113aa125aa49713e2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

winmm

ntdll

Sections

.text Size: 570KB - Virtual size: 570KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 7.5MB - Virtual size: 7.5MB

.rsrc Size: 73KB - Virtual size: 72KB

.reloc Size: 33KB - Virtual size: 32KB

.text
Size: 570KB - Virtual size: 570KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 7.5MB - Virtual size: 7.5MB

.rsrc
Size: 73KB - Virtual size: 72KB

.reloc
Size: 33KB - Virtual size: 32KB