D:\Апдейтер запуск\cs_updater\Release\hl.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2024-08-02_c6a43b70ebe8ee52a948eb3819029326_mafia.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
2024-08-02_c6a43b70ebe8ee52a948eb3819029326_mafia.exe
Resource
win10v2004-20240730-en
General
-
Target
2024-08-02_c6a43b70ebe8ee52a948eb3819029326_mafia
-
Size
1.9MB
-
MD5
c6a43b70ebe8ee52a948eb3819029326
-
SHA1
663559accfd57cb0caf3b692abf37d56f0c9d21a
-
SHA256
717750d4d7ad0281429cf998ae369adad89748f64fe43e4cde51f9f6d0af5068
-
SHA512
05a1aedbbe2901022396f9761a7ae007bb6ea9dddfaaefd26c73eff8f5c44f48511c31ef2cebf796b8f007280ebb3d17e39156c1f88688c15297750acac3228d
-
SSDEEP
49152:5+igg1TNXEOT/cCN+z9GCeX77PQ5p/IT6DpWWJIa:5+0BN0iNN+zs77Q
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-08-02_c6a43b70ebe8ee52a948eb3819029326_mafia
Files
-
2024-08-02_c6a43b70ebe8ee52a948eb3819029326_mafia.exe windows:5 windows x86 arch:x86
549512905934f3d0a17f8b2dd5c2deae
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
shlwapi
PathFileExistsW
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
advapi32
RegisterEventSourceA
DeregisterEventSource
ReportEventA
user32
UnhookWindowsHookEx
SetWindowsHookExW
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
ws2_32
accept
listen
sendto
getaddrinfo
freeaddrinfo
ioctlsocket
connect
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
socket
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
gethostname
shutdown
htonl
getservbyname
gethostbyname
recvfrom
wldap32
ord46
ord22
ord211
ord143
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord41
ord60
kernel32
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileW
GetProcessHeap
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameA
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetLocaleInfoW
FlushFileBuffers
GetConsoleCP
WriteFile
SetEnvironmentVariableA
GetDriveTypeW
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CompareStringW
LCMapStringW
RtlUnwind
GetCPInfo
RaiseException
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
GetTimeZoneInformation
SetConsoleCtrlHandler
DeviceIoControl
ExitProcess
CreateFileA
GetFileAttributesA
AreFileApisANSI
GetTimeFormatA
HeapCreate
FindFirstFileExA
GetDriveTypeA
Sleep
WideCharToMultiByte
MultiByteToWideChar
FindFirstFileW
MoveFileExW
GetCurrentProcess
WaitForSingleObject
GetModuleHandleW
FormatMessageW
GetFileAttributesW
GetModuleFileNameW
GetLastError
SetLastError
GetProcAddress
FindClose
GetModuleFileNameA
FindNextFileW
CloseHandle
DeleteFileW
LocalFree
SetFileAttributesW
InterlockedIncrement
InterlockedDecrement
GetCommandLineW
CreateProcessW
CreateDirectoryW
LoadLibraryW
GetTempPathW
CreateEventW
FormatMessageA
GetDateFormatA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
SleepEx
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
FreeLibrary
ExpandEnvironmentStringsA
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
GetCurrentThreadId
GetVersion
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FlushConsoleInputBuffer
SetFilePointer
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateThread
ExitThread
GetSystemTimeAsFileTime
HeapAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapReAlloc
HeapFree
DecodePointer
EncodePointer
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
shell32
CommandLineToArgvW
ole32
CoUninitialize
CLSIDFromProgID
CoInitializeEx
CoCreateInstance
oleaut32
SysFreeString
SysAllocStringLen
VarBstrCat
VariantInit
VariantClear
SysStringLen
SysAllocString
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 340KB - Virtual size: 340KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 115KB - Virtual size: 138KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 86KB - Virtual size: 86KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ