2024-08-07_b84c7ee6c7d9958c7ff3de74d8914086_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-07_b84c7ee6c7d9958c7ff3de74d8914086_mafia
Size

1.4MB
MD5

b84c7ee6c7d9958c7ff3de74d8914086
SHA1

edd263fd064cbe06c9510f8c5eba8b64a85fc111
SHA256

8636e1ef8fc0a23abaecd0fdb371f9059e7c7a4a6457d14c2cc0d7c95c483259
SHA512

d99d0d142e5088a96791fc89d656ccae683fbc00edfc340504740a163984a338b4feb4e9d63bb4bfae29a00e65d86b432ccb7b003095ce6168d1bd85606d57cc
SSDEEP

24576:SfbCBce50y+AfI2C9eS/i4aRU6kZfTVBM7MTi8yhreUnmhreUnC+hreUnvhx:QbCBcdy+H9eSraRLkZhBM4TiryUnEyUR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-07_b84c7ee6c7d9958c7ff3de74d8914086_mafia

Files

2024-08-07_b84c7ee6c7d9958c7ff3de74d8914086_mafia
.exe windows:5 windows x86 arch:x86

7217d96268765276262cc48524c4e5c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Work\!extensions\InstallerAddons2\Release\InstallAddons.pdb

Imports

iphlpapi

GetAdaptersAddresses

ws2_32

htonl
gethostbyname
closesocket
socket
recv
connect
WSAStartup
htons
send

kernel32

GetFileAttributesW
GetTempPathW
GetCurrentDirectoryW
SetLastError
SetCurrentDirectoryW
RemoveDirectoryW
DeleteFileW
GetVolumeInformationW
CreateMutexW
SetFilePointer
CreateProcessW
WaitForSingleObject
GetTickCount
FormatMessageA
ReleaseMutex
GetCurrentProcessId
FreeLibrary
GetModuleHandleW
LoadLibraryW
OpenProcess
TerminateProcess
GetStdHandle
HeapSetInformation
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
Sleep
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
RaiseException
GetFileInformationByHandle
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetNativeSystemInfo
GetVersionExW
GetFullPathNameW
FindResourceW
LoadResource
SizeofResource
LockResource
GetFullPathNameA
CreateFileA
GetFileSize
InitializeCriticalSection
FormatMessageW
GetFileAttributesA
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
GetDiskFreeSpaceA
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
GetLastError
HeapSize
WriteConsoleW
GetTimeZoneInformation
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
IsProcessorFeaturePresent
UnhandledExceptionFilter
CompareStringW
GetDateFormatA
GetTimeFormatA
LCMapStringW
RtlUnwind
GetStartupInfoW
GetCommandLineA
GetDriveTypeW
FileTimeToLocalFileTime
GetCPInfo
GetFileType
SetStdHandle
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetProcessHeap
HeapAlloc
ExitProcess
HeapFree
GetLocaleInfoW
DecodePointer
EncodePointer
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
CreateDirectoryW
GetCurrentProcess
CreateFileMappingW
UnmapViewOfFile
GetFileSizeEx
FlushFileBuffers
CreateFileW
ReadFile
WriteFile
LockFile
UnlockFile
SetEndOfFile
FindNextFileW
FindClose
FindFirstFileExW
FindFirstFileW
CloseHandle
SetEnvironmentVariableW
InterlockedExchange
InterlockedExchangeAdd
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetProcAddress
IsDebuggerPresent
LocalFree
GetCommandLineW
GetWindowsDirectoryW
GetModuleFileNameW
GetSystemDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
PeekNamedPipe
GetModuleFileNameA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA
GetComputerNameW
MapViewOfFile
GetCurrentThreadId

user32

MessageBoxW
PostMessageW
EnumWindows
GetWindow
BlockInput
SetLayeredWindowAttributes
GetWindowLongW
SetWindowLongW
IsWindowVisible
GetWindowThreadProcessId
ShowWindow

advapi32

RegOpenKeyW
ConvertSidToStringSidW
LookupAccountNameW
AllocateAndInitializeSid
UnlockServiceDatabase
LockServiceDatabase
GetUserNameW
OpenSCManagerW
CloseServiceHandle
CryptDestroyKey
CryptImportKey
CryptSetHashParam
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CheckTokenMembership
FreeSid

shell32

CommandLineToArgvW
ShellExecuteExW
ShellExecuteA
ShellExecuteW
SHGetFolderPathW

ole32

CoTaskMemFree

winmm

timeGetTime

Sections

.text
Size: 682KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 555KB - Virtual size: 554KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7217d96268765276262cc48524c4e5c5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

ws2_32

kernel32

user32

advapi32

shell32

ole32

winmm

Sections

.text Size: 682KB - Virtual size: 681KB

.rdata Size: 149KB - Virtual size: 149KB

.data Size: 15KB - Virtual size: 29KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 555KB - Virtual size: 554KB

.reloc Size: 46KB - Virtual size: 45KB

.text
Size: 682KB - Virtual size: 681KB

.rdata
Size: 149KB - Virtual size: 149KB

.data
Size: 15KB - Virtual size: 29KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 555KB - Virtual size: 554KB

.reloc
Size: 46KB - Virtual size: 45KB