2024-08-10_190ef5c6391384e749941a2cebddde6f_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-10_190ef5c6391384e749941a2cebddde6f_mafia
Size

393KB
MD5

190ef5c6391384e749941a2cebddde6f
SHA1

5273fcf7e56db5dd6ec9376725d4a653bf39d2eb
SHA256

7dd82bc54fbaaa9a43b69fe29e24d6606d734598154b32b48c2fadc80a87af72
SHA512

75798aa1d467d3be35b35041dd899ee284a01e31ef56adf8446edc98bf3c067751afb278cbfde858bac742bbbb782bd62eaf105142f3d6e2d43e35d623548c95
SSDEEP

6144:lttUqvRCjIhjsvFM1ySB7OVrFE1dHT9KgWyBL23DNYC0caz2nJDpMW:lfB5CjqjsvKObE1lT9KcL0xN0ccW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-10_190ef5c6391384e749941a2cebddde6f_mafia

Files

2024-08-10_190ef5c6391384e749941a2cebddde6f_mafia
.exe windows:5 windows x86 arch:x86

ad3b5b90c690e8a9beb429029493c43d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Toolbar\Toolbar6.0_20131231\Bin\TBUpdate.pdb

Imports

kernel32

GetModuleHandleW
GetVersionExW
GetTickCount
Sleep
GetACP
SetEvent
OpenEventW
TerminateThread
ResetEvent
CreateThread
CreateEventW
WaitForMultipleObjects
CopyFileW
LockResource
CreateProcessW
InitializeCriticalSection
LeaveCriticalSection
InterlockedExchange
EnterCriticalSection
DeleteCriticalSection
lstrcmpW
InterlockedCompareExchange
RaiseException
SizeofResource
LoadResource
FindResourceW
FindResourceExW
WTSGetActiveConsoleSessionId
OutputDebugStringW
DeleteFileW
OutputDebugStringA
FindNextFileW
GetLocalTime
FindClose
GetModuleFileNameW
GetExitCodeProcess
WaitForSingleObject
MoveFileExW
FindFirstFileW
CreateMutexW
ProcessIdToSessionId
GetTempPathW
MultiByteToWideChar
GetFileAttributesW
lstrcpynW
LoadLibraryW
WideCharToMultiByte
VirtualQuery
SetEndOfFile
GetSystemDirectoryW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
Process32NextW
CreateDirectoryW
lstrlenA
LocalFree
CloseHandle
LoadLibraryA
GetProcAddress
GetLastError
lstrlenW
ReadFile
FreeLibrary
TryEnterCriticalSection
CreateFileA
GetVersion
RemoveDirectoryW
GetWindowsDirectoryW
GetShortPathNameW
GetLongPathNameW
GetWindowsDirectoryA
GetShortPathNameA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
HeapFree
EncodePointer
DecodePointer
InterlockedDecrement
GetCPInfo
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InterlockedIncrement
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapAlloc
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
HeapCreate
HeapDestroy
ExitProcess
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
LCMapStringW
GetStringTypeW
GetLocaleInfoW
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
RtlUnwind
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleW
CreateFileW
GetProcessHeap

user32

wsprintfW

advapi32

RegOpenKeyW
GetTokenInformation
OpenProcessToken
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
ControlService
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DuplicateTokenEx
LookupPrivilegeValueW
CreateProcessAsUserW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoTaskMemFree
CoCreateInstance
CoCreateGuid
CoUninitialize
StringFromIID
CoInitialize

shlwapi

PathIsDirectoryW
SHGetValueW
PathAppendW
PathStripToRootW
PathRemoveFileSpecW
PathFindExtensionW
wnsprintfA
PathAppendA
PathRemoveBackslashW
SHSetValueW
wnsprintfW
SHDeleteKeyW
PathRemoveBlanksW
PathFileExistsW

wininet

InternetCrackUrlW
DeleteUrlCacheEntryW

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

wtsapi32

WTSQueryUserToken

userenv

ExpandEnvironmentStringsForUserW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad3b5b90c690e8a9beb429029493c43d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

wininet

urlmon

wtsapi32

userenv

version

Sections

.text Size: 240KB - Virtual size: 239KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 23KB - Virtual size: 39KB

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 240KB - Virtual size: 239KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 23KB - Virtual size: 39KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 23KB - Virtual size: 23KB