2024-08-11_8b03aba76396db117930029eb5d6d613_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-08-11_8b03aba76396db117930029eb5d6d613_mafia
Size

1.1MB
MD5

8b03aba76396db117930029eb5d6d613
SHA1

cc83570bf440f075fc99ff7d1c91e90147293f56
SHA256

3198e00f58822a3648721124b589e5d4ec156e202fc4e1d52a063e6da600d381
SHA512

094ea7e8ba020bf5f6a0586eca232c0ca60039e2ec834d3678ee0b001f30bda8bb47a289348c31046deaee2eb698b657fe0c5e582ad9c8786f6c30d02debf3bd
SSDEEP

24576:8wVOLWrR7lHB+v0NqsZ5mb3Xebblpd5QlxZX/05:8wVOyRpHB9EzUbF5QlT/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-11_8b03aba76396db117930029eb5d6d613_mafia

Files

2024-08-11_8b03aba76396db117930029eb5d6d613_mafia
.exe windows:5 windows x86 arch:x86

391a75bcfac71f6279cf153ea0107857

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\amigo_28\src\build\Release\setup.exe.pdb

Imports

kernel32

ExpandEnvironmentStringsW
CreateProcessW
VirtualAllocEx
WriteProcessMemory
QueueUserAPC
TerminateProcess
LockResource
FreeResource
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
CreateEventW
ResumeThread
GlobalAlloc
SetEvent
ResetEvent
CreateThread
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
SetLastError
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
lstrlenW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
OpenProcess
WaitForSingleObject
CloseHandle
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
SetEnvironmentVariableA
CompareStringW
GetDriveTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
WriteConsoleW
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetHandleCount
HeapSize
HeapCreate
IsProcessorFeaturePresent
RtlUnwind
GetCPInfo
LCMapStringW
PeekNamedPipe
FileTimeToLocalFileTime
GetFileType
SetStdHandle
HeapReAlloc
GetProcessHeap
GetFullPathNameW
GetConsoleMode
GetConsoleCP
ExitProcess
GetStartupInfoW
ExitThread
HeapAlloc
HeapFree
UnhandledExceptionFilter
DecodePointer
EncodePointer
WideCharToMultiByte
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
InitializeCriticalSection
CreateSemaphoreW
RtlCaptureContext
LocalAlloc
LocalFree
InterlockedExchange
LoadLibraryA
DuplicateHandle
GetDateFormatW
GetFileInformationByHandle
GetExitCodeProcess
CreateFileW
VerifyVersionInfoW
VerSetConditionMask
GetShortPathNameW
MoveFileExW
GetFileAttributesExW
GetFileAttributesW
RemoveDirectoryW
InterlockedCompareExchange
ReadFile
SetFilePointer
SetFileTime
WriteFile
GetFileTime
GetSystemTimeAsFileTime
WTSGetActiveConsoleSessionId
IsDebuggerPresent
GetCurrentProcessId
GetTickCount
ReleaseMutex
DeleteFileW
CreateMutexW
OutputDebugStringA
FormatMessageA
GetModuleHandleA
CopyFileW
SetCurrentDirectoryW
CreateDirectoryW
FindClose
GetTempPathW
GetLongPathNameW
GetTempFileNameW
GetCurrentDirectoryW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
FindNextFileW
FindFirstFileW
GetProcessId
CreateToolhelp32Snapshot
VirtualQueryEx
HeapSetInformation
Process32NextW
Process32FirstW
GetStdHandle
AssignProcessToJobObject
GetCommandLineW
GetNativeSystemInfo
GetVersionExW
InterlockedExchangeAdd
GetUserDefaultLangID
GetEnvironmentVariableW
QueryPerformanceCounter
FileTimeToSystemTime
SetEnvironmentVariableW
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
RtlCaptureStackBackTrace
GetLocaleInfoW
GetUserDefaultUILanguage
Sleep
GetSystemDirectoryW
GetWindowsDirectoryW
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
WaitForMultipleObjects
ReleaseSemaphore
GetFileSize

gdi32

GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
TextOutW
GetTextExtentPoint32W
DeleteDC
GetStockObject
BitBlt

advapi32

GetUserNameW
RegQueryValueExW
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetFileSecurityW
RegEnumValueW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
CreateProcessAsUserW
ConvertSidToStringSidW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
TraceEvent
RegisterTraceGuidsW
RegEnumValueA
SetSecurityInfo
GetSecurityDescriptorSacl
LookupAccountSidW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegLoadKeyW
RegUnLoadKeyW

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoUninitialize
CLSIDFromString
CoCreateInstance
StringFromGUID2
PropVariantClear
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

OleLoadPicture
VarUI4FromStr
VariantClear
VariantInit
SysAllocString

user32

GetWindowThreadProcessId
UnregisterClassA
CallWindowProcW
SetRect
DefWindowProcW
GetDC
ReleaseDC
GetSysColor
InvalidateRect
GetUpdateRect
MessageBoxW
CreateDialogParamW
CreateWindowExW
RegisterClassExW
EndPaint
BeginPaint
DestroyWindow
FillRect
PostQuitMessage
LoadCursorW
GetClassInfoExW
MoveWindow
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
ShowWindow
GetWindowLongW
SetWindowLongW
FindWindowW
IsWindow
GetWindowRect
SendMessageTimeoutW
CharUpperW
SetWindowsHookExW
UnhookWindowsHookEx
LoadIconW
CallNextHookEx
EnumWindows
SetForegroundWindow

urlmon

CreateURLMonikerEx

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

ntohl

psapi

GetModuleFileNameExW

winmm

timeGetTime

shlwapi

SHCopyKeyW
SHDeleteEmptyKeyW
SHStrDupW
UrlCanonicalizeW
SHDeleteKeyW

Sections

.text
Size: 639KB - Virtual size: 639KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

391a75bcfac71f6279cf153ea0107857

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

advapi32

ole32

oleaut32

user32

urlmon

wtsapi32

userenv

version

ws2_32

psapi

winmm

shlwapi

Sections

.text Size: 639KB - Virtual size: 639KB

.rdata Size: 103KB - Virtual size: 103KB

.data Size: 7KB - Virtual size: 29KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 296KB - Virtual size: 295KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 639KB - Virtual size: 639KB

.rdata
Size: 103KB - Virtual size: 103KB

.data
Size: 7KB - Virtual size: 29KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 296KB - Virtual size: 295KB

.reloc
Size: 32KB - Virtual size: 32KB