2024-08-11_ba20c5cabec94dcfdf7211a489f05979_mafia_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-11_ba20c5cabec94dcfdf7211a489f05979_mafia_revil
Size

3.1MB
MD5

ba20c5cabec94dcfdf7211a489f05979
SHA1

381973cff5cc5659b866f8b179ef2421ffccaf9c
SHA256

5d2c8b5e6f6a742b8bf60014324e161c6d453c8dedaf525b8eaf8493a8557b69
SHA512

00ef983f00f585e3891b906e5e6186eecd87dead95b4056e86dcca0fe606700f9e53bb9aff28018a9b38c637b8fc26555b99e5c6dfe9abb95650ab8ed6a1f76d
SSDEEP

98304:BPfculTNak2hH2jiqTloxp9BdOXi80nAb:1ft4NhWjABWrKAb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-11_ba20c5cabec94dcfdf7211a489f05979_mafia_revil

Files

2024-08-11_ba20c5cabec94dcfdf7211a489f05979_mafia_revil
.exe windows:5 windows x86 arch:x86

bef1a707f7053c744a2f12ecaddb910e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetFileAttributesExW
FileTimeToSystemTime
SystemTimeToFileTime
ExpandEnvironmentStringsW
GetTempPathW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
WaitForSingleObject
VirtualQuery
EnumResourceNamesW
LoadLibraryExW
CreateMutexA
ReleaseMutex
TlsGetValue
GetThreadLocale
TlsSetValue
SetThreadLocale
TlsAlloc
MulDiv
GetModuleHandleA
LoadLibraryW
HeapFree
HeapAlloc
GetProcessHeap
Process32NextW
QueryFullProcessImageNameW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
lstrlenW
GetVolumeInformationW
GetSystemDirectoryW
GetComputerNameW
CompareStringW
ReadFile
WriteFile
SetFilePointer
GetFileSize
InitializeCriticalSection
DeleteCriticalSection
TryEnterCriticalSection
VerifyVersionInfoW
VerSetConditionMask
GetSystemInfo
GetVersionExW
IsWow64Process
FlushViewOfFile
OutputDebugStringA
WaitForSingleObjectEx
WideCharToMultiByte
UnmapViewOfFile
UnlockFileEx
UnlockFile
Sleep
SetEndOfFile
QueryPerformanceCounter
MultiByteToWideChar
MapViewOfFile
LockFileEx
LockFile
HeapValidate
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
GetVersionExA
GetTickCount
GetTempPathA
GetSystemTimeAsFileTime
GetSystemTime
FindFirstFileW
GetFullPathNameA
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
CreateFileA
AreFileApisANSI
CreateThread
GetLocaleInfoA
InterlockedCompareExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
EncodePointer
DecodePointer
RtlUnwind
ExitProcess
GetCommandLineW
HeapSetInformation
GetStartupInfoW
ExitThread
LCMapStringW
GetCPInfo
GetStdHandle
TlsFree
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
GetStringTypeExW
ReadConsoleInputA
SetConsoleMode
DeleteFileW
FindNextFileW
FindClose
OutputDebugStringW
GetModuleFileNameW
GetCurrentThread
GetDriveTypeW
LoadLibraryA
InterlockedExchange
FreeLibrary
GetCurrentDirectoryW
SetEvent
CloseHandle
CreateEventA
SetDllDirectoryW
SetDefaultDllDirectories
SetUnhandledExceptionFilter
GetLastError
FindResourceW
LoadResource
GetProcAddress
LocalFree
LocalAlloc
GetVersion
SleepEx
VerifyVersionInfoA
GetSystemDirectoryA
PeekNamedPipe
WaitForMultipleObjects
GlobalMemoryStatus
FlushConsoleInputBuffer
FileTimeToLocalFileTime
GetDriveTypeA
GetFullPathNameW
FindFirstFileExA
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GetUserDefaultUILanguage
GetLocaleInfoW
SetLastError
GlobalFree
CreateDirectoryW
CreateFileW
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
HeapCompact
RaiseException

shlwapi

SHStrDupW
StrChrIW
PathFileExistsW
ord487
PathGetArgsW
AssocQueryStringW

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy

advapi32

OpenProcessToken
OpenThreadToken
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegEnumValueW
RegCreateKeyExW
ConvertSidToStringSidW
GetTokenInformation
RegDeleteValueW
RegSetValueExW
LookupAccountNameW
RegCloseKey
DeregisterEventSource
ReportEventA
RegisterEventSourceA

dbghelp

MiniDumpWriteDump

shell32

SHGetFolderPathW
SHCreateDirectoryExW
SHGetPropertyStoreForWindow
ShellExecuteExW
SHEvaluateSystemCommandTemplate

ole32

PropVariantClear
CoInitializeEx
CoCreateGuid
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
SysAllocStringLen

rpcrt4

UuidToStringW
RpcStringFreeW

userenv

ExpandEnvironmentStringsForUserW

gdiplus

GdiplusStartup
GdiplusShutdown

gdi32

SetBkColor
GetStockObject
SetBkMode
SetTextColor
DeleteObject
CreateSolidBrush
CreateDIBSection
CreateBitmap
SelectObject
GetObjectW
DeleteDC
CreateFontIndirectW
GetDeviceCaps

ws2_32

sendto
getaddrinfo
WSACleanup
WSAStartup
WSAIoctl
setsockopt
freeaddrinfo
ntohs
bind
htons
getsockopt
accept
listen
send
ioctlsocket
gethostname
shutdown
recv
socket
select
htonl
WSAGetLastError
__WSAFDIsSet
WSASetLastError
ntohl
getpeername
getservbyname
closesocket
connect
recvfrom
gethostbyname
getsockname

wldap32

ord22
ord41
ord46
ord211
ord143
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord45
ord60
ord27
ord301
ord50

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 475KB - Virtual size: 474KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bef1a707f7053c744a2f12ecaddb910e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

comctl32

advapi32

dbghelp

shell32

ole32

oleaut32

rpcrt4

userenv

gdiplus

gdi32

ws2_32

wldap32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 475KB - Virtual size: 474KB

.data Size: 61KB - Virtual size: 81KB

.rsrc Size: 315KB - Virtual size: 314KB

.reloc Size: 152KB - Virtual size: 151KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 475KB - Virtual size: 474KB

.data
Size: 61KB - Virtual size: 81KB

.rsrc
Size: 315KB - Virtual size: 314KB

.reloc
Size: 152KB - Virtual size: 151KB