Mari[.]exe[.]vir

Sharing

Copy URL Twitter E-mail

General

Target

Mari.exe.vir
Size

4.5MB
MD5

db1f87e1039433bd861f4373c336c7b0
SHA1

6c09d587cb8cbd4ea78a9fa573a721dbdb7b9409
SHA256

09b187a1516da58c604027423c0c95c7de22ff223dfe87301907ce0c6f7193b6
SHA512

6523459e38e8e76b965d7f7077c0b25ebd38769b683f8f31bf88f2d548bd915ab842d97c1defa31a6a1ec98915700e857d58cab5c95d4bba6c70341087c33c3c
SSDEEP

98304:ZzYc5Zc4KvsLxvrqEcMylz0LsSLCTurcg0:ZzYcE4aEcMyJq8TurcH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Mari.exe.vir

Files

Mari.exe.vir
.exe windows:6 windows x64 arch:x64

ccb43d612a81c437eba1518b0a05f478

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetStringTypeW
GetStdHandle
ExitProcess
GetFileType
SetStdHandle
FindNextFileW
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
VirtualQuery
VirtualAlloc
GetSystemInfo
RtlUnwind
RtlPcToFileHeader
RtlUnwindEx
RaiseException
OutputDebugStringW
FindFirstFileExW
IsValidCodePage
GetEnvironmentStringsW
SetEnvironmentVariableW
CreateFileW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FreeEnvironmentStringsW
Sleep
SearchPathA
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
FindResourceExW
GetWindowsDirectoryA
SetErrorMode
LocalFileTimeToFileTime
GetFileSizeEx
GetFileAttributesExA
GetCurrentDirectoryA
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
FileTimeToSystemTime
GlobalFlags
GetACP
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SystemTimeToFileTime
ReplaceFileA
SetFileTime
GetFileTime
GetDiskFreeSpaceA
GetStringTypeExA
GetThreadLocale
lstrcmpiA
GetShortPathNameA
LoadLibraryExA
GetCurrentProcess
DuplicateHandle
GetVolumeInformationA
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
ResumeThread
SetThreadPriority
WaitForSingleObject
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
GetVersionExA
GetCurrentThread
GetCurrentProcessId
lstrcmpA
GetProfileIntA
GetTickCount64
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
CopyFileA
FormatMessageA
LocalFree
GlobalSize
MultiByteToWideChar
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
FindResourceA
GlobalFree
LoadLibraryW
GetModuleHandleExW
GetModuleFileNameW
SetLastError
OutputDebugStringA
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
GetModuleFileNameA
GetProcAddress
LoadLibraryA
lstrcpynA
GlobalAlloc
MulDiv
FindClose
MoveFileA
DeleteFileA
FindFirstFileA
WriteFile
GetTempFileNameA
lstrcatA
lstrcpyA
CloseHandle
ReadFile
CreateFileA
GetFileAttributesA
lstrlenA
GlobalUnlock
GlobalLock
FindResourceW
LoadResource
LockResource
SizeofResource
QueryPerformanceFrequency
WideCharToMultiByte
WriteConsoleW

user32

DefMDIChildProcA
DefFrameProcA
DrawMenuBar
IsRectEmpty
SetCursorPos
ClientToScreen
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
MapVirtualKeyA
GetKeyNameTextA
DestroyCursor
LoadCursorW
FillRect
SetRect
ReuseDDElParam
UnpackDDElParam
LoadImageA
DestroyIcon
GetWindowThreadProcessId
IntersectRect
SetRectEmpty
InsertMenuItemA
DestroyMenu
CreatePopupMenu
LoadMenuA
BringWindowToTop
InflateRect
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
SetDlgItemTextA
MoveWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
SetWindowLongA
PtInRect
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthA
GetWindowTextA
TranslateMDISysAccel
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
RegisterClipboardFormatA
BeginPaint
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetFocus
SetFocus
GetDlgCtrlID
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
LoadAcceleratorsW
LoadMenuW
GetMessageA
SendMessageA
EnableWindow
GetAsyncKeyState
GetClientRect
UpdateWindow
DefWindowProcA
PostMessageA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
RemoveMenu
AppendMenuA
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
GetParent
TranslateMessage
CharUpperA
ShowOwnedPopups
RealChildWindowFromPoint
GetSysColorBrush
GetMenuItemInfoA
CopyImage
MapDialogRect
UnionRect
DrawIcon
SetWindowRgn
GetTabbedTextExtentW
CreateMenu
IsZoomed
GetDesktopWindow
GetWindowLongA
GetSystemMetrics
WindowFromPoint
GetSystemMenu
DeleteMenu
SetParent
SystemParametersInfoA
RemovePropA
PostQuitMessage
CreateCaret
SetCaretPos
ShowCaret
HideCaret
GetSysColor
OffsetRect
IsWindow
InvalidateRect
GetDC
ReleaseDC
GetDlgItem
EnableScrollBar
GetCursorPos
ScreenToClient
SetCursor
LoadCursorA
ReleaseCapture
KillTimer
LoadAcceleratorsA
TranslateAcceleratorA
GetKeyState
SetCapture
SetTimer
IsClipboardFormatAvailable
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClipboardData
ShowWindow
MessageBoxA
UnregisterClassA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
SetActiveWindow
PostThreadMessageA
CopyAcceleratorTableA
GetWindowRgn
SubtractRect
GetUpdateRect
CharUpperBuffA
ModifyMenuA
GetDoubleClickTime
SetMenuDefaultItem
DestroyAcceleratorTable
CreateAcceleratorTableA
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
FrameRect
CopyIcon
DrawFrameControl
DrawEdge
SetClassLongPtrA
DrawStateA
EnumDisplayMonitors
SetLayeredWindowAttributes
NotifyWinEvent
InvertRect
MessageBeep
GetIconInfo
DrawIconEx
DrawFocusRect
GetNextDlgGroupItem
WaitMessage
LoadImageW
TrackMouseEvent
GetMenuDefaultItem
LockWindowUpdate
GetDCEx
EndPaint

gdi32

DPtoLP
CreatePen
GetStockObject
GetViewportOrgEx
PatBlt
Rectangle
CombineRgn
CreatePatternBrush
CreateRectRgn
CreateRectRgnIndirect
DeleteObject
GetMapMode
SetRectRgn
ExtTextOutA
CreateHatchBrush
CreateSolidBrush
Escape
ExcludeClipRect
GetClipBox
GetCurrentPositionEx
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
MoveToEx
SetAbortProc
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextMetricsA
CreateFontA
GetCharWidthA
StretchDIBits
GetBkColor
CreateEllipticRgn
Ellipse
CreateDIBSection
LPtoDP
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextColor
GetTextExtentPointA
GetTextExtentPoint32W
GetWindowOrgEx
GetTextFaceA
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
StretchBlt
SetDIBColorTable
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
AbortDoc
EndPage
StartPage
EndDoc
StartDocA
DeleteDC
CreateBitmap
SetTextColor
SetBkColor
CreateDCA
CopyMetaFileA
GetDeviceCaps
GetObjectA
GetTextExtentPoint32A
CreateFontIndirectA
BitBlt
TextOutA
CreateCompatibleDC
CreateCompatibleBitmap

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterA
GetJobA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegQueryValueA
RegEnumKeyExA
RegEnumValueA
GetFileSecurityA
SetFileSecurityA
RegOpenKeyExW
RegEnumKeyA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegSetValueA
RegCloseKey

shell32

SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ExtractIconA
SHAddToRecentDocs
DragFinish
DragQueryFileA
ShellExecuteA
DragAcceptFiles
SHAppBarMessage
SHGetFileInfoA
SHBrowseForFolderA

comctl32

ImageList_Draw

shlwapi

PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW
StrFormatKBSizeA

uxtheme

GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeText
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeParentBackground

ole32

CoDisconnectObject
CreateStreamOnHGlobal
CoInitializeEx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoRevokeClassObject
CoRegisterMessageFilter
CoInitialize
CoCreateInstance
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
CoUninitialize
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
OleLockRunning

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
VariantCopy
VarBstrFromDate
LoadTypeLi
SysAllocString
SysAllocStringByteLen
VariantChangeType
VariantClear
VariantInit
SysFreeString

oledlg

ord8

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 595KB - Virtual size: 595KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccb43d612a81c437eba1518b0a05f478

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 595KB - Virtual size: 595KB

.data Size: 1.8MB - Virtual size: 1.8MB

.pdata Size: 95KB - Virtual size: 95KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 142KB - Virtual size: 141KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 595KB - Virtual size: 595KB

.data
Size: 1.8MB - Virtual size: 1.8MB

.pdata
Size: 95KB - Virtual size: 95KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 142KB - Virtual size: 141KB