2024-08-24_dea6379981d0acc387cde40b04d602ff_mafia_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-24_dea6379981d0acc387cde40b04d602ff_mafia_revil
Size

2.3MB
MD5

dea6379981d0acc387cde40b04d602ff
SHA1

43127635c78d15eeb26a9c6e7f960d98c04ff174
SHA256

88431260da0b7bc750ae8b7ac611daf834668a3e494e90ad895e80d0131afb16
SHA512

bcad8442eeff4186d864f9f5878198d4865d5bfa9d473b39b6fa817711df33823fa1df953f208f107c381b5859eea5051ccb066100b9711f794080a6c7b7b081
SSDEEP

49152:G0garXHTBpYWrMGnMRDR/zzj67qDvCR4V35+6/KmpPnmLsHjhjUuu6Z8QE6wa4AX:sYHNpYWrM7Rtzzj67kvCR4V3rXnmLs98

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-24_dea6379981d0acc387cde40b04d602ff_mafia_revil

Files

2024-08-24_dea6379981d0acc387cde40b04d602ff_mafia_revil
.exe windows:5 windows x86 arch:x86

6d70374d4412c562bea19804b0ea2dba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\src\亚信\Pro\RemoteAppClient\Release\RemoteAppClient.pdb

Imports

kernel32

WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
LoadResource
SizeofResource
CreateFileA
SetConsoleMode
ReadConsoleInputA
FlushConsoleInputBuffer
LoadLibraryA
GlobalMemoryStatus
GetVersion
GetModuleHandleA
GetConsoleMode
GetConsoleCP
LockResource
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
GetCurrentProcess
CreateFileW
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
CreateMutexW
FreeLibrary
LoadLibraryExW
CreateDirectoryW
GetModuleHandleW
GetPrivateProfileStringW
WriteFile
Sleep
FormatMessageW
GetModuleFileNameW
MultiByteToWideChar
GetLastError
LocalFree
CreateProcessW
ConnectNamedPipe
OutputDebugStringW
CreateNamedPipeW
ReadFile
WideCharToMultiByte
lstrlenW
SetLastError
DeactivateActCtx
ActivateActCtx
FreeResource
GlobalFree
GlobalUnlock
GlobalLock
MulDiv
GlobalAlloc
GlobalSize
CopyFileW
lstrcmpW
LoadLibraryW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CompareStringW
GetProcAddress
GetVersionExW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
InterlockedIncrement
GetThreadLocale
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
InterlockedExchange
GetLocaleInfoW
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetCurrentThread
lstrcmpA
GetPrivateProfileIntW
WritePrivateProfileStringW
SetThreadPriority
ResumeThread
WaitForSingleObject
CreateActCtxW
ReleaseActCtx
InterlockedDecrement
lstrlenA
InitializeCriticalSection
GlobalFlags
GetSystemDirectoryW
lstrcpyW
GlobalGetAtomNameW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCurrentDirectoryW
FindClose
FindFirstFileW
GetFileAttributesExW
GetFileAttributesW
GetFileSizeEx
GetFileTime
lstrcmpiW
DeleteFileW
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetTempFileNameW
GetTempPathW
GetWindowsDirectoryW
GetNumberFormatW
GetTickCount
GetProfileIntW
SearchPathW
SetErrorMode
VirtualProtect
GetUserDefaultLCID
FindResourceExW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
ExitThread
CreateThread
ExitProcess
RtlUnwind
HeapReAlloc
RaiseException
HeapQueryInformation
HeapSize
SetStdHandle
GetFileType
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetTimeZoneInformation
LCMapStringW
FindResourceW

user32

ReleaseCapture
WindowFromPoint
SetCapture
SetWindowRgn
DeleteMenu
IntersectRect
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
GetMessageW
SetWindowContextHelpId
MapDialogRect
MapVirtualKeyW
GetKeyNameTextW
ShowOwnedPopups
SetCursor
PostQuitMessage
OffsetRect
CharNextW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
MessageBeep
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
CopyRect
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
RemoveMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
IsWindow
ScreenToClient
ClientToScreen
PtInRect
GetWindowRgn
GetWindowThreadProcessId
GetLastActivePopup
EnableWindow
SetForegroundWindow
SetTimer
MessageBoxA
GetProcessWindowStation
IsWindowEnabled
GetWindowTextLengthW
GetWindowTextW
GetScrollPos
SetScrollPos
GetWindow
GetWindowLongW
SetFocus
GetWindowRect
LoadMenuW
GetSubMenu
UpdateWindow
FillRect
DrawStateW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
NotifyWinEvent
GetAsyncKeyState
IsZoomed
CharUpperW
IsRectEmpty
UnionRect
EnableScrollBar
UpdateLayeredWindow
MonitorFromPoint
IsMenu
SetMenuDefaultItem
GetMenuDefaultItem
CopyImage
CopyAcceleratorTableW
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetSystemMenu
IsIconic
KillTimer
DrawIcon
GetClientRect
SetRect
InvalidateRgn
WaitMessage
DestroyIcon
GetNextDlgGroupItem
UnregisterClassW
SetParent
SetScrollInfo
DestroyAcceleratorTable
GetUserObjectInformationW
MessageBoxW
DispatchMessageW
PeekMessageW
TranslateMessage
SetClipboardViewer
SendMessageW
GetSystemMetrics
CreatePopupMenu
GetCursorPos
GetClassNameW
AppendMenuW
InvalidateRect
LoadIconW
EnumWindows
DestroyCursor
SubtractRect
MapVirtualKeyExW
IsCharLowerW
GetDoubleClickTime
GetUpdateRect
IsClipboardFormatAvailable
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
PostThreadMessageW
CharUpperBuffW
CopyIcon
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
FrameRect
RegisterClipboardFormatW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
LoadImageW
GetIconInfo
HideCaret
InvertRect
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
GetMenu
SetClassLongW

gdi32

SetPixelV
GetTextFaceW
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
SetPaletteEntries
ExtFloodFill
EnumFontFamiliesExW
Rectangle
SetPixel
StretchBlt
SetDIBColorTable
OffsetRgn
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
Polygon
Ellipse
Polyline
CreateEllipticRgn
CreatePolygonRgn
GetRgnBox
DPtoLP
GetMapMode
CombineRgn
SetRectRgn
CreateDIBSection
CreateRoundRectRgn
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
CreateCompatibleBitmap
CreateDIBitmap
GetTextExtentPoint32W
CreateFontIndirectW
PatBlt
CreateRectRgnIndirect
GetTextColor
GetBkColor
CreateHatchBrush
CreatePen
GetObjectType
SelectPalette
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
GetDeviceCaps
GetStockObject
GetObjectW
CreateSolidBrush
DeleteObject
CreateBitmap

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegEnumKeyExW
RegEnumValueW

shell32

Shell_NotifyIconW
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
ShellExecuteW
DragQueryFileW
DragFinish
SHAppBarMessage

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFileExistsW
PathRemoveFileSpecW

ole32

CoCreateInstance
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
DoDragDrop
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoInitializeEx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysStringLen
VariantCopy
OleCreateFontIndirect
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
VariantInit
VariantChangeType
SysAllocStringLen
VariantClear
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream

dbghelp

MiniDumpWriteDump

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Exports

Exports

asia_decryption
asia_encryption

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d70374d4412c562bea19804b0ea2dba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

dbghelp

version

oleacc

imm32

winmm

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 441KB - Virtual size: 440KB

.data Size: 30KB - Virtual size: 73KB

.rsrc Size: 80KB - Virtual size: 79KB

.reloc Size: 200KB - Virtual size: 199KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 441KB - Virtual size: 440KB

.data
Size: 30KB - Virtual size: 73KB

.rsrc
Size: 80KB - Virtual size: 79KB

.reloc
Size: 200KB - Virtual size: 199KB