Static task
static1
Behavioral task
behavioral1
Sample
2024-08-25_32853841aa06b09e2fb129f06686e79a_mafia.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2024-08-25_32853841aa06b09e2fb129f06686e79a_mafia.exe
Resource
win10v2004-20240802-en
General
-
Target
2024-08-25_32853841aa06b09e2fb129f06686e79a_mafia
-
Size
273KB
-
MD5
32853841aa06b09e2fb129f06686e79a
-
SHA1
29ad73b6ed0a7262deae1293ccaa09455e625e2e
-
SHA256
5bb0dac986d775660b64463c68cbd36ec3eeb214c794b28edf734a0b0b2e13ea
-
SHA512
91a3b94d2d4cbd66a0549b64fbaf684287ef41a32de005c72f22176763e256ddddefef725d3cab282371c5ff94720ddba75772f6cdbb2b48b98ebb6e9a8fcc65
-
SSDEEP
6144:W+hrDFJjxOCKfQxddUG4tIEP+NVY4WdwfXhDdzR:W+xFJtOCHxUG4iEP+NW4WkX
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-08-25_32853841aa06b09e2fb129f06686e79a_mafia
Files
-
2024-08-25_32853841aa06b09e2fb129f06686e79a_mafia.exe windows:5 windows x86 arch:x86
c6df49c1b2ad0fb35ae4075521c2714e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetErrorMode
CreateProcessW
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
CreateDirectoryW
WaitForSingleObject
GetComputerNameW
GetLogicalDrives
VirtualFree
CreateRemoteThread
OpenProcess
GetSystemDirectoryW
WideCharToMultiByte
GetVolumeInformationA
VirtualFreeEx
Sleep
CopyFileW
ReadProcessMemory
GetSystemWow64DirectoryW
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
ReadFile
CreateFileW
MultiByteToWideChar
GetTempPathW
GetFileSizeEx
GetLastError
GetProcAddress
VirtualAlloc
MoveFileW
VirtualProtectEx
VirtualAllocEx
FindClose
GetLocalTime
LoadLibraryA
Process32FirstW
IsWow64Process
RemoveDirectoryW
Process32NextW
GetModuleHandleA
CreateMutexA
FindNextFileW
GetDriveTypeW
GetFileTime
GetFileAttributesExW
ReleaseMutex
GetDiskFreeSpaceExW
CloseHandle
GetWindowsDirectoryW
GetVersion
DeleteFileW
GetCurrentProcessId
WriteProcessMemory
ResumeThread
SetFileAttributesW
CreateThread
GetTickCount64
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
SetStdHandle
LoadLibraryW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
SetThreadErrorMode
SetThreadContext
FindFirstFileW
CreateMutexW
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleFileNameW
WriteFile
GetProcessHeap
ExitProcess
CreateToolhelp32Snapshot
GetThreadContext
HeapCreate
GetTimeZoneInformation
GetCurrentThreadId
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
GetFileType
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTimeFormatA
GetDateFormatA
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
user32
GetWindowTextLengthW
GetMessageW
ShutdownBlockReasonCreate
TranslateMessage
GetForegroundWindow
RegisterClassExW
GetWindowTextW
DispatchMessageW
DefWindowProcW
ShutdownBlockReasonDestroy
CreateWindowExW
advapi32
AdjustTokenPrivileges
GetUserNameW
OpenProcessToken
shell32
SHGetKnownFolderPath
ShellExecuteW
ole32
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
oleaut32
VariantInit
VariantClear
psapi
GetProcessImageFileNameW
GetModuleFileNameExW
urlmon
URLOpenBlockingStreamA
avicap32
capGetDriverDescriptionW
ws2_32
ioctlsocket
connect
WSAStartup
getaddrinfo
send
closesocket
__WSAFDIsSet
freeaddrinfo
socket
recv
WSACleanup
setsockopt
WSAGetLastError
select
wininet
DeleteUrlCacheEntryA
Sections
.text Size: 189KB - Virtual size: 188KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ