2024-08-25_193e412bd67b6849f48327f9341f7197_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-08-25_193e412bd67b6849f48327f9341f7197_mafia
Size

4.8MB
MD5

193e412bd67b6849f48327f9341f7197
SHA1

1272af866a73aab59ba71761efa257b9148ce46c
SHA256

3cd150100b0070d9a122925b8c17aa6f74b4b59cbcfba2110d435a1a20c8653c
SHA512

03f8341449ba1f7fc9cfd2d6d6be5c15f96f4cbfa1221ca5fdb5cf0a7f81a22e1975051b78ee18a8020f2f9ef1013ee92e87b427db90949850254436c6aa1386
SSDEEP

98304:SRhW+adzNhxxyMmaRhW+adzNhxxyM0RwfwLnty0X9YQvamKh4:SvMmavM0dhX9Ybmp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-25_193e412bd67b6849f48327f9341f7197_mafia

Files

2024-08-25_193e412bd67b6849f48327f9341f7197_mafia
.exe windows:5 windows x86 arch:x86

f2c228fda3d2f109113bc74c0ac0db1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BranchAI\win\Release\stubs\x86\ExternalUi.pdb

Imports

kernel32

GlobalUnlock
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
CompareStringW
GetDriveTypeW
lstrcmpiW
GetVersionExW
lstrlenW
FreeLibrary
LoadLibraryW
CreateDirectoryW
GetCurrentProcessId
GetExitCodeThread
SetEvent
CreateEventW
GlobalLock
GlobalAlloc
lstrcmpW
GetFileSize
SetStdHandle
WriteConsoleW
WriteConsoleA
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
SetLastError
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
ReadFile
LCMapStringA
GetCPInfo
RtlUnwind
ExitProcess
TlsFree
TlsSetValue
LoadLibraryA
TlsGetValue
GetStartupInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
PeekNamedPipe
OpenEventW
SearchPathW
GetLocaleInfoA
GetStringTypeW
ConnectNamedPipe
CreateNamedPipeW
ResetEvent
MoveFileW
TerminateThread
GetSystemDirectoryW
GetLocalTime
OutputDebugStringW
GlobalMemoryStatus
GetVersion
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetWindowsDirectoryW
GetUserDefaultLangID
GetSystemDefaultLangID
GlobalFree
GetTempPathW
GetTempPathA
GetSystemTime
GetTempFileNameW
DeleteFileW
GetTempFileNameA
DeleteFileA
FindFirstFileW
RemoveDirectoryW
FindNextFileW
GetLogicalDriveStringsW
GetFileAttributesW
CreateFileA
SetFileAttributesW
WaitForMultipleObjects
GetSystemInfo
InterlockedExchange
WideCharToMultiByte
LoadLibraryExW
MultiByteToWideChar
FindClose
CopyFileW
LCMapStringW
GetDiskFreeSpaceExW
Sleep
GetLastError
GetCurrentThreadId
WaitForSingleObject
MulDiv
lstrcpynW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLocaleInfoW
EnumResourceLanguagesW
SetEndOfFile
SetCurrentDirectoryW
GetCommandLineW
UnlockFile
LockFile
GetExitCodeProcess
CreateProcessA
CreateProcessW
LeaveCriticalSection
DuplicateHandle
GetModuleFileNameA
FlushFileBuffers
SetFilePointer
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleTextAttribute
GetFullPathNameW
GetCurrentThread
GetEnvironmentVariableW
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleHandleW
GetProcAddress
RaiseException
FlushInstructionCache
GetCurrentProcess
CloseHandle
WriteFile
CreateFileW
GetFileType
TlsAlloc
GetShortPathNameW
LocalAlloc
FormatMessageW
CreateThread
SetUnhandledExceptionFilter
LocalFree

user32

GetWindow
GetClientRect
GetWindowTextW
GetWindowTextLengthW
FillRect
IsWindow
ShowWindow
GetWindowRect
UnionRect
GetParent
BeginPaint
EndPaint
ScreenToClient
SetWindowPos
GetWindowDC
LookupIconIdFromDirectoryEx
CallWindowProcW
DefWindowProcW
GetWindowLongW
IsWindowVisible
MapWindowPoints
SetWindowLongW
SendMessageW
DrawFrameControl
RegisterWindowMessageW
InvalidateRgn
GetDesktopWindow
GetKeyState
DrawStateW
DrawTextExW
DrawFocusRect
ValidateRect
DestroyMenu
AppendMenuW
CreatePopupMenu
TrackPopupMenu
InflateRect
LoadBitmapW
MessageBeep
LoadImageW
CharNextW
GetClassNameW
ReleaseCapture
SetCapture
UpdateWindow
DestroyIcon
GetDlgCtrlID
GetCapture
SetScrollInfo
GetScrollPos
GetClassInfoExW
RegisterClassExW
DrawEdge
SetScrollPos
SetRect
MoveWindow
GetScrollInfo
GetMessagePos
SystemParametersInfoW
GetActiveWindow
TrackMouseEvent
GetAsyncKeyState
DestroyCursor
GetWindowRgn
IsZoomed
SetWindowRgn
GetComboBoxInfo
DestroyAcceleratorTable
CreateAcceleratorTableW
TranslateAcceleratorW
CreateDialogParamW
EndDialog
DialogBoxParamW
InvalidateRect
GetNextDlgTabItem
SetCursor
MonitorFromWindow
GetMonitorInfoW
IsDialogMessageW
IsChild
PostQuitMessage
PostMessageW
SetForegroundWindow
SetCursorPos
GetCursorPos
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
LoadStringW
MessageBoxW
GetFocus
EnableWindow
DestroyWindow
GetForegroundWindow
EnumWindows
GetWindowThreadProcessId
DialogBoxIndirectParamW
MsgWaitForMultipleObjects
GetPropW
GetSystemMenu
EnableMenuItem
ModifyMenuW
FindWindowW
ExitWindowsEx
GetScrollRange
SetPropW
RemovePropW
LoadMenuW
GetSubMenu
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
GetIconInfo
SendMessageTimeoutW
UnregisterClassA
DrawTextW
DrawIconEx
GetSystemMetrics
ClientToScreen
OffsetRect
SetRectEmpty
PtInRect
GetSysColorBrush
IntersectRect
IsRectEmpty
SendMessageA
IsWindowEnabled
CopyRect
RedrawWindow
SetFocus
GetSysColor
CreateWindowExW
GetDlgItem
SetWindowTextW
EqualRect
SetTimer
KillTimer
GetDC
ReleaseDC
CreateIconFromResourceEx

gdi32

GetLayout
GetBrushOrgEx
CreateFontIndirectW
CreateSolidBrush
GetRgnBox
EqualRgn
CreatePolygonRgn
CreateRectRgnIndirect
GetStockObject
CreateFontW
SetBkMode
SetTextColor
SetBrushOrgEx
CreatePatternBrush
FillRgn
SelectClipRgn
GetBitmapBits
CreateRectRgn
GetObjectW
GetDeviceCaps
Rectangle
ExcludeClipRect
CreatePen
ExtTextOutW
SetBkColor
BitBlt
SetViewportOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
SelectObject
DeleteDC
CreateDIBSection
CreateBitmapIndirect
CombineRgn

advapi32

RegOpenKeyW
LookupPrivilegeValueW
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
GetSecurityDescriptorDacl
StartServiceW
QueryServiceStatus
OpenServiceW
RegDeleteValueA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExA
OpenSCManagerW
LockServiceDatabase
UnlockServiceDatabase
CloseServiceHandle
RegOpenKeyExA
RegEnumValueA
AdjustTokenPrivileges
RegCreateKeyW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
RegDeleteKeyA
RegCreateKeyA

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderLocation

ole32

CoTaskMemRealloc
CoTaskMemFree
CoInitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
OleUninitialize
CoUninitialize
CoCreateGuid
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoInitializeEx
CoTaskMemAlloc

oleaut32

VarUI4FromStr
VarDateFromStr
OleLoadPicture
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
VariantCopy
VariantInit
VariantClear
SysAllocString
SysFreeString

dbghelp

SymGetLineFromAddr
SymSetSearchPath
SymCleanup
SymInitialize
SymSetOptions
SymFunctionTableAccess
StackWalk
SymGetModuleBase

shlwapi

PathAddBackslashW
PathIsUNCW
PathIsDirectoryW
PathFileExistsW

comctl32

ImageList_Create
PropertySheetW
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_LoadImageW
ImageList_GetIcon
ImageList_AddMasked
ImageList_SetBkColor
_TrackMouseEvent
ImageList_Add
ImageList_ReplaceIcon
ImageList_Destroy
CreatePropertySheetPageW

msimg32

TransparentBlt
AlphaBlend

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetUserGetLocalGroups
NetApiBufferFree
NetLocalGroupGetMembers

secur32

GetUserNameExW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2c228fda3d2f109113bc74c0ac0db1b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dbghelp

shlwapi

comctl32

msimg32

version

netapi32

secur32

comdlg32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 250KB - Virtual size: 250KB

.data Size: 13KB - Virtual size: 39KB

.rsrc Size: 86KB - Virtual size: 85KB

.reloc Size: 97KB - Virtual size: 96KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 250KB - Virtual size: 250KB

.data
Size: 13KB - Virtual size: 39KB

.rsrc
Size: 86KB - Virtual size: 85KB

.reloc
Size: 97KB - Virtual size: 96KB