2024-08-25_cee60e3c0ea1e6892c543c8403f763f6_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-08-25_cee60e3c0ea1e6892c543c8403f763f6_mafia
Size

482KB
MD5

cee60e3c0ea1e6892c543c8403f763f6
SHA1

e8db4edd064822591b6b96d8369c96dbe2276df8
SHA256

0edb884d2780042397dd3d326dbc37134c71aa1ed55376f97257a9df35c94fd0
SHA512

c648c50f72fe33b7027b9fe122e56ea85423e243cfda4b90b154c82c7c06d8bbddc308f97383cf9d2317c1d54222aa906948176ca9147435d08b368b503aa0f8
SSDEEP

12288:vgFPQm6ozVrWgbo+3nvXikbkgaISKVZME4W7CY778Dht:o1QfopqgM+3nvXi6kgaINVD4W7CS7Yr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-25_cee60e3c0ea1e6892c543c8403f763f6_mafia

Files

2024-08-25_cee60e3c0ea1e6892c543c8403f763f6_mafia
.exe windows:5 windows x86 arch:x86

40fa097da0c2a76ab147c24768ce524c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
LoadResource
FindResourceW
FindResourceExW
GetNativeSystemInfo
GetVersion
OpenMutexA
GetModuleHandleA
CloseHandle
CreateMutexA
OpenEventA
IsProcessorFeaturePresent
WaitForSingleObject
OpenMutexW
GetTickCount
GetCurrentProcessId
GetDriveTypeW
GetModuleFileNameW
GetDriveTypeA
GetModuleFileNameA
GetProcessHeap
Sleep
GetProcessVersion
GetCurrentThreadId
GetLastError
WriteFile
GetSystemTime
CreateFileW
GetTempFileNameW
GetTempPathW
FlushInstructionCache
SizeofResource
InterlockedExchange
VirtualProtect
RemoveDirectoryW
DeleteFileW
ReadFile
CreateProcessW
CreateDirectoryW
VirtualAlloc
HeapAlloc
VirtualFree
HeapFree
FreeLibrary
GetCommandLineW
WriteConsoleW
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSection
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoW
LoadLibraryW
SetStdHandle
GetModuleHandleW
GetCurrentProcess
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
EncodePointer
DecodePointer
RaiseException
HeapReAlloc
HeapSetInformation
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapCreate
HeapDestroy
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime

user32

GetSysColor
MessageBoxW
GetDesktopWindow
GetSystemMetrics
GetCursor
GetDC
ReleaseDC
FindWindowW
GetWindowLongW
GetWindowInfo
GetSysColorBrush
GetFocus
GetForegroundWindow

gdi32

MoveToEx
GetStockObject

shlwapi

PathStripToRootA
PathStripToRootW

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40fa097da0c2a76ab147c24768ce524c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shlwapi

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 7KB - Virtual size: 15KB

.reloc Size: 11KB - Virtual size: 10KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 7KB - Virtual size: 15KB

.reloc
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB