2024-08-25_2b6b73a3829860eb8ce7015894cfb1b2_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-25_2b6b73a3829860eb8ce7015894cfb1b2_mafia
Size

266KB
MD5

2b6b73a3829860eb8ce7015894cfb1b2
SHA1

1119f3448b0ef984155919465bfcccc705538d22
SHA256

0466e3f3be6fc4a3eec4f975be0113035a660425b14ef8b27aacc073e702e85c
SHA512

7ffe6606be7d224c964c2d3205cd8c453c6b324b646a4528d8c7a2ab56655ff945f6099c65429540d10b098967eb8b49fbdd047593644bca840da768ddfa56ef
SSDEEP

6144:W+hrDFJjxOCKfQxddUG4tIEP+NVY4WdwfXhDR:W+xFJtOCHxUG4iEP+NW4WkR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-25_2b6b73a3829860eb8ce7015894cfb1b2_mafia

Files

2024-08-25_2b6b73a3829860eb8ce7015894cfb1b2_mafia
.exe windows:5 windows x86 arch:x86

c6df49c1b2ad0fb35ae4075521c2714e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
CreateProcessW
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
CreateDirectoryW
WaitForSingleObject
GetComputerNameW
GetLogicalDrives
VirtualFree
CreateRemoteThread
OpenProcess
GetSystemDirectoryW
WideCharToMultiByte
GetVolumeInformationA
VirtualFreeEx
Sleep
CopyFileW
ReadProcessMemory
GetSystemWow64DirectoryW
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
ReadFile
CreateFileW
MultiByteToWideChar
GetTempPathW
GetFileSizeEx
GetLastError
GetProcAddress
VirtualAlloc
MoveFileW
VirtualProtectEx
VirtualAllocEx
FindClose
GetLocalTime
LoadLibraryA
Process32FirstW
IsWow64Process
RemoveDirectoryW
Process32NextW
GetModuleHandleA
CreateMutexA
FindNextFileW
GetDriveTypeW
GetFileTime
GetFileAttributesExW
ReleaseMutex
GetDiskFreeSpaceExW
CloseHandle
GetWindowsDirectoryW
GetVersion
DeleteFileW
GetCurrentProcessId
WriteProcessMemory
ResumeThread
SetFileAttributesW
CreateThread
GetTickCount64
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
SetStdHandle
LoadLibraryW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
SetThreadErrorMode
SetThreadContext
FindFirstFileW
CreateMutexW
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleFileNameW
WriteFile
GetProcessHeap
ExitProcess
CreateToolhelp32Snapshot
GetThreadContext
HeapCreate
GetTimeZoneInformation
GetCurrentThreadId
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
GetFileType
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTimeFormatA
GetDateFormatA
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle

user32

GetWindowTextLengthW
GetMessageW
ShutdownBlockReasonCreate
TranslateMessage
GetForegroundWindow
RegisterClassExW
GetWindowTextW
DispatchMessageW
DefWindowProcW
ShutdownBlockReasonDestroy
CreateWindowExW

advapi32

AdjustTokenPrivileges
GetUserNameW
OpenProcessToken

shell32

SHGetKnownFolderPath
ShellExecuteW

ole32

CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance

oleaut32

VariantInit
VariantClear

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

urlmon

URLOpenBlockingStreamA

avicap32

capGetDriverDescriptionW

ws2_32

ioctlsocket
connect
WSAStartup
getaddrinfo
send
closesocket
__WSAFDIsSet
freeaddrinfo
socket
recv
WSACleanup
setsockopt
WSAGetLastError
select

wininet

DeleteUrlCacheEntryA

Sections

.text
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6df49c1b2ad0fb35ae4075521c2714e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

psapi

urlmon

avicap32

ws2_32

wininet

Sections

.text Size: 189KB - Virtual size: 188KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 189KB - Virtual size: 188KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 16KB - Virtual size: 16KB