2024-08-29_aeab6a2c713bed8af634cab6bdd4a9df_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-29_aeab6a2c713bed8af634cab6bdd4a9df_mafia
Size

1.7MB
MD5

aeab6a2c713bed8af634cab6bdd4a9df
SHA1

7a7253f7b7b83fe7ba428af0ea7df8d9fb470728
SHA256

bd6df78eef8f8a3d3c5d063aaeb4f856ee9ec251937a7a3485d7ce7be2ea17f5
SHA512

66c419079dd06f54db1c5501ac67aab5dbefaed8400ad98ade7a6c9d5d500ea207e9391cd6f719f1d24be493b00be61dd0ac1158a972dd8536dcfddb4bbc9e3a
SSDEEP

49152:DFVZsfht6w7YUMBH1hPkHZtfNS+dIeVBp/90DLQVzeKj0Z8LL4clM:piR7YUCBkHffw+dIehzeKj0Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-29_aeab6a2c713bed8af634cab6bdd4a9df_mafia

Files

2024-08-29_aeab6a2c713bed8af634cab6bdd4a9df_mafia
.exe windows:5 windows x86 arch:x86

9b992bfda682199bb9c46e95ff7a4343

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\func_powerwordassistv2_4_2017041\Build\Release\PowerWordAssist\bin\windowmsgserver32.pdb

Imports

kernel32

SetEvent
CreateEventW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
GetCurrentProcessId
QueryDosDeviceW
GetModuleFileNameW
IsWow64Process
Sleep
MultiByteToWideChar
CreateMutexW
GetLastError
GetNativeSystemInfo
CreateProcessW
WaitForSingleObject
GetModuleHandleW
WideCharToMultiByte
GetCurrentProcess
LoadLibraryW
GetProcAddress
lstrlenW
SetConsoleMode
ReadConsoleInputA
FlushConsoleInputBuffer
GetVersionExA
GlobalMemoryStatus
GetVersion
GetModuleHandleA
InterlockedExchange
ResumeThread
WaitForMultipleObjects
CreateFileW
GetProcessHeap
SetEndOfFile
lstrlenA
InterlockedDecrement
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
GetTimeZoneInformation
WriteConsoleW
SetConsoleCtrlHandler
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
GetCurrentDirectoryW
SetLastError
GetTickCount
SleepEx
VerifyVersionInfoW
VerSetConditionMask
FormatMessageA
ReadFile
PeekNamedPipe
GetFileType
GetStdHandle
FreeLibrary
ExpandEnvironmentStringsA
CreateDirectoryW
GetFileAttributesW
LoadLibraryA
DeviceIoControl
CreateFileA
CreateThread
GetVersionExW
InterlockedIncrement
EncodePointer
DecodePointer
LocalFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
GetCurrentThreadId
HeapReAlloc
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
SetFilePointer
FindClose
GetDriveTypeA
FindFirstFileExA
GetFileAttributesA
LCMapStringW
GetCPInfo
SetUnhandledExceptionFilter
ExitProcess
WriteFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapCreate
QueryPerformanceCounter
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
GetFullPathNameA

user32

LoadCursorW
GetSystemMetrics
SetTimer
UpdateWindow
ShowWindow
CreateWindowExW
GetWindowThreadProcessId
IsWindow
FindWindowW
GetWindowRect
SetWindowPos
LoadIconW
RegisterClassW
GetMessageW
TranslateMessage
wsprintfW
GetForegroundWindow
KillTimer
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
PostMessageW
GetWindowTextA
PostQuitMessage
IsZoomed
DestroyWindow
DefWindowProcW
DispatchMessageW

gdi32

GetStockObject

shell32

SHAppBarMessage
SHGetSpecialFolderPathW
ShellExecuteW

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

advapi32

DeregisterEventSource
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
ReportEventA
RegisterEventSourceA

windowmsghelper32

UninstallHook
InstallHook

xmlwrapper

GetXmlWrapperInstanceForC

ole32

CoInitialize
CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket

wldap32

ord41
ord27
ord301
ord167
ord147
ord79
ord142
ord127
ord133
ord26
ord208
ord216
ord145
ord14
ord118
ord46

ws2_32

connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
socket
ioctlsocket
gethostname
inet_ntoa
gethostbyname
WSACleanup
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
listen
WSAStartup
shutdown

Sections

.text
Size: 1013KB - Virtual size: 1012KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.MD5
Size: 512B - Virtual size: 16B

Sharing

General

Malware Config

Signatures

Files

9b992bfda682199bb9c46e95ff7a4343

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

oleaut32

advapi32

windowmsghelper32

xmlwrapper

ole32

wldap32

ws2_32

Sections

.text Size: 1013KB - Virtual size: 1012KB

.rdata Size: 288KB - Virtual size: 287KB

.data Size: 43KB - Virtual size: 60KB

.rsrc Size: 317KB - Virtual size: 317KB

.reloc Size: 64KB - Virtual size: 63KB

.MD5 Size: 512B - Virtual size: 16B

.text
Size: 1013KB - Virtual size: 1012KB

.rdata
Size: 288KB - Virtual size: 287KB

.data
Size: 43KB - Virtual size: 60KB

.rsrc
Size: 317KB - Virtual size: 317KB

.reloc
Size: 64KB - Virtual size: 63KB

.MD5
Size: 512B - Virtual size: 16B