2024-09-01_19f24845b2cbfb4bbf30008672d64977_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-01_19f24845b2cbfb4bbf30008672d64977_mafia
Size

789KB
MD5

19f24845b2cbfb4bbf30008672d64977
SHA1

d4d1ef52a861bee5a525ff455df076dfb8eadb07
SHA256

80b2cf4dc6972167c29984228f35acc28b0e431ad2198cea9862dd4014087e34
SHA512

8c5842ed6a1250e904a6067ed0fa53ebc9fa4eebf72114c246534896367cd81dbe574aabe2c2685aa71f8eb78cf96203fb645f4aa6b6bb69b6d768652376a7b9
SSDEEP

12288:YxJHmAii28P2Rk00yTLy1Uekjg21mT5tGbFUJz8IumLC8xQIOaveAuC7IX8TUHOf:SmnAxVMy1U3UJzH/YIOXCTUHD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-01_19f24845b2cbfb4bbf30008672d64977_mafia

Files

2024-09-01_19f24845b2cbfb4bbf30008672d64977_mafia
.exe windows:5 windows x86 arch:x86

6a547f5f3bc32ad5ff910c3aa2131aa5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\SicentCI\jenkins-slave\workspace\advflow2\xIcon\Bin\Release\ShellExe\ShellExe.pdb

Imports

iphlpapi

GetAdaptersInfo

advapi32

CryptReleaseContext
GetUserNameA
OpenProcessToken
CryptGenRandom
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextA
CryptImportKey
CryptEncrypt
LookupAccountNameA
CryptHashData
ConvertSidToStringSidA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
CryptDestroyKey
CryptGetHashParam
CryptDestroyHash
CryptCreateHash

ws2_32

accept
listen
WSAGetLastError
gethostname
htonl
ntohl
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
recvfrom
connect
getpeername
getsockopt
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
__WSAFDIsSet
WSASetLastError
htons
sendto
socket
closesocket
ioctlsocket

crypt32

CertFreeCertificateContext

wldap32

ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord22
ord211
ord143
ord60

kernel32

GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
GetModuleFileNameW
GetStartupInfoW
SetHandleCount
HeapCreate
ExitProcess
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
ExitThread
HeapReAlloc
GetFullPathNameA
GetCurrentDirectoryW
WriteConsoleW
LoadLibraryW
RtlUnwind
RaiseException
Sleep
SetCurrentDirectoryA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetFileSize
CreateDirectoryA
GetModuleFileNameA
GetModuleHandleExA
CloseHandle
SetFilePointer
CreateFileA
SetEndOfFile
SystemTimeToFileTime
DeleteFileA
FindClose
GetTimeZoneInformation
FindFirstFileA
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
WriteFile
FileTimeToSystemTime
OutputDebugStringA
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
EnterCriticalSection
GetTickCount
GetProcAddress
GetModuleHandleA
GetNativeSystemInfo
GetComputerNameExA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
QueryDosDeviceA
GetLogicalDriveStringsA
LocalFree
FormatMessageA
GetCurrentProcess
OpenProcess
WaitForSingleObject
CreateToolhelp32Snapshot
ResumeThread
TerminateProcess
CreateProcessA
ReadFile
Process32Next
Process32First
FreeLibrary
LoadLibraryA
Module32Next
Module32First
GetFileAttributesExA
GetFileAttributesA
HeapFree
GetProcessHeap
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
HeapAlloc
CreateFileW
TlsGetValue
TlsSetValue
TlsAlloc
CreateEventA
SetEvent
TerminateThread
CreateThread
GetModuleHandleW
VirtualFree
VirtualAlloc
CreateFileMappingA
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
TlsFree
PostQueuedCompletionStatus
InterlockedExchangeAdd
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
VerifyVersionInfoA
VerSetConditionMask
SetWaitableTimer
CreateIoCompletionPort
QueueUserAPC
WaitForMultipleObjects
GetQueuedCompletionStatus
SetLastError
InterlockedCompareExchange
GetSystemTimeAsFileTime
ReleaseSemaphore
OpenEventA
ResetEvent
SleepEx
GetSystemDirectoryA
PeekNamedPipe
GetFileType
GetStdHandle
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
FindNextFileA
DeviceIoControl

user32

FindWindowA
wsprintfA
GetWindowThreadProcessId

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

psapi

GetModuleFileNameExA
GetDeviceDriverBaseNameA
EnumDeviceDrivers
GetProcessImageFileNameA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

userenv

ExpandEnvironmentStringsForUserA

Sections

.text
Size: 585KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a547f5f3bc32ad5ff910c3aa2131aa5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

advapi32

ws2_32

crypt32

wldap32

kernel32

user32

shell32

ole32

wtsapi32

psapi

version

userenv

Sections

.text Size: 585KB - Virtual size: 584KB

.rdata Size: 134KB - Virtual size: 133KB

.data Size: 20KB - Virtual size: 29KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 48KB - Virtual size: 47KB

.text
Size: 585KB - Virtual size: 584KB

.rdata
Size: 134KB - Virtual size: 133KB

.data
Size: 20KB - Virtual size: 29KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 48KB - Virtual size: 47KB