20240901d138ec5abb6403f5adf53adaec1e4d5dmafiaqakbot

Sharing

Copy URL

Twitter E-mail

General

Target

20240901d138ec5abb6403f5adf53adaec1e4d5dmafiaqakbot
Size

896KB
MD5

d138ec5abb6403f5adf53adaec1e4d5d
SHA1

7a4d8cbd1d5ef3629d3a0a1ab7c64ebd2af7ba72
SHA256

31651d4bf20ebe48c97b367786283e54206de358218b7cb6cd51dc8601102688
SHA512

93be133a6d57cbff6fe87a026f9f44b897a5b66d5739ef67b8c4b29469d77f70f231a9ff522012e3d56c26328e36d2e79bacdf99f0ccfabba620fd7d0c16115b
SSDEEP

24576:VPT80SR76+GxaDhSDdrdpgukxjK/k//8G:S0SROiSDNgu4KQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20240901d138ec5abb6403f5adf53adaec1e4d5dmafiaqakbot

Files

20240901d138ec5abb6403f5adf53adaec1e4d5dmafiaqakbot
.exe windows:5 windows x86 arch:x86

87976089f1911a1e5e3b19873f5ff102

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToFileW

iphlpapi

GetAdaptersInfo

dbghelp

StackWalk64
SymFunctionTableAccess64
SymSetOptions
SymGetModuleBase64
SymCleanup
SymGetModuleInfo64
SymInitialize
SymFromAddr
SymGetLineFromAddr64

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shell32

SHOpenFolderAndSelectItems
ord155
Shell_NotifyIconW
SHCreateDirectoryExW
SHGetFolderPathW
ord190
CommandLineToArgvW
SHFileOperationW
ShellExecuteExW

shlwapi

SHDeleteValueW
SHDeleteKeyW
PathIsRelativeW

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetTimeZoneInformation
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentProcess
WaitForSingleObject
GetCurrentThread
GetExitCodeProcess
GetLastError
CreateMutexA
GetCurrentThreadId
ReleaseMutex
CloseHandle
GetCommandLineW
FindResourceW
LoadResource
SizeofResource
GetProcAddress
LockResource
GetModuleHandleA
OutputDebugStringA
FindFirstFileW
MoveFileExW
CopyFileW
FindNextFileW
DeleteFileW
GetLocaleInfoW
Sleep
GetVersionExW
TerminateProcess
GetSystemInfo
GetUserDefaultUILanguage
GetCurrentProcessId
GetModuleHandleW
FormatMessageA
SetEvent
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
CreateThread
GetEnvironmentVariableW
SetEnvironmentVariableW
EnumSystemLocalesA
WideCharToMultiByte
GetFileAttributesW
GetModuleFileNameW
MultiByteToWideChar
GetCurrentDirectoryW
SetCurrentDirectoryW
LocalFree
QueryPerformanceCounter
CreateFileA
LoadLibraryA
IsValidCodePage
GetOEMCP
GetACP
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapCreate
WriteFile
HeapSize
GetFileType
GetStdHandle
SetHandleCount
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
UnhandledExceptionFilter
LCMapStringW
GetCPInfo
RaiseException
ExitProcess
GetDateFormatA
GetTimeFormatA
DeleteFileA
MoveFileA
DuplicateHandle
CreateProcessA
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetTickCount
CompareStringW
GetFileAttributesA
CreatePipe
GetUserDefaultLCID
IsValidLocale
GetStringTypeW
LoadLibraryW
CreateFileW
WriteConsoleW
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableA
InterlockedDecrement
InterlockedIncrement
LoadLibraryExA
ExpandEnvironmentStringsW
GetLocaleInfoA
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
HeapAlloc
ReadFile
HeapFree
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary

user32

GetClientRect
SetWindowTextW
TranslateMessage
SendMessageW
DefWindowProcW
GetMessageW
DispatchMessageW
GetDesktopWindow
GetWindowLongW
DestroyWindow
SetWindowRgn
SetTimer
GetWindowRect
PostQuitMessage
LoadImageW
SetCapture
PostMessageW
KillTimer
SetForegroundWindow
LoadCursorW
RegisterClassExW
LoadIconW
SetWindowLongA
MessageBoxA
BringWindowToTop
GetWindowLongA
GetWindowTextW
SystemParametersInfoW
SetWindowLongW
UpdateWindow
GetCursorPos
ShowWindow
CreateWindowExW
ReleaseCapture
GetSystemMetrics
SetWindowPos

gdi32

CreatePolygonRgn
CreateFontIndirectW
SetBkMode
DeleteObject
GetStockObject

advapi32

OpenThreadToken
RegOpenKeyExA
CreateWellKnownSid
RegSetValueExW
RegCloseKey
RegEnumKeyExW
CheckTokenMembership
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegOpenKeyExW
FreeSid
RegEnumValueW
AllocateAndInitializeSid
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
GetTokenInformation
OpenProcessToken

ole32

CoUninitialize
CoCreateInstance
OleCreate
OleSetContainedObject
CoInitializeEx
OleUninitialize
OleInitialize

oleaut32

VariantInit
VariantCopy
VariantClear
SysAllocString

wininet

InternetOpenW
HttpQueryInfoA
InternetQueryDataAvailable
InternetCrackUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetCloseHandle

Sections

.text
Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87976089f1911a1e5e3b19873f5ff102

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

iphlpapi

dbghelp

version

shell32

shlwapi

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

Sections

.text Size: 463KB - Virtual size: 463KB

.rdata Size: 134KB - Virtual size: 133KB

.data Size: 9KB - Virtual size: 49KB

.rsrc Size: 243KB - Virtual size: 243KB

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 463KB - Virtual size: 463KB

.rdata
Size: 134KB - Virtual size: 133KB

.data
Size: 9KB - Virtual size: 49KB

.rsrc
Size: 243KB - Virtual size: 243KB

.reloc
Size: 41KB - Virtual size: 41KB