2024-09-01_04941945c5e7b062bcfbf319aa1b2ca8_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-01_04941945c5e7b062bcfbf319aa1b2ca8_mafia
Size

836KB
MD5

04941945c5e7b062bcfbf319aa1b2ca8
SHA1

ac1fe5e06bc317a7228b4ee4734f4646aebc8773
SHA256

2639608c1860f235c9d50e1694b2761bf885c9674294cdc13c92814ba565907b
SHA512

0bd720754d0b5aa8df32f1307b3f4dbee0567a442aaa44654085ff993be13fd255f8e481459613918bf2deb2e774d77d628dd8eb11bee284a6a14823a74008ef
SSDEEP

24576:1Ms6UjwpYGRHGluUPLPgOtXSwC/KIHwCYr:1MwYmlukZk/ZHyr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-01_04941945c5e7b062bcfbf319aa1b2ca8_mafia

Files

2024-09-01_04941945c5e7b062bcfbf319aa1b2ca8_mafia
.exe windows:5 windows x86 arch:x86

073c4a831a46dddd174b624b5b8e4b1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\三石\cppWebServer\Release\cppWebServer.pdb

Imports

crypt32

CryptProtectData
CertOpenStore
CertEnumCertificatesInStore
CertGetIntendedKeyUsage
CertFindCertificateInStore
CertOpenSystemStoreA
CertCloseStore
CertNameToStrA
CertCompareIntegerBlob
CryptSignMessage
CertFreeCertificateContext

kernel32

lstrlenA
MultiByteToWideChar
DeleteFileW
Sleep
WideCharToMultiByte
GetVolumeInformationA
lstrcpyA
CreateThread
CreateProcessW
GetVersionExA
GetTempPathW
GetVersion
PostQueuedCompletionStatus
CreateSemaphoreA
CreateIoCompletionPort
GetQueuedCompletionStatus
ReleaseSemaphore
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceFrequency
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
FormatMessageA
SetEnvironmentVariableA
CompareStringW
GetTempFileNameW
WaitForSingleObject
GetDriveTypeW
GetVolumeInformationW
lstrlenW
LocalAlloc
LocalFree
CopyFileA
CreateProcessA
GetTempPathA
CreateFileA
WriteFile
GetLogicalDriveStringsA
GlobalMemoryStatus
GetProcessHeap
SetEndOfFile
GetTimeZoneInformation
GetModuleFileNameA
GetCurrentProcess
CloseHandle
GetPrivateProfileStringA
WritePrivateProfileSectionA
GetTickCount
GlobalAlloc
GlobalFree
MulDiv
GetLastError
GlobalLock
GlobalUnlock
GetDriveTypeA
WriteConsoleW
LoadLibraryW
FreeLibrary
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
GetLocaleInfoW
GetStringTypeW
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileW
SetStdHandle
GetModuleFileNameW
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetStdHandle
ResumeThread
SetHandleCount
HeapCreate
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetProcAddress
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
HeapFree
ExitThread
GetCurrentThreadId
HeapAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetCommandLineA
HeapSetInformation
GetStartupInfoW

user32

FindWindowA
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
GetWindowTextW
GetClassNameW
SetWindowTextW
EnumDesktopWindows
wsprintfA
GetSystemMetrics
MessageBoxW
wsprintfW
SendMessageA
DefWindowProcA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
TrackPopupMenu
EnableMenuItem
SetForegroundWindow
GetCursorPos
AppendMenuA
CreatePopupMenu
LoadIconA
PostQuitMessage
RegisterWindowMessageA
MessageBoxA

gdi32

GetStockObject
CreateFontIndirectA
SelectObject
GetTextExtentPoint32A
TextOutA
EndDoc
DeleteDC
EndPage
StartPage
StartDocA
GetDeviceCaps
ResetDCA
CreateDCA

winspool.drv

DeviceCapabilitiesA
EnumPrintersA

comdlg32

PrintDlgA
GetOpenFileNameA

advapi32

ReportEventA
DeregisterEventSource
CryptAcquireContextA
CryptGenRandom
RegQueryValueExW
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExA
RegCloseKey
RegisterEventSourceA

shell32

Shell_NotifyIconA

ws2_32

WSACleanup
WSAStartup
recv
shutdown
getnameinfo
WSASetLastError
WSAGetLastError
bind
setsockopt
getsockopt
listen
ioctlsocket
WSASend
WSARecv
select
closesocket
connect
socket
ntohl
ntohs
getservbyname
freeaddrinfo
getaddrinfo
htons
accept
getsockname
htonl
WSAIoctl
getpeername
WSAGetOverlappedResult
send
getprotobynumber

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetSetOptionA
HttpSendRequestA
InternetQueryOptionA
InternetReadFile

Sections

.text
Size: 537KB - Virtual size: 537KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

073c4a831a46dddd174b624b5b8e4b1d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ws2_32

version

wininet

Sections

.text Size: 537KB - Virtual size: 537KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 106KB - Virtual size: 118KB

.rsrc Size: 67KB - Virtual size: 66KB

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 537KB - Virtual size: 537KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 106KB - Virtual size: 118KB

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 41KB - Virtual size: 41KB