2024-09-01_d02c611c3c54cc7945c449107409a278_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-01_d02c611c3c54cc7945c449107409a278_mafia
Size

400KB
MD5

d02c611c3c54cc7945c449107409a278
SHA1

8766f9c3ffc41bfd90a70143b49376a169d4db3b
SHA256

972a3ed6e8a8d6e2049cebd07f9d1cf45109cc237066e8b90df071fb2b3ca992
SHA512

8ee545ea2d3e67d95db9990e834b196a2c92903b87c3c34ebb3e0cff2a98fa735203d2ecfcff0e081e8e20076130971f435cb2b096a39fe0368bfe998a2c3812
SSDEEP

12288:oddBho05j+HXsOANOfonXymtx2cbbA3E:a+HXsOAUAnXyfyA3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-01_d02c611c3c54cc7945c449107409a278_mafia

Files

2024-09-01_d02c611c3c54cc7945c449107409a278_mafia
.exe windows:5 windows x86 arch:x86

c4f21b5bb77748df7ee46ccd82dd6b3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\KuaiwanBox\bin\waCalendar.pdb

Imports

kernel32

GetPrivateProfileStringW
FindResourceW
FreeLibrary
LoadResource
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SizeofResource
GetLastError
GetProcAddress
lstrcmpiW
DeleteCriticalSection
GetSystemTime
GlobalAlloc
MulDiv
lstrcatA
CreateDirectoryW
InitializeCriticalSection
TerminateThread
OpenEventW
CreateEventW
SetUnhandledExceptionFilter
CreateFileW
ReadFile
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LoadLibraryW
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetPrivateProfileIntW
FreeEnvironmentStringsW
HeapCreate
GetLocaleInfoW
GetStdHandle
WriteFile
GetCurrentProcessId
HeapReAlloc
GetStringTypeW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
RtlUnwind
GetCPInfo
LCMapStringW
ExitProcess
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
InterlockedExchange
LocalFree
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetFileAttributesW
WideCharToMultiByte
lstrcmpW
Sleep
DeleteFileW
lstrlenA
OutputDebugStringW
GetModuleFileNameW
DebugBreak
lstrlenW
CloseHandle
WaitForSingleObject
CreateProcessW
InterlockedDecrement
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
SetLastError
RaiseException
lstrcpyW
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
InterlockedIncrement
HeapSize
WritePrivateProfileStringW
GetEnvironmentStringsW

user32

CreateAcceleratorTableW
UnregisterClassA
wsprintfW
GetSysColor
CharNextW
LoadStringW
PostMessageW
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
DestroyWindow
PostQuitMessage
SetTimer
GetDlgItem
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
wsprintfA
GetMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW
wvsprintfW
ClientToScreen
FillRect
InvalidateRgn
LoadIconW
SendMessageW
KillTimer
IsWindow
GetCursorPos
WindowFromPoint
GetClassNameW
GetParent
GetFocus
IsChild
IsDialogMessageW
GetMenuItemInfoW
SetMenuItemInfoW
LoadMenuW
GetSubMenu
TrackPopupMenu
IsWindowVisible
ShowWindow
SetWindowPos
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
DestroyCursor
SetCursor
GetDesktopWindow
OffsetRect
SystemParametersInfoW
GetClientRect
GetDC
ReleaseDC
SetWindowRgn
ScreenToClient
RedrawWindow
IntersectRect
TrackMouseEvent
SetForegroundWindow
SetFocus
SetCapture
ReleaseCapture
GetWindowThreadProcessId
GetWindowRect
MoveWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
DestroyAcceleratorTable
InvalidateRect

gdi32

GetObjectW
GetDeviceCaps
CombineRgn
CreateRectRgn
GetStockObject
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush

advapi32

CryptReleaseContext
RegOpenKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegCloseKey

shell32

SHGetSpecialFolderPathW
Shell_NotifyIconW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
OleInitialize
CLSIDFromString
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
StringFromCLSID
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
SysFreeString
VarUI4FromStr
VariantInit
SysAllocString
VariantClear

comctl32

ord17
InitCommonControlsEx

ws2_32

WSACleanup
WSAStartup

nettool

?GetDownloadURL@NetTool@@SA_NPB_WPAPAXPAJJH@Z
PostDocs
SetDocsParam
?DownloadURL@NetTool@@SA_NPB_W0J@Z

gdiplus

GdipBitmapGetPixel
GdipCreateHBITMAPFromBitmap
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDeleteGraphics
GdiplusStartup
GdipCreateFromHWND
GdipDeletePen
GdipCreatePen1
GdipDrawRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipFillRectangleI
GdipCreateBitmapFromHBITMAP
GdipDrawImageRectRectI
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromFile
GdipTranslateWorldTransform
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdiplusShutdown
GdipDrawString

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4f21b5bb77748df7ee46ccd82dd6b3d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

nettool

gdiplus

version

Sections

.text Size: 256KB - Virtual size: 255KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 10KB - Virtual size: 20KB

.rsrc Size: 63KB - Virtual size: 62KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 256KB - Virtual size: 255KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 10KB - Virtual size: 20KB

.rsrc
Size: 63KB - Virtual size: 62KB

.reloc
Size: 21KB - Virtual size: 20KB