2024-09-03_155ea65c01febc2d6d2dfb37076630fc_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-03_155ea65c01febc2d6d2dfb37076630fc_mafia
Size

12.9MB
MD5

155ea65c01febc2d6d2dfb37076630fc
SHA1

ae45c259f6f3f13f73f3259ff60e71ffc25f227b
SHA256

efed76628964c2bb8ff284fb2340f6763f5fbcb41bf1efbc6ff6bd13a67c2203
SHA512

fa9c03baf4c98425d33f3f2328eb000bb2f6d0b3f1f553f3868beb9589c25f9e438ba00a908e0d9121a1c796f44a296243edc622dd50f54a93d86154a5278dab
SSDEEP

196608:h7v8iEN5ou5LblIsyZuMVYX5AH7t6NWGn/93vTTCV:tmxL5voYytWLTCV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-03_155ea65c01febc2d6d2dfb37076630fc_mafia

Files

2024-09-03_155ea65c01febc2d6d2dfb37076630fc_mafia
.exe windows:5 windows x86 arch:x86

2a23a6081df17fb9815869e93b0805a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeKillEvent
timeEndPeriod
sndPlaySoundW
timeSetEvent

kernel32

GetACP
GetCPInfo
HeapCreate
GetStdHandle
ExitProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetDateFormatA
GetTimeFormatA
GetCommandLineW
ExitThread
VirtualQuery
VirtualProtect
RtlUnwind
HeapSize
HeapDestroy
IsProcessorFeaturePresent
InterlockedCompareExchange
GetFileAttributesA
CreateDirectoryA
GetTempPathA
GetModuleHandleA
LoadLibraryA
LocalFileTimeToFileTime
CompareFileTime
PulseEvent
GetFileAttributesW
TryEnterCriticalSection
QueryPerformanceFrequency
lstrcpyW
GetSystemTimeAsFileTime
FindFirstFileA
DeleteFileA
CreateEventA
IsBadWritePtr
FormatMessageA
lstrcpynA
FlushFileBuffers
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
GetOverlappedResult
CreateFileA
SetFilePointer
GetOEMCP
GetModuleFileNameA
DebugBreak
LocalReAlloc
HeapReAlloc
VirtualFree
HeapFree
GetProcessHeap
HeapAlloc
LocalAlloc
VirtualAlloc
GetVersionExA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
SystemTimeToFileTime
GetUserDefaultLCID
GetCurrentProcessId
GetTickCount
GetFullPathNameW
ExpandEnvironmentStringsW
LocalFree
WaitForSingleObject
FindNextChangeNotification
FindCloseChangeNotification
FindFirstChangeNotificationW
WaitForMultipleObjects
lstrcpynW
GetLocaleInfoW
GetSystemInfo
GlobalMemoryStatusEx
TerminateThread
CreateThread
InitializeCriticalSection
FileTimeToDosDateTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
DeleteFileW
GetTempFileNameW
GetTempPathW
OpenProcess
GlobalReAlloc
ReleaseMutex
CreateMutexW
lstrcmpiA
lstrcpyA
OutputDebugStringA
GetLocaleInfoA
IsBadReadPtr
GetHandleInformation
GetCurrentThread
GetExitCodeProcess
CopyFileW
MoveFileExW
CreateFileW
GetShortPathNameW
CreateDirectoryW
RemoveDirectoryW
GetNumberFormatW
GetCurrentDirectoryW
SetThreadPriority
GetDriveTypeW
IsValidCodePage
GetStringTypeW
SetHandleCount
GetFileType
WriteFile
LeaveCriticalSection
InterlockedExchange
SetStdHandle
WriteConsoleW
CreateProcessA
SetEnvironmentVariableA
FindResourceExW
GetStartupInfoA
CreateFileMappingA
ResumeThread
CreateMutexA
CreateSemaphoreA
ReleaseSemaphore
CreateEventW
ResetEvent
SetEvent
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
ReadFile
GetFileSize
GlobalSize
FormatMessageW
lstrcmpA
GetTimeZoneInformation
QueryPerformanceCounter
OutputDebugStringW
SetCurrentDirectoryW
GetDateFormatW
GetTimeFormatW
GetVersionExW
GetLocalTime
CloseHandle
Sleep
FindNextFileW
FindFirstFileW
FindClose
WideCharToMultiByte
GetModuleFileNameW
LoadLibraryExW
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GlobalAlloc
GlobalFree
MulDiv
GlobalLock
GlobalUnlock
SetLastError
GetCurrentThreadId
lstrlenA
LCMapStringW
EnterCriticalSection
RaiseException
lstrcmpiW
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
CompareStringW
GetCurrentProcess
FlushInstructionCache
GetModuleHandleW
lstrcmpW
lstrlenW
LoadLibraryW
FreeLibrary
GetProcAddress
GetLastError
GetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
CreateProcessW
GetStartupInfoW

user32

PtInRect
DrawFocusRect
CallWindowProcW
FillRect
SetCursor
GetCursorPos
BeginPaint
EndPaint
ReleaseCapture
GetCapture
GetFocus
LoadCursorW
GetClassNameW
GetScrollPos
SetScrollInfo
GetClassInfoExW
SetCapture
InvalidateRect
IsZoomed
UpdateWindow
SetRectEmpty
OffsetRect
ReleaseDC
GetDC
DefWindowProcW
GetDlgItemTextW
DrawTextW
IsWindowEnabled
CharNextW
GetParent
IsWindow
GetWindowTextLengthW
GetWindowTextW
CreateWindowExW
SystemParametersInfoW
SetDlgItemTextW
SetWindowTextW
GetSysColor
GetWindowRect
MapWindowPoints
DestroyWindow
MessageBeep
GetActiveWindow
EndDialog
SetRect
CopyRect
InflateRect
IntersectRect
GetSystemMetrics
GetWindow
IsRectEmpty
RegisterClassExW
ScrollWindowEx
SetScrollPos
PostMessageW
SendMessageW
GetClientRect
GetScrollInfo
ShowWindow
GetWindowDC
CreateDialogParamW
DialogBoxParamW
UnregisterClassA
CreateWindowExA
DrawTextA
PeekMessageA
PostThreadMessageA
MessageBoxA
CreateDialogIndirectParamW
DialogBoxIndirectParamW
GetUpdateRect
GetAsyncKeyState
CharLowerW
GetKeyState
wsprintfW
BringWindowToTop
SetTimer
KillTimer
SetActiveWindow
PostThreadMessageW
DestroyCursor
ChildWindowFromPoint
UpdateLayeredWindow
DispatchMessageW
GetMessageW
GetDesktopWindow
TranslateAcceleratorW
DestroyMenu
WaitForInputIdle
InvalidateRgn
GetClassLongW
SetClassLongW
GetGuiResources
DefMDIChildProcW
DrawAnimatedRects
EnumChildWindows
GetClassNameA
DefFrameProcW
SetMenuDefaultItem
SetMenu
GetMenu
IsClipboardFormatAvailable
GetClipboardData
RegisterClipboardFormatW
SetClipboardViewer
GetProcessDefaultLayout
TrackPopupMenu
MapVirtualKeyExW
GetKeyNameTextW
FindWindowExW
SendMessageA
IsCharAlphaNumericW
IsCharAlphaW
GetKeyboardLayout
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetSystemMenu
GetMessageA
DispatchMessageA
CharUpperBuffA
AllowSetForegroundWindow
EnumWindows
MonitorFromWindow
GetKeyboardState
GetTopWindow
MsgWaitForMultipleObjects
SendMessageTimeoutW
EnableScrollBar
ScrollWindow
InsertMenuW
SubtractRect
LockWindowUpdate
GetDCEx
wvsprintfA
ScreenToClient
RedrawWindow
SetFocus
GetDlgItemInt
IsDlgButtonChecked
SetDlgItemInt
GetDlgItem
SetWindowPos
SetWindowLongW
GetWindowLongW
SendDlgItemMessageW
GetDlgCtrlID
GetDialogBaseUnits
CharNextExA
GetUpdateRgn
GetDlgItemTextA
SetCursorPos
SetForegroundWindow
InsertMenuItemW
CharLowerBuffW
CharUpperBuffW
CheckRadioButton
SetWindowTextA
GetWindowTextLengthA
GetWindowTextA
wsprintfA
GetIconInfo
FindWindowW
GetComboBoxInfo
GetSysColorBrush
FrameRect
MoveWindow
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
EnableMenuItem
CheckMenuItem
DeleteMenu
CheckDlgButton
UnionRect
SetWindowsHookExW
SetWinEventHook
CallNextHookEx
WindowFromPoint
TranslateMessage
UnhookWindowsHookEx
UnhookWinEvent
GetForegroundWindow
GetGUIThreadInfo
ScrollDC
AnimateWindow
ClientToScreen
SetLayeredWindowAttributes
GetCursor
GetDoubleClickTime
SetMenuItemInfoW
EqualRect
IsChild
IsWindowVisible
IsMenu
CharUpperW
GetWindowThreadProcessId
LoadIconW
DestroyIcon
DrawFrameControl
IsWindowUnicode
DrawIconEx
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
LoadMenuW
LoadAcceleratorsW
LoadImageW
SetParent
GetMessagePos
DrawEdge
RegisterWindowMessageW
DrawMenuBar
GetMenuStringW
GetSubMenu
PeekMessageW
AdjustWindowRectEx
TrackPopupMenuEx
MonitorFromPoint
GetMonitorInfoW
GetMenuItemInfoW
GetMenuItemCount
RemoveMenu
AppendMenuW
CreatePopupMenu
LoadStringA
PostQuitMessage
LoadStringW
IsIconic
EnableWindow

gdi32

DeleteEnhMetaFile
GetEnhMetaFileBits
SetWinMetaFileBits
GdiFlush
PlayEnhMetaFile
StretchDIBits
StretchBlt
GetMetaFileBitsEx
GetDIBits
SetEnhMetaFileBits
CreateDIBitmap
GetTextExtentPoint32A
GetEnhMetaFileHeader
SetStretchBltMode
RemoveFontResourceExW
GetFontData
GetOutlineTextMetricsW
GetCharacterPlacementW
EnumFontFamiliesExW
ExtEscape
GetObjectType
AddFontResourceExW
CloseFigure
PolyBezierTo
SetWorldTransform
SaveDC
RestoreDC
StrokePath
FillPath
EndPath
BeginPath
SetMiterLimit
StrokeAndFillPath
PolyDraw
SelectClipPath
IntersectClipRect
SetViewportExtEx
SetWindowExtEx
SetMapMode
SetGraphicsMode
GetFontLanguageInfo
CopyEnhMetaFileW
SetRectRgn
FillRgn
FrameRgn
SetTextAlign
ResetDCW
CreateICW
CreateDCW
GetTextExtentPointW
GetBkColor
StartDocW
AbortDoc
EndDoc
StartPage
EndPage
GetBitmapBits
ExtCreatePen
SelectPalette
RealizePalette
TextOutW
MoveToEx
LineTo
GetTextExtentPoint32W
CreatePalette
GetTextMetricsW
CreateHatchBrush
PtInRegion
GetRegionData
ExtSelectClipRgn
CombineRgn
CreateRectRgnIndirect
Rectangle
CreatePen
Polygon
SetPolyFillMode
CreateBitmap
CreatePatternBrush
PatBlt
CreateRectRgn
SelectClipRgn
CreateFontW
SetDIBitsToDevice
GetDeviceCaps
SetViewportOrgEx
BitBlt
GetClipBox
LPtoDP
CreateCompatibleBitmap
CreateDIBSection
DPtoLP
SetWindowOrgEx
CreateCompatibleDC
SetTextColor
GetStockObject
DeleteDC
GetObjectW
SelectObject
CreateFontIndirectW
DeleteObject
CreateSolidBrush
ExtTextOutW
SetBkMode
SetBkColor

winspool.drv

DeviceCapabilitiesW
DocumentPropertiesW
OpenPrinterW
ord203
GetPrinterW
EnumPrintersW
ClosePrinter

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
ChooseColorW

advapi32

InitializeSecurityDescriptor
RegCreateKeyExA
RegOpenKeyExA
CryptGenRandom
CryptGenKey
CryptDestroyKey
CryptVerifySignatureW
CryptSetProvParam
CryptGetProvParam
CryptReleaseContext
CryptHashData
CryptAcquireContextW
CryptCreateHash
CryptGetHashParam
CryptDestroyHash
GetUserNameW
SetSecurityDescriptorDacl
RegSetKeySecurity
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExA
RegQueryValueExA
RegOpenKeyW
RegEnumValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
CopySid
GetLengthSid
IsValidSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
OpenProcessToken
OpenThreadToken
ConvertSidToStringSidW

shell32

SHGetFolderPathW
DragAcceptFiles
CommandLineToArgvW
SHGetFileInfoW
SHGetSpecialFolderLocation
DragQueryFileW
ShellExecuteExW
SHChangeNotify
SHGetMalloc
ord28
SHGetDesktopFolder
SHBrowseForFolderW
ExtractIconExW
Shell_NotifyIconW
SHAppBarMessage
ShellExecuteW

ole32

CoDisconnectObject
CoInitializeEx
CoUninitialize
CoInitialize
OleUninitialize
RevokeDragDrop
CoFileTimeNow
CoCreateInstance
PropVariantClear
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
RegisterDragDrop
OleInitialize
StringFromCLSID
CLSIDFromProgID
CoCreateGuid
CoRevokeClassObject
CoSuspendClassObjects
StringFromGUID2
CoResumeClassObjects
CreateBindCtx
CoUnmarshalInterface
OleRun
CreateStreamOnHGlobal
CoRegisterClassObject
CoRegisterPSClsid
GetHGlobalFromStream

oleaut32

SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantTimeToSystemTime
VarUI4FromStr
VarUdateFromDate
GetErrorInfo
SysAllocString
SysFreeString
SystemTimeToVariantTime
LoadTypeLibEx
SafeArrayCopy
RegisterActiveObject
UnRegisterTypeLi
RegisterTypeLi
VariantChangeType
SafeArrayGetVartype
SysAllocStringByteLen
SysAllocStringLen
SafeArrayDestroy
SafeArrayCreate
SafeArrayLock
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopyInd
VariantCopy
VariantClear
VariantInit
SysStringByteLen

mscms

GetColorDirectoryW
GetColorProfileHeader
CreateMultiProfileTransform
DeleteColorTransform
TranslateColors
IsColorProfileValid
OpenColorProfileW
CloseColorProfile

ws2_32

socket
recv
WSACleanup
WSAStartup
WSAGetLastError
htons
gethostbyname
connect
closesocket
send
select

shlwapi

PathGetArgsW
StrToIntExA
UrlCreateFromPathW
PathCombineW
StrCSpnA
UrlIsW
StrToIntW
StrCmpNIW
PathRelativePathToW
StrStrW
StrChrIW
SHDeleteKeyW
SHDeleteValueW
StrCSpnW
AssocQueryStringW
PathCreateFromUrlW
StrCpyNW
UrlEscapeA
PathCanonicalizeW
StrRChrA
StrToIntExW
UrlCombineW
PathIsURLW
ord156
ord354
UrlUnescapeW
PathIsRelativeW
StrChrW
StrStrIA
StrStrIW
StrRChrW

comctl32

ImageList_ReplaceIcon
ord16
ImageList_Draw
ImageList_AddMasked
_TrackMouseEvent
ImageList_Create
ImageList_Destroy
InitCommonControlsEx
CreateStatusWindowW

msimg32

AlphaBlend
GradientFill

wininet

InternetOpenW
InternetSetStatusCallbackW
HttpOpenRequestW
HttpQueryInfoW
InternetSetOptionW
InternetReadFile
HttpSendRequestW
InternetCloseHandle
InternetCrackUrlW
InternetConnectW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CryptSignAndEncodeCertificate
CertAddEncodedCertificateToStore
CertSetCertificateContextProperty
PFXExportCertStore
CryptEncodeObject
CryptMsgControl
CryptDecodeObjectEx
CryptEncodeObjectEx
CryptFindOIDInfo
CryptVerifyDetachedMessageSignature
CryptDecodeObject
CryptImportPublicKeyInfo
CryptVerifyMessageSignature
CryptExportPublicKeyInfo
CryptMsgCalculateEncodedLength
CryptMsgOpenToEncode
CryptSignMessage
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertNameToStrW
CertGetNameStringW
CryptMsgOpenToDecode
CryptMsgGetParam
CertCreateCertificateContext
CryptMsgClose
PFXImportCertStore
CertFindCertificateInStore
CertOIDToAlgId
CryptMsgUpdate
CryptAcquireCertificatePrivateKey
CertGetCertificateContextProperty
CertOpenStore
CertAddCertificateContextToStore
CertSaveStore
CertVerifyRevocation
CertVerifyTimeValidity
CertGetIntendedKeyUsage
CertOpenSystemStoreW
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertEnumCertificatesInStore

wintrust

WinVerifyTrust

psapi

EnumProcessModules
GetProcessMemoryInfo
GetModuleFileNameExW

rpcrt4

UuidCompare
UuidToStringW
CreateProxyFromTypeInfo
CreateStubFromTypeInfo
UuidCreate
UuidFromStringW
RpcStringFreeW

urlmon

CreateURLMoniker
RegisterBindStatusCallback

usp10

ScriptFreeCache
ScriptLayout
ScriptShape
ScriptPlace
ScriptGetLogicalWidths
ScriptCPtoX
ScriptItemize
ScriptBreak

Sections

.text
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 285KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.resStr
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.resCmd
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 474KB - Virtual size: 474KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a23a6081df17fb9815869e93b0805a7

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

mscms

ws2_32

shlwapi

comctl32

msimg32

wininet

version

crypt32

wintrust

psapi

rpcrt4

urlmon

usp10

Sections

.text Size: 9.2MB - Virtual size: 9.2MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 285KB - Virtual size: 1.6MB

.resStr Size: 10KB - Virtual size: 9KB

.resCmd Size: 48KB - Virtual size: 47KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 474KB - Virtual size: 474KB

.text
Size: 9.2MB - Virtual size: 9.2MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 285KB - Virtual size: 1.6MB

.resStr
Size: 10KB - Virtual size: 9KB

.resCmd
Size: 48KB - Virtual size: 47KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 474KB - Virtual size: 474KB