2024-09-04_e71038cf7055cded1198a7623236f3f8_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-04_e71038cf7055cded1198a7623236f3f8_mafia
Size

13.3MB
MD5

e71038cf7055cded1198a7623236f3f8
SHA1

d5cb2b0ab644b546ad5ebc0e85cd5df8d4212dad
SHA256

df37dadbef43efff228a3f51656d73dec65ba9214c5c67a78d7725c832f98242
SHA512

29422415c6005bae2d530eb30ee37ce13aaf0cd51bc2405422f82e975cc6ea5038ac683a98975b3cc20fb6df0bf14f70f04e20b1f1273ffcf51c523465f3cc26
SSDEEP

393216:weRmaKfYzxeROPexNFkNpiRTHSlOs6TXgn2veWl:weDzxQoiX+i1SlOs6TXcnWl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-04_e71038cf7055cded1198a7623236f3f8_mafia

Files

2024-09-04_e71038cf7055cded1198a7623236f3f8_mafia
.exe windows:5 windows x86 arch:x86

a5652a967292a0e4aa68273e2fe0f506

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\pc\i4remote\setup\Package\bin\Installer.pdb

Imports

kernel32

lstrcpyW
lstrcmpiW
GetTempPathW
Sleep
CreateProcessW
OutputDebugStringW
CreateMutexW
FreeResource
ExpandEnvironmentStringsW
DeleteFileW
RemoveDirectoryW
TerminateProcess
OpenProcess
GetPrivateProfileStringW
GetModuleFileNameW
FindNextFileW
FindClose
lstrlenW
FindFirstFileW
CloseHandle
GetDiskFreeSpaceExW
CreateToolhelp32Snapshot
Process32NextW
Module32FirstW
DeviceIoControl
Process32FirstW
GetProcAddress
SetLastError
GetLastError
MultiByteToWideChar
CreateFileW
GetVersionExW
WideCharToMultiByte
WriteFile
GetModuleHandleW
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalFree
FormatMessageW
SetFileAttributesW
SetFileTime
GetFileAttributesW
MoveFileExW
LocalFileTimeToFileTime
VirtualAlloc
VirtualFree
GetSystemInfo
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
WaitForMultipleObjects
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
GetFileSize
GetCurrentDirectoryW
LoadLibraryW
GetACP
MulDiv
ExitProcess
SetFilePointer
SystemTimeToFileTime
lstrcpynW
GetLocalTime
ExitThread
CreateThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetCPInfo
RtlUnwind
LCMapStringW
GetTimeFormatW
GetDateFormatW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapCreate
GetStdHandle
SetHandleCount
GetFileType
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
CreateDirectoryW
GetLogicalDriveStringsW
GetCurrentProcess
GetDriveTypeW
LockResource
SizeofResource
LoadResource
FindResourceW
FindResourceExW

user32

GetActiveWindow
IsIconic
GetParent
DispatchMessageW
TranslateMessage
GetMessageW
InflateRect
SetCursor
LoadCursorW
DefWindowProcW
EnableWindow
GetSystemMetrics
CallWindowProcW
GetPropW
SetPropW
RegisterClassW
RegisterClassExW
GetClassInfoExW
SetWindowRgn
MessageBoxW
GetWindowRgn
UpdateLayeredWindow
IsWindowEnabled
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
DestroyMenu
TrackPopupMenu
EnableMenuItem
AppendMenuW
CreatePopupMenu
GetCaretBlinkTime
UpdateWindow
GetKeyNameTextW
MapVirtualKeyExW
GetKeyboardLayout
SetWindowTextW
SetForegroundWindow
DrawTextA
wsprintfA
InvalidateRgn
GetGUIThreadInfo
CreateAcceleratorTableW
GetWindowTextW
GetWindowTextLengthW
EqualRect
PtInRect
CharNextW
SetRect
CharPrevW
FillRect
IntersectRect
OffsetRect
CharPrevExA
DrawTextW
GetKeyState
SetWindowPos
SendMessageW
MoveWindow
GetClientRect
FindWindowW
PostMessageW
PostQuitMessage
GetWindow
BeginPaint
EndPaint
GetUpdateRect
IsWindowVisible
MonitorFromWindow
GetMonitorInfoW
GetSysColor
MapWindowPoints
CreateWindowExW
GetFocus
SetFocus
ClientToScreen
ShowWindow
SetWindowLongW
GetWindowLongW
InvalidateRect
UnionRect
SetTimer
KillTimer
IsWindow
IsZoomed
DestroyWindow
GetCursorPos
LoadImageW
GetWindowRect
ScreenToClient
wsprintfW
GetDC
ReleaseDC
ReleaseCapture
SetCapture
IsRectEmpty

gdi32

GdiFlush
GetTextMetricsW
CreateFontIndirectW
GetObjectW
GetStockObject
PlayEnhMetaFile
GetDeviceCaps
GetEnhMetaFileHeader
CreateDIBitmap
CreatePen
AddFontMemResourceEx
RemoveFontMemResourceEx
CreatePenIndirect
CloseEnhMetaFile
CreateEnhMetaFileW
Rectangle
RestoreDC
SaveDC
GetObjectA
CreateRectRgn
MoveToEx
LineTo
CreateCompatibleBitmap
CreateSolidBrush
SetStretchBltMode
SelectClipRgn
CreateDIBSection
SelectObject
StretchBlt
BitBlt
DeleteDC
SetBkMode
SetTextColor
SetBkColor
GetCharABCWidthsW
CreatePatternBrush
GetTextExtentPointA
SetBitmapBits
GetBitmapBits
DeleteObject
GetTextExtentPoint32W
PtInRegion
TextOutW
CreateRoundRectRgn
CombineRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SetWindowOrgEx
CreateCompatibleDC

advapi32

LookupPrivilegeValueW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
AdjustTokenPrivileges
RegCreateKeyW
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
OpenServiceW
ChangeServiceConfig2W
QueryServiceStatus
ControlService
OpenProcessToken

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
DragQueryFileW
SHFileOperationW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
OleLockRunning
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
OleDuplicateData
DoDragDrop
CreateStreamOnHGlobal
CoCreateGuid

oleaut32

SysFreeString
VariantInit
SysAllocStringLen
VariantCopy
VariantClear
SysAllocString

shlwapi

SHCreateStreamOnFileEx
PathFileExistsW
PathAddBackslashW
PathCombineW
PathFindFileNameW

wininet

InternetOpenW
InternetConnectW
HttpSendRequestW
HttpOpenRequestW

ws2_32

gethostbyname
gethostname
WSAStartup

comctl32

InitCommonControlsEx
ord17
_TrackMouseEvent

gdiplus

GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipFree
GdipAlloc
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCreatePath
GdipDeletePath
GdipDeleteGraphics
GdipDeleteFont
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipCreateSolidFill
GdipSetPenMode
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipAddPathLine
ord1
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawString
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCloneBrush
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipTranslateWorldTransform
GdipRotateWorldTransform

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

Sections

.text
Size: 851KB - Virtual size: 851KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90.6MB - Virtual size: 90.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5652a967292a0e4aa68273e2fe0f506

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

ws2_32

comctl32

gdiplus

imm32

Sections

.text Size: 851KB - Virtual size: 851KB

.rdata Size: 170KB - Virtual size: 170KB

.data Size: 16KB - Virtual size: 53KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 90.6MB - Virtual size: 90.6MB

.reloc Size: 289KB - Virtual size: 289KB

.text
Size: 851KB - Virtual size: 851KB

.rdata
Size: 170KB - Virtual size: 170KB

.data
Size: 16KB - Virtual size: 53KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 90.6MB - Virtual size: 90.6MB

.reloc
Size: 289KB - Virtual size: 289KB