2024-09-04_7c22f57c28c91b0ede9063548508409d_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-04_7c22f57c28c91b0ede9063548508409d_mafia
Size

6.4MB
MD5

7c22f57c28c91b0ede9063548508409d
SHA1

2e938d910240f2de3847b8e5d5d4d593df37e272
SHA256

9aff151d9d82b7534ce1845545bf68a018c18c3b5cd6ec2233d0e05d14056788
SHA512

89d784cfda35414aef6116b947db2f4752733e9b8d175ee1ad802431491277a38c2e30c2514f55f91a70555100ef1204997fe70236d3c6d4642c4dd9b1864e1b
SSDEEP

98304:YXoTg5QCJhCw07cqYa+/zZ/rtMN29TjYvH:YXz5zJhBs2a6r9v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-04_7c22f57c28c91b0ede9063548508409d_mafia

Files

2024-09-04_7c22f57c28c91b0ede9063548508409d_mafia
.exe windows:5 windows x86 arch:x86

d44f60867022e853af188082b2cc4d05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Backup\我的文档\Visual Studio 2010\Projects\Console\Release\Console.pdb

Imports

kernel32

InitializeCriticalSection
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
EncodePointer
DecodePointer
Sleep
GetLastError
HeapFree
ReadFile
SetFilePointer
CloseHandle
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
RaiseException
GetCPInfo
RtlUnwind
HeapAlloc
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetProcAddress
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetStartupInfoW
GetConsoleCP
GetConsoleMode
HeapSize
ExitProcess
HeapCreate
CreateFileA
CreateFileW
SetStdHandle
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeW
HeapReAlloc
LoadLibraryW
WriteConsoleW
SetEndOfFile
GetProcessHeap
QueryPerformanceFrequency
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 643KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 624KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d44f60867022e853af188082b2cc4d05

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 643KB - Virtual size: 643KB

.rdata Size: 5.1MB - Virtual size: 5.1MB

.data Size: 87KB - Virtual size: 120KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 624KB - Virtual size: 628KB

.text
Size: 643KB - Virtual size: 643KB

.rdata
Size: 5.1MB - Virtual size: 5.1MB

.data
Size: 87KB - Virtual size: 120KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 624KB - Virtual size: 628KB