2024-09-04_22292140e6b35d0df619d53fbd0e0826_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-04_22292140e6b35d0df619d53fbd0e0826_mafia
Size

6.4MB
MD5

22292140e6b35d0df619d53fbd0e0826
SHA1

7b7b2f66225de0c29acca9a281bbc43290ce6235
SHA256

7dbd7d2ee4454e5fdca07324c62907836186560aa3d6bbb787f0b0ef65fccd9f
SHA512

4c754ef76d6aa77672cfa794d27bb9e6493d414f978c3f98e966b5ea9841405f2d491398eabf353677691057615c9ca301a2491abfbb8fb2ca6e786113a9be33
SSDEEP

98304:yXuTg5QCJhCw07cqYa+/zZ/rtMN2UTjYvH:yXJ5zJhBs2a6rUv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-04_22292140e6b35d0df619d53fbd0e0826_mafia

Files

2024-09-04_22292140e6b35d0df619d53fbd0e0826_mafia
.exe windows:5 windows x86 arch:x86

d44f60867022e853af188082b2cc4d05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Backup\我的文档\Visual Studio 2010\Projects\Console\Release\Console.pdb

Imports

kernel32

InitializeCriticalSection
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
EncodePointer
DecodePointer
Sleep
GetLastError
HeapFree
ReadFile
SetFilePointer
CloseHandle
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
RaiseException
GetCPInfo
RtlUnwind
HeapAlloc
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetProcAddress
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetStartupInfoW
GetConsoleCP
GetConsoleMode
HeapSize
ExitProcess
HeapCreate
CreateFileA
CreateFileW
SetStdHandle
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeW
HeapReAlloc
LoadLibraryW
WriteConsoleW
SetEndOfFile
GetProcessHeap
QueryPerformanceFrequency
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 643KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 624KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d44f60867022e853af188082b2cc4d05

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 643KB - Virtual size: 643KB

.rdata Size: 5.1MB - Virtual size: 5.1MB

.data Size: 87KB - Virtual size: 120KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 624KB - Virtual size: 628KB

.text
Size: 643KB - Virtual size: 643KB

.rdata
Size: 5.1MB - Virtual size: 5.1MB

.data
Size: 87KB - Virtual size: 120KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 624KB - Virtual size: 628KB