2024-09-05_8d7e0a6132de50c80a6e72006288b17a_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-05_8d7e0a6132de50c80a6e72006288b17a_mafia
Size

1.6MB
MD5

8d7e0a6132de50c80a6e72006288b17a
SHA1

938160b71ae7ab7df221e569758ed31f88e95a6e
SHA256

8306c5426828d63ee9b90d872b7f528f2c84868ddf7e5b2ba245589bc7c8d354
SHA512

b1cf244e2e98c18a257666c819e8ef129217f0acea295d0c01aa57dde23bd3d098b56e300b58781d17246580d5c0867b54dcd200452c84a16587f757397b3121
SSDEEP

49152:HBqgpkb/662eTEkcWna8IdzApyTzQf36Q1i:wgs22EkxOdOf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-05_8d7e0a6132de50c80a6e72006288b17a_mafia

Files

2024-09-05_8d7e0a6132de50c80a6e72006288b17a_mafia
.exe windows:5 windows x86 arch:x86

db12d03c7628a3a475e3ce02ee7a1819

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

K:\src\kkvsvr\Release\kkvsvr.pdb

Imports

ws2_32

WSASetLastError
htons
shutdown
ntohs
getsockname
bind
listen
accept
WSACleanup
WSAAddressToStringA
WSAStartup
ioctlsocket
connect
select
WSAGetLastError
setsockopt
recv
socket
closesocket
gethostbyname
send
inet_addr

kernel32

GetProcAddress
LoadLibraryA
DeleteFileA
CreateFileA
GetCurrentProcess
lstrcatA
RaiseException
GetCurrentThreadId
OutputDebugStringA
lstrcpyA
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
OpenProcess
GetTickCount
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
GetVersionExA
GetLastError
FindFirstFileW
CreateProcessW
FindClose
Sleep
LocalFree
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
CreateFileW
GetTempFileNameW
GetTempPathW
CreateDirectoryW
SetEvent
CreateEventA
ResetEvent
CreateThread
GetEnvironmentVariableA
SetUnhandledExceptionFilter
OpenMutexA
CreateMutexA
GetSystemDirectoryA
FreeLibrary
GetCurrentProcessId
CloseHandle
DeleteCriticalSection
GetModuleHandleA
GetModuleFileNameA
EnterCriticalSection
ExpandEnvironmentStringsW
InitializeCriticalSection
UnmapViewOfFile
SetHandleCount
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
FlushConsoleInputBuffer
LoadLibraryW
HeapSize
GlobalMemoryStatus
lstrlenA
GetSystemInfo
DeviceIoControl
CancelIo
GetOverlappedResult
WaitForMultipleObjects
GetProcessHeap
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
SetConsoleMode
ReadConsoleInputA
GetUserDefaultLCID
RtlUnwind
GetTimeZoneInformation
LCMapStringW
SetConsoleCtrlHandler
InterlockedExchange
FindNextFileW
IsValidCodePage
GetOEMCP
WriteConsoleW
GetStringTypeW
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
SetStdHandle
FlushFileBuffers
GetLocaleInfoW
GlobalFindAtomA
GlobalAddAtomA
GetFileType
SystemTimeToFileTime
GetCurrentDirectoryW
DosDateTimeToFileTime
FindResourceA
FreeResource
GetModuleHandleW
GetNativeSystemInfo
GetVersion
QueryPerformanceCounter
GetModuleFileNameW
HeapFree
HeapAlloc
ExitThread
ResumeThread
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapReAlloc
ExitProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetConsoleCP
GetConsoleMode
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo

user32

SendMessageTimeoutW
EnumWindows
GetWindowTextA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
IsWindowVisible
RegisterWindowMessageA
MessageBoxA

advapi32

OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegSetValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenProcessToken
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA

ole32

OleInitialize

oleaut32

VariantClear
SysAllocString
SysFreeString

shlwapi

SHGetValueA
SHSetValueA

psapi

GetModuleFileNameExA

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
HttpQueryInfoW

dbghelp

MiniDumpWriteDump

crypt32

CertAddEncodedCertificateToStore
CertOpenStore
CertFreeCertificateContext
CertCloseStore

netapi32

Netbios

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db12d03c7628a3a475e3ce02ee7a1819

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

wininet

dbghelp

crypt32

netapi32

version

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 379KB - Virtual size: 379KB

.data Size: 108KB - Virtual size: 137KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 69KB - Virtual size: 69KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 379KB - Virtual size: 379KB

.data
Size: 108KB - Virtual size: 137KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 69KB - Virtual size: 69KB