2024-09-05_946ef630eedb1cf0ff0a5b3a41c380dc_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-05_946ef630eedb1cf0ff0a5b3a41c380dc_mafia
Size

967KB
MD5

946ef630eedb1cf0ff0a5b3a41c380dc
SHA1

91dc4c3d89f609d8034b0f4a477b6136ca141658
SHA256

6cff0a223b798a31e9025d6a0ba76ab7a1ba22fd89f446027bf34b93fd45d2a0
SHA512

d334d9d1a21a50e42a9620b699b6e1c320a8918259ea88439284a845f4abdeb3ea36b91230529f987fa52ece761016f2698bbb59dc2adb1da9c3b5e8969572f6
SSDEEP

12288:6/NbZP5Kjrm6miAynKJSQL8rhVztusJKLNDuwSu9R7/0j0knVR3M7FcAJJBdcTv7:41s0EJ+NDuwdRoHVO7vJByT9Zp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-05_946ef630eedb1cf0ff0a5b3a41c380dc_mafia

Files

2024-09-05_946ef630eedb1cf0ff0a5b3a41c380dc_mafia
.exe windows:5 windows x86 arch:x86

19255550fe63b897ea46931bc0316f98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
FreeLibrary
LoadLibraryExW
GlobalFree
GlobalHandle
CloseHandle
DeleteFileW
Sleep
InitializeCriticalSection
CreateMutexW
GetPrivateProfileSectionW
GetLocalTime
WriteFile
SetFilePointer
GetFileSize
CreateFileW
GetCommandLineW
GetCurrentProcessId
FindClose
FindNextFileW
FindFirstFileW
GlobalLock
SetErrorMode
ReadFile
LoadLibraryW
WideCharToMultiByte
SetEvent
RemoveDirectoryW
MoveFileW
WaitForSingleObject
CreateEventW
CreateDirectoryW
GetTickCount
ResumeThread
CreateProcessW
IsDBCSLeadByte
VirtualProtect
WriteProcessMemory
SystemTimeToFileTime
GetSystemTime
CompareStringW
SetEndOfFile
GetTimeZoneInformation
SetUnhandledExceptionFilter
GlobalUnlock
EnterCriticalSection
CompareFileTime
WinExec
GetProcessTimes
GetExitCodeProcess
WaitForMultipleObjects
GlobalMemoryStatusEx
GetSystemInfo
RaiseException
Process32NextW
Process32FirstW
MulDiv
LocalFree
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
CreateThread
ExitThread
GetSystemTimeAsFileTime
ExitProcess
GetStartupInfoW
HeapSetInformation
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
lstrcmpW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
lstrlenA
SizeofResource
GetLastError
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
lstrlenW
GetCurrentThreadId
GlobalAlloc
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateToolhelp32Snapshot
LeaveCriticalSection
FreeResource
WritePrivateProfileStringW
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
GetVersionExW
SetEnvironmentVariableA

user32

DestroyWindow
GetWindowLongW
ShowWindow
SetTimer
KillTimer
SendDlgItemMessageW
PtInRect
OffsetRect
IntersectRect
UnionRect
GetSystemMetrics
UnregisterClassA
SetWindowPos
MapWindowPoints
GetWindow
GetWindowRect
MonitorFromWindow
GetParent
PostMessageW
PostQuitMessage
SetWindowLongW
IsWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CharNextW
DefWindowProcW
MapDialogRect
EndDialog
CreateWindowExW
SetWindowContextHelpId
FindWindowExW
EnumChildWindows
SendMessageW
GetSysColor
MoveWindow
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
GetMonitorInfoW
GetClientRect
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetDlgItem
GetClassNameW
SetActiveWindow
AnimateWindow
BringWindowToTop
SetForegroundWindow
OpenClipboard
SystemParametersInfoW
EnableWindow
IsRectEmpty
SetWindowsHookExW
CallNextHookEx
GetAncestor
UnhookWindowsHookEx
GetClassInfoW
RegisterClassW
SetPropW
GetPropW
CreateDialogIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
RegisterClassExW
LoadCursorW
GetClassInfoExW
GetFocus
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture

gdi32

CreateCompatibleDC
GetDeviceCaps
SelectObject
DeleteObject
DeleteDC
GetObjectW
BitBlt
CreateSolidBrush
CreateCompatibleBitmap
GetStockObject

advapi32

RegQueryValueExA
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueA
RegQueryValueW
RegDeleteKeyW
GetUserNameW

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHGetFolderPathA
SHGetSpecialFolderPathW

ole32

OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleUninitialize
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
OleLockRunning
CoTaskMemAlloc
OleRun
ProgIDFromCLSID
CoGetClassObject
StringFromGUID2
CoCreateGuid

oleaut32

VarBstrCmp
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayDestroy
VariantChangeType
VariantCopy
DispCallFunc
SysStringByteLen
SysAllocStringByteLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
VarUI4FromStr
GetErrorInfo
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

shlwapi

PathFileExistsW
SHRegGetValueA
SHRegGetValueW
SHDeleteKeyW
PathIsDirectoryW

urlmon

ObtainUserAgentString
CoInternetGetSession
UrlMkSetSessionOption

wininet

CommitUrlCacheEntryA
InternetQueryOptionW
InternetSetOptionW
InternetSetCookieW
CommitUrlCacheEntryW
InternetErrorDlg
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetReadFile
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetCloseHandle
HttpQueryInfoW

dsound

ord1

dbghelp

ImageDirectoryEntryToDataEx
MiniDumpWriteDump

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

EnumProcessModules
GetProcessMemoryInfo

winmm

waveOutWrite
midiStreamOut
PlaySoundA
PlaySoundW

wintrust

WinVerifyTrust

crypt32

CertOpenStore

ws2_32

gethostname
gethostbyname
inet_ntoa

pdh

PdhGetFormattedCounterValue
PdhCollectQueryData
PdhAddCounterW
PdhCloseQuery
PdhOpenQueryW

Sections

.text
Size: 728KB - Virtual size: 727KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19255550fe63b897ea46931bc0316f98

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

wininet

dsound

dbghelp

version

psapi

winmm

wintrust

crypt32

ws2_32

pdh

Sections

.text Size: 728KB - Virtual size: 727KB

.rdata Size: 156KB - Virtual size: 155KB

.data Size: 20KB - Virtual size: 29KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 728KB - Virtual size: 727KB

.rdata
Size: 156KB - Virtual size: 155KB

.data
Size: 20KB - Virtual size: 29KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 56KB - Virtual size: 55KB