2024-09-06_a24e58366349809301a376bac04ace80_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-06_a24e58366349809301a376bac04ace80_mafia
Size

2.0MB
MD5

a24e58366349809301a376bac04ace80
SHA1

043c43ba69fb189af801045ee52494574b89dfd4
SHA256

13384873c60da743f1c3d5e91bf3c466ea991a2f7a7faa4da760ae0326d89f01
SHA512

28304b26bf10f765d67cec2277ad7b24ea13e07e0b59c34c194ed7d4c7717e40ef5f9c953a50ce752e94c67a0ef07fec7189147a174a53900965c31e7b6108f2
SSDEEP

49152:E9ThLeEV5U5Lcmy6xjB6AOYM6grupv2oqq5eZNcjcbFvZUovwvrThZ1XH:E9RD5U5LFyi0AM6grupv2oqq5enbfUo4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-06_a24e58366349809301a376bac04ace80_mafia

Files

2024-09-06_a24e58366349809301a376bac04ace80_mafia
.exe windows:5 windows x86 arch:x86

fecc1ebf4434b55c429b31bd6e8ac6de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\DiagStudio\2_SRC\trunk\bin\Release\LogCollector.pdb

Imports

kernel32

GetProcessHeap
InterlockedCompareExchange
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetDiskFreeSpaceExW
FindNextFileW
Process32NextW
SystemTimeToTzSpecificLocalTime
GetProcessTimes
QueryFullProcessImageNameW
Process32FirstW
CreateToolhelp32Snapshot
WriteConsoleW
SetEnvironmentVariableA
SetVolumeLabelW
GetVersionExW
CreateDirectoryW
GetLastError
WaitForSingleObject
GetWindowsDirectoryW
GetSystemDirectoryW
IsWow64Process
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
LCMapStringW
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
GetStringTypeW
GetCurrentProcess
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
CreateFileW
WriteFile
OutputDebugStringW
CloseHandle
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
GetFileAttributesW
CreateThread
CopyFileW
DeleteFileW
OpenProcess
GetCurrentProcessId
GetModuleFileNameW
InterlockedExchange
LoadLibraryExW
GetLocaleInfoW
FreeLibrary
GetProcAddress
GetModuleHandleW
GlobalAlloc
lstrcmpW
GlobalLock
MultiByteToWideChar
SetLastError
DeactivateActCtx
LoadLibraryW
ActivateActCtx
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
lstrcmpA
GlobalFree
FreeResource
lstrcpyW
GetPrivateProfileIntW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapSize
HeapQueryInformation
ExitThread
GetFileType
SetStdHandle
HeapReAlloc
RaiseException
ExitProcess
WritePrivateProfileStringW
lstrlenW
GetPrivateProfileStringW
RtlUnwind
DecodePointer
EncodePointer
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
Sleep
GetProfileIntW
GetNumberFormatW
GetTickCount
GetTempPathW
GetTempFileNameW
SetErrorMode
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
GetFileAttributesExW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
MoveFileW
lstrcmpiW
FileTimeToSystemTime
GlobalGetAtomNameW
lstrlenA
GetThreadLocale
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GlobalFindAtomW
CompareStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GlobalAddAtomW
ResumeThread
SetThreadPriority
GlobalSize
FormatMessageW
LocalFree
MulDiv
GlobalUnlock
GetCurrentDirectoryW

user32

CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongW
DestroyAcceleratorTable
SetParent
UnpackDDElParam
ReuseDDElParam
LoadImageW
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
UnregisterClassW
CopyImage
DestroyIcon
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsZoomed
GetAsyncKeyState
NotifyWinEvent
SetWindowRgn
CharUpperW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IntersectRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
OffsetRect
CharNextW
KillTimer
SetTimer
RealChildWindowFromPoint
GetSysColorBrush
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
DeleteMenu
WaitMessage
ReleaseCapture
LoadCursorW
WindowFromPoint
SetCapture
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
IsDialogMessageW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetCursorPos
GetClassLongW
SetPropW
GetPropW
MapVirtualKeyExW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
EnableWindow
LoadIconW
GetSystemMenu
AppendMenuW
SendMessageW
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
LockWindowUpdate
RegisterClipboardFormatW
InvertRect
HideCaret
GetIconInfo
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
FrameRect
CopyIcon
CharUpperBuffW
PostThreadMessageW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
GetDoubleClickTime
LoadBitmapW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
ScreenToClient
MoveWindow
FindWindowExW
GetWindowRect
ShowWindow
GetDlgItem
GetWindowLongW
SetWindowLongW
SetWindowTextW
PostMessageW
PostQuitMessage
SetWindowPos
MapDialogRect
GetWindowRgn
GetParent
SetWindowContextHelpId
GetWindow
RegisterWindowMessageW
EndDialog
GetNextDlgTabItem
IsWindowEnabled
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
GetDesktopWindow
MessageBoxW
GetCapture
IsCharLowerW
GetLastActivePopup
GetWindowThreadProcessId
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
GetMenuStringW
SubtractRect
DestroyCursor
RemovePropW
GetMenuState
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
GetSysColor
LoadMenuW
CopyRect
GetKeyNameTextW
MapVirtualKeyW
PtInRect
GetFocus
CallNextHookEx
GetCursorPos
UnhookWindowsHookEx
SetWindowsHookExW
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetMenuCheckMarkDimensions
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
GetClassNameW
InvalidateRect
UpdateWindow
DrawStateW
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
ValidateRect
SetMenuItemBitmaps

gdi32

SetLayout
DeleteObject
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
SelectPalette
GetObjectType
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
CreateFontIndirectW
GetTextExtentPoint32W
CreateDIBitmap
CreateCompatibleBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
GetLayout
GetRgnBox
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
CreateCompatibleDC
BitBlt
CreatePen
Rectangle
GetDeviceCaps
CopyMetaFileW
CreateDCW
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
CreateSolidBrush
GetObjectW
CreateFontW
CreateDIBSection
GetStockObject
SetMapMode
GetClipBox
GetTextColor
ExcludeClipRect

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

OpenEventLogW
LookupPrivilegeValueW
AdjustTokenPrivileges
CloseEventLog
BackupEventLogW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken

shell32

DragFinish
ShellExecuteExW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetMalloc
SHAppBarMessage
ShellExecuteW
DragQueryFileW
SHFileOperationW
SHGetDesktopFolder

comctl32

ImageList_GetIconSize
InitCommonControlsEx

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

ole32

RevokeDragDrop
CoLockObjectExternal
OleGetClipboard
CoRegisterMessageFilter
CoRevokeClassObject
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitialize
CoCreateInstance
CoUninitialize
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
RegisterDragDrop
CoInitializeEx

oleaut32

SysStringLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VarBstrFromDate
VariantClear
SysAllocStringLen
SysFreeString
SysAllocString

oledlg

OleUIBusyW

gdiplus

GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode

psapi

GetProcessMemoryInfo

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDescriptionW
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

winmm

PlaySoundW

globalenvmgr

SetCurrentLanguage
GetOS
GetMachine
GetCurrentLanguage
GetDefaultLanguage
InitGlobalEnv
GetOSPlatform

swcontentsmgr

SetContentsLanguage

mgmttoolmgr

GetMgmtToolContent
InitMgmtToolList

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fecc1ebf4434b55c429b31bd6e8ac6de

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

psapi

setupapi

winmm

globalenvmgr

swcontentsmgr

mgmttoolmgr

oleacc

imm32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 313KB - Virtual size: 312KB

.data Size: 29KB - Virtual size: 60KB

.rsrc Size: 204KB - Virtual size: 204KB

.reloc Size: 172KB - Virtual size: 171KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 313KB - Virtual size: 312KB

.data
Size: 29KB - Virtual size: 60KB

.rsrc
Size: 204KB - Virtual size: 204KB

.reloc
Size: 172KB - Virtual size: 171KB