2024-09-06_42de77abd175704c309043f30dce2cb5_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-06_42de77abd175704c309043f30dce2cb5_mafia
Size

5.2MB
MD5

42de77abd175704c309043f30dce2cb5
SHA1

55b10e1f9358870c779c81d3a031dae986ef7518
SHA256

3b77843763a39bcd34bed0bfeeb2f0d4b52a3ba2378935bddefd36f751814dfe
SHA512

cddbddbe12daec4bcb59108587221b2804446b3dee3a713a405a0eabb844530a5eb466798075212026a35164a342a63f2b66d552c501f0d23d064e2a77b933fa
SSDEEP

98304:3qEIrYsdTVS6yH/giRKMcekRDsCDnFk2HY5icmKa:hzsd09fgiANPDnnr6icmKa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-06_42de77abd175704c309043f30dce2cb5_mafia

Files

2024-09-06_42de77abd175704c309043f30dce2cb5_mafia
.exe windows:5 windows x86 arch:x86

1396f6ac11b29524e02b5aa6f999c9d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\Piriform\CCleaner\branches\v5.03\bin\CCleaner\Release\CCleaner.pdb

Imports

rpcrt4

UuidFromStringA

kernel32

FormatMessageA
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetFileAttributesExW
GetCurrentProcessId
GetTempPathA
AreFileApisANSI
DeleteFileA
SetFileTime
GetThreadTimes
GetThreadContext
RtlCaptureContext
SetUnhandledExceptionFilter
VirtualQueryEx
TerminateThread
ReleaseSemaphore
OpenThread
CreateSemaphoreW
SuspendThread
ResumeThread
CreateThread
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
WaitForMultipleObjects
VirtualQuery
VirtualFree
VirtualAlloc
VirtualProtectEx
GetThreadPriority
GetTimeFormatA
OutputDebugStringW
LockFile
SetEnvironmentVariableA
UnlockFile
UnlockFileEx
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
RtlUnwind
GetStdHandle
GetFileType
WriteConsoleW
IsDebuggerPresent
UnhandledExceptionFilter
GetLogicalDrives
ExitThread
HeapSetInformation
ExitProcess
VirtualProtect
GetModuleHandleA
CreateWaitableTimerA
SetWaitableTimer
TlsSetValue
OpenEventA
TlsGetValue
TlsFree
TlsAlloc
InterlockedPopEntrySList
IsProcessorFeaturePresent
InterlockedPushEntrySList
BackupSeek
BackupRead
GetCompressedFileSizeW
CreateDirectoryW
SetFilePointerEx
GetTickCount
InterlockedCompareExchange
UnmapViewOfFile
MapViewOfFile
CreateFileA
HeapReAlloc
GetFullPathNameA
LocalUnlock
LocalLock
LocalAlloc
CompareFileTime
SetProcessWorkingSetSize
SetEndOfFile
lstrcmpA
DeviceIoControl
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WritePrivateProfileStringW
MoveFileExW
SystemTimeToFileTime
GetSystemTime
MoveFileW
LoadLibraryA
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SetThreadPriority
GetVolumeInformationW
GetDriveTypeW
IsBadStringPtrW
CopyFileW
GetTempFileNameW
GetTempPathW
RemoveDirectoryW
SetFileAttributesW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetCurrentThread
FindNextFileW
FindFirstFileW
GetFullPathNameW
FindClose
GetUserDefaultLangID
FileTimeToSystemTime
FileTimeToLocalFileTime
GetShortPathNameW
GetSystemTimeAsFileTime
OutputDebugStringA
InitializeCriticalSection
GetLocalTime
GetModuleFileNameA
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
GetLocaleInfoW
VerifyVersionInfoW
VerSetConditionMask
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
lstrlenA
GlobalHandle
lstrcmpW
GetDiskFreeSpaceExW
GetWindowsDirectoryW
GetProcessTimes
GetLongPathNameW
SetFilePointer
GetFileSize
ReadFile
GetVersion
CompareStringW
Sleep
GetPrivateProfileStringW
DeleteFileW
LocalFree
FormatMessageW
lstrcpynW
GetVersionExW
SetCurrentDirectoryW
GetCurrentDirectoryW
QueryPerformanceCounter
QueryPerformanceFrequency
GetCommandLineW
CreateProcessW
GetStartupInfoW
SetErrorMode
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
lstrcmpiW
GetProcAddress
WriteFile
FlushFileBuffers
CreateFileW
GetFileAttributesW
WideCharToMultiByte
CreateMutexW
GetModuleFileNameW
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetLastError
DeleteCriticalSection
SetLastError
RaiseException
GetCurrentThreadId
GetModuleHandleW
lstrcpyW
lstrlenW
LoadLibraryW
FreeLibrary
FindResourceExW
MulDiv
CreateEventA
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
InterlockedExchange
ResetEvent
SetEvent
CreateEventW
OpenProcess
TerminateProcess
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
FindResourceW
LoadResource
LockResource
SizeofResource
SetStdHandle
GetDateFormatA

user32

InvalidateRgn
DestroyAcceleratorTable
SendDlgItemMessageW
wsprintfW
GetForegroundWindow
GetDlgItemInt
GetNextDlgTabItem
SetDlgItemTextW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetShellWindow
GetWindowInfo
SetMenuItemInfoW
SetMenuDefaultItem
GetWindowPlacement
LockWindowUpdate
CreateAcceleratorTableW
SetWindowContextHelpId
MapDialogRect
CreateDialogIndirectParamW
GetSystemMetrics
SystemParametersInfoA
GetMenuItemID
GetWindowThreadProcessId
ExitWindowsEx
WaitForInputIdle
EnumDisplaySettingsW
EmptyClipboard
SendMessageTimeoutW
GetWindowRect
SetWindowPos
GetWindowLongW
UnregisterClassA
GetParent
GetWindow
GetDesktopWindow
GetClientRect
MapWindowPoints
SetWindowLongW
SendMessageW
GetDlgItem
ScreenToClient
MoveWindow
GetDC
ReleaseDC
GetWindowTextW
SetWindowTextW
DefWindowProcW
PostMessageW
EndDialog
BeginPaint
EndPaint
IsWindow
PostQuitMessage
IsDialogMessageW
FindWindowExW
UpdateLayeredWindow
LoadIconW
GetComboBoxInfo
AdjustWindowRectEx
GetMenu
SetLayeredWindowAttributes
DeleteMenu
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
DialogBoxParamW
SetPropW
SetScrollPos
GetMonitorInfoW
MonitorFromWindow
GetAsyncKeyState
GetNextDlgGroupItem
DestroyCursor
GetLastActivePopup
MessageBeep
DrawIcon
GetDialogBaseUnits
LoadStringW
WinHelpW
SetClipboardData
WaitMessage
DrawTextExW
UnregisterClassW
CharLowerW
CharLowerA
GetDlgItemTextW
LoadBitmapW
EnableScrollBar
GetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
RemovePropW
DrawFrameControl
GetScrollInfo
ScrollWindowEx
SetScrollInfo
AppendMenuW
GetScrollPos
DrawFocusRect
DestroyIcon
DrawStateW
CopyRect
GetKeyState
GetMessagePos
CreateDialogParamW
FrameRect
IsChild
ChildWindowFromPoint
GetSysColor
SetRectEmpty
SetCursorPos
InvalidateRect
PtInRect
RedrawWindow
TrackMouseEvent
GetSystemMenu
TrackPopupMenu
SetForegroundWindow
IsZoomed
GetActiveWindow
SystemParametersInfoW
DrawTextW
InflateRect
LoadImageW
GetWindowTextLengthW
GetWindowDC
DrawEdge
GetClassNameW
GetDlgCtrlID
FillRect
GetClassLongW
OffsetRect
CallWindowProcW
ShowWindow
KillTimer
SetTimer
DestroyWindow
GetSysColorBrush
ClientToScreen
RegisterWindowMessageW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
DestroyMenu
CheckDlgButton
IsDlgButtonChecked
IsWindowVisible
OpenIcon
FindWindowW
EnumWindows
IsIconic
SetFocus
SetRect
GetCapture
SetCapture
WindowFromPoint
ReleaseCapture
SetCursor
CharNextW
GetClassInfoW
RegisterClassW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
MessageBoxW
InsertMenuW
GetCursorPos
CreatePopupMenu
EnableMenuItem
EnableWindow
BringWindowToTop
UpdateWindow
IsWindowEnabled
DispatchMessageA
GetMessageA
IsWindowUnicode
MsgWaitForMultipleObjects
GetFocus

gdi32

EndPath
StrokeAndFillPath
CreateRectRgn
CreateDCW
UnrealizeObject
CombineRgn
BeginPath
TextOutW
PatBlt
CreateBitmap
CreatePatternBrush
GetClipBox
GetClipRgn
PolylineTo
LineTo
MoveToEx
CreatePen
Rectangle
SelectClipRgn
ExcludeClipRect
GetTextExtentPoint32W
GetTextMetricsW
RestoreDC
SaveDC
GetStockObject
SetDIBColorTable
CreateDIBSection
GetObjectW
GetDIBColorTable
StretchBlt
CreateFontIndirectW
SetTextColor
SetBkMode
ExtTextOutW
GetTextColor
BitBlt
CreateCompatibleDC
GetDeviceCaps
CreateSolidBrush
DeleteObject
SelectObject
DeleteDC
CreateRectRgnIndirect
CreateCompatibleBitmap
SetViewportOrgEx
SetBkColor
GetBkColor

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

SetNamedSecurityInfoW
SetEntriesInAclW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
CloseEventLog
ClearEventLogW
OpenEventLogW
LookupPrivilegeNameW
RegUnLoadKeyW
RegLoadKeyW
RegNotifyChangeKeyValue
RegEnumValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetUserNameW
LookupAccountNameW
CopySid
GetLengthSid
LookupAccountSidW
FreeSid
EqualSid
OpenThreadToken
AllocateAndInitializeSid
GetSidSubAuthority
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
GetFileSecurityW
DuplicateToken
MapGenericMask
AccessCheck
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount

shell32

SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHAppBarMessage
DragQueryFileW
DragFinish
ShellExecuteExW
Shell_NotifyIconW
SHGetSpecialFolderLocation
ExtractIconExW
SHGetFileInfoW
SHAddToRecentDocs
ShellExecuteW

ole32

CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoInitialize
PropVariantClear
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoInitializeSecurity
DoDragDrop
RegisterDragDrop
RevokeDragDrop
OleDuplicateData
ReleaseStgMedium
OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
DispCallFunc
OleCreateFontIndirect
VarBstrFromI4
VariantTimeToSystemTime
VariantChangeType
SysStringLen
VariantInit
VariantClear
SysAllocString
VarUI4FromStr
SysFreeString
VarBstrFromR8

shlwapi

PathFindExtensionW
PathRemoveExtensionA
PathRemoveFileSpecW
PathRemoveExtensionW
PathAddExtensionW
PathStripToRootW
PathSkipRootW
PathRemoveArgsW
PathGetDriveNumberW
PathCompactPathW
PathIsDirectoryW
PathFileExistsW
PathAppendW
PathMatchSpecW
PathUnquoteSpacesW
PathCombineW
SHStrDupW
PathStripPathW
PathIsURLW
PathCreateFromUrlW
PathStripPathA
PathIsUNCW
PathIsRelativeW
PathFindFileNameW
StrRetToStrW
PathIsDirectoryEmptyW
PathRemoveBackslashW

comctl32

ImageList_SetIconSize
ImageList_Destroy
ImageList_Draw
ImageList_LoadImageW
ImageList_Add
ImageList_Create
_TrackMouseEvent
ImageList_Remove
InitCommonControlsEx
ImageList_Duplicate
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_GetIconSize

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipSetCompositingMode
GdipAddPathPieI
GdipIsVisiblePathPointI
GdipCreatePen1
GdipSetSmoothingMode
GdipDrawRectangleI
GdipCreateHatchBrush
GdipFillPieI
GdipDrawPieI
GdipCreateFromHDC
GdipDeletePen
GdipFillRectangleI
GdipDrawImageRectRectI
GdipCreateSolidFill
GdipFillEllipseI
GdipSetPathGradientBlend
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCloneBrush
GdipDeleteBrush
GdipCreatePathGradientFromPath
GdipAddPathEllipseI
GdipDeletePath
GdipCreatePath
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipBitmapUnlockBits

uxtheme

DrawThemeEdge
OpenThemeData
DrawThemeBackground
GetThemeInt
GetThemeColor
CloseThemeData
GetThemeBackgroundContentRect
IsThemeActive

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

netapi32

NetApiBufferFree
NetLocalGroupGetMembers

crypt32

CryptDecodeObject
CertGetNameStringW
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam
CertCloseStore
CryptMsgClose
CertFindCertificateInStore

wintrust

WinVerifyTrust

esent

JetOpenDatabase
JetAttachDatabase2
JetCreateDatabase2
JetBeginSession
JetInit2
JetOpenTable
JetSetSystemParameter
JetTerm2
JetEndSession
JetCloseDatabase
JetCloseTable
JetGetDatabaseFileInfo
JetSetCurrentIndex4
JetMove
JetEnumerateColumns
JetBeginTransaction
JetDelete
JetCommitTransaction
JetRollback
JetCreateInstance2
JetDeleteTable

iphlpapi

GetAdaptersAddresses

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

HttpSendRequestW
HttpAddRequestHeadersW
InternetCrackUrlW
InternetQueryDataAvailable
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
FindNextUrlCacheEntryExW
FindFirstUrlCacheEntryExW
FindCloseUrlCache
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
HttpOpenRequestW
DeleteUrlCacheEntryA
InternetConnectW
FindFirstUrlCacheEntryW

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 775KB - Virtual size: 775KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 341KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1396f6ac11b29524e02b5aa6f999c9d7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

uxtheme

wtsapi32

netapi32

crypt32

wintrust

esent

iphlpapi

version

wininet

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 775KB - Virtual size: 775KB

.data Size: 341KB - Virtual size: 2.4MB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 271KB - Virtual size: 270KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 775KB - Virtual size: 775KB

.data
Size: 341KB - Virtual size: 2.4MB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 271KB - Virtual size: 270KB