2024-09-06_878866925e504c49386b335447433b0a_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-06_878866925e504c49386b335447433b0a_mafia
Size

6.1MB
MD5

878866925e504c49386b335447433b0a
SHA1

3578e02c2057f5db545da037291e940a36f6d162
SHA256

e5d92b601c0995eab0343381a39545ad9b1e587d4ab73ed06c47fdcc1cca3a0e
SHA512

a7b9566a17dcf2f50a13c8918b344a371c511c491aa5fab3b48ce73347790709727f6748c7726d3056690c211d5fcc91c4712de0dd39d3894b663a32f5b6cf29
SSDEEP

98304:qAFteJCaO5M30AlDdeTlUHJvYco/hvB6bVozb5q1y7ud:qRJl0AMlUHJy/hvEwSd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-06_878866925e504c49386b335447433b0a_mafia

Files

2024-09-06_878866925e504c49386b335447433b0a_mafia
.exe windows:5 windows x86 arch:x86

58a9d688f95e3072b14baa8c1029062f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\辅助开发\Release\patcher.pdb

Imports

kernel32

lstrcmpA
SetFilePointer
lstrlenA
MapViewOfFile
UnmapViewOfFile
lstrcpynA
FindResourceW
LoadResource
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
CreateDirectoryW
GlobalLock
WaitForSingleObject
SetEvent
GetModuleHandleW
GetTickCount
GetPrivateProfileStringW
WriteFile
GlobalAlloc
WideCharToMultiByte
Sleep
SizeofResource
CreateEventA
lstrcpynW
ReadFile
GetModuleFileNameW
CreateFileW
lstrcatA
lstrlenW
RaiseException
GetPrivateProfileIntW
GetLastError
lstrcmpiA
GetFileSize
GetLocalTime
CreateFileMappingW
LockResource
CreateEventW
GetModuleFileNameA
lstrcmpiW
VirtualProtect
CloseHandle
GetCurrentProcessId
GlobalReAlloc
lstrcpyW
CreateThread
lstrcpyA
SetStdHandle
WriteConsoleW
GetStringTypeW
LCMapStringW
CompareStringW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
IsProcessorFeaturePresent
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
GlobalFree
CreateFileA
FreeEnvironmentStringsW
GetStdHandle
ExitProcess
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateMutexW
HeapCompact
TryEnterCriticalSection
SetEndOfFile
FreeLibrary
HeapAlloc
QueryPerformanceCounter
HeapFree
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
InitializeCriticalSection
LoadLibraryW
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
DeleteFileW
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
ExitThread
RtlUnwind
TerminateProcess
GetCurrentProcess
SetEnvironmentVariableA

user32

GetDesktopWindow
EmptyClipboard
MessageBoxA
GetForegroundWindow
wsprintfW
GetCursorPos
wsprintfA
GetFocus
PostMessageW
GetTopWindow
CloseClipboard
WindowFromPoint
GetSystemMetrics
mouse_event
SetClipboardData
OpenClipboard

shell32

ShellExecuteW

ole32

CoCreateGuid

comctl32

ord17

shlwapi

PathFindFileNameW

ws2_32

WSAStartup
accept
listen
send
gethostbyname
closesocket
socket
bind
recv
getsockname
htons
connect
inet_addr

Sections

.text
Size: 656KB - Virtual size: 655KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58a9d688f95e3072b14baa8c1029062f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

comctl32

shlwapi

ws2_32

Sections

.text Size: 656KB - Virtual size: 655KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 57KB - Virtual size: 69KB

.rsrc Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 656KB - Virtual size: 655KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 57KB - Virtual size: 69KB

.rsrc
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 35KB - Virtual size: 35KB