2024-09-07_4a02968557eb9f417f690afdc7903356_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-07_4a02968557eb9f417f690afdc7903356_mafia
Size

554KB
MD5

4a02968557eb9f417f690afdc7903356
SHA1

0adadfdd3508e97855b759ca3d6d0c9979646ed9
SHA256

629120f6c847393c4a43d6ea61cf798f1091d331fd399e695e3ce64f89fb3997
SHA512

c8eee47e547f2763c14b691c93ad3fb40cbe9eee1ebfb546b4da8b9ef10556c01c81f6258a53ce5f233e2fc4293d070ff9ecb7dfc68d6569f90b7dddff869e69
SSDEEP

12288:/fy6ddcwn7T2KTFruFY8lG6XpZNRyZ17D2zaGa0Q967p2vTkJcgV:/fy6ddjSZ327Cz3Q9uET0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-07_4a02968557eb9f417f690afdc7903356_mafia

Files

2024-09-07_4a02968557eb9f417f690afdc7903356_mafia
.exe windows:5 windows x86 arch:x86

a4c9a6be0a7572177e11cc7185ada76c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
GetProcAddress
EnterCriticalSection
GlobalFree
LocalAlloc
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
DeleteCriticalSection
GetCurrentThreadId
lstrcpyA
SetFilePointer
CreateThread
lstrcpyW
GetTempPathA
GetCurrentProcessId
CloseHandle
OutputDebugStringA
FindNextFileA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
VirtualProtectEx
SetLastError
CreateFileW
GetVersionExW
FormatMessageW
WideCharToMultiByte
GlobalAlloc
FormatMessageA
GlobalLock
GetCurrentProcess
SetEndOfFile
SetStdHandle
WriteConsoleW
LoadLibraryW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetEnvironmentStringsW
GetLastError
RaiseException
FlushInstructionCache
GlobalUnlock
lstrlenW
MultiByteToWideChar
IsDBCSLeadByte
MulDiv
LeaveCriticalSection
FindFirstFileA
SizeofResource
InterlockedDecrement
InterlockedIncrement
LoadResource
FreeLibrary
lstrlenA
lstrcmpA
FindResourceA
FindClose
GetCommandLineW
GetVolumeInformationA
OpenProcess
FreeEnvironmentStringsW
GetLocaleInfoW
HeapReAlloc
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetStartupInfoW
GetFileType
SetHandleCount
GetModuleFileNameW
GetStdHandle
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
WaitForSingleObject
CreateProcessW
lstrcpynA
VirtualQuery
GetFileSize
CreateFileA
LocalFree
InitializeCriticalSection
InterlockedExchange
Sleep
DecodePointer
EncodePointer
InterlockedPopEntrySList
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
LCMapStringW
RtlUnwind
HeapSetInformation
GetSystemInfo
VirtualProtect
GetCurrentThread
SetThreadAffinityMask
QueryPerformanceCounter
QueryPerformanceFrequency
TlsAlloc
TlsFree
OpenThread
TlsGetValue
TlsSetValue
SetEvent
CreateMutexA
CreateEventA
ReleaseMutex
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
DeleteFileA
DeleteFileW
GetExitCodeThread
GetTempPathW
TerminateThread
GetTempFileNameW
GetTickCount
HeapAlloc
GetProcessHeap
GetModuleHandleW
WriteProcessMemory
ReadFile
ReadProcessMemory
HeapFree
InterlockedCompareExchange
InterlockedPushEntrySList
WriteFile

user32

GetFocus
PostMessageW
IsZoomed
SetCursorPos
GetWindowLongW
SetWindowLongW
GetCursorPos
SetLayeredWindowAttributes
ShowWindow
FindWindowExW
MessageBoxW
MoveWindow
GetWindow
LoadCursorA
CallWindowProcA
SetWindowTextA
ReleaseCapture
IsWindow
SetWindowPos
GetSysColor
GetDesktopWindow
RedrawWindow
DefWindowProcA
GetDlgItem
ReleaseDC
CreateWindowExA
GetWindowLongA
CreateAcceleratorTableA
InvalidateRect
SetWindowLongA
GetWindowTextA
GetDC
BeginPaint
RegisterWindowMessageA
SendMessageA
GetWindowTextLengthA
SetFocus
GetClientRect
CharUpperA
SetTimer
KillTimer
GetPropA
SetPropA
LoadCursorW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
LoadImageA
DefWindowProcW
EndPaint
ClientToScreen
DestroyWindow
GetClassNameA
DestroyAcceleratorTable
ScreenToClient
RegisterClassExA
FillRect
IsChild
GetClassInfoExA
SetCapture
SendMessageW
GetParent
InvalidateRgn
CharNextA
UnregisterClassA
CallWindowProcW
CharLowerA
wsprintfW
wsprintfA
GetWindowRect

gdi32

DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
GetStockObject
CreateSolidBrush
BitBlt

advapi32

RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyW
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyA
RegEnumKeyA
AdjustTokenPrivileges
RegCloseKey

shell32

CommandLineToArgvW
Shell_NotifyIconA

ole32

OleRun
CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
OleUninitialize
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoTaskMemRealloc
OleLockRunning
CoCreateInstance

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
LoadRegTypeLi
SysFreeString
SysStringByteLen
VarUI4FromStr
OleCreateFontIndirect
SysAllocStringLen
VariantInit
SysAllocStringByteLen
LoadTypeLi
VariantClear
SysStringLen
SysAllocString
VariantCopy
GetErrorInfo
VariantChangeType

shlwapi

PathFindOnPathA
StrStrIA
PathRemoveExtensionA
StrRStrIA
SHGetValueA
PathStripPathA
PathFileExistsA
PathRenameExtensionA
PathRemoveFileSpecA
PathAppendA
PathAddBackslashA
PathFindFileNameA

ws2_32

socket
bind
getaddrinfo
freeaddrinfo
WSARecvFrom
htonl
WSASendTo
ntohl
closesocket
gethostbyname
WSACleanup
WSAStartup
inet_ntoa
setsockopt
GetAddrInfoW
FreeAddrInfoW
getnameinfo
ntohs
getsockname
WSAGetLastError

psapi

GetModuleFileNameExA

wininet

FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntryA
FindCloseUrlCache

Sections

.text
Size: 421KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4c9a6be0a7572177e11cc7185ada76c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

psapi

wininet

Sections

.text Size: 421KB - Virtual size: 421KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 421KB - Virtual size: 421KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 28KB - Virtual size: 27KB