2024-09-07_72f1329d91d27848cee4f5f6157d8965_mafia_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-07_72f1329d91d27848cee4f5f6157d8965_mafia_revil
Size

5.0MB
MD5

72f1329d91d27848cee4f5f6157d8965
SHA1

409a41b98af0f14ff3e347beea00e0afbcb83ef0
SHA256

129206afe3923bd775ac814ae13d78bd381e5873ec4f9517afc75a69d5a8cd18
SHA512

314234e1bc8f715c8522b7b77606a3e1d5c0b6368ca5859b04f12b4d5c14d80444790a1e9b6b9f990487061f7f55644f6e70e6652de5437f515040b22b67e9d0
SSDEEP

98304:DGUog8ijd6uFpQCeGH0WvKODFQAJIC/tQnN+J7:nog8ip4GH0IVFQgIC/7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-07_72f1329d91d27848cee4f5f6157d8965_mafia_revil

Files

2024-09-07_72f1329d91d27848cee4f5f6157d8965_mafia_revil
.exe windows:5 windows x86 arch:x86

769b84bfb8022fa89cbc908b06121afb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\PLug 1.2\Bin\Loder.pdb

Imports

kernel32

CreateFileW
SetEnvironmentVariableA
VirtualAlloc
WriteConsoleW
GetProcessHeap
SetEndOfFile
GetDriveTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetFilePointer
SetStdHandle
FlushFileBuffers
GetConsoleCP
ReadFile
SetCurrentDirectoryW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
LoadLibraryW
FreeLibrary
FatalAppExitA
ExitProcess
Sleep
ResetEvent
WaitForSingleObject
CreateThread
CloseHandle
CompareStringW
GetTimeZoneInformation
GetStringTypeW
CreateEventA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetTickCount
GetStartupInfoW
SetHandleCount
GetEnvironmentStringsW
SetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateTimerQueue
DeleteTimerQueueEx
CreateWaitableTimerA
GetLastError
GetSystemInfo
HeapCreate
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
TerminateThread
GetExitCodeThread
PostQueuedCompletionStatus
InterlockedExchange
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
WideCharToMultiByte
InterlockedDecrement
HeapFree
RaiseException
GetCurrentThreadId
GetQueuedCompletionStatus
SetEvent
InterlockedCompareExchange
InterlockedIncrement
GetNativeSystemInfo
CreateIoCompletionPort
WaitForMultipleObjects
InterlockedExchangeAdd
UnmapViewOfFile
SwitchToThread
HeapAlloc
CreateFileA
GetFileSize
MapViewOfFileEx
CreateFileMappingA
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
lstrlenA
CreateSemaphoreA
ReleaseSemaphore
CreateTimerQueueTimer
DeleteTimerQueueTimer
SetWaitableTimer
TryEnterCriticalSection
CancelWaitableTimer
ResumeThread
SetThreadPriority
lstrcmpiA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DeleteFiber
SwitchToFiber
CreateFiber
GetModuleHandleW
GetVersion
WriteFile
GetFileType
GetStdHandle
SystemTimeToFileTime
GetSystemTime
FindNextFileW
FindFirstFileW
FindClose
FormatMessageW
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetEnvironmentVariableW
DecodePointer
EncodePointer
RtlUnwind
GetCommandLineA
HeapSetInformation
HeapReAlloc
ExitThread
SetConsoleCtrlHandler
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetLocaleInfoW
GetCurrentThread
GetModuleFileNameA
FreeEnvironmentStringsW

ws2_32

WSASendTo
WSARecv
WSASend
shutdown
sendto
ioctlsocket
setsockopt
WSAIoctl
htonl
ntohl
getsockname
WSARecvFrom
WSAAddressToStringA
getaddrinfo
freeaddrinfo
WSASetLastError
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
WSACloseEvent
recvfrom
getnameinfo
WSAStringToAddressA
getsockopt
WSAGetOverlappedResult
bind
listen
ntohs
WSAGetLastError
send
recv
socket
gethostbyname
htons
connect
closesocket
WSACleanup
WSAStartup
accept
getpeername

crypt32

CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext

shlwapi

StrChrA
StrPBrkA
PathFileExistsA
PathIsDirectoryA

winmm

timeGetDevCaps
timeBeginPeriod
timeGetTime
timeEndPeriod

user32

GetProcessWindowStation
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
MessageBoxW
DispatchMessageA
GetUserObjectInformationW

advapi32

ReportEventW
CryptDestroyKey
CryptGetProvParam
CryptAcquireContextW
CryptGetUserKey
CryptExportKey
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
RegisterEventSourceW
CryptReleaseContext
DeregisterEventSource
CryptDecrypt
CryptCreateHash
CryptSetHashParam

oleaut32

SysFreeString

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 948KB - Virtual size: 948KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

769b84bfb8022fa89cbc908b06121afb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

crypt32

shlwapi

winmm

user32

advapi32

oleaut32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 948KB - Virtual size: 948KB

.data Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 100KB - Virtual size: 100KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 948KB - Virtual size: 948KB

.data
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 100KB - Virtual size: 100KB