2024-09-08_e951e426f90f7f649871ecaad4d80f2b_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-08_e951e426f90f7f649871ecaad4d80f2b_mafia
Size

4.1MB
MD5

e951e426f90f7f649871ecaad4d80f2b
SHA1

4ad3677fd6e396cfe5acffcadbdd48570c1a0140
SHA256

e88a8dd47be38cd9b4efff00c05a5d98beea6dd1b13d3b56a9f1d001695c5653
SHA512

b3ab8baf6ffc5350e73c326a592f4ad078e764400eb2ea53d22e8144dc300e7c7e882f713c28bbd544dc8a804ab6742feaa79a45c1aeca8800ce42e0bcb0635d
SSDEEP

98304:uDVgLVmVkOZJ0kfvwW3nlyU5t9qBDhcsPGIGf8O:uDQetfv/3nt5tscAGIs8O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-08_e951e426f90f7f649871ecaad4d80f2b_mafia

Files

2024-09-08_e951e426f90f7f649871ecaad4d80f2b_mafia
.exe windows:5 windows x86 arch:x86

55fe5ba225f59edd84354ee244daa2e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

p:\p\agents\hpam2.eem\recipes\201152726\base\branches\inputtools_win_release_branch\googleclient\ime\goopy\scons-out\opt\obj\installer\framework_installer.pdb

Imports

kernel32

GetStringTypeW
IsValidLocale
WriteConsoleW
CreateFileA
SetEndOfFile
GetFileAttributesW
CreateDirectoryW
GetUserDefaultUILanguage
CreateThread
GetCurrentThreadId
LockResource
EnterCriticalSection
RaiseException
FlushInstructionCache
LeaveCriticalSection
SizeofResource
GetCurrentProcess
LoadResource
FindResourceW
FindResourceExW
SetStdHandle
GetCommandLineW
InitializeCriticalSection
GlobalAlloc
WideCharToMultiByte
DeleteCriticalSection
LocalFree
lstrlenW
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
DeleteFileW
GetLastError
MoveFileExW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetSystemWow64DirectoryW
LoadLibraryW
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
GetVersionExW
GetModuleFileNameW
CreateFileW
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenEventW
SetEvent
GetTempFileNameW
HeapAlloc
HeapFree
InterlockedCompareExchange
GetProcessHeap
GetTempPathW
SetFileAttributesW
GetFileSize
ReadFile
CreateProcessW
GetTickCount
GetModuleFileNameA
IsDebuggerPresent
OutputDebugStringA
GetCurrentProcessId
DebugBreak
GetTempPathA
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InterlockedExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapSetInformation
GetStartupInfoW
ExitProcess
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
LCMapStringW
HeapCreate
GetStdHandle
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
QueryPerformanceCounter
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA

shell32

SHCreateDirectoryExW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW

shlwapi

PathCompactPathExW
PathAppendW
PathRemoveExtensionW
PathStripPathW
PathCombineW
PathFileExistsW

user32

CharUpperW
GetWindowTextW
GetWindowTextLengthW
IsWindowVisible
GetWindowThreadProcessId
CharLowerW
EnumWindows
ExitWindowsEx
UnregisterClassA
DefWindowProcW
CallWindowProcW
SendMessageW
SetDlgItemTextW
GetSystemMetrics
MessageBoxW
DestroyWindow
PostMessageW
GetParent
GetWindowLongW
GetDlgItem
SetWindowLongW
LoadStringW
ShowWindow
IsDlgButtonChecked
GetActiveWindow
CheckRadioButton

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

ole32

CoCreateGuid

comctl32

PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
InitCommonControlsEx

advapi32

RegCreateKeyExW
ControlService
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegEnumKeyW
EqualSid
GetTokenInformation
FreeSid
AllocateAndInitializeSid
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCloseKey

psapi

GetModuleFileNameExW
EnumProcessModules

winmm

timeGetTime

Sections

.text
Size: 642KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 129KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

55fe5ba225f59edd84354ee244daa2e6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

shlwapi

user32

wtsapi32

ole32

comctl32

advapi32

psapi

winmm

Sections

.text Size: 642KB - Virtual size: 642KB

.rdata Size: 103KB - Virtual size: 103KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 129KB - Virtual size: 132KB

.text
Size: 642KB - Virtual size: 642KB

.rdata
Size: 103KB - Virtual size: 103KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 129KB - Virtual size: 132KB