2024-09-08_e3f4c71fc5d7ba2dbdc8d3377ef28afc_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-08_e3f4c71fc5d7ba2dbdc8d3377ef28afc_mafia
Size

6.0MB
MD5

e3f4c71fc5d7ba2dbdc8d3377ef28afc
SHA1

78e08a4b42085cb9366c6b174a8505c94987830b
SHA256

9782f825ac4ccf6266bba59aa0a313e06cbd5e7b00e83c42713d1d165f573bae
SHA512

0cfa1c9d7f6e55ea65fbd5dd78af7287bdc46dd9dc8798ae5be47236b8af9698e02f65a3f0237671a37b2e97f77e036c5b1b15540e45f652c1d0c8fa06196757
SSDEEP

98304:cDrOrVmVSLMgrDbWfLkYxsYHkMjYczYD1/Foa9bUbXDtz540U9WVoBf7FSuTjrvU:cDMeSwGJY+YHkMjVe19Qnt60sJSarv3k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-08_e3f4c71fc5d7ba2dbdc8d3377ef28afc_mafia

Files

2024-09-08_e3f4c71fc5d7ba2dbdc8d3377ef28afc_mafia
.exe windows:5 windows x86 arch:x86

55fe5ba225f59edd84354ee244daa2e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

p:\p\agents\hpam2.eem\recipes\201152726\base\branches\inputtools_win_release_branch\googleclient\ime\goopy\scons-out\opt\obj\installer\hindi_installer.pdb

Imports

kernel32

GetStringTypeW
IsValidLocale
WriteConsoleW
CreateFileA
SetEndOfFile
GetFileAttributesW
CreateDirectoryW
GetUserDefaultUILanguage
CreateThread
GetCurrentThreadId
LockResource
EnterCriticalSection
RaiseException
FlushInstructionCache
LeaveCriticalSection
SizeofResource
GetCurrentProcess
LoadResource
FindResourceW
FindResourceExW
SetStdHandle
GetCommandLineW
InitializeCriticalSection
GlobalAlloc
WideCharToMultiByte
DeleteCriticalSection
LocalFree
lstrlenW
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
DeleteFileW
GetLastError
MoveFileExW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetSystemWow64DirectoryW
LoadLibraryW
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
GetVersionExW
GetModuleFileNameW
CreateFileW
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenEventW
SetEvent
GetTempFileNameW
HeapAlloc
HeapFree
InterlockedCompareExchange
GetProcessHeap
GetTempPathW
SetFileAttributesW
GetFileSize
ReadFile
CreateProcessW
GetTickCount
GetModuleFileNameA
IsDebuggerPresent
OutputDebugStringA
GetCurrentProcessId
DebugBreak
GetTempPathA
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InterlockedExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapSetInformation
GetStartupInfoW
ExitProcess
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
LCMapStringW
HeapCreate
GetStdHandle
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
QueryPerformanceCounter
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA

shell32

SHCreateDirectoryExW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW

shlwapi

PathCompactPathExW
PathAppendW
PathRemoveExtensionW
PathStripPathW
PathCombineW
PathFileExistsW

user32

CharUpperW
GetWindowTextW
GetWindowTextLengthW
IsWindowVisible
GetWindowThreadProcessId
CharLowerW
EnumWindows
ExitWindowsEx
UnregisterClassA
DefWindowProcW
CallWindowProcW
SendMessageW
SetDlgItemTextW
GetSystemMetrics
MessageBoxW
DestroyWindow
PostMessageW
GetParent
GetWindowLongW
GetDlgItem
SetWindowLongW
LoadStringW
ShowWindow
IsDlgButtonChecked
GetActiveWindow
CheckRadioButton

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

ole32

CoCreateGuid

comctl32

PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
InitCommonControlsEx

advapi32

RegCreateKeyExW
ControlService
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegEnumKeyW
EqualSid
GetTokenInformation
FreeSid
AllocateAndInitializeSid
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCloseKey

psapi

GetModuleFileNameExW
EnumProcessModules

winmm

timeGetTime

Sections

.text
Size: 642KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 129KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

55fe5ba225f59edd84354ee244daa2e6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

shlwapi

user32

wtsapi32

ole32

comctl32

advapi32

psapi

winmm

Sections

.text Size: 642KB - Virtual size: 642KB

.rdata Size: 103KB - Virtual size: 103KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 5.1MB - Virtual size: 5.1MB

.reloc Size: 129KB - Virtual size: 132KB

.text
Size: 642KB - Virtual size: 642KB

.rdata
Size: 103KB - Virtual size: 103KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 5.1MB - Virtual size: 5.1MB

.reloc
Size: 129KB - Virtual size: 132KB