2024-09-08_aa6f7c400e2c060ba713c6f8bbd9f2c8_mafia | Triage

Sharing

General

Target

2024-09-08_aa6f7c400e2c060ba713c6f8bbd9f2c8_mafia
Size

901KB
MD5

aa6f7c400e2c060ba713c6f8bbd9f2c8
SHA1

415b3ba5dda7d58611cd2ede8ef35b45a8506a3c
SHA256

9f196681b3f8d87a72e73f6364c6dedada6c7cbe8a61973684b77c2e6afa722a
SHA512

06975027ffcb64085a4241343e4b80f11420e609cbb4c1a0b09942ffd1e21d9cd90d222370b6a1878d15f5cdbfdc4f774ae682fb64090727fd08eb06a71d62e5
SSDEEP

12288:bdURy7a+eFBlKeOcBQm38SkV5tA6SGeOmRdSAzlRXAuKgjLrGuQ+xUsTM3tHDZO:bY+eFBAats9t4OITXAuK0dUsAHDY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-08_aa6f7c400e2c060ba713c6f8bbd9f2c8_mafia

Files

2024-09-08_aa6f7c400e2c060ba713c6f8bbd9f2c8_mafia
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\clientci\workspace\yingyin_compile_3.8.0\yingyin2\build\Release\pdb\bdbtray.pdb

Sections

.text
Size: 666KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ