2024-09-08_b9ad57913a219bb092d8f3371af09276_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-08_b9ad57913a219bb092d8f3371af09276_mafia
Size

1.1MB
MD5

b9ad57913a219bb092d8f3371af09276
SHA1

412bb3da027357de8b18d99130aa5bb8c301eae9
SHA256

ebd9a156144bbc6b1536398dc4b13b1a1a7dc442bd1c6e7bb0184fda8b58bdce
SHA512

f3e51a06a65c5b3ea5ab2f4dca26adbf55bc0bfa2d39c5a5530edb0412b557775dca7e8b2d8cf18ce126466481615399ed6059c6d14b75f9c6322bbec4f93239
SSDEEP

24576:Xci860Vi5stIqRrhHLgzwueDvxkNBNCUWc0+oYZ8XC4n90q3w+NtTv:DJui5cIq1l8reVkXNCn+18N99w+zTv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-08_b9ad57913a219bb092d8f3371af09276_mafia

Files

2024-09-08_b9ad57913a219bb092d8f3371af09276_mafia
.exe windows:5 windows x86 arch:x86

e4303f8120375f94b301be7693c4f671

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyW
StrToIntExA
StrToIntW
PathFileExistsW

ws2_32

recvfrom
sendto
getaddrinfo
ioctlsocket
listen
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
recv
select
__WSAFDIsSet
WSASetLastError
WSAStartup
gethostname
WSAGetLastError
gethostbyname
inet_ntoa
WSACleanup
accept
connect
freeaddrinfo
send

netapi32

Netbios

kernel32

HeapReAlloc
ExitThread
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
GetEnvironmentVariableW
CreateProcessW
Sleep
GetModuleFileNameW
CreateThread
GetFileAttributesW
RemoveDirectoryW
DeleteFileW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
WaitForSingleObject
InitializeCriticalSection
CreateEventW
GetLocalTime
GetVersion
GetTickCount
LoadLibraryW
GetProcAddress
GlobalFree
FreeLibrary
lstrlenA
MultiByteToWideChar
InterlockedIncrement
lstrlenW
WideCharToMultiByte
ReleaseSemaphore
RtlUnwind
CreateSemaphoreW
GetLastError
InterlockedDecrement
GetCommandLineW
EncodePointer
HeapSetInformation
GetStartupInfoW
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
GetProcessHeap
SetEndOfFile
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
CreateFileW
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentDirectoryW
LocalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
SetFilePointer
GetDriveTypeA
CreateFileA
GetFullPathNameA
GetTimeZoneInformation
SetStdHandle
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
RaiseException
CloseHandle
DecodePointer
FreeEnvironmentStringsW
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
WriteFile
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
VirtualAlloc
VirtualFree
GetSystemInfo
FlushInstructionCache
GetCurrentProcess
HeapDestroy
HeapFree
HeapAlloc
HeapCreate
MulDiv
GetCurrentThreadId
FindResourceW
SizeofResource
FreeResource
LockResource
LoadResource
SetLastError
FindClose
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryA
GetModuleHandleA
VerifyVersionInfoA
VerSetConditionMask
SleepEx
FormatMessageA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
GetStringTypeW
InterlockedCompareExchange
InterlockedExchange
FindFirstFileExA

user32

EnableWindow
InvalidateRect
SetForegroundWindow
ShowWindow
IsWindowVisible
IsIconic
GetPropW
IsWindow
GetWindow
GetDesktopWindow
SetWindowPos
SetWindowLongW
GetWindowLongW
MoveWindow
PostMessageW
KillTimer
SetTimer
GetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
MessageBeep
UnionRect
GetSystemMetrics
AppendMenuW
CreatePopupMenu
DestroyMenu
GetMenuItemInfoW
TrackPopupMenu
MapVirtualKeyA
CopyRect
IsRectEmpty
PtInRect
EqualRect
InflateRect
IntersectRect
SetCursor
LoadCursorW
ReleaseDC
GetDC
OffsetRect
CharNextW
DrawTextW
LoadImageW
DestroyIcon
DrawIconEx
UnregisterClassW
CreateWindowExW
DefWindowProcW
SendMessageW
GetParent
GetDlgItem
CallWindowProcW
RegisterClassExW
ClientToScreen
ScreenToClient
GetSysColor
GetKeyState
EnableMenuItem
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
DestroyWindow
SetCapture
SetWindowTextW
UpdateLayeredWindow
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetCursorPos
SetFocus
ReleaseCapture
UpdateWindow
GetCaretBlinkTime
SetCaretPos
BeginPaint
CharLowerBuffW
TrackMouseEvent
CreateCaret
AnimateWindow
SetLayeredWindowAttributes
SetActiveWindow
EndPaint
IsWindowEnabled
GetActiveWindow
LoadBitmapW
FillRect
SetRect

gdi32

GetStockObject
BitBlt
GetTextExtentPointW
GetTextExtentPoint32W
GetDeviceCaps
GetClipRgn
GetTextColor
GetTextMetricsW
GetObjectW
GetCurrentObject
CreateCompatibleDC
DeleteDC
SetViewportOrgEx
CreateCompatibleBitmap
CombineRgn
GetRgnBox
CreateRectRgn
CreatePen
RectInRegion
CreateRectRgnIndirect
ExtTextOutW
Rectangle
ExtSelectClipRgn
ExcludeClipRect
SelectClipRgn
SetTextColor
SetBkColor
SelectObject
SetBkMode
RestoreDC
SaveDC
OffsetViewportOrgEx
GetClipBox
CreateDIBitmap
CreateBitmap
GetObjectA
CreateFontIndirectW
CreateSolidBrush
CreateDIBSection
ExtCreatePen
MoveToEx
LineTo
TextOutW
RoundRect
GetViewportOrgEx
StretchBlt
DeleteObject

advapi32

CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegCloseKey

shell32

ShellExecuteW
SHCreateDirectoryExW
SHFileOperationW
SHGetFolderPathW

ole32

CoCreateInstance
CreateBindCtx
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoCreateGuid
CoUninitialize
CoInitialize

wldap32

ord50
ord30
ord143
ord211
ord22
ord60
ord26
ord32
ord200
ord35
ord79
ord33
ord301
ord27
ord41
ord46

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetGetConnectedState

imm32

ImmGetContext
ImmReleaseContext

gdiplus

GdipFillRectangleI
GdipCreateFromHDC
GdipFree
GdipAlloc
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipDeleteBrush
GdipDeleteGraphics
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipDrawImageRectRectI
GdipCreateTexture2I
GdipSetImageAttributesWrapMode
GdipCloneBrush
GdipCloneImage
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup
GdipSetImageAttributesColorMatrix

oleaut32

SysFreeString
SysAllocString
GetErrorInfo

msimg32

GradientFill
AlphaBlend

Sections

.text
Size: 639KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wiidibp
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e4303f8120375f94b301be7693c4f671

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ws2_32

netapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

wldap32

version

wininet

imm32

gdiplus

oleaut32

msimg32

Sections

.text Size: 639KB - Virtual size: 638KB

.rdata Size: 126KB - Virtual size: 125KB

.data Size: 23KB - Virtual size: 98KB

.rsrc Size: 278KB - Virtual size: 277KB

.reloc Size: 75KB - Virtual size: 76KB

wiidibp Size: - Virtual size: 4KB

.text
Size: 639KB - Virtual size: 638KB

.rdata
Size: 126KB - Virtual size: 125KB

.data
Size: 23KB - Virtual size: 98KB

.rsrc
Size: 278KB - Virtual size: 277KB

.reloc
Size: 75KB - Virtual size: 76KB

wiidibp
Size: - Virtual size: 4KB