2024-09-14_26f550aedc6d800d6e7f154434f98ab4_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-14_26f550aedc6d800d6e7f154434f98ab4_mafia
Size

13.6MB
MD5

26f550aedc6d800d6e7f154434f98ab4
SHA1

064c6a0e1598281a242ab1e12523052c3ad0c6a1
SHA256

167e79b2ec846696737d3cd01eeb5953249b64df144806b9396199b016df502a
SHA512

e8aa1ff156ea63f2661cd41c19f2670aec83cfc1248858b7561a4aedda283398b07c62992119d329ad7ed496c3c19e5b8cfce5f60c11c298e8a72bc13b84499d
SSDEEP

393216:0ekcMrErk6+TdXMRae5J2KMZLPO5+l+QXzgJ:0nrErz2lMRaqILPOU+QXzu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-14_26f550aedc6d800d6e7f154434f98ab4_mafia

Files

2024-09-14_26f550aedc6d800d6e7f154434f98ab4_mafia
.exe windows:5 windows x86 arch:x86

9f2fa332b2f4e417ae3f284b56456077

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\pc\i4airplayer2022\setup_updater\bin\Installer.pdb

Imports

kernel32

lstrcpyW
lstrcmpiW
GetTempPathW
OutputDebugStringW
CreateMutexW
FreeResource
DeleteFileW
RemoveDirectoryW
TerminateProcess
OpenProcess
GetPrivateProfileStringW
GetModuleFileNameW
FindNextFileW
FindClose
lstrlenW
FindFirstFileW
CloseHandle
GetDiskFreeSpaceExW
CreateToolhelp32Snapshot
Process32NextW
Module32FirstW
DeviceIoControl
Process32FirstW
GetProcAddress
SetLastError
GetLastError
MultiByteToWideChar
CreateFileW
GetVersionExW
WideCharToMultiByte
WriteFile
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalFree
FormatMessageW
SetFileAttributesW
SetFileTime
GetFileAttributesW
MoveFileExW
LocalFileTimeToFileTime
VirtualAlloc
VirtualFree
GetSystemInfo
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
WaitForMultipleObjects
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
GetFileSize
GetCurrentDirectoryW
LoadLibraryW
GetACP
MulDiv
ExitProcess
SetFilePointer
SystemTimeToFileTime
lstrcpynW
GetLocalTime
ExitThread
CreateThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetCPInfo
RtlUnwind
LCMapStringW
GetTimeFormatW
GetDateFormatW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapCreate
GetStdHandle
SetHandleCount
GetFileType
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
CreateFileA
WriteConsoleW
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
CreateDirectoryW
GetLogicalDriveStringsW
GetCurrentProcess
GetDriveTypeW
LockResource
SizeofResource
LoadResource
FindResourceW
InterlockedExchange
FindResourceExW

user32

IsIconic
GetParent
DispatchMessageW
TranslateMessage
GetMessageW
InflateRect
SetCursor
LoadCursorW
DefWindowProcW
EnableWindow
GetSystemMetrics
CallWindowProcW
GetPropW
SetPropW
RegisterClassW
RegisterClassExW
GetClassInfoExW
SetWindowRgn
MessageBoxW
GetWindowRgn
UpdateLayeredWindow
IsWindowEnabled
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
DestroyMenu
TrackPopupMenu
EnableMenuItem
AppendMenuW
CreatePopupMenu
GetCaretBlinkTime
UpdateWindow
GetKeyNameTextW
MapVirtualKeyExW
GetKeyboardLayout
SetWindowTextW
GetActiveWindow
DrawTextA
wsprintfA
InvalidateRgn
GetGUIThreadInfo
CreateAcceleratorTableW
GetWindowTextW
GetWindowTextLengthW
EqualRect
ScreenToClient
ReleaseCapture
SetCapture
IsWindow
KillTimer
SetTimer
UnionRect
InvalidateRect
GetWindowLongW
SetWindowLongW
SetWindowPos
GetKeyState
DrawTextW
IsRectEmpty
PtInRect
CharNextW
SetRect
CharPrevW
FillRect
IntersectRect
OffsetRect
CharPrevExA
SendMessageW
MoveWindow
GetClientRect
PostQuitMessage
ClientToScreen
ShowWindow
ReleaseDC
GetDC
wsprintfW
GetWindowRect
GetWindow
BeginPaint
EndPaint
GetUpdateRect
IsWindowVisible
MonitorFromWindow
GetMonitorInfoW
PostMessageW
GetSysColor
MapWindowPoints
CreateWindowExW
GetFocus
SetFocus
IsZoomed
DestroyWindow
GetCursorPos
LoadImageW
SetForegroundWindow

gdi32

GetStockObject
PlayEnhMetaFile
GetDeviceCaps
GetEnhMetaFileHeader
CreateDIBitmap
CreatePen
AddFontMemResourceEx
RemoveFontMemResourceEx
SetWindowOrgEx
CloseEnhMetaFile
SetStretchBltMode
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateEnhMetaFileW
Rectangle
CreateCompatibleBitmap
SaveDC
PtInRegion
CreateRectRgn
GetObjectW
SetBitmapBits
GetTextExtentPointA
CreatePatternBrush
StretchBlt
BitBlt
DeleteDC
CreateRoundRectRgn
CombineRgn
CreateSolidBrush
SetBkColor
GetCharABCWidthsW
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
GetTextExtentPoint32W
TextOutW
CreatePenIndirect
MoveToEx
CreateFontIndirectW
GetTextMetricsW
GdiFlush
GetObjectA
DeleteObject
SetBkMode
GetBitmapBits
SetTextColor
LineTo
RestoreDC
SelectClipRgn

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyW
RegQueryValueExW

shell32

SHFileOperationW
SHCreateDirectoryExW
DragQueryFileW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
OleLockRunning
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
OleDuplicateData
DoDragDrop
CreateStreamOnHGlobal
CoCreateGuid

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantCopy
SysAllocStringLen
VariantInit

shlwapi

SHCreateStreamOnFileEx
PathFileExistsW
PathAddBackslashW
PathCombineW
PathFindFileNameW

wininet

InternetOpenW
InternetConnectW
HttpSendRequestW
HttpOpenRequestW

ws2_32

gethostbyname
gethostname
WSAStartup

comctl32

InitCommonControlsEx
ord17
_TrackMouseEvent

gdiplus

GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipFree
GdipAlloc
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCreatePath
GdipDeletePath
GdipDeleteGraphics
GdipDeleteFont
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipCreateSolidFill
GdipSetPenMode
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipAddPathLine
ord1
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawString
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCloneBrush
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipTranslateWorldTransform
GdipRotateWorldTransform

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

Sections

.text
Size: 849KB - Virtual size: 848KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72.0MB - Virtual size: 72.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f2fa332b2f4e417ae3f284b56456077

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

ws2_32

comctl32

gdiplus

imm32

Sections

.text Size: 849KB - Virtual size: 848KB

.rdata Size: 169KB - Virtual size: 168KB

.data Size: 16KB - Virtual size: 53KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 72.0MB - Virtual size: 72.0MB

.reloc Size: 242KB - Virtual size: 242KB

.text
Size: 849KB - Virtual size: 848KB

.rdata
Size: 169KB - Virtual size: 168KB

.data
Size: 16KB - Virtual size: 53KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 72.0MB - Virtual size: 72.0MB

.reloc
Size: 242KB - Virtual size: 242KB