2024-09-28_bff9b93d9506e9abe51239dc5bec3531_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-28_bff9b93d9506e9abe51239dc5bec3531_mafia
Size

2.0MB
MD5

bff9b93d9506e9abe51239dc5bec3531
SHA1

e447fab257631a3cedaee2f084c08b9349e8eb31
SHA256

1227cd9b00fcbb33a57a172da25bf0fa2fd4feaae55b45cb366c832bf9432b71
SHA512

dbf6a40ba4823f660b5ac9fcffa24a3d5e7ad9f76653d32cb1f2da77d35878ae8c1fe25706d015a22d33a6cb822f0e7083dfae2990c9356f63106190afa110af
SSDEEP

49152:H1wdRCLtoVV0qaWpNlXpBjeaFKrmPDuqm5HsR/vR/NBNoQ0d5gUtXx:H1wdRCLtoVhaEl3jeaFBbfR/93N9Ix

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-28_bff9b93d9506e9abe51239dc5bec3531_mafia

Files

2024-09-28_bff9b93d9506e9abe51239dc5bec3531_mafia
.exe windows:5 windows x86 arch:x86

3265cf5514a6b0aad0adcbec13d15391

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\svnwork\stormplayer\branches\VerifyCollapse_0212.1111\Setup\BF_NewInstall\src\BF_InstallEngine\bin\Release\B5_Install.pdb

Imports

kernel32

GetTickCount
GetDriveTypeW
lstrcpyW
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
OpenMutexW
GetSystemDirectoryW
GetWindowsDirectoryW
TerminateThread
GlobalFree
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
RaiseException
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
CreateFileMappingW
OpenFileMappingW
CreateMutexW
GetModuleFileNameW
SetLastError
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
FlushInstructionCache
CreateEventW
SetEvent
CreateDirectoryA
SetFileTime
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualFree
ReadFile
SetFilePointer
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
SetStdHandle
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
RtlUnwind
LCMapStringW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetFileSize
CreateFileA
WritePrivateProfileStringW
GetPrivateProfileStringW
GetSystemInfo
GetVersionExW
LocalFree
GetModuleHandleW
CopyFileW
Sleep
MoveFileExW
CreateDirectoryW
CreateFileW
HeapFree
GetModuleHandleA
GetProcessHeap
HeapAlloc
FindClose
DeleteFileW
SetFileAttributesW
FindNextFileW
lstrcmpiW
RemoveDirectoryW
FindFirstFileW
lstrcatW
lstrlenW
GetFileAttributesW
lstrcpynW
TerminateProcess
OpenProcess
Process32NextW
FindResourceExW
Process32FirstW
CreateToolhelp32Snapshot
SystemTimeToFileTime
GetLocalTime
WideCharToMultiByte
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryExW
SetErrorMode
WriteFile
LockResource
LoadResource
SizeofResource
FindResourceW
CloseHandle
WaitForSingleObject
CreateProcessW
GetACP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
EncodePointer
CreateThread
ExitThread
DecodePointer
ExitProcess
VirtualQuery
VirtualProtect
MultiByteToWideChar
lstrlenA
LoadLibraryW
GetTempPathW
lstrcmpiA
GlobalReAlloc
GetVersion
GetFileType
GetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
InterlockedPopEntrySList
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
LoadLibraryA
GetLastError

user32

wsprintfW
DefWindowProcW
SetWindowLongW
GetWindowLongW
CallWindowProcW
RegisterClassExW
LoadCursorW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
SetForegroundWindow
CreateWindowExW
GetClassInfoExW
RedrawWindow
SetWindowPos
CharNextW
GetSysColor
GetClassNameW
IsWindow
SendMessageW
GetDlgItem
GetWindow
UnregisterClassA
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
IsWindowEnabled
TrackMouseEvent
EnableWindow
SetWindowRgn
PostQuitMessage
KillTimer
SetTimer
EqualRect
DestroyWindow
SetFocus
SetMenuItemInfoW
RemoveMenu
GetMenuState
SetMenuInfo
GetMenuInfo
GetClassNameA
CallNextHookEx
GetCursorPos
SetWindowsHookExW
SetPropA
SetClassLongW
GetClassLongW
IsWindowVisible
UnhookWindowsHookEx
GetMenuItemInfoW
OffsetRect
CopyRect
InflateRect
SetWindowTextA
FindWindowA
GetWindowDC
GetMenuItemCount
SetParent
UpdateWindow
GetPropA
IsZoomed
GetWindowRect
LoadIconW
GetWindowThreadProcessId
FindWindowExW
EndDialog
FindWindowW
WaitForInputIdle
MessageBoxW
EnableMenuItem
GetSystemMenu
PostMessageW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SendMessageTimeoutW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
SystemParametersInfoW
ShowWindow
SetRectEmpty
DrawTextW
MonitorFromWindow
GetMonitorInfoW
GetSystemMetrics
IsDialogMessageW
IsIconic
MapWindowPoints
IsRectEmpty
SetRect
PtInRect
SetCursor
DrawIconEx
DialogBoxParamW

gdi32

DeleteDC
GetStockObject
DeleteObject
SetTextColor
SetBkColor
ExtTextOutW
CreatePen
CreateFontIndirectW
SetBkMode
GetClipBox
ExcludeClipRect
Rectangle
GetRgnBox
StretchBlt
GetPixel
CreateFontW
RoundRect
GetTextExtentPoint32W
Ellipse
CreateDCW
SelectPalette
RealizePalette
GetDIBits
CreateDIBitmap
CreateDIBSection
ExtCreateRegion
CombineRgn
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetDeviceCaps
GetObjectW
CreateSolidBrush

advapi32

RegisterEventSourceA
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
DeleteService
ControlService
CloseServiceHandle
StartServiceW
OpenServiceW
CreateServiceW
OpenSCManagerW
GetUserNameW
BuildExplicitAccessWithNameW
DeleteAce
GetExplicitEntriesFromAclW
SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegOpenKeyW
SetFileSecurityW
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAccessAllowedAce
AddAce
EqualSid
GetAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityW
LookupAccountNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCreateKeyExW
ReportEventA
DeregisterEventSource
RegDeleteValueW
RegDeleteKeyW

shell32

SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHChangeNotify
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHCreateDirectoryExW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
CoTaskMemAlloc
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromString
CoUninitialize
PropVariantClear
CoTaskMemFree
CoTaskMemRealloc

oleaut32

OleCreateFontIndirect
SysStringLen
VariantInit
LoadRegTypeLi
SysAllocStringByteLen
SysAllocStringLen
VariantClear
LoadTypeLi
SysStringByteLen
SysFreeString
SysAllocString
VarUI4FromStr

wininet

InternetGetConnectedState

sensapi

IsNetworkAlive

psapi

GetModuleFileNameExW

shlwapi

StrStrIW
SHStrDupW
StrChrIW
PathAppendW
PathFileExistsW
PathIsDirectoryW
SHGetValueW
SHSetValueW
SHDeleteKeyW
SHDeleteValueW
StrCmpW
PathAddBackslashW
PathRemoveFileSpecW
PathStripToRootW
PathSkipRootW
PathIsSameRootW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

TransparentBlt

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

winhttp

WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpSetOption
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpWriteData

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

timeKillEvent
timeSetEvent

iphlpapi

GetAdaptersInfo

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipFree
GdipReleaseDC
GdipAlloc
GdipSetCompositingMode
GdipSetCompositingQuality
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipDrawImageRectRect
GdipFillRectangle
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipSetSmoothingMode

Sections

.text
Size: 754KB - Virtual size: 753KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21.1MB - Virtual size: 21.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3265cf5514a6b0aad0adcbec13d15391

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

sensapi

psapi

shlwapi

comctl32

msimg32

wtsapi32

winhttp

version

winmm

iphlpapi

gdiplus

Sections

.text Size: 754KB - Virtual size: 753KB

.rdata Size: 182KB - Virtual size: 181KB

.data Size: 51KB - Virtual size: 74KB

.rsrc Size: 21.1MB - Virtual size: 21.1MB

.reloc Size: 120KB - Virtual size: 119KB

.text
Size: 754KB - Virtual size: 753KB

.rdata
Size: 182KB - Virtual size: 181KB

.data
Size: 51KB - Virtual size: 74KB

.rsrc
Size: 21.1MB - Virtual size: 21.1MB

.reloc
Size: 120KB - Virtual size: 119KB