2024-10-04_85246fb189fa8f8d3da9ea49bbd195cc_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-04_85246fb189fa8f8d3da9ea49bbd195cc_mafia
Size

1.4MB
MD5

85246fb189fa8f8d3da9ea49bbd195cc
SHA1

35219856060457229c6428769e0ea23d153bb0d2
SHA256

91a3afd5e60cdf68ef95f1c5fe14b45fd366486e6faefb238c1434f4bde959d6
SHA512

5b6db8d706b28c5c56b65a0c134cc282d7dddbfb8b3da6d2036fe6c46283c8f05d9f5d7c1d631467b905fea8cd524fdfa89657b2bf898aca0080815c52f3f1a0
SSDEEP

24576:WXJVfTfLyUuDJIEIRA3hbasqIV/a6mLa2JOt934J7Z6bQaj1BvUm9J:WZVLfLeqEIRs5tB/a6mL5JE3jM2ce

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-04_85246fb189fa8f8d3da9ea49bbd195cc_mafia

Files

2024-10-04_85246fb189fa8f8d3da9ea49bbd195cc_mafia
.exe windows:5 windows x86 arch:x86

e555087f83d1b244884c8a498216948c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\jnks\workspace\Singapore_Fusion_8\build\SxS\src\Release\HPNetworkCommunicatorCom.pdb

Imports

kernel32

CloseHandle
WaitForSingleObject
CreateThread
CreateEventW
GetCurrentThreadId
TryEnterCriticalSection
Sleep
InitializeCriticalSection
SetEvent
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetFileSize
CancelIo
GetOverlappedResult
GetCommandLineW
RemoveDirectoryW
GetFullPathNameW
LeaveCriticalSection
EnterCriticalSection
RaiseException
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
SetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
GetStdHandle
ExitProcess
LCMapStringW
GetTimeZoneInformation
SetLastError
QueryPerformanceCounter
ExpandEnvironmentStringsW
GetCurrentProcessId
GetTickCount
CreateFileW
SetFilePointer
WriteFile
OutputDebugStringW
OpenProcess
GetFileAttributesExW
GetTempFileNameW
GetLongPathNameW
SearchPathW
FormatMessageW
LocalFree
CreateMutexW
CreateFileMappingW
MapViewOfFile
ReleaseMutex
UnmapViewOfFile
LoadLibraryW
QueryPerformanceFrequency
GetVersionExW
CreateProcessW
GetTempPathW
GetDiskFreeSpaceExW
GetExitCodeThread
GetExitCodeProcess
GetCurrentProcess
TerminateThread
OpenEventW
ResetEvent
GetLocalTime
GetSystemTime
GetFileAttributesW
OpenMutexW
CreateDirectoryW
GetShortPathNameW
GetFileSizeEx
PeekNamedPipe
GetEnvironmentVariableW
WaitForMultipleObjects
CreatePipe
GetStartupInfoW
GlobalMemoryStatusEx
OpenFileMappingW
FlushViewOfFile
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetUserDefaultLCID
GetLocaleInfoW
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
WideCharToMultiByte
GetComputerNameExW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetUserDefaultLangID
LocalAlloc
GlobalAlloc
ProcessIdToSessionId
GlobalLock
GlobalUnlock
GlobalFree
FindResourceExW
LockResource
GetFileTime
DeviceIoControl
GetSystemDirectoryW
MoveFileExW
CopyFileW
SetFileAttributesW
GetPrivateProfileStringW
GetPrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStringA
GetSystemDirectoryA
LoadLibraryA
FormatMessageA
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
HeapAlloc
HeapFree
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSetInformation
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
ExitThread
GetCPInfo
lstrlenW

user32

OpenWindowStationW
CloseWindowStation
GetProcessWindowStation
GetThreadDesktop
SetThreadDesktop
OpenDesktopW
CloseDesktop
ExitWindowsEx
AllowSetForegroundWindow
PeekMessageW
MsgWaitForMultipleObjects
GetSystemMetrics
SystemParametersInfoW
LoadIconW
DestroyIcon
RegisterWindowMessageW
SetTimer
CharUpperW
GetMessageW
DispatchMessageW
TranslateMessage
PostThreadMessageW
CharNextW
SendMessageCallbackW
GetDesktopWindow
GetAsyncKeyState
WaitForInputIdle
MsgWaitForMultipleObjectsEx
GetKeyState
SetProcessWindowStation

advapi32

CryptReleaseContext
RegQueryValueExW
OpenProcessToken
CheckTokenMembership
GetUserNameW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
StartServiceW
ControlService
QueryServiceConfigW
ChangeServiceConfigW
CreateProcessAsUserW
AllocateAndInitializeSid
FreeSid
OpenEventLogW
CloseEventLog
BackupEventLogW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegCreateKeyExW
RegOpenKeyExW

ole32

CoInitializeSecurity
CoResumeClassObjects
StringFromGUID2
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize
CoInitializeEx
CoCreateInstance
CoReleaseServerProcess
CoAddRefServerProcess
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
PropVariantClear
OleUninitialize
OleInitialize
CoCreateGuid
CreateStreamOnHGlobal
CoInitialize
CLSIDFromString

oleaut32

SysFreeString
SysStringLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SafeArrayGetVartype
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayRedim
SafeArrayCreate
SafeArrayCopy
SysAllocString
SysReAllocString
VariantInit
VariantClear
GetRecordInfoFromGuids
UnRegisterTypeLi
RegisterTypeLi
VariantCopy

shlwapi

PathIsFileSpecW
PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW

ws2_32

inet_addr
WSASetLastError
WSAStartup
WSACleanup
WSAWaitForMultipleEvents
WSAResetEvent
WSACloseEvent
accept
setsockopt
WSAEventSelect
gethostbyaddr
WSAAddressToStringW
getaddrinfo
WSADuplicateSocketW
WSAEnumNetworkEvents
WSAConnect
WSACreateEvent
WSAStringToAddressW
listen
getsockopt
send
closesocket
__WSAFDIsSet
socket
bind
recv
sendto
shutdown
select
recvfrom
connect
ioctlsocket
gethostbyname
WSAGetLastError
htons
getservbyname
htonl
inet_ntoa
ntohs
getservbyport
freeaddrinfo
WSASocketW

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

iphlpapi

IpReleaseAddress
IpRenewAddress
GetAdaptersInfo
GetAdaptersAddresses
GetInterfaceInfo
GetIfEntry
NotifyAddrChange
IcmpCloseHandle
IcmpSendEcho
IcmpCreateFile
DeleteIPAddress
AddIPAddress

psapi

GetModuleFileNameExW
EnumProcesses
GetModuleBaseNameW
EnumProcessModules

shell32

CommandLineToArgvW
SHGetFolderPathW
ExtractIconW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW

wininet

InternetConnectW
HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
HttpSendRequestW
InternetQueryOptionW
InternetErrorDlg
HttpAddRequestHeadersW
HttpQueryInfoW
HttpQueryInfoA
InternetReadFileExA

setupapi

CM_Get_DevNode_Status
CM_Locate_DevNodeW
CMP_WaitNoPendingInstallEvents
SetupDiSetClassInstallParamsW
SetupCloseInfFile
SetupGetLineTextW
SetupFindFirstLineW
SetupOpenInfFileW
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiRemoveDevice
SetupDiDestroyDriverInfoList
CM_Get_Device_IDW
CM_Get_DevNode_Registry_PropertyW
CM_Set_DevNode_Registry_PropertyW
CM_Disable_DevNode
SetupDiGetClassDevsW
SetupDiBuildDriverInfoList
SetupDiOpenDevRegKey
SetupDiCreateDevRegKeyW
SetupDiOpenClassRegKey
SetupDiCallClassInstaller
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiCreateDeviceInfoW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

winspool.drv

EnumPortsW
StartDocPrinterW
StartPagePrinter
WritePrinter
EndPagePrinter
EndDocPrinter
FindFirstPrinterChangeNotification
FindNextPrinterChangeNotification
FindClosePrinterChangeNotification
DocumentPropertiesW
EnumMonitorsW
DeleteMonitorW
AddMonitorW
ord203
ord204
EnumJobsW
GetJobW
SetJobW
OpenPrinterW
ClosePrinter
AddPrinterW
DeletePrinter
EnumPrintersW
GetPrinterDataExW
SetPrinterDataExW
AddPrinterDriverW
GetPrinterDriverW
XcvDataW
GetPrinterW
DeletePrinterDriverExW
GetPrinterDriverDirectoryW
EnumPrinterDriversW
SetPrinterW

crypt32

CertCloseStore
CertOpenStore
CertAddEncodedCertificateToStore
CertDeleteCertificateFromStore
CryptUnprotectData

Sections

.text
Size: 594KB - Virtual size: 593KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 616KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e555087f83d1b244884c8a498216948c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

ws2_32

rpcrt4

iphlpapi

psapi

shell32

wininet

setupapi

version

secur32

winspool.drv

crypt32

Sections

.text Size: 594KB - Virtual size: 593KB

.rdata Size: 206KB - Virtual size: 205KB

.data Size: 16KB - Virtual size: 37KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 616KB - Virtual size: 620KB

.text
Size: 594KB - Virtual size: 593KB

.rdata
Size: 206KB - Virtual size: 205KB

.data
Size: 16KB - Virtual size: 37KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 616KB - Virtual size: 620KB