2024-10-10_7081e9a4932088d5c1f9b87fa3841cb4_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-10_7081e9a4932088d5c1f9b87fa3841cb4_mafia
Size

1.8MB
MD5

7081e9a4932088d5c1f9b87fa3841cb4
SHA1

23a542eebab27ddd94e9c7c233cc1c40888c6d41
SHA256

8e0490a69fcf763524073fd8e8b908a2b22f53d86e9e904c1d6b051ef7c06136
SHA512

3b1fa68b8b665a61dd7eea93dba75c06c23d356f15b777ffe066ab62dbc7cc1daceedc44da9cbca860c8700ccf44a4a56c218e64569e6e5868b6154935f9e1af
SSDEEP

24576:qgafBZPGoKjKxlIORaR1NY0MynWh92xTWXK1UdMzD/Hg52YCgQeb61htsiSqBToM:qgafGjhfnF3/gYDgQ461kiBTjduzmJP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-10_7081e9a4932088d5c1f9b87fa3841cb4_mafia

Files

2024-10-10_7081e9a4932088d5c1f9b87fa3841cb4_mafia
.exe windows:5 windows x86 arch:x86

de817111b9a04d3ef5e2226e93f48c25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
GetDriveTypeW
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
CreateProcessW
WaitForSingleObject
GetModuleHandleExW
FormatMessageW
LocalFree
VirtualAlloc
GetCurrentProcessId
CreateFileW
SetFilePointer
WriteFile
GetFileSize
ReadFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FindFirstFileW
FindClose
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
GetVersionExA
FindNextFileW
DeleteFileW
CopyFileW
SetFileTime
FileTimeToSystemTime
MoveFileW
MoveFileExW
SystemTimeToFileTime
SetLocalTime
InitializeCriticalSection
TryEnterCriticalSection
GlobalFree
CreateThread
Sleep
OutputDebugStringW
GetCommandLineW
TerminateThread
CreateEventW
SetEvent
InterlockedCompareExchange
InterlockedPushEntrySList
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
InterlockedPopEntrySList
InterlockedExchange
SizeofResource
MultiByteToWideChar
FreeLibrary
GlobalAlloc
lstrlenA
ExitThread
RemoveDirectoryW
GetVersionExW
EncodePointer
DecodePointer
RtlUnwind
HeapSetInformation
GetStartupInfoW
MoveFileA
GetSystemTimeAsFileTime
HeapReAlloc
GlobalUnlock
GetVolumeInformationW
AreFileApisANSI
GetSystemTime
GetTempPathA
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapValidate
GetFileAttributesA
FormatMessageA
UnlockFileEx
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
HeapCompact
GetFullPathNameA
GetFullPathNameW
GetComputerNameW
FindCloseChangeNotification
FindFirstChangeNotificationW
SetPriorityClass
DeviceIoControl
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
MulDiv
lstrcmpW
SetLastError
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetProcAddress
lstrlenW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
ReleaseMutex
CloseHandle
GetExitCodeProcess
ExitProcess
CreateMutexW
FreeEnvironmentStringsW
HeapSize
GetLocaleInfoW
HeapDestroy
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
LCMapStringW
WriteConsoleW
GetTickCount
LoadLibraryW
ExpandEnvironmentStringsA
GetTempPathW
GetSystemDirectoryW
OutputDebugStringA
GetLocalTime
DeleteFileA
WideCharToMultiByte
WTSGetActiveConsoleSessionId
CreateFileA
LoadLibraryExW
FindResourceW
GlobalLock
LoadResource
GetLastError
GetStdHandle
GetFileType
ExpandEnvironmentStringsW
GetModuleFileNameW
GetStringTypeW

user32

UpdateLayeredWindow
SetCursor
wsprintfW
IsWindowVisible
GetSystemMetrics
PostQuitMessage
EnableWindow
PostMessageW
SetForegroundWindow
SetWindowLongW
GetWindowLongW
ShowWindow
DispatchMessageW
LoadStringW
TranslateMessage
GetMessageW
PeekMessageW
DefWindowProcW
CharNextW
UnregisterClassA
LoadImageW
DestroyWindow
GetSysColor
CreateDialogParamW
MoveWindow
SetWindowPos
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
MessageBoxA
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetDlgItem
GetClassNameW
ReleaseCapture
FillRect
CallWindowProcW
EndPaint
BeginPaint
GetDesktopWindow
DestroyAcceleratorTable
GetWindow
GetFocus
SetFocus
SendMessageW
IsWindow
GetClassInfoExW
LoadCursorW
RegisterClassExW
CreateWindowExW
CreateAcceleratorTableW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
MessageBoxW
IsDialogMessageW
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindowRect

advapi32

RegQueryValueExW
SetTokenInformation
LookupAccountSidW
GetTokenInformation
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
CreateProcessAsUserW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetLengthSid
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
LookupAccountNameW
ConvertSidToStringSidW
DuplicateTokenEx

ole32

CoInitializeSecurity
StringFromGUID2
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW
SHGetPathFromIDListW
ord155
SHFileOperationW
SHGetFolderLocation

oleaut32

LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen

shlwapi

PathRemoveFileSpecW
PathFileExistsA
PathFindFileNameW
SHCreateStreamOnFileEx
PathFileExistsW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdi32

DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectW
GetStockObject
CreateFontW
GetObjectA
GetTextExtentExPointW
CreatePolygonRgn
GetTextMetricsW
SelectObject

psapi

GetModuleFileNameExW

wtsapi32

WTSQueryUserToken

winhttp

WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpOpen
WinHttpReadData
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSetTimeouts
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl

gdiplus

GdipDeleteGraphics
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDisposeImage
GdipGetImageWidth
GdipAlloc
GdipCreateFromHDC
GdipReleaseDC
GdipSetSmoothingMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageHeight
GdipDeleteStringFormat
GdipDrawImageI
GdipDrawRectangle
GdipDrawLine
GdipGetFontHeight
GdipSetWorldTransform
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipTransformPath
GdipAddPathRectangleI
GdipTranslateMatrix
GdipRotateMatrix
GdipCreateMatrix2
GdipCreateMatrix
GdipCreateBitmapFromGraphics
GdipDeletePath
GdipCreatePath
GdipDeleteMatrix
GdipDrawRectangleI
GdipGetImageGraphicsContext
GdipSetStringFormatAlign
GdipCreateBitmapFromScan0
GdipDeleteCachedBitmap
GdipCreateCachedBitmap
GdipCreateBitmapFromFile
GdipCreateStringFormat
GdipDrawImagePointRectI
GdipMeasureString
GdipFillRectangleI
GdipFillRectangle
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipSetClipHrgn
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectRectI
GdipDrawString
GdipCreateSolidFill
GdipCreateBitmapFromFileICM
GdiplusShutdown
GdipDeleteFont
GdipSetSolidFillColor
GdipDeleteBrush
GdiplusStartup
GdipFree

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de817111b9a04d3ef5e2226e93f48c25

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

comctl32

gdi32

psapi

wtsapi32

winhttp

gdiplus

iphlpapi

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 336KB - Virtual size: 336KB

.data Size: 23KB - Virtual size: 36KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 80KB - Virtual size: 80KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 336KB - Virtual size: 336KB

.data
Size: 23KB - Virtual size: 36KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 80KB - Virtual size: 80KB