2024-10-10_b6fb8e89c003f13bddc01aede84b83d8_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-10_b6fb8e89c003f13bddc01aede84b83d8_mafia
Size

1.8MB
MD5

b6fb8e89c003f13bddc01aede84b83d8
SHA1

420cf0ab399a6007feb8742a413b3fb1f01d1048
SHA256

270b7cf7c09d8452e053db8472ca369276213e2dbe787f046eb403748105ed90
SHA512

f026c21d291073c23ed3328e796fc68dcf65ecac130f7444b3ce34cf518fdf3b2a3aa6591d9b79e6cb83f59b5f4cf1bb5161f6cb44a144019edd1319c267e7d5
SSDEEP

49152:WXF/KyJej9BQODw4+1Tr1IJkSDNadeTF33nHdz:QkT6WJkSD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-10_b6fb8e89c003f13bddc01aede84b83d8_mafia

Files

2024-10-10_b6fb8e89c003f13bddc01aede84b83d8_mafia
.exe windows:5 windows x86 arch:x86

a6fe7fc4eaff125c579bc3b2c0015383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetSystemInfo
GetDriveTypeW
OpenProcess
CreateFileW
SetFilePointer
WriteFile
GetFileSize
ReadFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FindFirstFileW
FindClose
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
DeleteFileW
SetFileTime
FileTimeToSystemTime
MoveFileW
MoveFileExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
CreateProcessW
GetModuleHandleExW
LocalFree
VirtualAlloc
GetCurrentProcessId
CreateMutexW
SystemTimeToFileTime
SetLocalTime
DeviceIoControl
SetPriorityClass
InitializeCriticalSection
TryEnterCriticalSection
ReleaseMutex
GlobalFree
CreateThread
FindFirstChangeNotificationW
FindCloseChangeNotification
HeapAlloc
GetProcessHeap
HeapFree
GetComputerNameW
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
HeapCompact
SetEndOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
GetVersionExW
CopyFileW
WaitForSingleObjectEx
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
FlushFileBuffers
HeapSize
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
GetDiskFreeSpaceA
GetFileAttributesExW
GetTempPathA
GetSystemTime
AreFileApisANSI
GetVolumeInformationW
TerminateThread
GetCommandLineW
lstrlenA
SetEnvironmentVariableA
CompareStringW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
GetLocaleInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
LCMapStringW
GetStdHandle
GetFileType
WriteConsoleW
ExitThread
MoveFileA
GetStartupInfoW
HeapSetInformation
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
GetStringTypeW
InterlockedPopEntrySList
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
FlushViewOfFile
FormatMessageW
ExpandEnvironmentStringsW
GetTickCount
OutputDebugStringA
GetLocalTime
DeleteFileA
WideCharToMultiByte
WTSGetActiveConsoleSessionId
CreateFileA
LoadLibraryW
ExpandEnvironmentStringsA
GetTempPathW
GetSystemDirectoryW
CloseHandle
SetEvent
WaitForSingleObject
OutputDebugStringW
CreateEventW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
RaiseException
lstrcmpW
SetLastError
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetProcAddress
lstrlenW
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
Sleep
GetModuleFileNameW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
LockFile

user32

IsDialogMessageW
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
SendMessageW
InvalidateRect
UnregisterClassA
GetWindowLongW
CreateAcceleratorTableW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
wsprintfW
LoadStringW
MessageBoxA
SetCursor
UpdateLayeredWindow
PostMessageW
IsWindowVisible
CreateWindowExW
RegisterClassExW
LoadCursorW
MonitorFromWindow
GetWindowRect
GetWindow
GetParent
SetForegroundWindow
SetWindowTextW
LoadImageW
EnableWindow
GetClassInfoExW
IsWindow
GetDlgItem
DestroyWindow
SetWindowLongW
PostQuitMessage
GetSystemMetrics
ShowWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DefWindowProcW
CharNextW
GetSysColor
CreateDialogParamW
MoveWindow
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetClassNameW
ReleaseCapture
FillRect
CallWindowProcW
EndPaint
BeginPaint
GetDesktopWindow
DestroyAcceleratorTable
GetFocus
SetFocus

gdi32

DeleteObject
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateSolidBrush
GetObjectW
GetStockObject
GetObjectA
GetTextExtentExPointW
GetTextMetricsW
CreatePolygonRgn
GetDeviceCaps
CreateFontW

advapi32

InitializeSecurityDescriptor
CreateProcessAsUserW
FreeSid
GetLengthSid
SetTokenInformation
AllocateAndInitializeSid
DuplicateTokenEx
OpenProcessToken
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
ConvertSidToStringSidW
LookupAccountNameW
QueryServiceStatus
CloseServiceHandle
GetSecurityDescriptorSacl
LookupAccountSidW
GetTokenInformation
CheckTokenMembership
RegQueryValueExW
SetSecurityDescriptorSacl

shell32

SHBrowseForFolderW
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetFolderLocation
ShellExecuteW
ord155

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
VarUI4FromStr
SysAllocString

shlwapi

PathFileExistsW
PathFileExistsA
SHCreateStreamOnFileEx
PathRemoveFileSpecW
PathFindFileNameW

comctl32

InitCommonControlsEx
_TrackMouseEvent

psapi

GetModuleFileNameExW

wtsapi32

WTSQueryUserToken

iphlpapi

GetAdaptersInfo

winhttp

WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData

gdiplus

GdipDeleteStringFormat
GdipCreateCachedBitmap
GdipDeleteCachedBitmap
GdipSetStringFormatAlign
GdipDeleteMatrix
GdipCreatePath
GdipDeletePath
GdipCreateBitmapFromGraphics
GdipCreateMatrix
GdipCreateMatrix2
GdipRotateMatrix
GdipTranslateMatrix
GdipAddPathRectangleI
GdipTransformPath
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipLoadImageFromFile
GdipGetFontHeight
GdipCreateStringFormat
GdipDrawRectangle
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteBrush
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipDisposeImage
GdipAlloc
GdipFree
GdipMeasureString
GdipFillRectangleI
GdipFillRectangle
GdipSetClipHrgn
GdipSetSolidFillColor
GdipDrawImageI
GdiplusStartup
GdiplusShutdown
GdipDrawImagePointRectI
GdipDrawRectangleI
GdipDrawLineI
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDeletePen
GdipCreatePen1
GdipDrawImageRectI
GdipSetSmoothingMode
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawLine
GdipLoadImageFromFileICM
GdipDrawImageRectRectI
GdipDrawString
GdipSetWorldTransform
GdipCreateFromHDC
GdipReleaseDC

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6fe7fc4eaff125c579bc3b2c0015383

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

psapi

wtsapi32

iphlpapi

winhttp

gdiplus

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 336KB - Virtual size: 336KB

.data Size: 23KB - Virtual size: 36KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 80KB - Virtual size: 80KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 336KB - Virtual size: 336KB

.data
Size: 23KB - Virtual size: 36KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 80KB - Virtual size: 80KB