2024-10-12_9b3ca0fc88537b6edf2957dc794b7b7c_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-12_9b3ca0fc88537b6edf2957dc794b7b7c_mafia
Size

321KB
MD5

9b3ca0fc88537b6edf2957dc794b7b7c
SHA1

fdfe3c97af63eecfc977beb5791f299389b27cca
SHA256

0b93c1dcb4d38f7a7b979923650bbbf3b5a50cf62ce4da4573f6469db327dc2c
SHA512

3a34a00c0a5b5692e59731e40c70f512a859edd388d83a02b5b53e82f422493ae9d7c0e64a70def3732b9e3235d7402f128a20d5074bc503adc971be99f0a934
SSDEEP

6144:jlC+5VyxEEsW32N83wPWD8GTk5V/tRZzC2VUBcengEx+2kToeyDx:BxIxELW32N80WD8GT4/RZu2VUDngEo2Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-12_9b3ca0fc88537b6edf2957dc794b7b7c_mafia

Files

2024-10-12_9b3ca0fc88537b6edf2957dc794b7b7c_mafia
.exe windows:5 windows x86 arch:x86

40b77991247dae154b98650af83dae51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetLogicalDriveStringsW
GetModuleHandleW
GetTickCount
GetProcessHeap
CreateRemoteThread
WriteFile
OpenProcess
GlobalAlloc
GetSystemDirectoryW
LoadLibraryW
GetLocaleInfoW
GetSystemPowerStatus
SizeofResource
GetConsoleWindow
GetVersionExW
GetFileAttributesA
GetExitCodeProcess
CreateProcessA
GetModuleFileNameW
GetSystemDirectoryA
CreateFileW
lstrcmpW
GetStartupInfoW
GetProcAddress
VirtualProtectEx
VirtualAllocEx
GlobalFree
GetLocalTime
LoadLibraryA
Process32FirstW
GetProcessId
LocalAlloc
LockResource
GlobalMemoryStatusEx
QueryDosDeviceW
GetSystemInfo
GetModuleFileNameA
Process32NextW
lstrcmpiW
GetModuleHandleA
lstrcatW
CreateToolhelp32Snapshot
GetDiskFreeSpaceExW
GetCurrentProcessId
LocalFree
WriteProcessMemory
ResumeThread
lstrcpyW
GetEnvironmentVariableW
GetFileSize
SetPriorityClass
GlobalSize
CreateDirectoryW
GlobalLock
GetCurrentThread
CopyFileW
GetFileAttributesW
ReadFile
SetThreadPriority
WritePrivateProfileStringW
GlobalUnlock
CreateEventW
MoveFileW
GetShortPathNameW
WinExec
DeleteFileW
ExpandEnvironmentStringsW
IsBadReadPtr
VirtualProtect
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
CheckRemoteDebuggerPresent
CreateThread
CreateProcessW
ReleaseMutex
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
WriteConsoleW
SetStdHandle
CreateFileA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetTimeZoneInformation
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LoadResource
FreeLibrary
FindResourceW
FindResourceExW
GetDriveTypeW
SetThreadContext
CreateMutexW
GetThreadContext
GetCommandLineW
ExitProcess
CreateWaitableTimerW
SetWaitableTimer
TryEnterCriticalSection
ResetEvent
VirtualFree
InterlockedExchange
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
GetNativeSystemInfo
SetLastError
SwitchToThread
GetCurrentThreadId
CloseHandle
GetLastError
CreateEventA
Sleep
SetEvent
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
HeapCreate
LeaveCriticalSection
HeapDestroy
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
HeapFree
InterlockedDecrement
InterlockedIncrement
HeapAlloc
GetStdHandle
IsProcessorFeaturePresent
UnhandledExceptionFilter
LCMapStringW
RtlUnwind
GetCPInfo
HeapSetInformation
VirtualQuery
GetSystemTimeAsFileTime
ExitThread
InitializeCriticalSection
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
RaiseException
SetFilePointer
CancelIo
VirtualAlloc
GetTempPathW

user32

CloseClipboard
GetKeyState
GetClipboardData
OpenClipboard
PostThreadMessageA
GetMessageW
GetInputState
ShowWindow
DispatchMessageW
PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
IsWindowVisible
GetLastInputInfo
GetWindowTextW
GetForegroundWindow
wsprintfW
EnumWindows
GetSystemMetrics
GetDesktopWindow
ReleaseDC
GetDC
ExitWindowsEx
PostThreadMessageW

gdi32

SetDIBColorTable
DeleteDC
CreateDIBSection
GetDeviceCaps
StretchBlt
GetDIBits
SetStretchBltMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW

advapi32

RegOpenKeyW
RegCloseKey
CryptHashData
CloseEventLog
ClearEventLogW
CryptDestroyHash
CryptCreateHash
RegDeleteValueW
CryptReleaseContext
OpenEventLogW
CryptAcquireContextW
CryptGetHashParam
RegSetValueExW
AdjustTokenPrivileges
RegEnumKeyExW
GetCurrentHwProfileW
RegOpenKeyExW
LookupAccountSidW
LookupPrivilegeValueW
RegQueryInfoKeyW
GetTokenInformation
RegCreateKeyW
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
RegQueryValueExW

shell32

SHGetFolderPathW
SHChangeNotify
ShellExecuteExW

ole32

CreateStreamOnHGlobal
CoUninitialize
GetHGlobalFromStream
CoCreateInstance
CoCreateGuid
CoInitialize

oleaut32

SysAllocString
SysStringLen
SysFreeString

ws2_32

WSACreateEvent
WSASetLastError
WSAResetEvent
gethostbyname
send
WSAWaitForMultipleEvents
WSAIoctl
WSAEventSelect
socket
WSAGetLastError
setsockopt
connect
WSAStartup
select
htons
WSAEnumNetworkEvents
recv
WSACleanup
recvfrom
sendto
gethostname
inet_ntoa
inet_addr
WSACloseEvent
shutdown
closesocket

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathIsDirectoryA

winmm

timeGetTime
waveInGetNumDevs

gdiplus

GdipSaveImageToStream
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdiplusShutdown
GdipGetImageHeight
GdipFree
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImageEncodersSize
GdipAlloc
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0

dxgi

CreateDXGIFactory

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

dinput8

DirectInput8Create

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

Sections

.text
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40b77991247dae154b98650af83dae51

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

shlwapi

winmm

gdiplus

dxgi

psapi

dinput8

iphlpapi

urlmon

wininet

Sections

.text Size: 227KB - Virtual size: 227KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 31KB - Virtual size: 64KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 227KB - Virtual size: 227KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 31KB - Virtual size: 64KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 18KB - Virtual size: 17KB