Static task
static1
Behavioral task
behavioral1
Sample
2024-11-06_935e2c30c169112205d10b25c338cbc1_mafia.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-11-06_935e2c30c169112205d10b25c338cbc1_mafia.exe
Resource
win10v2004-20241007-en
General
-
Target
2024-11-06_935e2c30c169112205d10b25c338cbc1_mafia
-
Size
10.0MB
-
MD5
935e2c30c169112205d10b25c338cbc1
-
SHA1
a0cd4f34ed0dbb5d4eb4758f65fab7ae1a0e2ebe
-
SHA256
ef0cf9c3a7416b9a5547706530960398aa2bc67a2800813458a34680567efe03
-
SHA512
dc6787fc71daa25628ebb4c956fb4ab90dc9a83d31a1ff8b1526b8300803fbb7852c59383acb5050ce346299b0dbc9719f706fe588f8d62aef811e4bae94eb30
-
SSDEEP
49152:QVdrl/8HAzGCbGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGu:QVdrl/9zG
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-11-06_935e2c30c169112205d10b25c338cbc1_mafia
Files
-
2024-11-06_935e2c30c169112205d10b25c338cbc1_mafia.exe windows:5 windows x86 arch:x86
6f11f306c6f768b1acf4ae71c3f1ecc3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetSystemPowerStatus
lstrcpynW
WritePrivateProfileStructW
GetVolumePathNamesForVolumeNameW
VerifyVersionInfoA
WritePrivateProfileSectionW
IsBadWritePtr
ReplaceFileW
GetModuleFileNameW
lstrlenW
DisconnectNamedPipe
GetProcAddress
GetLongPathNameA
PeekConsoleInputW
CopyFileA
EnumSystemCodePagesW
GlobalGetAtomNameA
SetFileAttributesA
BuildCommDCBW
LoadLibraryA
ProcessIdToSessionId
LocalAlloc
TransmitCommChar
LockResource
SetFileApisToANSI
QueryDosDeviceW
GetThreadSelectorEntry
SetProcessWorkingSetSize
SetConsoleWindowInfo
AddAtomA
Module32FirstW
WaitForMultipleObjects
GlobalWire
FindNextFileA
WTSGetActiveConsoleSessionId
GetProcessAffinityMask
GetCPInfoExA
SetFileShortNameA
GetDiskFreeSpaceExW
WriteFileEx
GetWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
MoveFileWithProgressW
GetThreadTimes
FindActCtxSectionStringW
SetFileAttributesW
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileW
HeapReAlloc
GetStringTypeW
WriteFileGather
WriteFile
ClearCommBreak
GetNumberFormatA
OutputDebugStringW
FreeEnvironmentStringsA
GetCommProperties
GetSystemDefaultLCID
FindFirstFileExW
GlobalDeleteAtom
WriteConsoleInputA
ScrollConsoleScreenBufferW
ReadConsoleA
OpenJobObjectA
WriteTapemark
LoadLibraryExW
HeapAlloc
FindResourceW
GetCPInfo
lstrlenA
GlobalGetAtomNameW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
DecodePointer
EncodePointer
GetLastError
HeapFree
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
ReadFile
CloseHandle
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
Sleep
FatalAppExitA
RtlUnwind
SetStdHandle
FlushFileBuffers
HeapSize
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
WriteConsoleW
LCMapStringW
IsValidLocale
user32
GetMonitorInfoA
CreatePopupMenu
GetMenuInfo
DispatchMessageW
SetProcessWindowStation
advapi32
AbortSystemShutdownA
GetSecurityDescriptorGroup
SetPrivateObjectSecurity
InitiateSystemShutdownW
AdjustTokenPrivileges
LookupPrivilegeDisplayNameW
ClearEventLogA
RegReplaceKeyA
EnumServicesStatusW
RegDeleteValueW
GetAce
OpenBackupEventLogA
RegDeleteKeyW
RegOpenKeyW
RegQueryMultipleValuesW
OpenEventLogW
RegisterEventSourceW
RegSetValueA
CreateProcessAsUserA
DestroyPrivateObjectSecurity
Sections
.text Size: 151KB - Virtual size: 151KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 92KB - Virtual size: 903KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9.7MB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ