2024-11-22_d4fd543dd220462dc2ebe5652b9f6602_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-11-22_d4fd543dd220462dc2ebe5652b9f6602_mafia
Size

1.3MB
MD5

d4fd543dd220462dc2ebe5652b9f6602
SHA1

bf8b5684532568c1a22aeb24cf726c1f67f940fa
SHA256

2739e24e27270aa7ceca0f2a6938af9beadb6673c6e68f0ba8ce0bfe99f3b44c
SHA512

d0a8fb4ef543b5a8dd3f4cebe96fb3dc68c5d8f466f67015d4e0ab5c5534866856a0c95c93f4babeabafc5cafc323a8188f613e63ad0376c8e50b28d18913eb4
SSDEEP

24576:697ZlobAtl4Yz1o/qhgqpQs4PG0xZ4siUaUO/73JqEHBXdtowCER3v7DA2:697+Atl9Zo/B74RUaUaFnBXdtowXnV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-11-22_d4fd543dd220462dc2ebe5652b9f6602_mafia

Files

2024-11-22_d4fd543dd220462dc2ebe5652b9f6602_mafia
.exe windows:5 windows x86 arch:x86

c7122aa3333916adc13feb9bc42e2776

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryW
GetFullPathNameA
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
HeapCreate
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
WideCharToMultiByte
SetFilePointer
GetFileInformationByHandle
GetSystemTimeAsFileTime
FindFirstFileExA
GetDriveTypeA
FileTimeToSystemTime
FindClose
GetStartupInfoW
HeapSetInformation
ExitProcess
ExitThread
RtlUnwind
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
WakeAllConditionVariable
MoveFileExA
FormatMessageA
GetEnvironmentVariableA
Sleep
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
QueryPerformanceCounter
GetTickCount
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
InitializeCriticalSection
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableW
WriteConsoleW
GetDriveTypeW
SetEndOfFile
GetTimeZoneInformation
SetEnvironmentVariableA
LocalFree
GetFileAttributesA
CreateEventA
WaitForSingleObject
GetCommandLineW
SetConsoleScreenBufferSize
FindResourceA
SetFileInformationByHandle
VirtualAlloc
GetProfileIntA
WriteProfileStringA
LoadLibraryA
CreateFileA
EnumResourceTypesA
AllocateUserPhysicalPages
GetModuleFileNameA
CreateThread
GetModuleHandleA
GlobalSize
FindResourceExW
LockResource
lstrcmpW
GetCurrentProcessId
GetFullPathNameW
GetModuleFileNameW
LoadLibraryExW
RaiseException
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
lstrlenA
OutputDebugStringW
DebugBreak
SetLastError
LoadLibraryW
FreeLibrary
lstrcmpiW
InterlockedIncrement
GetModuleHandleW
GetProcAddress
GlobalAlloc
GetProfileStringW
CreateFileW
InterlockedDecrement
GetCurrentThreadId
GlobalUnlock
GlobalFree
GlobalLock
CloseHandle
lstrcpyW
lstrcatW
WriteFile
ReadFile
lstrlenW
MulDiv
GetCurrentProcess
FlushInstructionCache
GetVersionExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
FileTimeToLocalFileTime
DeleteFileA

user32

GetCursorPos
DrawIconEx
DialogBoxIndirectParamA
SetWindowTextA
GetWindowLongW
SetWindowTextW
ShowWindow
GetParent
MessageBoxW
IsWindow
DrawTextA
CreateWindowExA
SetWindowLongA
GetWindowLongA
GetClipboardOwner
GetCaretPos
GetCaretBlinkTime
CheckMenuItem
GetWindowTextLengthA
EnumChildWindows
InsertMenuItemA
GetMenuItemInfoA
EnumDisplaySettingsA
ReleaseDC
GetDC
CharNextW
SetWindowLongW
FindWindowExW
SendMessageA
ShowCaret
SetCaretPos
SetForegroundWindow
GetDlgItem
GetMenuCheckMarkDimensions
SetScrollPos
MsgWaitForMultipleObjects
TranslateAcceleratorW
GetWindowTextLengthW
DialogBoxParamW
EndDialog
MonitorFromWindow
AdjustWindowRectEx
GetMenuStringW
CheckMenuRadioItem
RemoveMenu
AppendMenuW
CreatePopupMenu
LoadBitmapW
UnregisterClassA
DispatchMessageA
LoadStringW
SendMessageW
DefWindowProcW
GetMessageA
GetWindowTextA
MessageBoxA
RegisterClassExA
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
EnableMenuItem
InsertMenuW
DeleteMenu
GetMenuItemInfoW
GetMenuItemCount
DestroyWindow
RegisterClassExW
LoadImageW
GetSystemMetrics
LoadCursorW
GetClassInfoExW
PostMessageW
CopyImage
CreateWindowExW
SetActiveWindow
PtInRect
OffsetRect
CallWindowProcW
RegisterWindowMessageW
MoveWindow
GetWindowRect
ClientToScreen
SetCursor
GetWindowDC
GetActiveWindow
IsChild
LoadCursorA
LoadIconA
wsprintfA
GetClassNameA
SetDlgItemTextA
CreateDialogParamA
SetCapture
IsDialogMessageW
GetFocus
MessageBeep
GetClientRect
FillRect
BeginPaint
EndPaint
InflateRect
DestroyMenu
LoadAcceleratorsW
LoadMenuW
InvalidateRect
SetWindowPos
wsprintfW
ScreenToClient
MapWindowPoints
UpdateWindow
IsWindowVisible
IsWindowEnabled
SetFocus
LoadImageA
DrawMenuBar
PostMessageA
LoadMenuA
DefWindowProcA
LoadStringA
PostQuitMessage
PostThreadMessageW
SetMenuDefaultItem
CopyRect
SetWindowRgn
GetDlgCtrlID
GetWindow
RedrawWindow
SetMenu
GetMenu
IsMenu
GetSubMenu
SetWindowsHookExW
GetClassNameW
CallNextHookEx
GetKeyState
CharLowerW
UnhookWindowsHookEx
SystemParametersInfoW
SetRectEmpty
GetSysColorBrush
GetSysColor
TrackPopupMenuEx
GetMessagePos
WindowFromPoint
FrameRect
DrawEdge
MonitorFromPoint
GetMonitorInfoW
DrawFrameControl
DrawTextW
SetMenuItemInfoW
ModifyMenuW
GetMenuItemID
GetWindowThreadProcessId

gdi32

CreateFontIndirectA
CreateICA
GetTextMetricsA
GetObjectA
TextOutA
StartDocW
CreateDCW
CreateFontW
EndDoc
GetCurrentObject
EndPage
StartPage
GetTextExtentPoint32W
SetViewportOrgEx
ResetDCW
RestoreDC
SaveDC
CloseEnhMetaFile
GetDeviceCaps
DeleteObject
CreateFontIndirectW
DeleteEnhMetaFile
GetObjectW
SelectObject
GetTextMetricsW
DeleteDC
GetEnhMetaFileHeader
OffsetWindowOrgEx
PlayEnhMetaFile
SelectClipRgn
CreateRectRgnIndirect
CombineRgn
GetStockObject
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
SetBkMode
SetTextColor
SetBrushOrgEx
SetBkColor
PatBlt
CreateBitmap
CreatePatternBrush
CreateDIBSection
AbortDoc
CreateEnhMetaFileW

winspool.drv

ClosePrinter
OpenPrinterW
GetPrinterW

comdlg32

PrintDlgW
FindTextW
ReplaceTextW
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW
PageSetupDlgW

advapi32

CryptHashData
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
IsValidSecurityDescriptor
OpenProcessToken
CryptDestroyKey
CryptEncrypt
CryptReleaseContext
CryptImportKey
CryptAcquireContextA
CryptCreateHash
RegOpenKeyExW
CryptDestroyHash
CryptGetHashParam

shell32

Shell_NotifyIconA
CommandLineToArgvW

ole32

GetHGlobalFromStream
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
CoTaskMemRealloc
CoInitialize
CoInitializeSecurity
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree

oleaut32

VarUI4FromStr
VarDecFromI4
VarDecFromR8
SafeArrayCopy
SafeArrayDestroy
SafeArrayPutElement
SysFreeString
VarI4FromDec
VarR8FromDec
VariantClear
VariantInit
SysAllocString
SafeArrayCreateVector

odbc32

ord9

shlwapi

PathIsDirectoryW
SHStrDupW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecA

comctl32

ImageList_GetImageCount
ImageList_Destroy
InitCommonControlsEx
ImageList_Draw
ImageList_DrawIndirect
CreateStatusWindowW
ord8
ImageList_Create
ImageList_LoadImageW
ImageList_AddMasked
ImageList_DragLeave
ImageList_EndDrag
ImageList_BeginDrag
ImageList_ReplaceIcon
CreateToolbarEx

msimg32

TransparentBlt

dwmapi

DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea

propsys

PropVariantToString
PropVariantToBoolean
PropVariantToUInt32

ws2_32

gethostname
ioctlsocket
select
__WSAFDIsSet
recvfrom
sendto
htonl
listen
accept
getaddrinfo
freeaddrinfo
WSASetLastError
connect
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
inet_pton
recv
WSAStartup
WSACleanup
WSAGetLastError
send
closesocket
socket

setupapi

CM_Free_Log_Conf

netapi32

NetApiBufferFree
NetShareEnum
NetWkstaUserGetInfo
NetShareGetInfo

pdh

PdhGetFormattedCounterValue
PdhBrowseCountersA
PdhCollectQueryData

wldap32

ord50
ord26
ord30
ord32
ord35
ord143
ord33
ord301
ord27
ord41
ord46
ord60
ord211
ord22
ord79
ord200

rpcrt4

I_RpcServerSetAddressChangeFn
I_RpcMapWin32Status

secur32

QuerySecurityPackageInfoA

Sections

.text
Size: 751KB - Virtual size: 751KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7122aa3333916adc13feb9bc42e2776

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

odbc32

shlwapi

comctl32

msimg32

dwmapi

propsys

ws2_32

setupapi

netapi32

pdh

wldap32

rpcrt4

secur32

Sections

.text Size: 751KB - Virtual size: 751KB

.rdata Size: 114KB - Virtual size: 114KB

.data Size: 13KB - Virtual size: 25KB

.rsrc Size: 388KB - Virtual size: 387KB

.reloc Size: 33KB - Virtual size: 32KB

.text
Size: 751KB - Virtual size: 751KB

.rdata
Size: 114KB - Virtual size: 114KB

.data
Size: 13KB - Virtual size: 25KB

.rsrc
Size: 388KB - Virtual size: 387KB

.reloc
Size: 33KB - Virtual size: 32KB