F:\src\DNF_Extractor\Release\Launcher.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2024-12-05_498b0defdf60f700d6cfb53734bc93c6_mafia_wapomi.exe
Resource
win7-20240903-en
General
-
Target
2024-12-05_498b0defdf60f700d6cfb53734bc93c6_mafia_wapomi
-
Size
603KB
-
MD5
498b0defdf60f700d6cfb53734bc93c6
-
SHA1
3debd25ea5619cc6c777786a39214995966c1278
-
SHA256
7461a45ce023dd500c7b22c730748ddd753eca44b3ab33aa695b43db2ea7fe1b
-
SHA512
b28d1659bb6d7e3247b19757166006ca3d75849f47dd53ed79f8906ca5c30ee37b57d5fbb367187f888ae9d3a07723e8f1ead3965abbf1d2056b2c2efcb5218b
-
SSDEEP
12288:cIPSKaZ3z4SB9dnLuNG3AUaAqYVzNkjvg5mxfRHg5W3PYxy0KapTrQyRTiyM:cIPSAGYG9z4vgcpRA5WwxyH2TrQyRTiy
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-12-05_498b0defdf60f700d6cfb53734bc93c6_mafia_wapomi
Files
-
2024-12-05_498b0defdf60f700d6cfb53734bc93c6_mafia_wapomi.exe windows:5 windows x86 arch:x86
44f77dfa5ec5f174603f23d6c4afa0cf
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
SetLastError
Sleep
GetTickCount
ResumeThread
TlsGetValue
TlsSetValue
TlsFree
WideCharToMultiByte
MultiByteToWideChar
SetFileAttributesW
DeleteFileW
GetFileAttributesW
GetTempFileNameW
MoveFileW
GetTempPathW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
CreateDirectoryW
GetModuleHandleW
GetCurrentProcess
FormatMessageW
LocalFree
CreateProcessW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
CreateMutexW
GetUserDefaultLangID
GetVersion
GetProcessHeap
SetEndOfFile
WriteConsoleW
SetStdHandle
InterlockedCompareExchange
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
SetFilePointer
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
ReadFile
GetLocaleInfoW
GetStdHandle
WriteFile
ExitProcess
HeapSize
HeapCreate
GetQueuedCompletionStatus
SetWaitableTimer
CreateIoCompletionPort
PostQueuedCompletionStatus
SleepEx
SetEvent
InitializeCriticalSection
CreateEventW
WaitForSingleObject
QueueUserAPC
TerminateThread
WaitForMultipleObjects
CloseHandle
InitializeCriticalSectionAndSpinCount
InterlockedExchangeAdd
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
GetLastError
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CompareStringW
RaiseException
GetCPInfo
LCMapStringW
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapAlloc
HeapReAlloc
CreateThread
GetCurrentThreadId
ExitThread
HeapFree
FormatMessageA
DecodePointer
EncodePointer
GetStringTypeW
DeleteCriticalSection
CreateFileW
SetEnvironmentVariableA
user32
IsWindow
GetForegroundWindow
RegisterWindowMessageW
MessageBoxW
PeekMessageW
TranslateMessage
DispatchMessageW
SetWindowLongW
GetWindowLongW
PostMessageW
RedrawWindow
InvalidateRect
DestroyWindow
LoadImageW
GetSystemMetrics
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
UpdateWindow
SetWindowPos
SendMessageW
BeginPaint
GetSysColor
ShowWindow
PostQuitMessage
DefWindowProcW
EndPaint
DrawTextW
GetClientRect
gdi32
DeleteObject
SetBkMode
Rectangle
CreateSolidBrush
SelectObject
GetStockObject
advapi32
CheckTokenMembership
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
FreeSid
shell32
ShellExecuteExW
ShellExecuteW
ole32
CoUninitialize
CoInitializeEx
CoCreateInstance
ws2_32
WSASetLastError
WSAStartup
WSACleanup
closesocket
ioctlsocket
shutdown
listen
WSARecv
getsockopt
WSASocketW
setsockopt
accept
WSAGetLastError
getaddrinfo
freeaddrinfo
__WSAFDIsSet
inet_addr
connect
bind
WSASend
select
getsockname
comctl32
InitCommonControlsEx
Sections
.text Size: 409KB - Virtual size: 409KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IK��uv Size: 16KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE