2024-12-19_53085a6f8df30225e3546188424dab11_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-19_53085a6f8df30225e3546188424dab11_mafia
Size

14.0MB
MD5

53085a6f8df30225e3546188424dab11
SHA1

688763bc7f35c3a97fb879e5d3b3d496efc8faf7
SHA256

036bf4e675789eddebe930cd43ba1d35ff11b070146d7924d227a8332bc5d2c5
SHA512

ff7fd4b243b05a24016cb3861ad258e1d7c5d9c1a079f171f97b7d0034480d3bdb7b8c0404200e98824e60fe36d26bf54b6eb564df4caa18144aa4969fb217de
SSDEEP

6144:ZN7EUevPsS7JFxs3ba86/YsUvSaUo2lt/XUANtvcBNCxkNbnKWrLHtHtHtHtHtHl:ZpbevZK3baxY/SGtAN5cBNC0H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-19_53085a6f8df30225e3546188424dab11_mafia

Files

2024-12-19_53085a6f8df30225e3546188424dab11_mafia
.exe windows:5 windows x86 arch:x86

815d367259f74513547a34ff140fa8cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadUILanguage
TransmitCommChar
FreeEnvironmentStringsA
EndUpdateResourceA
GetCurrencyFormatW
GlobalFindAtomW
HeapCreate
SetCriticalSectionSpinCount
FlushInstructionCache
GetVersion
LocalUnlock
GetBinaryTypeW
SetComputerNameA
EnumSystemLocalesA
GetUserDefaultLangID
OpenJobObjectW
SetupComm
GetCalendarInfoA
GetConsoleAliasExesW
SetConsoleCP
GetConsoleMode
SetVolumeMountPointA
GetQueuedCompletionStatus
SetEndOfFile
HeapLock
ProcessIdToSessionId
WriteProcessMemory
VirtualProtect
EnumCalendarInfoA
GetConsoleAliasesLengthW
CreateSemaphoreW
GetNativeSystemInfo
GetModuleHandleExW
GetConsoleAliasExesLengthW
LocalFree
GetCommTimeouts
BackupWrite
lstrlenA
SetConsoleCursorPosition
VirtualQueryEx
GetExitCodeProcess
HeapSize
lstrcmpiW
DebugActiveProcess
CloseHandle
WriteConsoleW
FlushFileBuffers
LoadLibraryW
GetConsoleCP
SetStdHandle
GetLogicalDrives
FreeLibrary
LoadLibraryA
GetModuleFileNameW
GetProcAddress
WaitNamedPipeW
FindNextFileA
FindFirstFileExW
lstrlenW
ExitThread
ReadConsoleOutputCharacterA
MapViewOfFileEx
SetThreadPriorityBoost
GetACP
CompareStringA
GetLocalTime
WriteConsoleA
QueryMemoryResourceNotification
OutputDebugStringW
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetLastError
HeapFree
RaiseException
RtlUnwind
GetCommandLineA
HeapSetInformation
GetStartupInfoW
WideCharToMultiByte
LCMapStringW
GetCPInfo
HeapAlloc
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetCurrentThread
HeapDestroy
ReadFile
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
GetLocaleInfoW
HeapReAlloc
FatalAppExitA
GetUserDefaultLCID
GetLocaleInfoA
IsValidLocale
SetConsoleCtrlHandler
SetFilePointer
CreateFileW

user32

GetMonitorInfoW
IsZoomed
SetWindowRgn
GetKeyboardType
GetCaretPos

advapi32

ClearEventLogW
RegQueryMultipleValuesW
LookupPrivilegeValueW
QueryServiceStatus
AddAuditAccessAceEx
RegCreateKeyExA
RegQueryInfoKeyW
AddAccessAllowedAce
GetAclInformation
ReadEventLogW
ObjectCloseAuditAlarmA
RegEnumKeyA
ReportEventW
GetNumberOfEventLogRecords
GetKernelObjectSecurity
SetAclInformation
AccessCheckByType
RegisterEventSourceW

Exports

Exports

MyFunc124

Sections

.text
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 94.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13.7MB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

815d367259f74513547a34ff140fa8cf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 225KB - Virtual size: 224KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 11KB - Virtual size: 94.6MB

.rsrc Size: 46KB - Virtual size: 46KB

.reloc Size: 13.7MB - Virtual size: 43KB

.text
Size: 225KB - Virtual size: 224KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 11KB - Virtual size: 94.6MB

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 13.7MB - Virtual size: 43KB