2025-02-20_8add9474e9b9211261ace0fbbbbc25e0_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2025-02-20_8add9474e9b9211261ace0fbbbbc25e0_mafia
Size

1.0MB
MD5

8add9474e9b9211261ace0fbbbbc25e0
SHA1

67a71ac5d8a8360b3d1e955d0bebbcfb838e3488
SHA256

2dc66f9035a656a8fd6b7e7429637dc1db895b6cfe07ff4d4cbdbaeacc4acfca
SHA512

e8221073538f6358928348209339898cc392232b7a8e0ca650e771f08997793bf1387e638543ad2df4bebdfe02942b088fd60734ee3e2669d62d2e4a5b823622
SSDEEP

24576:uICr2UPu3ZBZApEgFDBDohZYTyn2pagiUvmIpxdPDJ2nHqcJ:ufIZBIEgxBDWZYT+2pbjv92nH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-02-20_8add9474e9b9211261ace0fbbbbc25e0_mafia

Files

2025-02-20_8add9474e9b9211261ace0fbbbbc25e0_mafia
.exe windows:5 windows x86 arch:x86

b6d12ab57694ef0d580a6511f6aa260d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\cmparable\Release\nations.pdb

Imports

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetStdHandle
SetEvent
InitializeCriticalSection
GetLocalTime
SetLastError
ResetEvent
WaitForMultipleObjects
LocalFree
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
CreateFileW
WriteConsoleW
CreateFileA
GetExitCodeProcess
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapSize
SetHandleCount
VirtualQuery
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetFileAttributesA
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
CreateProcessA
CloseHandle
WideCharToMultiByte
GetTickCount
TlsFree
TlsSetValue
GetWindowsDirectoryW
CopyFileW
FindResourceExA
MultiByteToWideChar
lstrcpyA
GetLastError
FormatMessageA
FindFirstFileA
TlsGetValue
TlsAlloc
WriteFile
HeapCreate
IsProcessorFeaturePresent
DeleteFileA
CompareStringW
GetDateFormatA
GetTimeFormatA
LCMapStringW
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineA
CreateThread
ExitThread
GetFileType
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetCurrentProcess
InterlockedIncrement
GetProcAddress
InterlockedDecrement
LoadLibraryW
LoadLibraryA
WaitForSingleObject
CreateEventA
lstrcatA
lstrlenA
GetPrivateProfileStringA
GetPrivateProfileIntA
HeapReAlloc
GetModuleHandleW
RtlUnwind
HeapAlloc
RaiseException
HeapFree
ExitProcess
GetLocaleInfoW
GetStringTypeW
DecodePointer
EncodePointer
Sleep
InterlockedExchange
InterlockedCompareExchange
VirtualAlloc
GetModuleHandleA

user32

GetMonitorInfoA
EnumDisplayMonitors
GetWindowRect
GetDesktopWindow
EnumDisplaySettingsA
EnumDisplayDevicesA
ReleaseDC
GetParent
DefFrameProcA
IsWindow
EnumChildWindows
GetWindowLongA
GetWindow
CreateWindowExA
PostQuitMessage
GetDialogBaseUnits
GetCursorPos
wsprintfA
SetWindowLongA
GetMenuCheckMarkDimensions
IsDlgButtonChecked
MessageBoxA
SendMessageA
SetFocus
GetDlgItem
OemKeyScan
GetWindowThreadProcessId
WindowFromPoint
FindWindowA
WaitForInputIdle

gdi32

CreateFontIndirectA
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
GetPixel

winspool.drv

EnumPrintersA
ord201

comdlg32

FindTextA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHCreateShellItem

ole32

StgOpenStorage
MkParseDisplayName
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleCreateFromFile
CreateStreamOnHGlobal
CoUninitialize
ReleaseStgMedium
CoInitialize
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

odbc32

ord75
ord207
ord24
ord219
ord4
ord12
ord13
ord26
ord31
ord9
ord241

ws2_32

htons
socket
connect
gethostbyname
shutdown
closesocket
WSACleanup
select
recvfrom
recv
inet_addr
WSAStartup
send

netapi32

DsGetDcNameW
DsEnumerateDomainTrustsA

avifil32

AVIStreamLength
AVIStreamInfoA
AVIStreamGetFrameOpen
AVIStreamGetFrame
AVIFileExit
AVIStreamRelease
AVIStreamOpenFromFileA
AVIFileInit
AVIStreamSampleToTime
AVIStreamGetFrameClose

msvfw32

DrawDibDraw
DrawDibClose
DrawDibOpen

winmm

mmioDescend
mmioClose

shlwapi

PathCombineA
PathAppendW
PathFindExtensionA

comctl32

ord413

pdh

PdhBrowseCountersA

setupapi

CM_Get_DevNode_Registry_PropertyA

uxtheme

OpenThemeData

Sections

.text
Size: 422KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6d12ab57694ef0d580a6511f6aa260d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

odbc32

ws2_32

netapi32

avifil32

msvfw32

winmm

shlwapi

comctl32

pdh

setupapi

uxtheme

Sections

.text Size: 422KB - Virtual size: 422KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 9KB - Virtual size: 21KB

.rsrc Size: 523KB - Virtual size: 523KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 422KB - Virtual size: 422KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 9KB - Virtual size: 21KB

.rsrc
Size: 523KB - Virtual size: 523KB

.reloc
Size: 21KB - Virtual size: 20KB