2025-03-06_b0b92a8cc1bbd59c50bb46efecba5d60_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2025-03-06_b0b92a8cc1bbd59c50bb46efecba5d60_mafia
Size

571KB
MD5

b0b92a8cc1bbd59c50bb46efecba5d60
SHA1

7911a9d8d1f5ea40111645608d6e4b28ce594db5
SHA256

aefe1a33ea0fadfe030b57ac20a77ac3b1bd3295a2dd698b8fd7f973e0277134
SHA512

886dfe2541a31997e2a859f31dee67e1d3d87838cc14048801336fb8885baa416b7e351d779c257b0371fbd12752caf554a8e0051b2d15ea470441a4098584ac
SSDEEP

12288:K9R+hzGBVId9w6SC/zqrWd6yu0FsFA8JTC2mxi2uIdMmebX5Qhx:K+hyyVSC/CWQyu0FsF/JBmxiTmUex

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-03-06_b0b92a8cc1bbd59c50bb46efecba5d60_mafia

Files

2025-03-06_b0b92a8cc1bbd59c50bb46efecba5d60_mafia
.exe windows:5 windows x86 arch:x86

0a9b688096e3fabe0633151d9a9d50ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\wuwup.pdb

Imports

kernel32

ExpandEnvironmentStringsA
GlobalAlloc
GetDriveTypeW
GetModuleHandleW
GetSystemDirectoryW
GetCommandLineA
SetEnvironmentVariableW
GetFirmwareEnvironmentVariableW
HeapLock
ReplaceFileW
EnumTimeFormatsW
GetVolumePathNamesForVolumeNameA
ReadConsoleW
GetProcAddress
LoadLibraryA
TryEnterCriticalSection
IsProcessorFeaturePresent
GetLastError
FlushFileBuffers
GenerateConsoleCtrlEvent
DebugBreakProcess
IsBadReadPtr
CloseHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
WriteConsoleW
SetStdHandle
ExitProcess
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
WriteFile
GetStdHandle
GetModuleFileNameW
SetHandleCount
GetFileType
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
Sleep
WideCharToMultiByte
HeapSize
RtlUnwind
MultiByteToWideChar
SetFilePointer
GetConsoleCP
GetConsoleMode
RaiseException
LCMapStringW
GetStringTypeW
HeapAlloc
HeapReAlloc
ReadFile
CreateFileW

user32

CloseDesktop
LoadCursorFromFileA
GetWindowRgn
GetMessageTime
GetScrollBarInfo
GetClassInfoExW

Exports

Exports

_MyFunc124@4

Sections

.text
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a9b688096e3fabe0633151d9a9d50ea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 498KB - Virtual size: 497KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 7KB - Virtual size: 123KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 498KB - Virtual size: 497KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 7KB - Virtual size: 123KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 6KB - Virtual size: 5KB