2025-03-17_0ad787efa19a59a5db376855961feb9b_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2025-03-17_0ad787efa19a59a5db376855961feb9b_mafia
Size

1.8MB
MD5

0ad787efa19a59a5db376855961feb9b
SHA1

723ed76749103dadf965b24c47860ed92008405f
SHA256

bc0697e5bc10152b5ebc9870725e1c1bc490ea9e3b6e6752c241dd135e5f0ca4
SHA512

a02a4561ac2c5adeceec874e0b00a88f82f575b81020312786216fd4c862a6242097ed0d5cb133a51d6a2ded9a3b60d687c7b943f23535ed77b33e30fdf3e48a
SSDEEP

49152:Vu0+td0nGWQUq9LcKWG/LgetD/MiOsDCUgD9Knqeg:QiLy5/sNjP9KnU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-03-17_0ad787efa19a59a5db376855961feb9b_mafia

Files

2025-03-17_0ad787efa19a59a5db376855961feb9b_mafia
.exe windows:5 windows x86 arch:x86

7d0d2b542b63bb7ea6f5c3c44207e7c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
InternetOpenUrlW
InternetSetOptionW
InternetOpenW

kernel32

RaiseException
EnterCriticalSection
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
FlushInstructionCache
GetTickCount
CreateThread
Sleep
InterlockedExchange
TlsAlloc
TlsFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleMode
GetConsoleCP
LeaveCriticalSection
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
AreFileApisANSI
CreateFileMappingW
GetModuleHandleW
FlushFileBuffers
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileSize
lstrlenW
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetVersionExA
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
HeapValidate
LoadLibraryW
LockFile
LockFileEx
MapViewOfFile
QueryPerformanceCounter
ReadFile
SetEndOfFile
lstrcmpiW
FreeLibrary
WritePrivateProfileStringW
OutputDebugStringA
MoveFileExW
GetCPInfo
GetProcAddress
OutputDebugStringW
TerminateProcess
GetLastError
OpenProcess
CloseHandle
GetCurrentThreadId
GetCurrentProcessId
WideCharToMultiByte
GetACP
MultiByteToWideChar
IsDebuggerPresent
SetHandleCount
SetFilePointer
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
WriteFile
GlobalAlloc
GlobalLock
GlobalUnlock
WaitForSingleObject
GetExitCodeProcess
GetTempPathW
GetBinaryTypeW
GetVersionExW
GetSystemInfo
SetLastError
lstrlenA
FreeResource
GetStdHandle
GetFileType
CreateMutexW
GetLocaleInfoA
FindResourceExW
LockResource
FormatMessageW
SetEnvironmentVariableA
CompareStringW
GetTimeZoneInformation
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
TlsSetValue
TlsGetValue
GetLocaleInfoW
ExitProcess
MoveFileW
InterlockedCompareExchange
InterlockedPushEntrySList
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
GetStringTypeW
InitializeCriticalSection
EncodePointer
DecodePointer
LocalFree
FormatMessageA
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
LCMapStringW
LoadLibraryA
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExW
CreateFileW
CreateFileA
GetFullPathNameW
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
GetFullPathNameA
DeleteFileA

user32

LoadStringA
UnregisterClassA
DialogBoxParamW
GetActiveWindow
DefWindowProcW
CharNextW
SetCursor
MessageBoxW
DestroyWindow
ScreenToClient
UpdateLayeredWindow
IsWindow
UnregisterClassW
SetWindowLongW
CreateWindowExW
RegisterClassExW
ShowWindow
PtInRect
GetDC
SendMessageW
GetSystemMetrics
LoadImageW
SetLayeredWindowAttributes
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
LoadCursorW
EndDialog
wsprintfW

gdi32

DeleteDC
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
LookupAccountSidW

shell32

ShellExecuteA
ShellExecuteExW
SHGetFolderPathW

ole32

StringFromCLSID
CoCreateGuid
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysAllocString
VarUI4FromStr
VariantClear

comctl32

InitCommonControlsEx

ws2_32

WSAStartup
WSACleanup

gdiplus

GdipLoadImageFromFile
GdipDrawImageI
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipLoadImageFromStream
GdipCreateBitmapFromHBITMAP
GdipReleaseDC
GdipDrawImageRectI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipGetImageWidth
GdipGetImageHeight
GdipFree

psapi

EnumProcesses
GetModuleBaseNameW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

urlmon

CoInternetParseUrl

Sections

.text
Size: 985KB - Virtual size: 984KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 647KB - Virtual size: 647KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d0d2b542b63bb7ea6f5c3c44207e7c4

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

gdiplus

psapi

wtsapi32

version

urlmon

Sections

.text Size: 985KB - Virtual size: 984KB

.rdata Size: 138KB - Virtual size: 138KB

.data Size: 21KB - Virtual size: 32KB

.rsrc Size: 647KB - Virtual size: 647KB

.reloc Size: 63KB - Virtual size: 63KB

.zero Size: 4KB - Virtual size: 3KB

.text
Size: 985KB - Virtual size: 984KB

.rdata
Size: 138KB - Virtual size: 138KB

.data
Size: 21KB - Virtual size: 32KB

.rsrc
Size: 647KB - Virtual size: 647KB

.reloc
Size: 63KB - Virtual size: 63KB

.zero
Size: 4KB - Virtual size: 3KB