2025-04-20_59ddcad28d941a4cd3af90a10a3833a7_elex_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2025-04-20_59ddcad28d941a4cd3af90a10a3833a7_elex_mafia
Size

5.1MB
MD5

59ddcad28d941a4cd3af90a10a3833a7
SHA1

a831be3525978ff33076479ad43935fc23432927
SHA256

7c53e91f6e48aa2c0dec8a5ddd6e29c551aeb27b8a4da027036b0436b2e1a581
SHA512

0b630da6233302d6912cb36b34eba465329f6087afdd9be7ce2e232ad6910f86c90db29983c7e391232106012bb583e115e7c988ae3f326a5d85eb0187fcde63
SSDEEP

98304:4EavUEH9tOXMHer9STJsv6tWKFdu9CLDsEJncODv6k3QaW:zGtDXTJsv6tWKFdu9CLBJnP6k3Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-04-20_59ddcad28d941a4cd3af90a10a3833a7_elex_mafia

Files

2025-04-20_59ddcad28d941a4cd3af90a10a3833a7_elex_mafia
.exe windows:5 windows x86 arch:x86

3d70c1217b455a4a212ebf21d1c8b0a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\mcuelenaere\Desktop\build-twoo-desktop-qt-Qt_5_0_2_static-Release\twoo-updater\release\TwooUpdate.pdb

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter
GetProcessId
VirtualQueryEx
InterlockedDecrement
TerminateThread
DeleteCriticalSection
FreeLibrary
RtlCaptureContext
GetProcAddress
LoadLibraryW
CreateThread
CreateSemaphoreW
InitializeCriticalSection
InterlockedIncrement
ResumeThread
WaitNamedPipeW
WaitForMultipleObjects
SetEvent
ResetEvent
DuplicateHandle
TransactNamedPipe
SetNamedPipeHandleState
GetModuleHandleA
GetVersion
GetFileType
GetStdHandle
GlobalMemoryStatus
GetTickCount
LoadLibraryA
GetVersionExA
QueryPerformanceCounter
FlushConsoleInputBuffer
SetHandleInformation
CompareStringW
GetUserDefaultLCID
CreateEventW
GetLocalTime
GetSystemTime
GetLocaleInfoW
GetCommandLineW
OutputDebugStringA
OutputDebugStringW
FormatMessageW
TlsFree
GetSystemInfo
TlsAlloc
GetCurrentThread
SetThreadPriority
TlsSetValue
GetThreadPriority
TlsGetValue
QueryPerformanceFrequency
GetModuleHandleW
GetSystemDirectoryW
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultUILanguage
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileInformationByHandle
SetErrorMode
GetCurrentThreadId
FindFirstFileW
CreateDirectoryW
RemoveDirectoryW
GetFileAttributesW
CopyFileW
MoveFileW
DeviceIoControl
GetFullPathNameW
GetLongPathNameW
GetTempPathW
GetCurrentDirectoryW
GetLogicalDrives
GetFileAttributesExW
SetFilePointerEx
ReadFile
SetEndOfFile
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetExitCodeProcess
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStartupInfoW
GetModuleFileNameW
WideCharToMultiByte
CreateMutexW
ReleaseMutex
VirtualFree
FindNextFileW
FindFirstFileExW
PeekNamedPipe
GetOverlappedResult
CreateFileA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetStringTypeW
GetDriveTypeW
SetEnvironmentVariableA
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
SetHandleCount
HeapCreate
IsProcessorFeaturePresent
HeapSize
SetLastError
GetCPInfo
LCMapStringW
GetConsoleCP
SetFileAttributesW
InitializeCriticalSectionAndSpinCount
SetStdHandle
ExitThread
GetTimeZoneInformation
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
ReleaseSemaphore
WaitForSingleObject
GetCurrentProcess
GetLastError
LocalAlloc
LocalFree
MultiByteToWideChar
CreateFileW
WriteFile
DeleteFileW
CreateProcessW
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
OpenProcess
TerminateProcess
GetVersionExW
Sleep
FindClose
HeapReAlloc
HeapSetInformation
GetCommandLineA
IsDebuggerPresent
UnhandledExceptionFilter
WriteConsoleW
GetSystemTimeAsFileTime
HeapAlloc
ExitProcess
HeapFree
RaiseException
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
GetProcessHeap

user32

GetDesktopWindow
MessageBoxA
PostMessageW
GetWindowThreadProcessId
PostThreadMessageW
EnumWindows
SetTimer
KillTimer
PeekMessageW
DefWindowProcW
GetWindowLongW
CallNextHookEx
GetQueueStatus
UnregisterClassW
DestroyWindow
SetWindowLongW
CreateWindowExW
RegisterClassW
UnhookWindowsHookEx
SetWindowsHookExW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjectsEx
CharNextExA
GetUserObjectInformationW
FindWindowExW
GetClientRect
SendMessageW
GetProcessWindowStation

ole32

CoUninitialize
CoCreateInstance
CoInitialize

advapi32

RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
DeregisterEventSource
ReportEventA
RegisterEventSourceA
FreeSid
RegSetValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegFlushKey
RegCreateKeyExW
GetLengthSid
CopySid
RegCloseKey

ws2_32

getsockopt
WSAGetLastError
WSAStartup
WSASend
WSACleanup
WSAIoctl
WSASocketW
setsockopt
listen
WSAAccept
WSARecvFrom
WSARecv
__WSAFDIsSet
select
closesocket
WSAAsyncSelect
inet_addr
gethostbyaddr
gethostbyname
ntohl
WSASendTo
bind
WSAConnect
getsockname
getpeername
WSAHtons
WSAHtonl
WSANtohs
WSANtohl
htonl

Exports

Exports

z_adler32
z_adler32_combine
z_adler32_combine64
z_compress
z_compress2
z_compressBound
z_crc32
z_crc32_combine
z_crc32_combine64
z_deflate
z_deflateBound
z_deflateCopy
z_deflateEnd
z_deflateInit2_
z_deflateInit_
z_deflateParams
z_deflatePrime
z_deflateReset
z_deflateSetDictionary
z_deflateSetHeader
z_deflateTune
z_get_crc_table
z_inflate
z_inflateCopy
z_inflateEnd
z_inflateGetHeader
z_inflateInit2_
z_inflateInit_
z_inflateMark
z_inflatePrime
z_inflateReset
z_inflateReset2
z_inflateSetDictionary
z_inflateSync
z_inflateSyncPoint
z_inflateUndermine
z_uncompress
z_zError
z_zlibCompileFlags
z_zlibVersion

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d70c1217b455a4a212ebf21d1c8b0a1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 28KB - Virtual size: 53KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 120KB - Virtual size: 120KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 28KB - Virtual size: 53KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 120KB - Virtual size: 120KB