2024-02-21_f39788bbe8ccfbaf737c0368d55e8321_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-21_f39788bbe8ccfbaf737c0368d55e8321_mafia
Size

8.6MB
MD5

f39788bbe8ccfbaf737c0368d55e8321
SHA1

1eb68f1d823b110fbd15da0e1e4db35500d5770a
SHA256

705a4fb1e2c41bc1d4a09495301e6c0556acb00550e5eec31ac9c25e4d7150d2
SHA512

80f54a6e923be05e18f96a0fe67f3d6abd9153f7c5bf3b3f759aecf20501f934ec86999519932de20bbde946f3d3b09627adb7ee345586dacc39eacee194a526
SSDEEP

196608:5KJr1Vet4TvMc7voV3dOu/nHXqOsR+Eap1TmisRk2Enq0VNzW8btia85LhVQBWG:5KJr1Vet4Mc7wV3dOuv3qVR+Eap1Tmin

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-21_f39788bbe8ccfbaf737c0368d55e8321_mafia

Files

2024-02-21_f39788bbe8ccfbaf737c0368d55e8321_mafia
.exe windows:5 windows x86 arch:x86

6dfa080c3547a69ae04510e24081a688

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Telltale\T3\Trunk\Engine\GameApp\GameApp.pdb

Imports

kernel32

InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedCompareExchange
GetDriveTypeW
CompareStringW
WriteConsoleW
CreateFileW
GetProcessHeap
SetEndOfFile
GetCurrentDirectoryW
GetModuleFileNameA
CreateSemaphoreA
GetLastError
GetFullPathNameA
SetStdHandle
FlushFileBuffers
GetExitCodeProcess
CreatePipe
GetTimeZoneInformation
GetConsoleCP
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
LoadLibraryW
GetLocaleInfoW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
LCMapStringW
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
DuplicateHandle
CreateProcessA
GetDateFormatA
GetTimeFormatA
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
LoadLibraryA
FreeLibrary
SetFileAttributesA
GetFileAttributesA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
ExitThread
VirtualQuery
VirtualProtect
ExitProcess
GetModuleHandleW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
FlushConsoleInputBuffer
GlobalMemoryStatus
GetCurrentProcessId
ExpandEnvironmentStringsA
GetTickCount
PeekNamedPipe
SleepEx
GetLocaleInfoA
GetStdHandle
GetFileType
GetVersion
GetSystemInfo
GetModuleHandleA
WaitForSingleObject
CreateThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapLock
HeapUnlock
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
HeapCreate
GlobalMemoryStatusEx
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
RaiseException
GetCurrentThreadId
WideCharToMultiByte
lstrlenW
GetProcAddress
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
Sleep
IsDBCSLeadByte
FlushInstructionCache
GetCurrentProcess
lstrcmpA
MulDiv
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
CloseHandle
WaitForMultipleObjects
CreateDirectoryA
WriteFile
CreateFileA
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
VirtualFree
VirtualAlloc
FindClose
CopyFileA
MoveFileA
DeleteFileA
GetFileAttributesExA
FindFirstFileA
FindNextFileA
SetThreadAffinityMask
GetCurrentThread
GetSystemDefaultLangID
IsDebuggerPresent
GetUserGeoID
GetComputerNameA
lstrcpynA
SetEvent
ResetEvent
CreateEventA
ReleaseSemaphore
LocalFree
FormatMessageA
OutputDebugStringA
GetVersionExA
SetFilePointer
GetFileSize
ReadFile
LocalAlloc

user32

SetWindowsHookExA
MessageBeep
LoadBitmapA
IsDialogMessageA
CallNextHookEx
UnhookWindowsHookEx
LoadStringA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
SetDlgItemTextA
mouse_event
GetProcessWindowStation
GetUserObjectInformationW
UnregisterClassA
IsWindowVisible
GetAsyncKeyState
GetRawInputData
GetCursorPos
GetCapture
SetCursorPos
GetSystemMetrics
RegisterRawInputDevices
CopyRect
GetActiveWindow
ShowWindow
wsprintfA
LoadImageA
SetCursor
ClipCursor
AdjustWindowRectEx
GetWindowRect
GetMenu
SetForegroundWindow
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
RegisterWindowMessageA
CreateAcceleratorTableA
CreateWindowExA
RegisterClassExA
LoadCursorA
GetClassInfoExA
IsWindow
SendMessageA
GetDesktopWindow
SetFocus
GetFocus
GetWindow
DestroyAcceleratorTable
BeginPaint
MessageBoxA
CreateDialogParamA
EndPaint
CallWindowProcA
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
GetKeyState
SetWindowLongA
GetWindowLongA
ShowCursor
DispatchMessageA
TranslateMessage
PeekMessageA
DefWindowProcA
CharNextA
WaitMessage
PostQuitMessage
DestroyWindow
GetSysColor
MoveWindow
SetWindowPos
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

ws2_32

gethostname
ioctlsocket
select
__WSAFDIsSet
WSACleanup
gethostbyname
WSAStartup
listen
accept
shutdown
closesocket
WSAGetLastError
recv
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
socket
WSASetLastError
freeaddrinfo
getaddrinfo
sendto
recvfrom

shlwapi

PathIsDirectoryA
PathRemoveFileSpecA

comctl32

ord17
_TrackMouseEvent
InitCommonControlsEx

fmodex

?setLoopCount@Channel@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?setChannelGroup@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAVChannelGroup@2@@Z
?setReverbProperties@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_REVERB_CHANNELPROPERTIES@@@Z
?getUserData@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAPAX@Z
?isPlaying@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?setCallback@Channel@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PAUFMOD_CHANNEL@@W4FMOD_CHANNEL_CALLBACKTYPE@@PAX2@Z@Z
?stop@Channel@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setPaused@Channel@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?setPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@II@Z
?getPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
?setCallback@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PAUFMOD_SYSTEM@@W4FMOD_SYSTEM_CALLBACKTYPE@@PAX2@Z@Z
?setFileSystem@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PBDHPAIPAPAX2@ZP6G?AW43@PAX4@ZP6G?AW43@44I14@ZP6G?AW43@4I4@ZP6G?AW43@PAUFMOD_ASYNCREADINFO@@4@Z5H@Z
?getVersion@System@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z
?setSpeakerMode@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_SPEAKERMODE@@@Z
?setSoftwareFormat@System@FMOD@@QAG?AW4FMOD_RESULT@@HW4FMOD_SOUND_FORMAT@@HHW4FMOD_DSP_RESAMPLER@@@Z
?init@System@FMOD@@QAG?AW4FMOD_RESULT@@HIPAX@Z
?createChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAPAVChannelGroup@2@@Z
?addGroup@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAV12@@Z
?setReverbProperties@System@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_REVERB_PROPERTIES@@@Z
?update@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setMute@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?getMute@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?getPaused@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?setPaused@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?setUserData@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAX@Z
?playSound@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_CHANNELINDEX@@PAVSound@2@_NPAPAVChannel@2@@Z
?setFrequency@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?getDefaults@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAM00PAH@Z
?setVolume@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?createStream@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?getVolume@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAM@Z
?createSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
FMOD_Memory_GetStats
?getOpenState@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAW4FMOD_OPENSTATE@@PAIPA_N2@Z
?setLoopCount@Sound@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?getLength@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getSubSound@Sound@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAV12@@Z
?getNumSubSounds@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getUserData@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAPAX@Z
FMOD_Memory_Initialize
FMOD_Debug_SetLevel
FMOD_System_Create
?release@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?release@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setVolume@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?getMasterChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVChannelGroup@2@@Z

dinput8

DirectInput8Create

d3dx9_41

D3DXLoadSurfaceFromSurface
D3DXCreateTexture
D3DXSaveTextureToFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXCheckTextureRequirements
D3DXLoadSurfaceFromMemory
D3DXGetShaderVersion
D3DXCreateFontA

d3d9

Direct3DCreate9

wldap32

ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46

gdi32

CreateDCA
GetBitmapBits
SetTextColor
SetBkMode
DPtoLP
CreateFontIndirectA
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject

advapi32

RegFlushKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA

shell32

ShellExecuteA
SHGetFolderPathA
ShellExecuteExA
SHFileOperationA
ExtractIconExA

ole32

CoSetProxyBlanket
CoInitializeEx
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 967KB - Virtual size: 966KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 187KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 912KB - Virtual size: 911KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6dfa080c3547a69ae04510e24081a688

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

version

winmm

ws2_32

shlwapi

comctl32

fmodex

dinput8

d3dx9_41

d3d9

wldap32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 5.5MB - Virtual size: 5.5MB

.rdata Size: 967KB - Virtual size: 966KB

.data Size: 187KB - Virtual size: 381KB

.rsrc Size: 912KB - Virtual size: 911KB

.reloc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 5.5MB - Virtual size: 5.5MB

.rdata
Size: 967KB - Virtual size: 966KB

.data
Size: 187KB - Virtual size: 381KB

.rsrc
Size: 912KB - Virtual size: 911KB

.reloc
Size: 1.1MB - Virtual size: 1.1MB