2024-02-28_1f25e1b6cae4fe653050eceea6e83f70_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-28_1f25e1b6cae4fe653050eceea6e83f70_mafia
Size

287KB
MD5

1f25e1b6cae4fe653050eceea6e83f70
SHA1

444d4738aec115468655cc3f56a84d04c6aabe77
SHA256

62b56d1688dd293b4f6804986a9d811f97b83df3da4b56512d9331113238892e
SHA512

4e0a6fd295929b0804ec8265529d49644b5f5ba3c0c9300f43eb2453ad50f6ce4df49edca3faa3a256fe38af231f0491d44845220f3e6c6a15b5a60e70109d0e
SSDEEP

6144:4/HeBopP1rizD9O0t4Dqfhs0GaTvGED9cXwaqVV0:4/HeBYtraxMqjGaTeED9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-28_1f25e1b6cae4fe653050eceea6e83f70_mafia

Files

2024-02-28_1f25e1b6cae4fe653050eceea6e83f70_mafia
.exe windows:5 windows x86 arch:x86

fd84d8646a03cc4fbf04c5c2dad3759c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\svn\branches\sonic_adventure\HCLOTROLoader\Release\HCDDOLoader.pdb

Imports

user32

MessageBoxW
CreateWindowExW
ShowWindow
GetSystemMetrics
UpdateWindow
DefWindowProcW
GetMessageW
TranslateMessage
SendMessageW
SetForegroundWindow
EnumWindows
GetForegroundWindow
BringWindowToTop
AllowSetForegroundWindow
GetWindowThreadProcessId
PostQuitMessage
PostMessageW
GetClientRect
RegisterClassExW
LoadIconW
MessageBoxA
GetWindowLongW
SetWindowLongW
DispatchMessageW

shell32

CommandLineToArgvW
ShellExecuteW

ole32

OleInitialize
OleUninitialize
OleCreate
OleSetContainedObject

oleaut32

SafeArrayCreate
VariantClear
SafeArrayAccessData
SafeArrayDestroy
VariantInit
SysAllocString

psapi

EnumProcesses
GetProcessImageFileNameW

kernel32

GetConsoleMode
GetConsoleCP
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetTickCount
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
ExitProcess
IsProcessorFeaturePresent
CompareStringW
LCMapStringW
HeapAlloc
RtlUnwind
GetCPInfo
RaiseException
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
SetStdHandle
WriteConsoleW
GetSystemTimeAsFileTime
GetTimeZoneInformation
SetEnvironmentVariableA
SetHandleCount
InterlockedPopEntrySList
GetCommandLineW
LocalFree
WriteFile
CreateFileW
CloseHandle
GetModuleHandleW
InitializeCriticalSection
OpenProcess
Sleep
GetVersionExW
LeaveCriticalSection
TerminateProcess
GetModuleFileNameW
GetLastError
GetProcAddress
EnterCriticalSection
DeleteCriticalSection
GetCurrentProcessId
QueryPerformanceCounter
WideCharToMultiByte
FlushFileBuffers
GetCurrentThreadId
InterlockedPushEntrySList
GetFullPathNameW
SetFilePointer
GetCurrentProcess
FormatMessageW
ReadFile
MultiByteToWideChar
GetLongPathNameW
QueryDosDeviceW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapFree

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd84d8646a03cc4fbf04c5c2dad3759c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

shell32

ole32

oleaut32

psapi

kernel32

Sections

.text Size: 178KB - Virtual size: 177KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 47KB - Virtual size: 46KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 178KB - Virtual size: 177KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 47KB - Virtual size: 46KB

.reloc
Size: 16KB - Virtual size: 15KB