2024-03-10_669b32b3a2f9734b8e6011f130aed378_mafia_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-10_669b32b3a2f9734b8e6011f130aed378_mafia_magniber
Size

5.4MB
MD5

669b32b3a2f9734b8e6011f130aed378
SHA1

4bddf5c1c01677b6b12d138010af7ae7f7c94edf
SHA256

08f024bb7e2f1da4e009cdd2e1950275bf7e62df9cef85709fcfae8ab77b776e
SHA512

23b16da054fcd87c0f1760cda9f22c3685a63942d019430e25b12ec7079a4d703fec306ffca12421928fe1fc17107656f58baac3bc040fa23a286d0e9ddf0f2c
SSDEEP

98304:FUFR890Fy2eQDENNKxYRP3DZp2TyUbDkUFsvgKv:FUs2Fy2eQDENNiYp3DP2GUbYOKv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-10_669b32b3a2f9734b8e6011f130aed378_mafia_magniber

Files

2024-03-10_669b32b3a2f9734b8e6011f130aed378_mafia_magniber
.exe windows:5 windows x86 arch:x86

272cad5ff443b6cb7a625459938fb53a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\telltale\T3\Trunk\Engine\Build\Game\Release\GameApp.pdb

Imports

kernel32

GetModuleFileNameA
GetCurrentDirectoryW
GetFullPathNameA
GetDriveTypeW
CreateSemaphoreA
GetLastError
LoadLibraryA
InterlockedPopEntrySList
InterlockedPushEntrySList
CreateFileW
CompareStringW
GetProcessHeap
SetEndOfFile
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetExitCodeProcess
CreatePipe
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
LoadLibraryW
GetLocaleInfoW
GetCurrentProcessId
GetTickCount
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
TlsFree
LocalAlloc
FreeLibrary
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCPInfo
DuplicateHandle
CreateProcessA
GetDateFormatA
GetTimeFormatA
MoveFileA
GetSystemTimeAsFileTime
SetFileAttributesA
GetSystemInfo
GetModuleHandleA
WaitForSingleObject
CreateThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
VirtualAlloc
VirtualFree
VirtualQuery
MultiByteToWideChar
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
Sleep
WideCharToMultiByte
lstrlenW
GetProcAddress
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
IsDBCSLeadByte
FlushInstructionCache
GetCurrentProcess
lstrcmpA
MulDiv
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
CloseHandle
WaitForMultipleObjects
CreateDirectoryA
WriteFile
CreateFileA
InitializeCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
OutputDebugStringA
SetThreadAffinityMask
GetCurrentThread
GetUserDefaultLangID
lstrcpynA
FindClose
CopyFileA
DeleteFileA
GetFileAttributesExA
FindFirstFileA
FindNextFileA
GetLocaleInfoA
GetUserGeoID
LocalFree
FormatMessageA
GetVersionExA
SetFilePointer
GetFileSize
ReadFile
SetEvent
ResetEvent
CreateEventA
ReleaseSemaphore
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DecodePointer
RtlUnwind
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetModuleHandleW
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
HeapSize
VirtualProtect
ExitThread
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFileAttributesA

user32

MessageBoxA
UnregisterClassA
GetSystemMetrics
mouse_event
SetCursorPos
GetCursorPos
IsWindowVisible
GetAsyncKeyState
GetActiveWindow
ShowWindow
wsprintfA
LoadImageA
SetCursor
ClipCursor
AdjustWindowRectEx
GetWindowRect
GetMenu
SetForegroundWindow
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
RegisterWindowMessageA
CreateAcceleratorTableA
CreateWindowExA
RegisterClassExA
LoadCursorA
GetClassInfoExA
GetKeyState
ShowCursor
SetWindowLongA
GetWindowLongA
DefWindowProcA
DispatchMessageA
TranslateMessage
PeekMessageA
WaitMessage
PostQuitMessage
CharNextA
DestroyWindow
GetSysColor
MoveWindow
SetWindowPos
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetDlgItem
GetClassNameA
ReleaseCapture
FillRect
CallWindowProcA
EndPaint
BeginPaint
DestroyAcceleratorTable
GetWindow
GetFocus
SetFocus
GetDesktopWindow
SendMessageA
IsWindow

shlwapi

PathIsDirectoryA
PathRemoveFileSpecA

comctl32

ord17
_TrackMouseEvent
InitCommonControlsEx

d3d9

Direct3DCreate9

d3dx9_41

D3DXCreateTexture
D3DXFilterTexture
D3DXSaveSurfaceToFileInMemory
D3DXSaveTextureToFileInMemory
D3DXLoadSurfaceFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXGetImageInfoFromFileInMemory
D3DXCreateFontA
D3DXLoadSurfaceFromSurface

fmodex

?setReverbProperties@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_REVERB_CHANNELPROPERTIES@@@Z
?setChannelGroup@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAVChannelGroup@2@@Z
?setLoopCount@Channel@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?setUserData@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAX@Z
?playSound@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_CHANNELINDEX@@PAVSound@2@_NPAPAVChannel@2@@Z
?setFrequency@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?getPaused@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?setPaused@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?getVolume@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAM@Z
?getMasterChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVChannelGroup@2@@Z
?setVolume@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
FMOD_System_Create
?getUserData@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAPAX@Z
FMOD_Memory_Initialize
?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getLength@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
FMOD_Memory_GetStats
?isPlaying@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?setCallback@Channel@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PAUFMOD_CHANNEL@@W4FMOD_CHANNEL_CALLBACKTYPE@@PAX2@Z@Z
?stop@Channel@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setPaused@Channel@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?getPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
?setCallback@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PAUFMOD_SYSTEM@@W4FMOD_SYSTEM_CALLBACKTYPE@@PAX2@Z@Z
?setFileSystem@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PBDHPAIPAPAX2@ZP6G?AW43@PAX4@ZP6G?AW43@44I14@ZP6G?AW43@4I4@ZH@Z
?getVersion@System@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z
?getDriverCaps@System@FMOD@@QAG?AW4FMOD_RESULT@@HPAIPAH1PAW4FMOD_SPEAKERMODE@@@Z
?getMute@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?setDSPBufferSize@System@FMOD@@QAG?AW4FMOD_RESULT@@IH@Z
?init@System@FMOD@@QAG?AW4FMOD_RESULT@@HIPAX@Z
?getDefaults@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAM00PAH@Z
?setPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@II@Z
?getCurrentSound@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVSound@2@@Z
?setVolume@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?getVolume@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAM@Z
?setLoopCount@Sound@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?setMode@Sound@FMOD@@QAG?AW4FMOD_RESULT@@I@Z
?createChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAPAVChannelGroup@2@@Z
?addGroup@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAV12@@Z
?setReverbProperties@System@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_REVERB_PROPERTIES@@@Z
?update@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setMute@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?release@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?release@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
FMOD_Debug_SetLevel
?createStream@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?createSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z

dinput8

DirectInput8Create

ws2_32

WSACleanup
WSAStartup
gethostbyname

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

steam_api

SteamAPI_Shutdown
SteamAPI_RunCallbacks
SteamAPI_Init
SteamUser
SteamUserStats
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamUtils

gdi32

DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectA
DPtoLP
CreateFontIndirectA
GetStockObject
SelectObject

advapi32

RegSetValueExA
RegFlushKey
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyW

shell32

SHGetFolderPathA
ExtractIconExA
ShellExecuteExA
SHFileOperationA
ShellExecuteA

ole32

OleInitialize
OleUninitialize
CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysFreeString
SysStringLen
SysAllocStringLen
SysAllocString
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
VarUI4FromStr

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 685KB - Virtual size: 685KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

272cad5ff443b6cb7a625459938fb53a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shlwapi

comctl32

d3d9

d3dx9_41

fmodex

dinput8

ws2_32

winmm

steam_api

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 685KB - Virtual size: 685KB

.data Size: 143KB - Virtual size: 386KB

.rsrc Size: 164KB - Virtual size: 164KB

.reloc Size: 412KB - Virtual size: 411KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 685KB - Virtual size: 685KB

.data
Size: 143KB - Virtual size: 386KB

.rsrc
Size: 164KB - Virtual size: 164KB

.reloc
Size: 412KB - Virtual size: 411KB