2024-04-15_f56a35d083905e1d138c6f779c919a6b_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-15_f56a35d083905e1d138c6f779c919a6b_mafia
Size

2.5MB
MD5

f56a35d083905e1d138c6f779c919a6b
SHA1

1c96d1c7a9a6b4ca54da8ec4955f94645ce1f9ad
SHA256

0c0dc26740f516e491b8efea43c2ce88df4ec4e6ac6d40e3f56ba1b47afbc56d
SHA512

6ac4d44a2ca4293d17c22cc1a484bb8b6ab15b89c632026e8d00b3e805b655e77aa697458bc6bd2537c1e221b29685458a89e7486da1464f7f2df488b32efaba
SSDEEP

49152:Te5q7Xskca40y6ZqQZhQgfuQiFMKO2ArE+kTpgRpfuXsc1PwBR4:TGdkcDr6hhQULiFMKORrE+kTpgRpmv1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-15_f56a35d083905e1d138c6f779c919a6b_mafia

Files

2024-04-15_f56a35d083905e1d138c6f779c919a6b_mafia
.exe windows:5 windows x86 arch:x86

91182b74de7a0adf46a5882679beaaab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\kingyo\Documents\Visual Studio 2010\Projects\Vahren\Release\Vahren.pdb

Imports

winmm

mmioClose
mmioAscend
mmioDescend
timeEndPeriod
timeBeginPeriod
mmioOpenA
mmioRead
timeGetTime

msimg32

TransparentBlt
AlphaBlend

d3d9

Direct3DCreate9

d3dx9_35

D3DXVec3Project
D3DXMatrixInverse
D3DXMatrixRotationX
D3DXMatrixLookAtLH
D3DXMatrixRotationZ
D3DXVec3TransformCoord
D3DXMatrixTranslation
D3DXPlaneIntersectLine
D3DXVec3Unproject
D3DXMatrixScaling
D3DXMatrixMultiply
D3DXMatrixPerspectiveFovLH
D3DXPlaneFromPoints
D3DXLoadSurfaceFromFileInMemory
D3DXGetImageInfoFromFileInMemory
D3DXLoadSurfaceFromMemory

dsound

ord11

dinput8

DirectInput8Create

kernel32

HeapCreate
FindFirstFileA
FindClose
FindNextFileA
GetLocalTime
Sleep
MultiByteToWideChar
CreateFileA
GetFileSize
SetFilePointer
WriteFile
ReadFile
CloseHandle
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetExitCodeThread
DeleteCriticalSection
CreateThread
Process32First
OpenProcess
TerminateProcess
Process32Next
CreateToolhelp32Snapshot
GetCurrentProcessId
ExitProcess
HeapSize
GetStdHandle
GetCurrentThreadId
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetCPInfo
LCMapStringW
WideCharToMultiByte
HeapAlloc
RtlUnwind
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ResumeThread
ExitThread
GetSystemTimeAsFileTime
HeapFree
GetLastError
DecodePointer
EncodePointer
GetModuleFileNameW
GetLocaleInfoW
GetProcessHeap
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
LoadLibraryW
SetStdHandle
WriteConsoleW
CreateFileW
SetEndOfFile
GetProcAddress
InterlockedDecrement
InterlockedIncrement

user32

ReleaseDC
DestroyWindow
SendMessageA
PostQuitMessage
LoadIconA
CreateWindowExA
DefWindowProcA
DestroyCursor
ShowWindow
AdjustWindowRectEx
UpdateWindow
LoadCursorA
RegisterClassA
LoadCursorFromFileA
InvertRect
FillRect
DrawEdge
PtInRect
InflateRect
IntersectRect
UnionRect
FrameRect
DrawFrameControl
DrawTextA
GetMessageA
TranslateMessage
PeekMessageA
DispatchMessageA
ScreenToClient
GetCursorPos
PostMessageA
GetDC
MessageBoxA
LoadImageA
SetWindowTextA

gdi32

LineTo
SetTextColor
DeleteDC
GetCurrentObject
SetDCBrushColor
SetBkColor
SetBkMode
CreateCompatibleDC
GetStockObject
SelectObject
CreatePen
GetTextExtentPoint32A
AddFontResourceExA
GetTextColor
TextOutA
CreateDIBSection
CreateBitmap
SetDCPenColor
DeleteObject
GetObjectA
BitBlt
MoveToEx
StretchBlt
CreateFontA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 203KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91182b74de7a0adf46a5882679beaaab

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

msimg32

d3d9

d3dx9_35

dsound

dinput8

kernel32

user32

gdi32

ole32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 295KB - Virtual size: 295KB

.data Size: 203KB - Virtual size: 2.8MB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 124KB - Virtual size: 123KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 295KB - Virtual size: 295KB

.data
Size: 203KB - Virtual size: 2.8MB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 124KB - Virtual size: 123KB