C:\Tools_git_priv\RogueKillerPE\Release\RogueKillerPE.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-04-21_27dc7105f28e67d11ed331dfbc9892e4_mafia_revil.exe
Resource
win7-20240221-en
windows7-x64
7 signatures
150 seconds
General
-
Target
2024-04-21_27dc7105f28e67d11ed331dfbc9892e4_mafia_revil
-
Size
20.2MB
-
MD5
27dc7105f28e67d11ed331dfbc9892e4
-
SHA1
311b8109c8807af742077ba3b545263748a59083
-
SHA256
c0000ae2e216af71de8566d68d70d30aa887982618c60165b88d50864ccb43cc
-
SHA512
30fedb8f3e653d7b72180f5bdd948db2ba07a9c6f70b748983b8bfe8c3df962234f1505962c043addb5ea3434c78c9f04acbd16d9848a4f45efb7cf951517f95
-
SSDEEP
393216:clTw5bk8Q59TQlJsv6tWKFdu9C1RcUaUvg:YNQF1vg
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-04-21_27dc7105f28e67d11ed331dfbc9892e4_mafia_revil
Files
-
2024-04-21_27dc7105f28e67d11ed331dfbc9892e4_mafia_revil.exe windows:5 windows x86 arch:x86
55841774826a2c1bb9a9c2752abff826
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
SetConsoleCtrlHandler
FindFirstFileExA
SetHandleCount
GetDriveTypeA
FileTimeToLocalFileTime
WriteConsoleW
FatalAppExitA
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableW
SetEnvironmentVariableA
GetACP
SetStdHandle
GetOEMCP
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
CreateProcessA
lstrlenA
SetFileAttributesA
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsProcessorFeaturePresent
IsDebuggerPresent
GetConsoleMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleCP
ExitThread
HeapSetInformation
LCMapStringW
GetCommandLineA
RaiseException
GetNumberOfConsoleInputEvents
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
GlobalFree
LoadLibraryExW
FlushConsoleInputBuffer
FindFirstFileA
FindNextFileA
PeekConsoleInputA
FindCloseChangeNotification
FindFirstChangeNotificationW
GlobalMemoryStatus
GetVersion
ExpandEnvironmentStringsA
PeekNamedPipe
VerifyVersionInfoA
SleepEx
GetVolumeNameForVolumeMountPointW
lstrcmpiW
lstrlenW
IsBadWritePtr
GetVolumePathNameW
WaitForMultipleObjectsEx
GetCompressedFileSizeW
IsBadReadPtr
VirtualQueryEx
SuspendThread
GetCurrentDirectoryA
GetModuleFileNameA
GetEnvironmentVariableA
GetThreadContext
GetEnvironmentVariableW
DeleteFileA
AreFileApisANSI
GetTempPathA
GetVersionExA
OutputDebugStringA
GetDiskFreeSpaceA
CreateFileMappingA
LockFileEx
HeapSize
HeapValidate
SetConsoleMode
GetFileAttributesA
HeapDestroy
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
HeapFree
HeapAlloc
TryEnterCriticalSection
HeapCompact
CreateFileA
HeapReAlloc
GetFullPathNameA
LockResource
FindNextChangeNotification
SetHandleInformation
CreatePipe
CreateDirectoryA
RemoveDirectoryA
GetTimeFormatA
GetDateFormatA
OpenProcess
CreateFileW
SizeofResource
LoadResource
FindResourceW
lstrcpyW
LocalAlloc
lstrcmpA
GetDiskFreeSpaceExW
QueryDosDeviceW
CreateMutexA
GetComputerNameW
GetThreadLocale
SetThreadLocale
GetShortPathNameW
Module32NextW
Module32FirstW
CreateRemoteThread
SetFileAttributesW
GetDiskFreeSpaceW
SetFilePointer
GetFileSize
TzSpecificLocalTimeToSystemTime
CompareFileTime
SystemTimeToFileTime
BackupRead
BackupSeek
GetConsoleScreenBufferInfo
OpenMutexW
GetStdHandle
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetPriorityClass
GetTempFileNameW
WriteProcessMemory
TerminateJobObject
CreateToolhelp32Snapshot
Process32NextW
OpenThread
Process32FirstW
SetLastError
Thread32Next
TerminateProcess
GetExitCodeProcess
ReadProcessMemory
AssignProcessToJobObject
Thread32First
GetProcessTimes
CreateJobObjectW
SetThreadContext
GetFileSizeEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualAlloc
VirtualFree
ReleaseMutex
CreateMutexW
InterlockedDecrement
InterlockedIncrement
HeapCreate
ReadConsoleInputA
CompareStringW
GetUserDefaultLCID
GetCurrentProcessId
LocalFree
GetCommandLineW
GetConsoleWindow
OutputDebugStringW
TlsFree
TlsSetValue
GetCurrentThreadId
GetSystemInfo
SwitchToThread
Sleep
SetThreadPriority
GetCurrentThread
TlsAlloc
TerminateThread
WaitForSingleObject
TlsGetValue
GetLastError
WaitForMultipleObjects
ResumeThread
GetThreadPriority
SetEvent
CreateThread
CreateEventW
DuplicateHandle
GetCurrentProcess
GetProcAddress
VerifyVersionInfoW
GetVersionExW
GetNativeSystemInfo
FormatMessageW
WaitForSingleObjectEx
QueryPerformanceFrequency
GetModuleHandleW
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
GetModuleFileNameW
GetLocalTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileInformationByHandle
SetErrorMode
FindClose
FindFirstFileW
CreateDirectoryW
RemoveDirectoryW
GetFileAttributesW
CopyFileW
MoveFileW
DeleteFileW
LoadLibraryW
DeviceIoControl
GetFullPathNameW
GetLongPathNameW
GetTempPathW
GetCurrentDirectoryW
GetLogicalDrives
GetFileAttributesExW
SetCurrentDirectoryW
ResetEvent
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetUserDefaultUILanguage
GetSystemDirectoryW
MultiByteToWideChar
WideCharToMultiByte
FlushFileBuffers
GetFileType
SetFilePointerEx
ReadFile
WriteFile
MoveFileExW
SetEndOfFile
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
FreeLibrary
FindNextFileW
FindFirstFileExW
GetGeoInfoW
GetUserGeoID
GetTimeZoneInformation
LoadLibraryA
GetModuleHandleA
ExitProcess
GetVolumeInformationW
GetDriveTypeW
lstrcmpW
IsValidLocale
IsValidLanguageGroup
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetUserDefaultLangID
ExpandEnvironmentStringsW
CreateProcessW
CheckRemoteDebuggerPresent
CloseHandle
user32
ReleaseDC
GetDC
DestroyIcon
CreateIconFromResource
GetIconInfo
DrawIconEx
SendMessageA
FindWindowA
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
LoadStringW
FindWindowW
ExitWindowsEx
FindWindowExW
PostThreadMessageW
EnumWindows
RealGetWindowClassW
GetWindowTextW
GetCursor
CreateCursor
CreateIconIndirect
SetCursorPos
GetCursorInfo
GetMessageExtraInfo
TrackMouseEvent
EnumDisplayMonitors
GetMonitorInfoW
NotifyWinEvent
LoadCursorW
GetAsyncKeyState
DestroyCursor
SetClipboardViewer
GetWindowThreadProcessId
ChangeClipboardChain
UnregisterClassW
SetTimer
KillTimer
PeekMessageW
UnhookWindowsHookEx
DestroyWindow
CallNextHookEx
PostMessageW
GetQueueStatus
SetWindowsHookExW
DefWindowProcW
GetWindowLongW
RegisterClassW
SetWindowLongW
CreateWindowExW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjectsEx
CharNextExA
MessageBoxW
SystemParametersInfoW
GetSystemMenu
EnableMenuItem
GetSysColor
GetSystemMetrics
SetWindowRgn
MessageBeep
GetDoubleClickTime
GetCaretBlinkTime
ScreenToClient
GetClientRect
GetKeyboardLayoutList
GetParent
ChildWindowFromPointEx
GetFocus
GetCursorPos
ClientToScreen
RegisterClassExW
LoadImageW
GetClassInfoW
GetSysColorBrush
GetCapture
GetDesktopWindow
GetAncestor
IsWindowVisible
IsChild
GetForegroundWindow
ReleaseCapture
SetCursor
FlashWindowEx
SendMessageW
InvalidateRect
SetWindowPos
ShowWindow
GetWindowRect
GetWindowPlacement
AdjustWindowRectEx
SetWindowTextW
SetFocus
SetForegroundWindow
SetCapture
EndPaint
BeginPaint
GetUpdateRect
SetParent
MoveWindow
SetWindowPlacement
IsIconic
RegisterClipboardFormatW
GetClipboardFormatNameW
ToUnicode
GetKeyboardLayout
GetKeyState
TrackPopupMenuEx
SetMenuItemInfoW
IsZoomed
MapVirtualKeyW
GetKeyboardState
GetMenu
ToAscii
LoadIconW
SetCaretPos
RegisterWindowMessageW
DestroyCaret
HideCaret
CreateCaret
gdi32
GetStockObject
OffsetRgn
GetDeviceCaps
BitBlt
SelectClipRgn
GetRegionData
GdiFlush
CreateRectRgn
CombineRgn
ChoosePixelFormat
SwapBuffers
DescribePixelFormat
GetPixelFormat
GetBitmapBits
CreateDCW
GetOutlineTextMetricsW
GetGlyphOutlineW
GetTextExtentPoint32W
GetFontData
SetGraphicsMode
GetCharABCWidthsFloatW
GetCharABCWidthsI
GetCharABCWidthsW
ExtTextOutW
SetTextAlign
SetBkMode
SetTextColor
GetTextFaceW
GetObjectA
CreateBitmap
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetDIBits
CreateFontIndirectW
EnumFontFamiliesExW
GetObjectW
RemoveFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetTextMetricsW
AddFontMemResourceEx
SetWorldTransform
SetPixelFormat
CreateCompatibleBitmap
dbghelp
MiniDumpWriteDump
opengl32
glCopyTexSubImage2D
glCullFace
glDeleteTextures
glDepthFunc
glDepthMask
glCopyTexImage2D
glDrawArrays
glDrawElements
glEnable
glFinish
glFlush
glTexSubImage2D
glViewport
glDepthRange
glClearDepth
glColorMask
glClearStencil
glClearColor
glClear
glBlendFunc
glBindTexture
glDisable
glFrontFace
glGenTextures
glGetBooleanv
glGetError
glGetFloatv
glGetIntegerv
glGetString
glGetTexParameterfv
glGetTexParameteriv
glHint
glIsEnabled
glIsTexture
glLineWidth
glPixelStorei
glPolygonOffset
glTexParameteriv
glTexParameteri
glTexParameterfv
glTexParameterf
glTexImage2D
glStencilOp
glStencilMask
glStencilFunc
glScissor
glReadPixels
ntdll
floor
_allmul
_snprintf
_aulldiv
strncpy
memchr
_aulldvrm
strrchr
_allshl
strchr
strncmp
_chkstk
memset
tolower
bsearch
_alldiv
_fltused
memmove
memcpy
isalpha
strpbrk
NtQueryVirtualMemory
_CIsin
strcmp
isupper
islower
isgraph
strtol
wcsncmp
wcsrchr
_CIlog
sscanf
sprintf
isspace
toupper
strstr
strtoul
qsort
_wcsicmp
_wtoi64
strcspn
isalnum
wcsstr
NtQueryKey
NtOpenKey
strspn
_CIcos
NtDeleteValueKey
NtCreateKey
NtSetValueKey
NtDeleteKey
_vsnprintf
RtlUnwind
atoi
_strnicmp
_stricmp
isxdigit
wcstombs
_vsnwprintf
isdigit
_aullshr
_atoi64
_allshr
_allrem
isprint
NtUnloadDriver
NtQuerySystemInformation
RtlInitUnicodeString
ceil
NtLoadDriver
_aullrem
_CIsqrt
VerSetConditionMask
_CIpow
advapi32
GetExplicitEntriesFromAclW
SetSecurityDescriptorDacl
LookupPrivilegeValueW
SetKernelObjectSecurity
InitializeAcl
AllocateAndInitializeSid
SetSecurityDescriptorOwner
SetSecurityInfo
SetEntriesInAclW
IsValidSecurityDescriptor
CheckTokenMembership
AdjustTokenPrivileges
RegRestoreKeyW
RegSaveKeyExW
RegLoadKeyW
RegUnLoadKeyW
GetUserNameW
RegSetValueExW
RegisterEventSourceA
ReportEventA
QueryServiceConfigW
ReportEventW
RegisterServiceCtrlHandlerW
EnumServicesStatusW
SetServiceStatus
ChangeServiceConfigW
QueryServiceStatus
ChangeServiceConfig2W
QueryServiceConfig2W
EnumDependentServicesW
StartServiceCtrlDispatcherW
RegisterEventSourceW
ControlService
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
DeregisterEventSource
CryptGenRandom
LookupPrivilegeValueA
GetUserNameA
ConvertSidToStringSidW
GetInheritanceSourceW
RegSetKeySecurity
IsValidSid
GetNamedSecurityInfoW
RegDeleteValueW
RegQueryValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegFlushKey
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
GetAclInformation
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
InitializeSecurityDescriptor
FreeSid
FreeInheritedFromArray
ConvertStringSidToSidW
SetNamedSecurityInfoW
RegGetKeySecurity
wininet
InternetGetConnectedState
InternetCrackUrlW
psapi
GetModuleInformation
GetModuleFileNameExW
GetProcessImageFileNameW
GetModuleBaseNameW
GetMappedFileNameW
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA
wsock32
listen
accept
recvfrom
sendto
gethostbyname
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
inet_ntoa
setsockopt
inet_addr
ntohl
htonl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
WSAAsyncSelect
shutdown
gethostname
getsockname
userenv
GetProfilesDirectoryW
crypt32
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CertNameToStrW
CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
wintrust
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
shlwapi
PathFileExistsW
PathIsRootW
PathCompactPathW
PathSearchAndQualifyW
PathAppendW
PathCommonPrefixW
PathIsLFNFileSpecW
PathRenameExtensionW
PathUnquoteSpacesW
PathRemoveBlanksW
PathQuoteSpacesW
PathIsDirectoryEmptyW
PathFindNextComponentW
PathRemoveArgsW
AssocQueryStringW
PathMakePrettyW
PathIsURLW
PathGetDriveNumberW
PathAddBackslashW
PathCanonicalizeW
PathRemoveFileSpecW
PathIsSameRootW
StrCmpIW
StrDupW
StrCmpNIW
PathFindFileNameW
PathIsRelativeW
PathGetArgsW
PathFindExtensionW
PathIsDirectoryW
PathUnExpandEnvStringsW
PathBuildRootW
PathIsPrefixW
PathRemoveExtensionW
PathIsNetworkPathW
PathIsUNCW
PathRemoveBackslashW
StrFormatByteSizeW
winhttp
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpWriteData
WinHttpReadData
WinHttpSendRequest
WinHttpSetOption
WinHttpReceiveResponse
iphlpapi
GetAdaptersAddresses
shell32
SHBrowseForFolderW
SHGetMalloc
ShellExecuteExW
SHGetFileInfoW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW
ord68
SHGetSpecialFolderLocation
SHGetPathFromIDListW
CommandLineToArgvW
SHChangeNotify
ole32
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemAlloc
CoGetMalloc
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
OleGetClipboard
ReleaseStgMedium
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoCreateGuid
ws2_32
WSAAddressToStringW
WSAIoctl
oleaut32
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantClear
SystemTimeToVariantTime
VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocString
imm32
ImmAssociateContext
ImmGetCompositionStringW
ImmGetDefaultIMEWnd
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmGetContext
ImmNotifyIME
ImmReleaseContext
winmm
PlaySoundW
Exports
Exports
ud_decode
ud_disassemble
ud_get_user_opaque_data
ud_init
ud_input_end
ud_input_skip
ud_insn_asm
ud_insn_hex
ud_insn_len
ud_insn_mnemonic
ud_insn_off
ud_insn_opr
ud_insn_ptr
ud_lookup_mnemonic
ud_opr_is_gpr
ud_opr_is_sreg
ud_set_asm_buffer
ud_set_input_buffer
ud_set_input_file
ud_set_input_hook
ud_set_mode
ud_set_pc
ud_set_sym_resolver
ud_set_syntax
ud_set_user_opaque_data
ud_set_vendor
ud_translate_intel
yr_compiler_add_file
yr_compiler_add_string
yr_compiler_create
yr_compiler_define_boolean_variable
yr_compiler_define_float_variable
yr_compiler_define_integer_variable
yr_compiler_define_string_variable
yr_compiler_destroy
yr_compiler_get_current_file_name
yr_compiler_get_error_message
yr_compiler_get_rules
yr_compiler_set_callback
yr_filemap_map
yr_filemap_map_ex
yr_filemap_map_fd
yr_filemap_unmap
yr_finalize
yr_finalize_thread
yr_get_tidx
yr_initialize
yr_rules_define_boolean_variable
yr_rules_define_float_variable
yr_rules_define_integer_variable
yr_rules_define_string_variable
yr_rules_destroy
yr_rules_load
yr_rules_load_stream
yr_rules_save
yr_rules_save_stream
yr_rules_scan_fd
yr_rules_scan_file
yr_rules_scan_mem
yr_rules_scan_mem_blocks
yr_rules_scan_proc
yr_set_tidx
z_adler32
z_adler32_combine
z_adler32_combine64
z_compress
z_compress2
z_compressBound
z_crc32
z_crc32_combine
z_crc32_combine64
z_deflate
z_deflateBound
z_deflateCopy
z_deflateEnd
z_deflateInit2_
z_deflateInit_
z_deflateParams
z_deflatePrime
z_deflateReset
z_deflateSetDictionary
z_deflateSetHeader
z_deflateTune
z_get_crc_table
z_inflate
z_inflateCopy
z_inflateEnd
z_inflateGetHeader
z_inflateInit2_
z_inflateInit_
z_inflateMark
z_inflatePrime
z_inflateReset
z_inflateReset2
z_inflateSetDictionary
z_inflateSync
z_inflateSyncPoint
z_inflateUndermine
z_uncompress
z_zError
z_zlibCompileFlags
z_zlibVersion
Sections
.text Size: 13.3MB - Virtual size: 13.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3.9MB - Virtual size: 3.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 243KB - Virtual size: 291KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.qtmetad Size: 1024B - Virtual size: 588B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 489KB - Virtual size: 489KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ