Static task
static1
Behavioral task
behavioral1
Sample
2024-04-30_e78389ba87a3eb4d74dc890c3d6faa55_mafia.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-30_e78389ba87a3eb4d74dc890c3d6faa55_mafia.exe
Resource
win10v2004-20240419-en
General
-
Target
2024-04-30_e78389ba87a3eb4d74dc890c3d6faa55_mafia
-
Size
683KB
-
MD5
e78389ba87a3eb4d74dc890c3d6faa55
-
SHA1
40c36b27df78c38c63d0a90e3eebd8a05573e91a
-
SHA256
0f73fc1a903ddd75b6b92fc5e558ba454298e681fcf474490dd3e347073f53ee
-
SHA512
e8720862e80bbd486ea5b357fba78b11a75e9d7bf2e47b8cd64a0a54c10b0d6e96464689fa929882bf8bd062dafa844ee546f10afdf07b629cdb95cf5541f361
-
SSDEEP
12288:/6aDoWp2cMbhZQEjHJN7cGX7oSmHDFPa9VU/:hxp2cqvjf77X7MHY9y
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-04-30_e78389ba87a3eb4d74dc890c3d6faa55_mafia
Files
-
2024-04-30_e78389ba87a3eb4d74dc890c3d6faa55_mafia.exe windows:5 windows x86 arch:x86
457a026be27a0a974dc790e35770544a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
pgsv
_PGSV_EXT_Function@32
_PGSV_ReadTexture@20
_PGSVL_DirectionLayer@24
_PGSV_Set3D@20
_PGSVL_TextureLayer@16
_PGSV_DeleteTexture@8
_PGSVL_SearchLayer@12
_PGSV_FreeMemory@8
_PGSVL_DeleteLayer@12
_PGSVL_EXT_Function@36
_PGSV_Rotate3D@12
pgsvtd
_PGSVTD_ProfileReadDouble@16
_PGSVTD_ProfileReadInt@12
_PGSVL_SearchLayerMatch@24
_PGSVTD_ProfileLast@4
_PGSVTD_ProfileInit@16
_PGSVTDL_InfoGet@12
__PGSVTD_SystemCheck@8
_PGSVTD_TCellPaintRect@16
_PGSVTD_TCellAddress@8
_PGSVTD_ProfileReadString@20
aoi4
_AoiStringwCpy@8
_AoiStrwTblStringTokn@12
_AoiMemoryMove@12
_AoiStrw1to2Byte@8
_AoiStringwCatFront@8
_AoiTimeLocal32@12
_AoiStrw2ByteIs@4
_AoiTimeNowGet32@4
_AoiMathArcPosGet@16
_AoiCardReset@4
_AoiRectSet@20
_AoiMathDecimalTblSet@12
_AoiRectCilp@12
_AoiMathDecimalTblGet@8
AoiMessageBoxStyle
_AoiFilePathDelimiterSet@8
_AoiRandomSeedSet@4
_AoiAppFilePathGet@12
_AoiLib_End@0
_AoiLib_Start@0
_AoiDiskFreeSpace@4
_AoiDriveSerialNumberGet@4
_AoiOsVersionGet@8
_AoiDriveList@8
_AoiFilePathSearch@4
_AoiMemoryCopy@12
_AoiVfsFileOpen@8
_AoiRandomExLast@4
_AoiRandomExGet@12
_AoiRandomExInit@4
_AoiRectHitPoss@12
_AoiTimerGetTimeCount@0
AoiMessageBox
_AoiStracpy@12
_AoiStracmp@8
_AoiMemoryErrorCheck@4
_AoiMemoryHandleAlloc@8
_AoiCalcGetStrPtrDefault@12
__AoiwPrintfEx@16
_AoiCalcStrIsDefault@8
_AoiFilePathFileName@4
_AoiStringwLen@4
AoiStringwPrintf
AoiStringwPrintfBack
_AoiStrwncmpi@12
_AoiCalcGetStrDefault@16
_AoiCalcGetNumPtrDefault@12
_AoiMathLoop@12
_AoiCalcGetNumDefault@8
_AoiFilePathFileNameConst@4
_AoiBsearch@24
_AoiMathLoopFloat@12
_AoiRandomFloat@8
_AoiStrwTblReset@8
_AoiStrwstr@8
_AoiStrwtof@8
_AoiStrwcmpi@8
_AoiStrwTblStringTbl@4
_AoiMemoryResize@8
_AoiStrwTblInit@0
_AoiStrwTblLast@4
_AoiFileReadLine@16
_AoiStrwtoi@8
_AoiStrwTblStringGet@8
_AoiScriptAnalyzeHandle@8
_AoiMemoryHandleFree@4
_AoiMemoryHandleAddress@4
_AoiStrwtokn@8
_AoiStrwtoknGet@20
_AoiMemoryHandleAllocType@12
_AoiMathLimit@12
_AoiStringwLast@4
_AoiRandom@8
__AoiStringwPrintfEx@16
_AoiStringwInit@0
_AoiStringwComp@8
_AoiStringwCatBack@8
_AoiStringwGet@4
_AoiMemorySwap@12
_AoiStrwcmp@8
AoiwPrintf
_AoiCalc@8
_AoiCalcGetNumFuncSet@4
_AoiCalcGetNumPtrFuncSet@4
_AoiCalcStrIsFuncSet@4
_AoiCalcGetStrPtrFuncSet@4
_AoiCalcGetStrFuncSet@4
_AoiStrwcat@12
_AoiCardMax@4
_AoiMemoryAlloc@4
AoiwPrintfBack
_AoiRandomPercent@8
_AoiStrwlen@4
_AoiQsort@16
_AoiCardOrderGet@4
_AoiCardRandomGet@4
_AoiCardInit@0
_AoiNsort@16
_AoiRandomSigned@8
_AoiCardShuffle@8
_AoiCardLast@4
_AoiStrwcpy@12
_AoiMemoryFree@4
_AoiCardSet@12
ags4
_AgsFileSystemFullPathGet@12
_AgsCpuLevelGet@0
_AgsSpriteSizeOffsetSet@12
_DTaskGameEffectRain@36
_AgsModelCreateBox@20
_AgsSpriteCameraSizeDistanceGet@16
_DTaskGameEffectSmoke@56
_AgsSpriteScreenPointToPoint@20
_AgsModelCreateBall@20
_AgsSpriteCameraPosSet@16
_AgsSpriteCameraAngleSet@16
_DTaskGameEffectBomb@56
_AgsModelCreateSquare@20
_DTaskGameEffectFlame@44
_DTaskGameEffectLinePoint@48
_DTaskGameEffectOuterBoxMove@16
_MTaskAgsTextInputSizeGet@8
_MTaskAgsTextInputRun@4
_MTaskAgsTextInputInit@28
_AgsTaskMasterStatus@0
_MTaskAgsTextInputStringGet@12
_MTaskAgsTextInputPosSet@12
_MTaskAgsButtonEntryHandlePresetJump@16
_MTaskAgsButtonCursorForceOff@8
_MTaskAgsButtonCursorWaitOff@8
_AgsAnimePlayIs@4
_AgsSpriteChildGet@4
_AgsSpriteCenterSet@12
_AgsAnimeChange@8
_AgsSpriteCreateTextType@28
_AgsSpriteNextGet@4
_AgsSoundWaveModeGet@0
_AgskeyPause@8
_MTaskAgsButtonCursorSet@8
_AgsSoundWavePlayPermitOn@4
_AgsSoundWavePlayPermitOff@4
_AgsSoundBgmVolumeGet@4
_AgsSpriteFullScreenIs@0
_AgsSpriteFullScreen@4
_AgskeyEntryGet@4
_AgsKeyTypeOn@12
_AgskeyEntrySet@4
_AgsSoundWaveVolumeSet@8
_AgsActiveIs@0
_AgsSoundBgmSet@4
_AgsHandleDelete@4
_DTaskSpaniData@4
_AgskeyPgsvSet@8
_AgsSpriteGetCell@4
_AgsSpritPaint@12
_AgsSpriteRepaint@4
_MTaskAgsButtonEntryHandlePresetNoBlink@8
_AgsHinstGet@0
_AgsKeyMouseMoveX@0
_AgsSpriteWindowSizeSet@8
_AgsSpriteBaseZoomParSet@12
_AgsKeyVirtualTrg@4
_AgsKeyMouseMoveY@0
_AgsRun@4
_AgsEnd@4
_AgsStart@4
_AgsVersionSet@4
_AgsTaskSubgroundWorkGet@0
_AgsTaskSubgroundSet@0
_MTaskAgsButtonCursorPosSet@16
_MTaskAgsButtonEntryHandlePresetRpt@8
_AgsSystemSettingDebugOutput@4
_AgsSystemEnd@0
_AgsTaskAllocGround@20
_AgsSpriteTextFontSet@12
_AgsFileSystemPathSet@4
_AgsSoundWaveChGroupSet@12
_AgsTaskBackSet@4
_AgsSoundBgmWaveFileSet@4
_AgsCursorSetDefault@8
_AgsObjFileLoadEx@12
_AgsSpriteRollSet@8
_AgsSpritePause@0
_AgsScroolBarListSet@16
_AgsTaskSubMemoryAlloc@4
_MTaskAgsButtonCursorNextSetRev@20
_AgsSoundBgmVolumeSet@8
_AgsSpriteViewIs@4
_AgsSpriteDivide@12
_DTaskSpriteAnimeX@8
_AgsSpritePosMove@12
_AgsSoundWaveStatus@4
_AgsSpriteDivideCountGet@4
_AgsTerritoryPaint@16
_AgsKeyCnt@0
_AgsKeyTrg@0
_AgsHwndGet@0
_AgsSpritePosOffsetMove@12
_AgsTerritoryChangeBasic@12
_AgsSoundBgmGet@0
_AgsDebugWindowWorkSet@8
_AgsSpriteRectSet@8
_AgsTaskFreeChildAll@4
_AgsFrameCountGet@0
_AgsAppPahtGet@0
_CTaskMoviePlay@24
_AgsSoundBgmPlay@4
_AgsSpritePrioritySet@8
_AgsObjFileLoad@8
_AgsSpriteCreateCell@20
_AgsDebugWindowCreate@16
_AgsSoundBgmStop@0
_AgsSpriteHandleIs@4
_AgsDebugWindowDelete@4
_AgsSpriteZoomSet@12
_AgsSpriteFileNameGet@12
_AgsTerritoryAllEffect@4
_AgsScroolBarRun@12
_AgsScroolBarView@4
_AgsKeyTypeRpt@0
_AgsSoundWaveStop@4
_AgsTerritoryPaintBlend@20
_AgsScroolBarInit@8
_AgsSpritePosCenterSet@12
_DTaskSpriteEffectJump@16
_AgsSpritePosOffsetSet@12
_AgsSpriteDeleteLump@8
_DTaskSpaniLoop@12
_AgsKeyTypeCnt@0
_MTaskAgsButtonRunHit@8
_MTaskAgsButtonEntryBt@8
_AgsTaskMaidWorkGet@4
_AgsSpriteViewOn@4
_AgsNumberSpriteSet@16
_AgsSpriteBaseZoomSet@12
_AgsSpriteInfoGet@8
_AgsTaskSubgroundNoSet@4
_AgsSpriteGetViewRectSimple@8
_AgsTaskFree@0
_MTaskAgsButtonCursorForceOn@8
_MTaskAgsButtonCursorFlagSet@12
_MTaskAgsButtonWaitOff@8
_MTaskAgsButtonInit@12
_AgsSpriteDelete@4
_AgsTaskDiscipleFree@4
_AgsKeyMouseX@0
_AgsSpaniRectChange@12
_AgsTaskMasterMsgGet@0
_AgsTaskAllocChild@20
_AgsSpriteCreateFile@16
_AgsTaskDiscipleMsgGet@4
_AgsTerritoryDelete@4
_MTaskAgsButtonClickSubFileSet@16
_AgsSpriteView@8
AgsDebugWindowPrintf
_MTaskAgsButtonGet@12
_AgsSpriteHitPoss@20
_AgsSpriteCreateEmpty@20
_AgsTaskMaidRun@12
_AgsTerritoryCreateBasic@0
_MTaskAgsButtonRun@8
_CTaskWait@20
_AgsTerritoryChangeEffect@4
_AgsSpriteViewOff@4
_AgsTerritoryActiveSet@4
_AgsTaskGroundWorkGet@0
_AgsTaskMasterMsgDataGet@0
_AgsTaskChangeRetrace@4
_AgsDebugIs@0
_AgsTaskMasterMsgSet@4
_CTaskTaskWait@32
_AgsTaskChangeNext@4
_AgsTerritoryActiveGet@0
_AgsTaskAllocMaid@16
_AgsSpriteAlphaColorSet@12
_MTaskAgsButtonWaitOn@8
_AgsKeyMouseY@0
_MTaskAgsButtonCursorWaitOn@8
_AgsSoundWavePlayFile@8
_AgsSpritePosSet@12
_AgsTaskSubgroundNoWorkGet@4
_AgsKeyTypeTrg@0
_AgsSpriteRectChange@16
_MTaskAgsButtonEntryHandle@8
_AgsSpriteCreateTextEx@28
_AgsTaskPearentMsg@4
_AgsTaskCchildMsg@0
_AgsKeyWheel@0
_AgsSoundBgmTrackGet@0
_MTaskAgsButtonCursorNextSet@20
_DTaskSpani@8
_AgsSpriteCreateText@24
_AgsSpriteZoomParSet@12
_AgsSpriteColorFreamSet@16
_AgsTerritoryCreate@8
_AgsSpriteParentSet@8
_MTaskAgsButtonInitData@4
_MTaskAgsButtonInitDataDefault@16
_AgsTaskDiscipleIs@4
_AgsTerritoryPaintColor@16
_AgsModelDelete@4
_AgsSpriteLightLoad@8
_AgsTaskAllocDisciple@24
_AgsModelViewChild@8
_AgsModelCreateFile@12
_AgsModelRollSet@16
_AgsSpriteLightAmbientSet@12
_AgsSpriteLightInfoGet@12
_AgsSpriteCameraInfoGet@8
_AgsModelPosSet@16
_AgsSpriteLightInfoSet@12
_AgsSpriteCameraClipSet@12
_AgsModelDivide@12
_AgsSpriteCameraLoad@8
_AgsSpriteCameraPosMove@16
_AgsSpriteCameraInfoSet@8
_AgsModelDivideChildNoErr@16
_AgsModelDivideNoErr@12
_AgsModelViewOff@4
_AgsModelCreateEmpty@8
_AgsFileSystemCreateFile@8
_AgsModelAlphaSet@8
_AgsSpriteFogSet@12
_AgsModelCreateCopy@12
_AgsModelViewOn@4
_AgsModelHandleIs@4
_DTaskGameEffectOuterBoxSet@12
_AgsFileSystemFileCheck@4
_DTaskGameEffectLeaf@48
_DTaskGameEffectClipSet@16
_AgsModelView@8
_AgsAnimeLoad@8
_AgsTaskChange@8
_DTaskGameEffectSnow@36
_AgsSpritePgsvGet@0
_AgsModelInfoGet@8
_AgsModelDivideAll@24
_AgsTaskSubMemoryAllocFrame@4
_AgsTaskDiscipleMsgSet@12
_AgsModelCreatePointSprite@16
_AgsModelClipSet@16
_AgskeyMousePointSet@8
_AgsSpriteAlphaSet@8
_MTaskAgsButtonDataDefault@12
kernel32
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
WriteFile
ReadFile
CreateFileW
CloseHandle
SetFilePointer
GetEnvironmentStringsW
SetFileAttributesW
Sleep
CreateDirectoryW
FreeLibrary
LoadLibraryW
GetModuleFileNameW
GetProcAddress
CopyFileW
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
IsValidCodePage
WideCharToMultiByte
FreeEnvironmentStringsW
DeleteFileW
GetModuleFileNameA
RtlUnwind
HeapAlloc
HeapReAlloc
RaiseException
GetStdHandle
ExitProcess
IsProcessorFeaturePresent
MultiByteToWideChar
GetStringTypeW
IsValidLocale
HeapSize
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
EncodePointer
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
GetACP
GetOEMCP
user32
MessageBoxW
SendInput
ShowWindow
comdlg32
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
advapi32
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
aoicmp4
?AoiDatToTxt@@YGHPBUDTT_TYPE@@PBXIPADI@Z
?AoiTxtToDat@@YGHPBUDTT_TYPE@@PBDIPAXI@Z
?AoiDatToTxtSize@@YGIPBUDTT_TYPE@@I@Z
?AoiCompressMemoryFree@@YGXPAX@Z
?AoiCompressPack@@YGHPAXKKPAPAXPAUtagAOI_COMPRESS_PACK_DATA@@P6AHH0@Z0@Z
?AoiCompressUnpack@@YGHPAXKPAPAXPAUtagAOI_COMPRESS_PACK_DATA@@P6AHH0@Z0@Z
Sections
.text Size: 536KB - Virtual size: 535KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 98KB - Virtual size: 97KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ