2024-04-30_ef0ab2cf5c2572f296adcaa8f421de9a_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-30_ef0ab2cf5c2572f296adcaa8f421de9a_mafia
Size

7.1MB
MD5

ef0ab2cf5c2572f296adcaa8f421de9a
SHA1

c59c6474d990c63480a8a7052e3b04fe30161c43
SHA256

197df777d2d4b17a2f3eee3f4ea6f932b6b19f02d215b7aa7d9e3e253e9b5829
SHA512

d5cb4554ec35bd1e42b87b7d3d8058d474deb0e9390952591572c27a73b1fd6fd478dcbbebe3c9b20c309b1019920fe30d21bbddb681cc3c95b32c28801d4118
SSDEEP

196608:9uFFhMnLADOXuoEVdOKKwbB/klp0MeFR:eX0CowcKKgkl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-30_ef0ab2cf5c2572f296adcaa8f421de9a_mafia

Files

2024-04-30_ef0ab2cf5c2572f296adcaa8f421de9a_mafia
.exe windows:5 windows x86 arch:x86

304cae9220ffd527fe90360799a224e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Development\MultiSeason\SourceGS\GameServer\GameServer___Win32_JPN\GameServer.pdb

Imports

ws2_32

WSAAsyncSelect
listen
closesocket
WSAGetLastError
bind
htons
htonl
setsockopt
inet_ntoa
accept
send
WSAStartup
WSACleanup
shutdown
gethostbyname
gethostname
inet_addr
socket
sendto
recvfrom
WSASocketA
WSARecv
WSAAccept
WSASend
connect
recv
WSASendTo
ntohl

kernel32

WritePrivateProfileStringA
InterlockedDecrement
FileTimeToSystemTime
FindFirstFileA
OutputDebugStringA
SetErrorMode
SystemTimeToFileTime
InterlockedExchangeAdd
InterlockedExchange
SetUnhandledExceptionFilter
LoadLibraryA
WriteFile
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
SizeofResource
LockResource
LoadResource
GetProcAddress
LocalFree
GlobalUnlock
GlobalLock
GlobalSize
CopyFileA
SetLastError
GetModuleHandleA
CompareStringA
GetModuleHandleW
GetModuleFileNameW
DeactivateActCtx
CreateActCtxW
ReleaseActCtx
ActivateActCtx
FreeLibrary
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalGetAtomNameA
GetAtomNameA
lstrcmpA
GetThreadLocale
GetStringTypeExA
lstrcmpiA
DeleteFileA
MoveFileA
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FindClose
GetVolumeInformationA
GetFullPathNameA
GetShortPathNameA
GlobalAddAtomA
GlobalFlags
SetThreadPriority
ResumeThread
SetEvent
SuspendThread
CreateEventA
GetFileAttributesExA
SetFileAttributesA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
GetLocaleInfoA
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GlobalDeleteAtom
lstrcmpW
LoadLibraryW
GetVersionExA
GlobalFindAtomA
FreeResource
FindResourceA
GetACP
lstrcpyA
GetCurrentDirectoryA
GetCPInfo
GetOEMCP
GetWindowsDirectoryA
GetNumberFormatA
GetTempFileNameA
GetTempPathA
GetProfileIntA
SearchPathA
VirtualProtect
GetUserDefaultLCID
ReplaceFileA
GetDiskFreeSpaceA
FindResourceExW
LocalUnlock
LocalLock
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
EncodePointer
DecodePointer
ExitThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
VirtualAlloc
VirtualQuery
HeapReAlloc
HeapQueryInformation
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetHandleCount
GetStdHandle
IsProcessorFeaturePresent
IsValidCodePage
HeapCreate
HeapDestroy
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetLocaleInfoW
FatalAppExitA
SetConsoleCtrlHandler
GetStringTypeW
LCMapStringW
CompareStringW
GetConsoleCP
GetConsoleMode
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
GetCurrentThreadId
GetCurrentProcessId
VirtualQueryEx
GetModuleFileNameA
GetCurrentProcess
GetCurrentThread
GetThreadContext
CreateFileA
CreateDirectoryA
GlobalAlloc
GlobalFree
GetProcessHeap
HeapAlloc
HeapFree
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
PostQueuedCompletionStatus
FormatMessageA
TerminateThread
OpenFile
GetFileSize
_lclose
ReadFile
GetLastError
InterlockedIncrement
Sleep
WaitForSingleObject
CloseHandle
CreateThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetSystemTime
GetLocalTime
GetTickCount
GetPrivateProfileStringA
ExitProcess
GetPrivateProfileIntA
FindResourceW

user32

EnumDisplayMonitors
SetLayeredWindowAttributes
LoadCursorW
SetCursor
ShowOwnedPopups
DeleteMenu
InvalidateRect
InflateRect
GetMenuItemInfoA
DestroyMenu
IntersectRect
RedrawWindow
GetMenuDefaultItem
CreatePopupMenu
IsRectEmpty
MapVirtualKeyA
SetCapture
GetAsyncKeyState
ReleaseCapture
InvertRect
DrawFocusRect
HideCaret
EnableScrollBar
NotifyWinEvent
MessageBeep
OffsetRect
GetIconInfo
CopyImage
LoadImageA
GetNextDlgGroupItem
DrawIconEx
GetDialogBaseUnits
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
WindowFromPoint
SetClassLongA
LoadMenuW
GetSystemMenu
DrawStateA
DrawEdge
DrawFrameControl
CopyAcceleratorTableA
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
SetCursorPos
BringWindowToTop
LockWindowUpdate
GetKeyNameTextA
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
IsCharLowerA
MapVirtualKeyExA
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
InsertMenuItemA
GetMenuBarInfo
LoadMenuA
ReuseDDElParam
UnpackDDElParam
PostThreadMessageA
WaitMessage
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
InSendMessage
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
SendNotifyMessageA
FrameRect
GetUpdateRect
RegisterClipboardFormatA
CopyIcon
CharUpperBuffA
GetDoubleClickTime
SubtractRect
EnumChildWindows
MapDialogRect
DrawIcon
DestroyCursor
WindowFromDC
SystemParametersInfoA
GetDCEx
GetTabbedTextExtentW
GetTabbedTextExtentA
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
ShowScrollBar
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetWindowPlacement
GetMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetForegroundWindow
IsIconic
PostMessageA
SetWindowPos
ScrollWindowEx
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetScrollPos
SetScrollPos
SetFocus
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
UnregisterClassA
GetFocus
GetDesktopWindow
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
CharUpperA
DestroyIcon
GetWindowTextLengthA
GetWindowTextA
GetWindowThreadProcessId
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
GetSystemMetrics
GetSysColor
GetSysColorBrush
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
SetRectEmpty
CreateDialogIndirectParamA
GetNextDlgTabItem
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
LoadIconW
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowRgn
GetForegroundWindow
MoveWindow
DialogBoxParamA
DefWindowProcA
KillTimer
DestroyWindow
PostQuitMessage
CreateWindowExA
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
SetTimer
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
SetWindowTextA
FillRect
GetClientRect
CallWindowProcA
SetWindowLongA
GetDC
ReleaseDC
SetRect
IsWindow
CreateDialogParamA
ShowWindow
GetDlgItem
EndDialog
SetDlgItemTextA
SendMessageA
wsprintfA
MessageBoxA
RealChildWindowFromPoint
GetWindowLongA

gdi32

GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
CreateCompatibleDC
SelectPalette
PlayMetaFileRecord
SetWindowExtEx
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateHatchBrush
CreateDIBitmap
CreateFontIndirectA
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsA
EnumFontFamiliesA
OffsetWindowOrgEx
GetTextCharsetInfo
GetTextExtentPoint32A
SetRectRgn
CopyMetaFileA
GetMapMode
PatBlt
DPtoLP
GetBkColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
GetCharWidthA
StretchDIBits
ScaleWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetCurrentObject
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
CreateDCA
CreateBitmap
SetBkColor
GetObjectA
SaveDC
CombineRgn
GetDeviceCaps
RestoreDC
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
DeleteMetaFile
CloseMetaFile
CreateMetaFileA
GetTextExtentPoint32W
GetTextExtentPointA
GetTextFaceA
GetTextAlign
GetStretchBltMode
GetROP2
GetPolyFillMode
GetBkMode
GetNearestColor
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
TextOutA
SetTextColor
SetBkMode
CreateSolidBrush
CreateFontA
DeleteObject
SelectObject
GetStockObject
SetWorldTransform
ModifyWorldTransform
SetMapMode
GetClipBox
ExcludeClipRect
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
RoundRect
EnumFontFamiliesExA
GetRgnBox
OffsetRgn
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetLayout
SetLayout
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
StartDocA
PtVisible
RectVisible
ExtTextOutA
Escape
SetViewportOrgEx
Rectangle
SetPixel
StretchBlt
GetDIBits
SetDIBColorTable
Polygon

comctl32

ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ImageList_GetImageCount
ImageList_DrawEx
ImageList_Destroy
ImageList_AddMasked
ImageList_Remove
ImageList_GetIconSize
ord17

msimg32

TransparentBlt
AlphaBlend

shlwapi

PathRemoveFileSpecW
PathFindExtensionA
PathFindFileNameA
PathRemoveExtensionA
PathStripToRootA
PathIsUNCA

oledlg

ord8

dbghelp

SymGetOptions
SymSetOptions
SymInitialize
SymFunctionTableAccess
StackWalk
SymGetModuleInfo
SymGetSymFromAddr
SymGetLineFromAddr
SymLoadModule

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePixelFormat
GdipDrawImageI
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipCloneImage
GdipGetImageGraphicsContext
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipBitmapUnlockBits

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA
GetJobA

comdlg32

GetFileTitleA

advapi32

RegEnumKeyA
GetFileSecurityA
SetFileSecurityA
RegEnumValueA
RegQueryValueExA
RegOpenKeyExW
RegEnumKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueA
RegCloseKey

shell32

DragFinish
SHGetFileInfoA
SHAddToRecentDocs
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteExA
SHAppBarMessage
DragQueryFileA
ExtractIconA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA

ole32

OleSetContainedObject
OleCreateFromFile
OleCreateLinkToFile
OleGetIconOfClass
OleDuplicateData
CreateGenericComposite
OleRegEnumVerbs
OleRegGetMiscStatus
OleRun
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleQueryCreateFromData
OleQueryLinkFromData
OleIsRunning
GetRunningObjectTable
CoGetMalloc
CreateOleAdviseHolder
CreateDataAdviseHolder
GetHGlobalFromILockBytes
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromProgID
OleLoad
OleCreate
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleSaveToStream
WriteClassStm
OleSave
StgCreateDocfileOnILockBytes
PropVariantCopy
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
OleSetMenuDescriptor
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
StgIsStorageFile
StgOpenStorage
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CreateFileMoniker
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfile
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateGuid
CLSIDFromString
CoCreateInstance
CoDisconnectObject
OleUninitialize
StringFromGUID2
CreateItemMoniker

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysStringLen
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SysFreeString
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SysAllocStringLen
VariantTimeToSystemTime
SafeArrayUnlock
SafeArrayLock
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
VariantInit
SysAllocString
SafeArrayPtrOfIndex
SafeArrayPutElement

Sections

.textbss
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 772KB - Virtual size: 771KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 243.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 965KB - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

304cae9220ffd527fe90360799a224e7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

comctl32

msimg32

shlwapi

oledlg

dbghelp

oleacc

gdiplus

imm32

winmm

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.textbss Size: - Virtual size: 2.5MB

.text Size: 5.2MB - Virtual size: 5.2MB

.rdata Size: 772KB - Virtual size: 771KB

.data Size: 111KB - Virtual size: 243.9MB

.idata Size: 24KB - Virtual size: 24KB

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 965KB - Virtual size: 964KB

.textbss
Size: - Virtual size: 2.5MB

.text
Size: 5.2MB - Virtual size: 5.2MB

.rdata
Size: 772KB - Virtual size: 771KB

.data
Size: 111KB - Virtual size: 243.9MB

.idata
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 965KB - Virtual size: 964KB