privateloader | 2024-05-01_9a6f96fb74ee7643bdb3fc4a4fccdb54_mafia_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-01_9a6f96fb74ee7643bdb3fc4a4fccdb54_mafia_revil
Size

19.6MB
MD5

9a6f96fb74ee7643bdb3fc4a4fccdb54
SHA1

fbb57278b6091eddcdf5158d0cb69ad6d3b4b215
SHA256

c1063f2b34aefa55853eb738bea3db54679d444fae95aede9c135f2cdff5daa0
SHA512

0b04f5d3897e4581e456b104d80e7d8f0c12eef23baebb8462dafa97daace25c090295c20dc865af2da9d35cb10b589fa97d1457bc312441b63598394fb95895
SSDEEP

196608:Z3uVWVkhommbOrCN0KYYZuFNpc0F7ZZBsP2axQkwoLavJsv6tWKFdu9CbJHGucPD:V+tG2xkw9Jsv6tWKFdu9CVHGkFlUT

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-01_9a6f96fb74ee7643bdb3fc4a4fccdb54_mafia_revil

Files

2024-05-01_9a6f96fb74ee7643bdb3fc4a4fccdb54_mafia_revil
.exe windows:5 windows x86 arch:x86

1a4db3ffbd7f79208038f612dcaf4a9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Tools_git_priv\RogueKillerPE\Release\RogueKillerPE.pdb

Imports

user32

CreateIconFromResource
DestroyIcon
GetDC
ReleaseDC
GetIconInfo
SendMessageW
SendMessageA
FindWindowA
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
LoadStringW
PostThreadMessageW
FindWindowW
ExitWindowsEx
FindWindowExW
EnumWindows
RealGetWindowClassW
GetWindowTextW
GetCursor
CreateCursor
CreateIconIndirect
SetCursorPos
GetCursorInfo
GetMessageExtraInfo
TrackMouseEvent
EnumDisplayMonitors
GetMonitorInfoW
NotifyWinEvent
LoadCursorW
GetAsyncKeyState
DestroyCursor
SetClipboardViewer
UnregisterClassW
SetTimer
KillTimer
PeekMessageW
UnhookWindowsHookEx
DestroyWindow
CallNextHookEx
PostMessageW
GetQueueStatus
SetWindowsHookExW
DefWindowProcW
GetWindowLongW
RegisterClassW
SetWindowLongW
CreateWindowExW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjectsEx
CharNextExA
MessageBoxW
SystemParametersInfoW
GetSystemMenu
EnableMenuItem
GetSysColor
GetSystemMetrics
SetWindowRgn
MessageBeep
GetDoubleClickTime
GetCaretBlinkTime
ScreenToClient
GetClientRect
GetKeyboardLayoutList
GetParent
ChildWindowFromPointEx
GetFocus
GetCursorPos
ClientToScreen
RegisterClassExW
LoadImageW
GetClassInfoW
GetSysColorBrush
GetCapture
GetDesktopWindow
GetAncestor
IsWindowVisible
IsChild
GetForegroundWindow
ReleaseCapture
SetCursor
FlashWindowEx
DrawIconEx
InvalidateRect
SetWindowPos
ShowWindow
GetWindowRect
GetWindowPlacement
AdjustWindowRectEx
SetWindowTextW
SetFocus
SetForegroundWindow
SetCapture
EndPaint
BeginPaint
GetUpdateRect
SetParent
MoveWindow
SetWindowPlacement
IsIconic
RegisterClipboardFormatW
GetClipboardFormatNameW
ToUnicode
GetKeyboardLayout
GetKeyState
TrackPopupMenuEx
SetMenuItemInfoW
IsZoomed
MapVirtualKeyW
GetKeyboardState
GetMenu
ToAscii
LoadIconW
SetCaretPos
RegisterWindowMessageW
DestroyCaret
HideCaret
CreateCaret
ChangeClipboardChain
GetWindowThreadProcessId

gdi32

BitBlt
SelectClipRgn
GetRegionData
GdiFlush
CreateRectRgn
CombineRgn
GetTextMetricsW
AddFontMemResourceEx
SetPixelFormat
ChoosePixelFormat
SwapBuffers
GetPixelFormat
GetBitmapBits
CreateCompatibleBitmap
CreateDCW
GetOutlineTextMetricsW
GetGlyphOutlineW
GetTextExtentPoint32W
GetDeviceCaps
SetGraphicsMode
GetCharABCWidthsFloatW
GetCharABCWidthsI
GetCharABCWidthsW
ExtTextOutW
SetTextAlign
SetBkMode
SetTextColor
CreateBitmap
GetTextFaceW
GetObjectA
OffsetRgn
GetStockObject
GetFontData
CreateFontIndirectW
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetDIBits
EnumFontFamiliesExW
GetObjectW
RemoveFontMemResourceEx
RemoveFontResourceExW
SetWorldTransform
AddFontResourceExW
DescribePixelFormat

opengl32

glGetError
glGetFloatv
glGetIntegerv
glGetString
glGetTexParameterfv
glGetTexParameteriv
glBindTexture
glBlendFunc
glClear
glClearColor
glClearStencil
glColorMask
glTexParameteriv
glCopyTexSubImage2D
glCullFace
glHint
glIsEnabled
glIsTexture
glPixelStorei
glPolygonOffset
glReadPixels
glDeleteTextures
glDepthFunc
glDepthMask
glDisable
glDrawArrays
glDrawElements
glTexSubImage2D
glViewport
glDepthRange
glClearDepth
glGetBooleanv
glGenTextures
glFrontFace
glFlush
glFinish
glEnable
glCopyTexImage2D
glTexParameteri
glTexParameterfv
glTexParameterf
glTexImage2D
glStencilOp
glStencilMask
glStencilFunc
glScissor
glLineWidth

ntdll

_CIsqrt
_CIpow
_CIcos
wcsrchr
_allmul
floor
VerSetConditionMask
_aulldiv
strncpy
_allshl
_aullrem
memchr
_aulldvrm
_chkstk
strchr
strncmp
memset
_allrem
_alldiv
_fltused
memmove
memcpy
atoi
_stricmp
_strnicmp
isupper
strcmp
islower
isgraph
ceil
wcsncmp
strtol
_CIlog
sscanf
sprintf
isspace
toupper
strstr
_snprintf
bsearch
strtoul
qsort
strcspn
_wcsicmp
tolower
_wtoi64
isalnum
strspn
_atoi64
_allshr
isprint
NtQueryVirtualMemory
strpbrk
isalpha
isxdigit
wcstombs
_vsnwprintf
RtlUnwind
_vsnprintf
NtDeleteKey
NtSetValueKey
NtCreateKey
NtDeleteValueKey
NtOpenKey
NtQueryKey
NtUnloadDriver
strrchr
RtlInitUnicodeString
wcsstr
NtLoadDriver
NtQuerySystemInformation
isdigit
_CIsin
_aullshr

advapi32

ConvertStringSidToSidW
IsValidSecurityDescriptor
SetEntriesInAclW
SetSecurityInfo
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
SetKernelObjectSecurity
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
RegRestoreKeyW
RegSaveKeyExW
RegLoadKeyW
RegUnLoadKeyW
GetUserNameW
QueryServiceConfigW
ReportEventW
RegisterServiceCtrlHandlerW
EnumServicesStatusW
SetServiceStatus
ChangeServiceConfigW
QueryServiceStatus
ChangeServiceConfig2W
QueryServiceConfig2W
EnumDependentServicesW
StartServiceCtrlDispatcherW
RegisterEventSourceW
ControlService
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
GetExplicitEntriesFromAclW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
LookupPrivilegeValueA
CryptGenRandom
GetUserNameA
ConvertSidToStringSidW
GetInheritanceSourceW
GetAclInformation
FreeInheritedFromArray
SetNamedSecurityInfoW
RegGetKeySecurity
GetNamedSecurityInfoW
IsValidSid
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW
RegFlushKey
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetKeySecurity
CheckTokenMembership
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
FreeSid

wininet

InternetCrackUrlW
InternetGetConnectedState

psapi

GetModuleInformation
GetMappedFileNameW
GetModuleFileNameExW
GetProcessImageFileNameW
GetModuleBaseNameW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wsock32

bind
ntohs
getsockname
setsockopt
send
recv
htons
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
WSAAsyncSelect
inet_addr
ntohl
htonl
getsockopt
getpeername
closesocket
socket
connect
gethostbyname
sendto
recvfrom
accept
listen
inet_ntoa
gethostname
select
shutdown

userenv

GetProfilesDirectoryW

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CertNameToStrW
CryptDecodeObject
CryptMsgClose
CryptMsgGetParam

wintrust

WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash

shlwapi

StrFormatByteSizeW
PathIsUNCW
PathIsNetworkPathW
PathRemoveExtensionW
PathIsPrefixW
PathBuildRootW
PathUnExpandEnvStringsW
PathIsDirectoryW
PathFindExtensionW
PathGetArgsW
PathIsRelativeW
PathFindFileNameW
PathIsSameRootW
PathRemoveFileSpecW
PathCanonicalizeW
PathAddBackslashW
PathGetDriveNumberW
PathIsURLW
PathRemoveBlanksW
PathFileExistsW
PathIsRootW
PathCompactPathW
PathSearchAndQualifyW
PathAppendW
PathCommonPrefixW
PathIsLFNFileSpecW
PathRenameExtensionW
PathUnquoteSpacesW
PathRemoveBackslashW
PathQuoteSpacesW
PathIsDirectoryEmptyW
PathFindNextComponentW
PathRemoveArgsW
AssocQueryStringW
PathMakePrettyW
StrCmpIW
StrDupW
StrCmpNIW

winhttp

WinHttpReceiveResponse
WinHttpSetOption
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData

iphlpapi

GetAdaptersAddresses

kernel32

FreeEnvironmentStringsW
FindFirstFileExA
GetDriveTypeA
GetEnvironmentStringsW
SetHandleCount
FatalAppExitA
FileTimeToLocalFileTime
SetEnvironmentVariableW
SetEnvironmentVariableA
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
CreateProcessA
WriteConsoleW
SetConsoleCtrlHandler
GetCPInfo
SetFileAttributesA
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetStdHandle
ReadConsoleInputA
GetConsoleMode
GetConsoleCP
ExitThread
HeapSetInformation
GetCommandLineA
RaiseException
lstrlenA
SetConsoleMode
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
GlobalFree
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LCMapStringW
LoadLibraryExW
FlushConsoleInputBuffer
FindFirstFileA
FindNextFileA
GlobalMemoryStatus
GetVersion
ExpandEnvironmentStringsA
PeekNamedPipe
VirtualQueryEx
VerifyVersionInfoA
SleepEx
CreateMutexA
GetVolumeNameForVolumeMountPointW
lstrcmpiW
lstrlenW
IsBadWritePtr
GetVolumePathNameW
WaitForMultipleObjectsEx
GetCompressedFileSizeW
IsBadReadPtr
GetFileSizeEx
SuspendThread
GetCurrentDirectoryA
GetModuleFileNameA
GetEnvironmentVariableA
GetThreadContext
GetEnvironmentVariableW
DeleteFileA
AreFileApisANSI
GetTempPathA
GetVersionExA
OutputDebugStringA
GetDiskFreeSpaceA
CreateFileMappingA
UnhandledExceptionFilter
HeapSize
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
HeapFree
HeapAlloc
SetUnhandledExceptionFilter
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
SetHandleInformation
CreatePipe
CreateDirectoryA
RemoveDirectoryA
GetTimeFormatA
GetDateFormatA
TryEnterCriticalSection
HeapCompact
CreateFileA
HeapReAlloc
GetFullPathNameA
LockResource
SizeofResource
LoadResource
FindResourceW
lstrcpyW
LocalAlloc
lstrcmpA
GetDiskFreeSpaceExW
QueryDosDeviceW
GetComputerNameW
GetThreadLocale
SetThreadLocale
GetShortPathNameW
Module32NextW
Module32FirstW
CreateRemoteThread
WriteProcessMemory
TerminateJobObject
CreateToolhelp32Snapshot
Process32NextW
OpenThread
Process32FirstW
Thread32Next
TerminateProcess
GetExitCodeProcess
ReadProcessMemory
AssignProcessToJobObject
Thread32First
GetProcessTimes
CreateJobObjectW
SetThreadContext
SetFileAttributesW
GetDiskFreeSpaceW
SetLastError
SetFilePointer
GetFileSize
TzSpecificLocalTimeToSystemTime
CompareFileTime
SystemTimeToFileTime
GetConsoleScreenBufferInfo
OpenMutexW
GetStdHandle
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetPriorityClass
GetTempFileNameW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualAlloc
VirtualFree
ReleaseMutex
CreateMutexW
LockFileEx
IsDebuggerPresent
CompareStringW
GetUserDefaultLCID
GetConsoleWindow
OutputDebugStringW
GetCurrentProcessId
LocalFree
GetCommandLineW
TlsFree
TlsSetValue
GetCurrentThreadId
GetSystemInfo
SwitchToThread
Sleep
SetThreadPriority
GetCurrentThread
TlsAlloc
CloseHandle
TerminateThread
WaitForSingleObject
TlsGetValue
GetLastError
WaitForMultipleObjects
ResumeThread
GetThreadPriority
SetEvent
CreateThread
CreateEventW
DuplicateHandle
GetCurrentProcess
GetProcAddress
VerifyVersionInfoW
GetVersionExW
GetNativeSystemInfo
FormatMessageW
GetLocalTime
GetSystemTime
QueryPerformanceFrequency
GetModuleHandleW
GetTickCount
QueryPerformanceCounter
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileInformationByHandle
SetErrorMode
FindClose
FindFirstFileW
CreateFileW
CreateDirectoryW
RemoveDirectoryW
GetFileAttributesW
CopyFileW
MoveFileW
DeleteFileW
LoadLibraryW
DeviceIoControl
GetFullPathNameW
GetLongPathNameW
GetTempPathW
GetCurrentDirectoryW
GetLogicalDrives
GetFileAttributesExW
SetCurrentDirectoryW
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
GetModuleFileNameW
GetSystemDirectoryW
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetUserDefaultUILanguage
MultiByteToWideChar
WideCharToMultiByte
FlushFileBuffers
GetFileType
SetFilePointerEx
ReadFile
WriteFile
MoveFileExW
SetEndOfFile
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
FreeLibrary
FindNextFileW
FindFirstFileExW
GetGeoInfoW
GetUserGeoID
GetTimeZoneInformation
OpenProcess
LoadLibraryA
GetModuleHandleA
ExitProcess
GetDriveTypeW
GetVolumeInformationW
lstrcmpW
IsValidLocale
IsValidLanguageGroup
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetUserDefaultLangID
ExpandEnvironmentStringsW
CreateProcessW
CheckRemoteDebuggerPresent
InterlockedIncrement
InterlockedDecrement

shell32

SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
SHGetSpecialFolderLocation
SHChangeNotify
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHGetSpecialFolderPathW
ord68

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemAlloc
CoGetMalloc
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
OleGetClipboard
ReleaseStgMedium
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoCreateGuid

ws2_32

WSAIoctl
WSAAddressToStringW

oleaut32

SetErrorInfo
GetErrorInfo
VariantClear
SystemTimeToVariantTime
VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocString
CreateErrorInfo

imm32

ImmAssociateContext
ImmGetCompositionStringW
ImmGetDefaultIMEWnd
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmGetContext
ImmNotifyIME
ImmReleaseContext

winmm

PlaySoundW

Exports

Exports

ud_decode
ud_disassemble
ud_get_user_opaque_data
ud_init
ud_input_end
ud_input_skip
ud_insn_asm
ud_insn_hex
ud_insn_len
ud_insn_mnemonic
ud_insn_off
ud_insn_opr
ud_insn_ptr
ud_lookup_mnemonic
ud_opr_is_gpr
ud_opr_is_sreg
ud_set_asm_buffer
ud_set_input_buffer
ud_set_input_file
ud_set_input_hook
ud_set_mode
ud_set_pc
ud_set_sym_resolver
ud_set_syntax
ud_set_user_opaque_data
ud_set_vendor
ud_translate_intel
yr_compiler_add_file
yr_compiler_add_string
yr_compiler_create
yr_compiler_define_boolean_variable
yr_compiler_define_float_variable
yr_compiler_define_integer_variable
yr_compiler_define_string_variable
yr_compiler_destroy
yr_compiler_get_current_file_name
yr_compiler_get_error_message
yr_compiler_get_rules
yr_compiler_set_callback
yr_filemap_map
yr_filemap_map_ex
yr_filemap_map_fd
yr_filemap_unmap
yr_finalize
yr_finalize_thread
yr_get_tidx
yr_initialize
yr_rules_define_boolean_variable
yr_rules_define_float_variable
yr_rules_define_integer_variable
yr_rules_define_string_variable
yr_rules_destroy
yr_rules_load
yr_rules_load_stream
yr_rules_save
yr_rules_save_stream
yr_rules_scan_fd
yr_rules_scan_file
yr_rules_scan_mem
yr_rules_scan_mem_blocks
yr_rules_scan_proc
yr_set_tidx
z_adler32
z_adler32_combine
z_adler32_combine64
z_compress
z_compress2
z_compressBound
z_crc32
z_crc32_combine
z_crc32_combine64
z_deflate
z_deflateBound
z_deflateCopy
z_deflateEnd
z_deflateInit2_
z_deflateInit_
z_deflateParams
z_deflatePrime
z_deflateReset
z_deflateSetDictionary
z_deflateSetHeader
z_deflateTune
z_get_crc_table
z_inflate
z_inflateCopy
z_inflateEnd
z_inflateGetHeader
z_inflateInit2_
z_inflateInit_
z_inflateMark
z_inflatePrime
z_inflateReset
z_inflateReset2
z_inflateSetDictionary
z_inflateSync
z_inflateSyncPoint
z_inflateUndermine
z_uncompress
z_zError
z_zlibCompileFlags
z_zlibVersion

Sections

.text
Size: 13.0MB - Virtual size: 13.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 241KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 477KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a4db3ffbd7f79208038f612dcaf4a9c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

gdi32

opengl32

ntdll

advapi32

wininet

psapi

version

wsock32

userenv

crypt32

wintrust

shlwapi

winhttp

iphlpapi

kernel32

shell32

ole32

ws2_32

oleaut32

imm32

winmm

Exports

Exports

Sections

.text Size: 13.0MB - Virtual size: 13.0MB

.rdata Size: 3.8MB - Virtual size: 3.8MB

.data Size: 241KB - Virtual size: 290KB

.qtmetad Size: 1024B - Virtual size: 588B

.rsrc Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 477KB - Virtual size: 476KB

.text
Size: 13.0MB - Virtual size: 13.0MB

.rdata
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 241KB - Virtual size: 290KB

.qtmetad
Size: 1024B - Virtual size: 588B

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 477KB - Virtual size: 476KB