2024-05-01_c881c63e9e895addefee1b25595af2be_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-01_c881c63e9e895addefee1b25595af2be_mafia
Size

106KB
MD5

c881c63e9e895addefee1b25595af2be
SHA1

090c75a90e3d321ce055c721ddf4b05c3adfca9f
SHA256

42b480b6dc44e35c900593cc4aa4ce78df415ca1ce0a0124d12075012b144a48
SHA512

ce690ca7e58182dbb356f4ece24c54f4ce45bd148a501239e76362054cbfeca7295511cd6e292dfdb6bfee18cdc9505c195cca94a08adea2e839acc13df0ad14
SSDEEP

1536:3SXyHpKYDf5dvoTRt0KG1gQKBL0M+Fstxszqf/1X8oWXXxos2dGvR7RoWNHZ:CXyJb5VqL0M+qte+Z8bRosQER9JN5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-01_c881c63e9e895addefee1b25595af2be_mafia

Files

2024-05-01_c881c63e9e895addefee1b25595af2be_mafia
.exe windows:5 windows x86 arch:x86

3770ba8d36cda178f50139de812bd464

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Park\Documents\Visual Studio 2010\Projects\Sleeping Dogs DE\Release\SDPatcher.pdb

Imports

kernel32

SetFilePointer
CreateFileW
CloseHandle
ReadFile
WriteFile
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetFileSize
GetFileAttributesW
GetLastError
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineW
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
RaiseException
IsProcessorFeaturePresent
HeapCreate
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringW
Sleep
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetConsoleCP
GetConsoleMode
RtlUnwind
SetStdHandle
FlushFileBuffers
HeapReAlloc
WriteConsoleW

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3770ba8d36cda178f50139de812bd464

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 6KB - Virtual size: 5KB