2024-05-22_37de325e11f102eb8e3fe9d33e9eee97_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-22_37de325e11f102eb8e3fe9d33e9eee97_mafia
Size

1.1MB
MD5

37de325e11f102eb8e3fe9d33e9eee97
SHA1

922d63519c1cbfef4d2d26f03031d4912769f3ad
SHA256

2b8ce4cb5c6163babcfbca1c74af7cd95b25c30f2ae693c131672a9cf9337625
SHA512

92bd1e7aff55e08721b0b05fcb485881a44830df7b9d3a0d63c8b52c3dd12a5068a46a4cf3ddb930f672b499bfea26366790c5c2731aa7a2b300b26ebf8b2253
SSDEEP

12288:qnRnI9fEN3KXeOz4ODE5UrXScem9qO+XNVi5kc/VFSE7lJEPd9JDwzrhfIaHzp3z:qRn0fLQUDXeBcmc/zSQycSa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-05-22_37de325e11f102eb8e3fe9d33e9eee97_mafia

Files

2024-05-22_37de325e11f102eb8e3fe9d33e9eee97_mafia
.exe windows:5 windows x86 arch:x86

2b50fa2a5f0b395da05bc6b216912eec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tanggh_FX-JSJ338_2193\Fun Player\Rel2.8.6\src\toolkits\bin\Release\FunBaikal.pdb

Imports

wininet

InternetOpenUrlW
InternetReadFile
InternetGetConnectedState
InternetOpenA
HttpQueryInfoA
InternetSetOptionA
HttpQueryInfoW
InternetCloseHandle

gdiplus

GdipCreateLineBrushI
GdipSetStringFormatLineAlign
GdipCreateBitmapFromFile
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdiplusStartup
GdipReleaseDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipLoadImageFromFileICM
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawString
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawLine
GdipDeletePen
GdipCreatePen1
GdipResetClip
GdipEndContainer
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipBeginContainer2
GdipSetClipRect
GdiplusShutdown

kernel32

HeapAlloc
CreateEventA
GetPrivateProfileStringW
LoadLibraryW
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetModuleFileNameW
GetTempPathW
GetNativeSystemInfo
GetVersionExW
CopyFileW
DeleteFileW
lstrlenW
lstrcmpiW
RaiseException
GetLastError
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
CreateEventW
WritePrivateProfileStructW
GetPrivateProfileStructW
SetEvent
WaitForSingleObject
OutputDebugStringW
GetCurrentThreadId
InterlockedExchange
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetModuleHandleExA
ResetEvent
WriteFile
SetFilePointer
CreateFileW
ReadFile
GetFileSize
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentProcess
GetFileAttributesExW
FindClose
SetFileAttributesW
TerminateProcess
OpenProcess
GetProcessHeap
Process32FirstW
GetCurrentProcessId
CreateToolhelp32Snapshot
GetFileAttributesW
TerminateThread
SetHandleInformation
CreateProcessA
GetStdHandle
CreatePipe
GetModuleFileNameA
CreateFileA
GetLocalTime
CloseHandle
FreeResource
ExitProcess
GetACP
DosDateTimeToFileTime
SystemTimeToFileTime
GetFileType
DuplicateHandle
MulDiv
GetStringTypeW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
OpenEventA
ResumeThread
LocalFree
FormatMessageA
QueryPerformanceCounter
HeapDestroy
HeapReAlloc
HeapSize
Sleep
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
DeleteFileA
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
ExitThread
CreateThread
GetDriveTypeA
CreateDirectoryA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetOEMCP
IsValidCodePage
SetLastError
IsProcessorFeaturePresent
HeapCreate
GetLocaleInfoW
SetHandleCount
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCurrentDirectoryW
HeapFree
FindFirstFileExA
FindNextFileA
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RtlUnwind
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CompareStringW
GetDriveTypeW
SetEndOfFile
GetFileAttributesA
SetFileAttributesA
Process32NextW

user32

GetPropW
SetPropW
CallWindowProcW
GetClassInfoExW
LoadImageW
EnableWindow
MessageBoxW
IsZoomed
SetWindowRgn
MonitorFromWindow
GetWindowTextW
IsIconic
GetParent
PtInRect
GetFocus
GetCursorPos
ScreenToClient
MapWindowPoints
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
SetFocus
GetWindowTextLengthW
SetWindowTextW
CharPrevW
SetRect
DrawTextW
FillRect
DestroyIcon
DrawIconEx
OffsetRect
GetSysColor
ClientToScreen
SetCaretPos
HideCaret
ShowCaret
CreateCaret
wvsprintfW
InflateRect
GetMonitorInfoW
GetWindow
GetKeyState
GetSystemMetrics
IntersectRect
SetTimer
UnregisterClassW
KillTimer
WaitMessage
GetQueueStatus
TranslateMessage
RegisterClassExW
CallMsgFilterW
MsgWaitForMultipleObjectsEx
DispatchMessageW
PeekMessageW
ReleaseCapture
SetCapture
SendMessageW
UpdateLayeredWindow
GetWindowDC
ReleaseDC
GetDC
InvalidateRect
DefWindowProcW
GetWindowLongW
SetWindowLongW
SystemParametersInfoW
DestroyWindow
IsWindow
CreateWindowExW
RegisterClassW
LoadIconW
SetCursor
CharNextW
ShowWindow
PostQuitMessage
PostMessageW
GetWindowRect
SetWindowPos
GetClientRect
LoadCursorW

advapi32

RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoCreateGuid
CoTaskMemRealloc

shell32

SHGetSpecialFolderPathW
SHFileOperationW
SHCreateDirectoryExW

oleaut32

VarUI4FromStr

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathIsFileSpecW
PathFileExistsW

comctl32

_TrackMouseEvent
ord17

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC
CreateDIBSection
GetObjectW
GetStockObject
CreateFontIndirectW
CreatePen
SaveDC
RestoreDC
Rectangle
SetWindowOrgEx
GetTextMetricsW
CreateRoundRectRgn
GetDeviceCaps
SelectClipRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
CombineRgn
StretchBlt
SetStretchBltMode
SetBkColor
ExtTextOutW
CreateSolidBrush
CreatePenIndirect
MoveToEx
LineTo
RoundRect
SetBkMode
SetTextColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GetObjectA

wsock32

WSAGetLastError
htons
shutdown
WSACleanup
recv
htonl
socket
closesocket
send
connect
WSAStartup

urlmon

UrlMkGetSessionOption

ws2_32

WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 640KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b50fa2a5f0b395da05bc6b216912eec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

gdiplus

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

comctl32

gdi32

wsock32

urlmon

ws2_32

version

Sections

.text Size: 640KB - Virtual size: 640KB

.rdata Size: 146KB - Virtual size: 146KB

.data Size: 34KB - Virtual size: 117KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 194KB - Virtual size: 194KB

.reloc Size: 82KB - Virtual size: 81KB

.text
Size: 640KB - Virtual size: 640KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 34KB - Virtual size: 117KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 194KB - Virtual size: 194KB

.reloc
Size: 82KB - Virtual size: 81KB