2024-05-23_ffe7dd710bf82e86dddf5d4e1cfd1631_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-23_ffe7dd710bf82e86dddf5d4e1cfd1631_mafia
Size

1.1MB
MD5

ffe7dd710bf82e86dddf5d4e1cfd1631
SHA1

9adbb5368e5692c1c9e73c2d802bbf6e5d708da5
SHA256

5de4fa2eb477798af97d714ead1eb66cfded55bd0f27b2a0e6fd9ab519dc2eda
SHA512

a1be7dfecd37e758b512c35b7b725c4548de6f3b36ea32158b1382d82ef5dde70dcb1ccd7478fac3ef9161fd3f24748e6f5fe8797193609bfa1f26142e9b0e6d
SSDEEP

24576:qGsCXFYzasuL6Cf6i+8bk3c3kuk4TDL2jg:DsCXFYzZdi+8bVUuk4TDK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-23_ffe7dd710bf82e86dddf5d4e1cfd1631_mafia

Files

2024-05-23_ffe7dd710bf82e86dddf5d4e1cfd1631_mafia
.exe windows:5 windows x86 arch:x86

ec43ece443a9fc207ce735b95e060090

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\qiangp\Perforce\perforce_1666\qiangp_FX-JSJ625\Fun Player\Rel2.8.6\src\toolkits\bin\Release\FunBaikal.pdb

Imports

wininet

InternetOpenUrlW
InternetReadFile
InternetGetConnectedState
InternetOpenA
HttpQueryInfoA
InternetSetOptionA
HttpQueryInfoW
InternetCloseHandle

gdiplus

GdipCreateLineBrushI
GdipSetStringFormatLineAlign
GdipCreateBitmapFromFile
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdiplusStartup
GdipReleaseDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipLoadImageFromFileICM
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawString
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawLine
GdipDeletePen
GdipCreatePen1
GdipResetClip
GdipEndContainer
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipBeginContainer2
GdipSetClipRect
GdiplusShutdown

kernel32

HeapFree
CloseHandle
HeapAlloc
CreateEventA
GetPrivateProfileStringW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
GetTempPathW
GetNativeSystemInfo
GetVersionExW
CopyFileW
DeleteFileW
lstrlenW
lstrcmpiW
RaiseException
GetLastError
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
CreateEventW
WritePrivateProfileStructW
GetPrivateProfileStructW
SetEvent
GetCurrentThreadId
InterlockedExchange
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetModuleHandleExA
ResetEvent
WriteFile
SetFilePointer
CreateFileW
ReadFile
GetFileSize
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentProcess
GetFileAttributesExW
FindClose
SetFileAttributesW
TerminateProcess
LeaveCriticalSection
Process32NextW
Process32FirstW
GetCurrentProcessId
CreateToolhelp32Snapshot
GetFileAttributesW
SetHandleInformation
CreateProcessA
GetStdHandle
CreatePipe
GetModuleFileNameA
CreateFileA
GetLocalTime
GetCurrentDirectoryW
FreeResource
GetProcessHeap
GetACP
DosDateTimeToFileTime
SystemTimeToFileTime
GetFileType
DuplicateHandle
MulDiv
GetStringTypeW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
OpenEventA
ResumeThread
LocalFree
FormatMessageA
QueryPerformanceCounter
HeapDestroy
HeapReAlloc
HeapSize
EnterCriticalSection
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
Sleep
WideCharToMultiByte
GlobalUnlock
GlobalLock
DeleteFileA
GlobalAlloc
GetModuleHandleW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RtlUnwind
GetTimeZoneInformation
GetDriveTypeA
CreateDirectoryA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetOEMCP
IsValidCodePage
SetLastError
IsProcessorFeaturePresent
HeapCreate
GetLocaleInfoW
SetHandleCount
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ExitProcess
GetTickCount
ExitThread
CreateThread
FindFirstFileExA
FindNextFileA
GetCommandLineW
HeapSetInformation
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CompareStringW
GetDriveTypeW
SetEndOfFile
GetFileAttributesA
SetFileAttributesA
OpenProcess

user32

GetPropW
SetPropW
CallWindowProcW
GetClassInfoExW
LoadImageW
EnableWindow
MessageBoxW
IsZoomed
SetWindowRgn
MonitorFromWindow
GetWindowTextW
IsIconic
GetParent
PtInRect
GetFocus
GetCursorPos
ScreenToClient
MapWindowPoints
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
SetFocus
GetWindowTextLengthW
SetWindowTextW
CharPrevW
SetRect
DrawTextW
FillRect
DestroyIcon
DrawIconEx
OffsetRect
GetSysColor
ClientToScreen
SetCaretPos
HideCaret
ShowCaret
CreateCaret
wvsprintfW
InflateRect
GetMonitorInfoW
GetWindow
GetKeyState
GetSystemMetrics
IntersectRect
SetTimer
UnregisterClassW
KillTimer
WaitMessage
GetQueueStatus
TranslateMessage
RegisterClassExW
CallMsgFilterW
MsgWaitForMultipleObjectsEx
DispatchMessageW
PeekMessageW
ReleaseCapture
SetCapture
SendMessageW
UpdateLayeredWindow
GetWindowDC
ReleaseDC
GetDC
InvalidateRect
DefWindowProcW
GetWindowLongW
SetWindowLongW
SystemParametersInfoW
DestroyWindow
IsWindow
CreateWindowExW
RegisterClassW
SetCursor
LoadCursorW
CharNextW
ShowWindow
PostQuitMessage
PostMessageW
GetWindowRect
SetWindowPos
GetClientRect
LoadIconW

advapi32

RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoCreateGuid
CoTaskMemRealloc

shell32

SHGetSpecialFolderPathW
SHFileOperationW
SHCreateDirectoryExW

oleaut32

VarUI4FromStr

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathIsFileSpecW
PathFileExistsW

comctl32

_TrackMouseEvent
ord17

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC
CreateDIBSection
GetObjectW
GetStockObject
CreateFontIndirectW
CreatePen
SaveDC
RestoreDC
Rectangle
SetWindowOrgEx
GetTextMetricsW
CreateRoundRectRgn
GetDeviceCaps
SelectClipRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
CombineRgn
StretchBlt
SetStretchBltMode
SetBkColor
ExtTextOutW
CreateSolidBrush
CreatePenIndirect
MoveToEx
LineTo
RoundRect
SetBkMode
SetTextColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GetObjectA

wsock32

WSAGetLastError
htons
shutdown
WSACleanup
recv
htonl
socket
closesocket
send
connect
WSAStartup

urlmon

UrlMkGetSessionOption

ws2_32

WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 642KB - Virtual size: 641KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec43ece443a9fc207ce735b95e060090

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

gdiplus

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

comctl32

gdi32

wsock32

urlmon

ws2_32

version

Sections

.text Size: 642KB - Virtual size: 641KB

.rdata Size: 146KB - Virtual size: 146KB

.data Size: 34KB - Virtual size: 117KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 265KB - Virtual size: 264KB

.reloc Size: 82KB - Virtual size: 82KB

.text
Size: 642KB - Virtual size: 641KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 34KB - Virtual size: 117KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 265KB - Virtual size: 264KB

.reloc
Size: 82KB - Virtual size: 82KB