2024-05-26_e7b9eaf7a91ed6204425671667b21a88_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-26_e7b9eaf7a91ed6204425671667b21a88_mafia
Size

1.8MB
MD5

e7b9eaf7a91ed6204425671667b21a88
SHA1

c0cf3ff1c8eb23af8b93f729efcf2a94a7db988a
SHA256

04fdabfedd0b5d3affb20f877b786b57047671122d5b7ab104c47c54d40a25ae
SHA512

9b4ba51ce078464176cadaf70002f96a1228fb4501e92817b6848f35ce6df0759b6b11d74a599d64dec1b2c2cd3d4e4e9a0b88d5fe8c318d34bb965fb8b4d510
SSDEEP

49152:IhAuMpNUUNkjdnVbH1J3gPiKJn6pl1Bse6gKypSkRTz:IhxMnPNkjr/38iKJuz64pSkJ

Score

10^/10

vmprotect

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-26_e7b9eaf7a91ed6204425671667b21a88_mafia

Files

2024-05-26_e7b9eaf7a91ed6204425671667b21a88_mafia
.exe windows:5 windows x86 arch:x86

ff2cc0b2026f0855c704f71dfbe39752

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\projects\funny\CQXZS\org\传奇DPK\bin\JDClient.pdb

Imports

ws2_32

connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
WSACleanup
gethostname
WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
recv
send
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
socket
closesocket
getsockopt
getpeername
WSAStartup

wldap32

ord27
ord41
ord301
ord33
ord200
ord79
ord35
ord32
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord46

kernel32

WaitForSingleObject
GetThreadContext
GetModuleHandleA
SetThreadContext
GetFileSize
FreeLibrary
MultiByteToWideChar
GetLastError
WideCharToMultiByte
GlobalAlloc
GlobalLock
WriteFile
GlobalUnlock
GlobalFree
VirtualAlloc
VirtualProtectEx
CreateThread
GetCurrentProcessId
CreateToolhelp32Snapshot
FindFirstFileA
FindClose
CreateDirectoryA
ReadFile
FindNextFileA
GetTickCount
IsWow64Process
GetCurrentProcess
GetVersionExA
FindResourceA
LoadResource
FreeResource
SizeofResource
LockResource
GetCurrentDirectoryA
GetModuleFileNameA
Process32First
Process32Next
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
OpenProcess
GetExitCodeThread
SetLastError
SleepEx
VerifyVersionInfoA
VerSetConditionMask
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
GetCurrentDirectoryW
GetFullPathNameA
FlushFileBuffers
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
SetHandleCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
LoadLibraryW
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
LCMapStringW
RaiseException
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThreadId
ExitThread
ResumeThread
VirtualFreeEx
CreateRemoteThread
GetProcAddress
LoadLibraryA
Sleep
WriteProcessMemory
VirtualAllocEx
CreateProcessA
OutputDebugStringA
UnmapViewOfFile
MapViewOfFile
CloseHandle
CreateFileMappingA
CreateFileA
GetStartupInfoW
HeapSetInformation
GetStringTypeW
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
ExitProcess
GetModuleHandleW
HeapAlloc
HeapFree
SetFileTime
GetFileAttributesA
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFilePointer
MulDiv
GetACP
DecodePointer
EncodePointer
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
SetEndOfFile
GetProcessHeap
CreateFileW
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DefWindowProcA
wvsprintfA
OffsetRect
CharNextA
SetFocus
GetMessageA
EndPaint
CreateWindowExA
IsWindow
ShowWindow
DispatchMessageA
IsRectEmpty
InvalidateRect
MapWindowPoints
GetCursorPos
GetKeyState
DestroyWindow
SetPropA
BeginPaint
TranslateMessage
GetUpdateRect
GetFocus
SetTimer
KillTimer
IntersectRect
SetWindowTextA
GetWindowTextLengthA
FillRect
DrawTextA
InvalidateRgn
CreateAcceleratorTableA
MoveWindow
EnableWindow
SetWindowPos
SystemParametersInfoA
GetParent
SendMessageA
RegisterClassA
GetClassInfoExA
CallWindowProcA
PtInRect
GetWindow
IsZoomed
GetSysColor
GetWindowRgn
GetWindowDC
GetSystemMetrics
GetWindowLongW
WindowFromPoint
GetCapture
PostMessageA
ReleaseCapture
SetCursor
SetCapture
LoadCursorA
GetDesktopWindow
MessageBoxA
CharUpperA
ClientToScreen
SetForegroundWindow
LoadIconA
CharLowerA
IsWindowVisible
PostQuitMessage
SetWindowRgn
GetWindowRect
GetClientRect
ScreenToClient
IsIconic
SetWindowLongA
GetWindowLongA
MonitorFromWindow
GetMonitorInfoA
ReleaseDC
GetDC
wsprintfA
GetWindowTextA
GetWindowThreadProcessId
wsprintfW
RegisterClassExA
GetPropA
MessageBoxW
CharUpperBuffW

gdi32

SaveDC
SetWindowOrgEx
CreateFontIndirectA
GetTextMetricsA
CreateSolidBrush
SetTextColor
SetBkMode
SelectClipRgn
ExtSelectClipRgn
GetClipBox
CreateDIBSection
StretchBlt
SetStretchBltMode
ExtTextOutA
SetBkColor
LineTo
MoveToEx
RoundRect
RestoreDC
PtInRegion
Rectangle
FrameRgn
CreateHatchBrush
SetROP2
CreatePen
CreateRectRgn
CombineRgn
CreateRoundRectRgn
CreateRectRgnIndirect
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
DeleteDC
GetDeviceCaps
CreateDCA

advapi32

AllocateAndInitializeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
FreeSid
CheckTokenMembership
OpenProcessToken

shell32

DragQueryFileA
ShellExecuteA
Shell_NotifyIconA
DragFinish

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateInstance
CoUninitialize

dbghelp

ImageRvaToVa

wininet

InternetOpenA
InternetConnectA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
InternetSetOptionA
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpOpenRequestA

ntdll

ZwClose
ZwQueryInformationProcess
ZwDuplicateObject
ZwFreeVirtualMemory
RtlUnwind
ZwAllocateVirtualMemory
ZwOpenProcess
ZwQuerySystemInformation

comctl32

_TrackMouseEvent
ord17

Sections

.text
Size: 743KB - Virtual size: 742KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 913KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff2cc0b2026f0855c704f71dfbe39752

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

kernel32

user32

gdi32

advapi32

shell32

ole32

dbghelp

wininet

ntdll

comctl32

Sections

.text Size: 743KB - Virtual size: 742KB

.rdata Size: 105KB - Virtual size: 105KB

.data Size: 10KB - Virtual size: 26KB

.vmp0 Size: 913KB - Virtual size: 912KB

.vmp1 Size: 57KB - Virtual size: 56KB

.reloc Size: 36KB - Virtual size: 35KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 743KB - Virtual size: 742KB

.rdata
Size: 105KB - Virtual size: 105KB

.data
Size: 10KB - Virtual size: 26KB

.vmp0
Size: 913KB - Virtual size: 912KB

.vmp1
Size: 57KB - Virtual size: 56KB

.reloc
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 10KB - Virtual size: 9KB