2024-05-27_6a7a0982683cedf7577f0e916bfa22b6_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-27_6a7a0982683cedf7577f0e916bfa22b6_mafia
Size

4.1MB
MD5

6a7a0982683cedf7577f0e916bfa22b6
SHA1

4eee01003a0cf51c76d6b258dd58270bf7236856
SHA256

a12c4508a8957a8c59ee1995267053e9734648a9526b942879aa1087a94af20b
SHA512

da77996dbdeaf501acfec9880621f8eb2bd6039f6c05b8812c48d5971c9bdede4b22ec0c6d39b0c500531c9dd748f3542624ac7e4b63ed8988d13b80b8402f66
SSDEEP

98304:CPIRg7WCuljgrdQ3+fH0xbIo2VVx8fQwhzhnCEEDxOetm:CPH7WkdwQdo2Vnod6Dx3m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-27_6a7a0982683cedf7577f0e916bfa22b6_mafia

Files

2024-05-27_6a7a0982683cedf7577f0e916bfa22b6_mafia
.exe windows:5 windows x86 arch:x86

91549991d5dc5a7db51ac22e62583c4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\hudson\workspace\jobs\Ninja-PC.Code.Autobuild\workspace\CONFIG\Production\Game\obj\Win32\Production\Game\Game.pdb

Imports

glint_api

SteamAPI_WriteMiniDump
SteamFriends
SteamAPI_Shutdown
SteamUtils
SteamClient
SteamAPI_Init
SteamAPI_RestartAppIfNecessary
SteamRemoteStorage
SteamUserStats
SteamUser
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamAPI_SetMiniDumpComment
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamAPI_RunCallbacks

kernel32

GetLocaleInfoW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
OutputDebugStringA
GetCurrentDirectoryA
TlsAlloc
IsValidCodePage
GetOEMCP
IsProcessorFeaturePresent
HeapCreate
ExitProcess
GetModuleHandleW
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCPInfo
GetDateFormatA
GetTimeFormatA
CreateThread
ExitThread
GetACP
LoadLibraryA
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
RtlUnwind
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
DecodePointer
EncodePointer
InitializeCriticalSection
InterlockedExchange
RaiseException
CreateProcessA
GetUserDefaultLangID
GetCommandLineA
ResumeThread
SetThreadPriority
InterlockedCompareExchange
InterlockedDecrement
ReleaseSemaphore
SetEnvironmentVariableA
CreateFileW
GetProcessHeap
SetEndOfFile
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetStringTypeW
LoadLibraryW
CreateSemaphoreA
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
LeaveCriticalSection
TryEnterCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
DeleteFileA
CloseHandle
GetVersionExA
ReleaseMutex
GetCurrentThreadId
GetFileTime
CreateMutexA
FindNextFileA
GetModuleFileNameA
FindClose
RemoveDirectoryA
GetProcAddress
GetLastError
FindFirstFileA
CompareStringW
GetCurrentProcessId
GetTickCount
SetHandleCount
GetEnvironmentStringsW
CreateFileA
GetFileSize
SetFilePointer
SetErrorMode
FreeLibrary
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
WaitForSingleObject
FormatMessageA
WriteFile
GetDriveTypeA
WideCharToMultiByte
GetVolumeInformationA
GetFileAttributesA
FileTimeToSystemTime
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
FlushFileBuffers
CreateDirectoryA
FreeEnvironmentStringsW

user32

MapVirtualKeyA
MessageBoxA
LoadIconA
LoadCursorA
GetAsyncKeyState
ReleaseCapture
GetRawInputData
SetCapture
GetWindowRect
GetForegroundWindow
RegisterRawInputDevices
SystemParametersInfoA
DispatchMessageA
TranslateMessage
PeekMessageA
PostMessageA
CreateWindowExA
GetSystemMetrics
RegisterClassA
ShowCursor
DefWindowProcA
GetMonitorInfoA
SetWindowLongA
SetWindowPos
ClipCursor
GetClientRect
AdjustWindowRect
InvalidateRect
ShowWindow

shell32

ShellExecuteA

d3d9

Direct3DCreate9

d3dx9_43

D3DXCompileShader
D3DXCreateTexture
D3DXCreateEffectPool
D3DXLoadSurfaceFromMemory
D3DXCreateEffect

xinput1_3

ord2
ord8
ord4
ord3
ord5

dinput8

DirectInput8Create

winmm

timeEndPeriod
timeBeginPeriod

fmodex

FMOD_Memory_Initialize
?setStreamBufferSize@System@FMOD@@QAG?AW4FMOD_RESULT@@II@Z
?setFileSystem@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PBDHPAIPAPAX2@ZP6G?AW43@PAX4@ZP6G?AW43@44I14@ZP6G?AW43@4I4@ZP6G?AW43@PAUFMOD_ASYNCREADINFO@@4@Z5H@Z
?setSoftwareFormat@System@FMOD@@QAG?AW4FMOD_RESULT@@HW4FMOD_SOUND_FORMAT@@HHW4FMOD_DSP_RESAMPLER@@@Z
?setSpeakerMode@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_SPEAKERMODE@@@Z

fmod_event

?setMediaPath@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PBD@Z
FMOD_EventSystem_Create
?setUserData@Event@FMOD@@QAG?AW4FMOD_RESULT@@PAX@Z
?setCallback@Event@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PAUFMOD_EVENT@@W4FMOD_EVENT_CALLBACKTYPE@@PAX22@Z2@Z
?getUserData@Event@FMOD@@QAG?AW4FMOD_RESULT@@PAPAX@Z
?getCategory@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAPAVEventCategory@2@@Z
?createEventQueueEntry@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PAVEvent@2@PAPAVEventQueueEntry@2@@Z
?createEventQueue@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVEventQueue@2@@Z
?getCategory@Event@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVEventCategory@2@@Z
?stop@Event@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?setReverbProperties@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_REVERB_PROPERTIES@@@Z
?getReverbPreset@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAUFMOD_REVERB_PROPERTIES@@PAH@Z
?update@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getParentGroup@Event@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVEventGroup@2@@Z
?getGroup@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PBD_NPAPAVEventGroup@2@@Z
?getCategoryByIndex@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAVEventCategory@2@@Z
?getNumCategories@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?setValue@EventParameter@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?getParameter@Event@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAPAVEventParameter@2@@Z
?release@Event@FMOD@@QAG?AW4FMOD_RESULT@@_N0@Z
?start@Event@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getEvent@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAPAVEvent@2@@Z
?getSystemObject@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVSystem@2@@Z
?getMusicSystem@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVMusicSystem@2@@Z
?load@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAUFMOD_EVENT_LOADINFO@@PAPAVEventProject@2@@Z
?release@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?unload@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?init@EventSystem@FMOD@@QAG?AW4FMOD_RESULT@@HIPAXI@Z

binkw32

_BinkDoFrameAsyncWait@8
_BinkPause@8
_BinkWait@4
_BinkDoFrameAsync@12
_BinkSetVolume@12
_BinkSetWillLoop@8
_BinkRegisterFrameBuffers@8
_BinkGetFrameBuffersInfo@8
_BinkGetError@0
_BinkOpen@8
_BinkClose@4
_BinkSetSoundTrack@8
_BinkGetRects@8
_BinkFreeGlobals@0
_BinkWaitStopAsyncThread@4
_BinkRequestStopAsyncThread@4
_BinkOpenDirectSound@4
_BinkSetSoundSystem@8
_BinkStartAsyncThread@8
_BinkShouldSkip@4
_BinkNextFrame@4
_BinkGoto@12
_BinkSetMemory@8

advapi32

GetUserNameA
OpenProcessToken

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString

Exports

Exports

PHYSFS_addToSearchPath
PHYSFS_close
PHYSFS_deinit
PHYSFS_delete
PHYSFS_enumerateFiles
PHYSFS_enumerateFilesCallback
PHYSFS_eof
PHYSFS_exists
PHYSFS_fileLength
PHYSFS_flush
PHYSFS_freeList
PHYSFS_getBaseDir
PHYSFS_getCdRomDirs
PHYSFS_getCdRomDirsCallback
PHYSFS_getDirSeparator
PHYSFS_getLastError
PHYSFS_getLastModTime
PHYSFS_getLinkedVersion
PHYSFS_getMountPoint
PHYSFS_getRealDir
PHYSFS_getSearchPath
PHYSFS_getSearchPathCallback
PHYSFS_getUserDir
PHYSFS_getWriteDir
PHYSFS_init
PHYSFS_isDirectory
PHYSFS_isInit
PHYSFS_isSymbolicLink
PHYSFS_mkdir
PHYSFS_mount
PHYSFS_openAppend
PHYSFS_openRead
PHYSFS_openWrite
PHYSFS_permitSymbolicLinks
PHYSFS_read
PHYSFS_readSBE16
PHYSFS_readSBE32
PHYSFS_readSBE64
PHYSFS_readSLE16
PHYSFS_readSLE32
PHYSFS_readSLE64
PHYSFS_readUBE16
PHYSFS_readUBE32
PHYSFS_readUBE64
PHYSFS_readULE16
PHYSFS_readULE32
PHYSFS_readULE64
PHYSFS_removeFromSearchPath
PHYSFS_seek
PHYSFS_setAllocator
PHYSFS_setBuffer
PHYSFS_setSaneConfig
PHYSFS_setWriteDir
PHYSFS_supportedArchiveTypes
PHYSFS_swapSBE16
PHYSFS_swapSBE32
PHYSFS_swapSBE64
PHYSFS_swapSLE16
PHYSFS_swapSLE32
PHYSFS_swapSLE64
PHYSFS_swapUBE16
PHYSFS_swapUBE32
PHYSFS_swapUBE64
PHYSFS_swapULE16
PHYSFS_swapULE32
PHYSFS_swapULE64
PHYSFS_symbolicLinksPermitted
PHYSFS_tell
PHYSFS_utf8FromLatin1
PHYSFS_utf8FromUcs2
PHYSFS_utf8FromUcs4
PHYSFS_utf8ToUcs2
PHYSFS_utf8ToUcs4
PHYSFS_write
PHYSFS_writeSBE16
PHYSFS_writeSBE32
PHYSFS_writeSBE64
PHYSFS_writeSLE16
PHYSFS_writeSLE32
PHYSFS_writeSLE64
PHYSFS_writeUBE16
PHYSFS_writeUBE32
PHYSFS_writeUBE64
PHYSFS_writeULE16
PHYSFS_writeULE32
PHYSFS_writeULE64

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 586KB - Virtual size: 586KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91549991d5dc5a7db51ac22e62583c4b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

glint_api

kernel32

user32

shell32

d3d9

d3dx9_43

xinput1_3

dinput8

winmm

fmodex

fmod_event

binkw32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 586KB - Virtual size: 586KB

.data Size: 62KB - Virtual size: 103KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 305KB - Virtual size: 304KB

.reloc Size: 271KB - Virtual size: 270KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 586KB - Virtual size: 586KB

.data
Size: 62KB - Virtual size: 103KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 305KB - Virtual size: 304KB

.reloc
Size: 271KB - Virtual size: 270KB