2024-06-01_b1f4b350bf57e1f65959158b58ac85df_mafia_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-01_b1f4b350bf57e1f65959158b58ac85df_mafia_revil
Size

6.6MB
MD5

b1f4b350bf57e1f65959158b58ac85df
SHA1

f76082d76b8b09fea8689d7661f36534d2f10e87
SHA256

7110ec414f14e122540909fc5cc0bbf9a1947fa073b5c0a7ca8966546ccf2b26
SHA512

85e47f4e248935520db7ba05c467e10bc17c32a371e6f1e45302238591101baf9788184926dc3610b304b06f23db8522bacffd4a8d668959cedd6b1802fdd77a
SSDEEP

98304:1DIdKGXtF3CMRh7wPk1vguHyYV8OBzOjwH3Im54RjGwGMsqC6qsMPij0Eca5PW+a:1D7wvT/5683ImqEtd6cKQq5+XHx55

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-01_b1f4b350bf57e1f65959158b58ac85df_mafia_revil

Files

2024-06-01_b1f4b350bf57e1f65959158b58ac85df_mafia_revil
.exe windows:5 windows x86 arch:x86

33cd7660eb697c5c31ae6fa3be55c7b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\code\Fun Player\VRPlayer1.0.5\bin_inst\Release\FunAcceInstall.pdb

Imports

shlwapi

SHSetValueW
SHGetValueW
PathFindFileNameW
PathAppendW
PathFileExistsW
PathRemoveExtensionW
PathRemoveFileSpecW
PathRemoveBackslashW
PathCanonicalizeW
PathIsRootW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

recvfrom
sendto
getaddrinfo
freeaddrinfo
connect
socket
closesocket
WSACleanup
getsockopt
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
accept
listen
ioctlsocket
shutdown
gethostbyname
gethostname
htonl
htons
WSAStartup
getpeername
WSCEnumProtocols
WSCDeinstallProvider
WSCWriteProviderOrder
WSCInstallProvider
WSCGetProviderPath

wldap32

ord211
ord32
ord143
ord60
ord50
ord26
ord30
ord200
ord22
ord35
ord79
ord33
ord301
ord27
ord41
ord46

kernel32

EncodePointer
InterlockedExchange
GetStringTypeW
CreateToolhelp32Snapshot
Process32FirstW
CloseHandle
OpenProcess
Process32NextW
TerminateProcess
WaitForSingleObject
LoadLibraryW
GetProcAddress
FreeLibrary
lstrcmpW
GetVersionExW
WideCharToMultiByte
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleHandleW
GetCurrentProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentProcessId
GetModuleFileNameW
CreateFileW
WriteFile
GetTempPathW
GetFileAttributesW
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
FindNextFileW
FindClose
MoveFileExW
DeleteFileW
CopyFileW
GetDriveTypeW
GetDiskFreeSpaceExW
GetTickCount
GetSystemDirectoryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
DecodePointer
InterlockedCompareExchange
CreateMutexW
GetLastError
GetCommandLineW
CreateThread
InitializeCriticalSectionAndSpinCount
Sleep
SetUnhandledExceptionFilter
HeapSize
ExpandEnvironmentStringsA
LoadLibraryA
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
ExpandEnvironmentStringsW
CreateEventW
GetNativeSystemInfo
GetCurrentThreadId
GetUserDefaultUILanguage
FreeResource
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
SetFilePointer
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
InterlockedIncrement
InterlockedDecrement
ExitProcess
lstrlenA
lstrlenW
GetModuleHandleA
OutputDebugStringA
FileTimeToSystemTime
GetFileAttributesExW
FileTimeToLocalFileTime
FlushFileBuffers
OpenMutexW
ReleaseMutex
MoveFileW
SetLastError
GetSystemTime
GetStartupInfoW
LocalFree
GetProcessHeap
SleepEx
VerifyVersionInfoA
VerSetConditionMask
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
GetVersion
GlobalMemoryStatus
FlushConsoleInputBuffer
RaiseException
GetSystemDirectoryA
HeapReAlloc
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
HeapSetInformation
RtlUnwind
FindFirstFileExA
GetTimeZoneInformation
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetFileInformationByHandle
GetDriveTypeA
CreateFileA
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
LCMapStringW
GetCPInfo
CompareStringW
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetHandleCount
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleCP
SetStdHandle
GetFullPathNameA
SetEndOfFile
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEnvironmentVariableA
CreateDirectoryW

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
HideCaret
GetFocus
ShowCaret
GetSysColor
CreateCaret
SetCaretPos
SystemParametersInfoW
GetDC
ReleaseDC
GetSystemMetrics
SetRectEmpty
SetTimer
KillTimer
DrawTextW
DrawFocusRect
IntersectRect
PostMessageW
ClientToScreen
SetWindowRgn
ScreenToClient
SetActiveWindow
GetMessageW
LoadImageW
SetCapture
IsZoomed
GetKeyState
IsWindowEnabled
TranslateMessage
OffsetRect
BringWindowToTop
PeekMessageW
GetDesktopWindow
GetCursorPos
GetActiveWindow
PostThreadMessageW
ReleaseCapture
MapWindowPoints
UpdateWindow
CallWindowProcW
DispatchMessageW
GetParent
PtInRect
GetWindowRect
EndPaint
UpdateLayeredWindow
GetClientRect
BeginPaint
MonitorFromWindow
GetMonitorInfoW
SetWindowPos
DestroyWindow
InvalidateRect
DefWindowProcW
GetWindowLongW
wsprintfW
FindWindowW
SendMessageW
GetWindow
PostQuitMessage
IsWindow
CreateWindowExW
SetFocus
SetWindowTextW
SetWindowLongW
RegisterClassExW
GetClassInfoExW
EnableWindow
LoadCursorW
SetCursor
MoveWindow
ShowWindow

gdi32

SetRectRgn
BitBlt
GetTextColor
ExtSelectClipRgn
GetClipBox
ExtTextOutW
CombineRgn
SelectClipRgn
SetBkMode
SetBkColor
SetTextColor
GetObjectW
CreateFontIndirectW
GetDeviceCaps
CreateCompatibleBitmap
OffsetRgn
CreateRectRgnIndirect
CreateRectRgn
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteObject
DeleteDC

advapi32

RegQueryValueExW
RegSetValueExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
GetSidIdentifierAuthority
GetSidSubAuthority
GetUserNameW
GetSidSubAuthorityCount
IsValidSid
DeregisterEventSource
ReportEventA
RegisterEventSourceA
LookupAccountNameW
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
ShellExecuteW
ord165
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateInstance
CoCreateGuid
OleInitialize
CoUninitialize
CoInitializeEx

oleaut32

VariantClear
SysAllocString
SysFreeString
SysStringLen

comctl32

ord17
_TrackMouseEvent

msimg32

GradientFill
AlphaBlend

riched20

ord4

winhttp

WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpReadData
WinHttpConnect

iphlpapi

GetBestInterface
GetBestRoute
GetIpAddrTable
GetIfTable

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 458KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33cd7660eb697c5c31ae6fa3be55c7b4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

version

ws2_32

wldap32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

riched20

winhttp

iphlpapi

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 458KB - Virtual size: 457KB

.data Size: 49KB - Virtual size: 74KB

.rsrc Size: 10.0MB - Virtual size: 10.0MB

.reloc Size: 127KB - Virtual size: 126KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 458KB - Virtual size: 457KB

.data
Size: 49KB - Virtual size: 74KB

.rsrc
Size: 10.0MB - Virtual size: 10.0MB

.reloc
Size: 127KB - Virtual size: 126KB