2024-06-03_2f259a2c5b302863ac9f1c2672ddb0ff_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-03_2f259a2c5b302863ac9f1c2672ddb0ff_mafia
Size

1.8MB
MD5

2f259a2c5b302863ac9f1c2672ddb0ff
SHA1

b19a3313de9bb85a9080102e08ccb0cf9de314c2
SHA256

19051a8becdfbaecac2c8dbc452935348ab971e362d0a7009ce75fe11529b15c
SHA512

90314c179698216750a933ec69fb7b88f33766e6e6322a67f4dc97935efdee2a7fedfad53372b4dbc50d82208609491c9a400b12a73be9596332200cd9c5102b
SSDEEP

49152:xrMHT/edFrYIp2SfKf+NbcTfCRNFL6u8UGQdl:1MDedFrYIp7Kf+sCRNFLX8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-03_2f259a2c5b302863ac9f1c2672ddb0ff_mafia

Files

2024-06-03_2f259a2c5b302863ac9f1c2672ddb0ff_mafia
.exe windows:5 windows x86 arch:x86

ef97671ffc3e570f87e2d5794ed742a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work\hodenko\ec2_mpc\EnchantedCavern2\bin\EC2.pdb

Imports

d3d8

Direct3DCreate8

dbghelp

MiniDumpWriteDump

dinput8

DirectInput8Create

openal32

alSourceUnqueueBuffers
alSourcef
alSourcePlay
alSourcei
alSourceStop
alDeleteSources
alGetSourcei
alSourceQueueBuffers
alSourcefv
alcCloseDevice
alcCreateContext
alcOpenDevice
alListenerf
alListenerfv
alcDestroyContext
alcMakeContextCurrent
alDeleteBuffers
alGenBuffers
alBufferData
alGetString
alGetError
alGenSources

shlwapi

PathRemoveFileSpecW

kernel32

GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
SetHandleCount
HeapCreate
HeapSize
GetLocaleInfoW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
OpenFile
Sleep
GetModuleFileNameW
GetShortPathNameW
GetModuleHandleA
ExitProcess
QueryPerformanceCounter
GetCurrentThread
QueryPerformanceFrequency
SetThreadAffinityMask
CreateFileA
SetErrorMode
SetUnhandledExceptionFilter
GetCurrentProcess
GetLastError
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
CreateDirectoryA
GetProcAddress
LoadLibraryA
FormatMessageA
GetModuleFileNameA
IsProcessorFeaturePresent
GetVersionExA
CreateFileW
HeapFree
GetProcessHeap
WriteFile
SetEvent
WaitForSingleObject
IsValidLocale
GetConsoleMode
LeaveCriticalSection
EnterCriticalSection
TlsAlloc
SetLastError
TlsGetValue
GetThreadPriority
DuplicateHandle
SetThreadPriority
TlsSetValue
InterlockedDecrement
TlsFree
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
SetThreadContext
GetThreadContext
ResumeThread
WaitForMultipleObjects
LCMapStringW
GetCPInfo
RaiseException
CreateThread
ExitThread
GetTimeZoneInformation
GetDateFormatA
GetExitCodeProcess
GetTimeFormatA
GetSystemTimeAsFileTime
MoveFileA
CreateProcessA
HeapReAlloc
RtlUnwind
GetStdHandle
GetFileType
WriteConsoleW
HeapAlloc
ReadFile
GetModuleHandleW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DeleteFileA
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedIncrement
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
SetStdHandle
SetEndOfFile
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
CompareStringW
GetFileAttributesA
CreatePipe
GetProcessAffinityMask
CreateEventA
SetEnvironmentVariableA

user32

SetWindowPos
GetDC
SystemParametersInfoA
GetSystemMetrics
DefWindowProcA
FindWindowA
LoadCursorA
RegisterClassA
MoveWindow
AdjustWindowRect
ReleaseDC
PeekMessageA
LoadIconA
SetForegroundWindow
IsIconic
PostQuitMessage
GetWindowRect
SetCursor
MessageBoxA
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
GetCursorPos
ScreenToClient
CharToOemA
CreateWindowExA
SetWindowLongA
SetRect
SendMessageA
TranslateMessage
ShowWindow
DispatchMessageA

gdi32

GetDeviceCaps
GetStockObject

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey

shell32

ShellExecuteA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ws2_32

WSAGetLastError
WSASetLastError

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef97671ffc3e570f87e2d5794ed742a5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d8

dbghelp

dinput8

openal32

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ws2_32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 200KB - Virtual size: 200KB

.data Size: 99KB - Virtual size: 111KB

.data1 Size: 2KB - Virtual size: 2KB

.rsrc Size: 346KB - Virtual size: 345KB

.reloc Size: 65KB - Virtual size: 64KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 200KB - Virtual size: 200KB

.data
Size: 99KB - Virtual size: 111KB

.data1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 346KB - Virtual size: 345KB

.reloc
Size: 65KB - Virtual size: 64KB