2024-06-09_f1cddb8ccb22faa208c710796baf2956_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-09_f1cddb8ccb22faa208c710796baf2956_mafia
Size

2.6MB
MD5

f1cddb8ccb22faa208c710796baf2956
SHA1

bd0f9dfab2be4a25d4d2d2d05e46e602043dafaa
SHA256

fe1031a1740e8b4b8a62003fdd3e232b078038b50beab5437150df1945341c64
SHA512

f4d2f4e1e0bc06463815c40902721e526c3f3d4be3f680ff34e6761bed198bfb7fec8c35b7c685f523d36504bf54f00113cb1a406e67972b54a0b9b1f416ee9d
SSDEEP

49152:0oANPXlfLb+JnN+baMAhYGzu5Aqd8SZWm21hnTmVnKF3/8tlFM8xAQ8Nm:0oANtzSJnN+bqKkEE1EKFktP2Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-09_f1cddb8ccb22faa208c710796baf2956_mafia

Files

2024-06-09_f1cddb8ccb22faa208c710796baf2956_mafia
.exe windows:5 windows x86 arch:x86

72461468a62b81ba326bef9c3765c7b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\dwilliams\Desktop\DC - Brush with Death\game\trunk\bin\win32\DarkCanvas_BrushWithDeath.pdb

Imports

openal32

alGetString
alcGetString
alcGetContextsDevice
alcGetCurrentContext
alcDestroyContext
alcMakeContextCurrent
alcCloseDevice
alcCreateContext
alcOpenDevice
alGetBufferi
alGetSourcef
alSourcePause
alSourceStop
alSourcePlay
alSourceQueueBuffers
alGenBuffers
alSourcei
alSourcef
alSource3f
alGenSources
alDeleteBuffers
alDeleteSources
alSourceUnqueueBuffers
alGetSourcei
alGetError
alBufferData

alut

alutExit

winmm

timeGetTime

d3dx9_42

D3DXCreateTexture
D3DXMatrixOrthoOffCenterLH

d3d9

Direct3DCreate9

kernel32

GetCommandLineA
DeleteFileA
GetModuleHandleW
DecodePointer
EncodePointer
SetEndOfFile
HeapSetInformation
GetStartupInfoW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RtlUnwind
DeleteFileW
HeapReAlloc
RaiseException
VirtualQuery
GetProcessHeap
SetEnvironmentVariableA
CompareStringW
CreateFileW
WriteConsoleW
SetStdHandle
CreateFileA
GetStringTypeW
IsValidLocale
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
Sleep
CreateThread
WaitForSingleObject
GetCurrentProcess
GetCurrentProcessId
OutputDebugStringW
GetTempPathW
GetTempFileNameW
lstrlenW
CopyFileW
GetLastError
GetCommandLineW
LoadLibraryW
GetProcAddress
FreeLibrary
CloseHandle
SetThreadExecutionState
ExitProcess
GetSystemInfo
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
GetVersion
GetModuleFileNameW
GetFileAttributesW
SetLastError
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileW
FindNextFileW
CreateDirectoryW
InterlockedIncrement
InterlockedDecrement
GetLocalTime
QueryPerformanceCounter
QueryPerformanceFrequency
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTickCount
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadFile
SetFilePointer
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThreadId
TlsFree
LCMapStringW
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
GetStdHandle
WriteFile
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
InterlockedExchange

gdiplus

GdiplusStartup
GdipGetImageEncoders
GdipDisposeImage
GdipSaveImageToFile
GdiplusShutdown
GdipGetImageEncodersSize
GdipCreateBitmapFromFile

user32

SendMessageW
LoadCursorFromFileA
SetCursor
FindWindowA
LoadCursorW
SetWindowLongW
SetWindowPos
GetDesktopWindow
PostMessageW
SystemParametersInfoW
MessageBoxW
SetWindowTextW
DestroyWindow
DispatchMessageW
TranslateMessage
PeekMessageW
MessageBoxA
SetFocus
SetForegroundWindow
CreateWindowExW
AdjustWindowRectEx
RegisterClassExW
LoadIconA
PostQuitMessage
MapVirtualKeyW
GetKeyState
GetClientRect
ScreenToClient
GetCursorPos
DefWindowProcW
GetWindowLongW
ShowWindow
GetSystemMetrics
RedrawWindow

gdi32

DeleteObject
GetStockObject

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegFlushKey

shell32

ShellExecuteA
DragAcceptFiles
SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW

ws2_32

WSAGetLastError
recv
send
connect
socket
gethostbyname
WSAStartup
htons

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72461468a62b81ba326bef9c3765c7b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

openal32

alut

winmm

d3dx9_42

d3d9

kernel32

gdiplus

user32

gdi32

advapi32

shell32

ws2_32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 297KB - Virtual size: 297KB

.data Size: 15KB - Virtual size: 534KB

.rsrc Size: 240KB - Virtual size: 239KB

.reloc Size: 106KB - Virtual size: 106KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 297KB - Virtual size: 297KB

.data
Size: 15KB - Virtual size: 534KB

.rsrc
Size: 240KB - Virtual size: 239KB

.reloc
Size: 106KB - Virtual size: 106KB