2024-06-15_d02c37affc11812944bb320ab193edae_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-15_d02c37affc11812944bb320ab193edae_mafia
Size

5.3MB
MD5

d02c37affc11812944bb320ab193edae
SHA1

0ecb9babd76834bd8ced9125db4c222dbbf11d97
SHA256

d421018cc8e7580cb3729cf824c2e075c5605233d62de7f13607fab949a18556
SHA512

f04ef669fc4b05ed20126158e17c1e86817816468edabb7a3c1a52e5b4b9896ae387133ad78b0b6d57467d1d30279378ab5cf08114eb5ea1cf768d39b2097e1c
SSDEEP

49152:N7x9UjhSYybZTxOh4b8EehRecwh2DqKo1ZV5WCNqlBG1NLfhL3zbkZChoU8wQisK:JUjdcFOh4dmY5MlB6NLtvLQwQisuZv3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-15_d02c37affc11812944bb320ab193edae_mafia

Files

2024-06-15_d02c37affc11812944bb320ab193edae_mafia
.exe windows:5 windows x86 arch:x86

c55f23124373effdd89442ea654156f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\LHGN01_SRC\Client\Laghaim_Client\bin\KP_Release_Game.pdb

Imports

ijl11

ord3
ord5
ord2

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

winmm

timeGetTime
mmioDescend
mmioRead
mmioAscend
mmioCreateChunk
mmioOpenA
mmioClose
mmioSetInfo
mmioSeek
mmioGetInfo
mmioAdvance
mciSendCommandA
mmioWrite

ws2_32

socket
getsockopt
setsockopt
closesocket
send
WSACleanup
WSAStartup
inet_ntoa
gethostbyname
gethostname
htons
inet_addr
connect
WSAGetLastError
select
__WSAFDIsSet
recv
ioctlsocket

dsound

ord11

imm32

ImmSetConversionStatus
ImmIsIME
ImmReleaseContext
ImmGetCompositionStringA
ImmGetDefaultIMEWnd
ImmGetCandidateListA
ImmGetConversionStatus
ImmGetOpenStatus
ImmGetContext
ImmSetOpenStatus

kernel32

FindResourceA
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
GlobalAlloc
GlobalFree
CreateFileA
WriteFile
WideCharToMultiByte
GetSystemDefaultLangID
CreateMutexA
ReleaseMutex
FreeLibrary
FormatMessageA
GetLastError
LocalFree
lstrlenA
GetVersionExA
GetProcAddress
GetModuleHandleA
GetSystemInfo
GlobalMemoryStatusEx
CreateEventA
WaitForSingleObjectEx
SetEvent
GetLocalTime
CopyFileA
SetThreadAffinityMask
GetCurrentThread
GetExitCodeThread
TerminateThread
WaitForSingleObject
ResumeThread
SuspendThread
GlobalLock
GlobalUnlock
ResetEvent
InterlockedDecrement
GetPrivateProfileIntA
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetCurrentThreadId
GetExitCodeProcess
Process32Next
Sleep
Module32Next
ReadFile
lstrcatA
lstrcpyA
lstrcmpiA
lstrcpynA
SetCurrentDirectoryA
FindClose
FindNextFileA
FindFirstFileA
UnhandledExceptionFilter
GetCurrentProcess
GetCPInfo
LCMapStringW
HeapReAlloc
RtlUnwind
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetFileAttributesA
CreateThread
ExitThread
MoveFileA
DeleteFileA
GetFullPathNameA
GetDriveTypeW
HeapAlloc
CreateDirectoryA
SetEnvironmentVariableA
HeapFree
ExitProcess
GetModuleHandleW
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
MulDiv
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
InterlockedCompareExchange
DecodePointer
EncodePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
InterlockedIncrement
GetCurrentDirectoryA
GetTickCount
GetSystemTime
OutputDebugStringA
CloseHandle
Module32First
GetACP
GetOEMCP
IsValidCodePage
FatalAppExitA
GetLocaleInfoW
IsDebuggerPresent
HeapSize
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
HeapDestroy
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetHandleCount
SetConsoleCtrlHandler
LoadLibraryW
GetStringTypeW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFilePointer
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
CreateProcessA
CreateFileW
SetEndOfFile
GetProcessHeap
CompareStringW
lstrlenW
TerminateProcess
SetUnhandledExceptionFilter

user32

GetForegroundWindow
LoadAcceleratorsA
PeekMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
DrawMenuBar
RedrawWindow
ClientToScreen
CopyImage
LoadImageA
AdjustWindowRectEx
SystemParametersInfoA
GetScrollInfo
EnableWindow
GetWindowTextA
SetForegroundWindow
DestroyWindow
SetParent
SetCapture
ReleaseCapture
LoadStringA
ShowWindow
MoveWindow
GetDesktopWindow
CreateDialogParamA
GetSystemMetrics
GetWindowRect
SetMenu
SetWindowLongA
SetWindowPos
GetWindowLongA
FindWindowA
CheckMenuItem
GetMenu
DefWindowProcA
PostQuitMessage
KillTimer
ActivateKeyboardLayout
UpdateWindow
LoadMenuA
AdjustWindowRect
RegisterClassA
LoadIconA
DestroyCursor
SetCursor
SetTimer
GetKeyboardLayout
SetWindowTextA
EndDialog
GetDlgItem
DialogBoxParamA
PostMessageA
wsprintfA
GetAsyncKeyState
SendMessageA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetKeyState
MessageBoxA
PtInRect
SetRect
GetClientRect
ScreenToClient
GetCursorPos
ReleaseDC
GetDC
CreateWindowExA

gdi32

GetTextExtentPointA
CreateFontA
GetDeviceCaps
GetTextExtentPoint32A
SelectObject
GetStockObject
SetBkMode
GetDIBits
DeleteDC
Rectangle
CreateDIBSection
SetBkColor
SetTextColor
ExtTextOutA
SetStretchBltMode
GetPixel
CreateCompatibleBitmap
DeleteObject
GetObjectA
CreateSolidBrush
GetDIBColorTable
StretchBlt
SetPixel
CreateCompatibleDC
BitBlt
TextOutA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

ole32

CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysStringByteLen
SysFreeString
OleLoadPicture
CreateErrorInfo
GetErrorInfo
VariantClear
SysAllocString
VariantChangeType
VariantInit
SetErrorInfo
SysAllocStringByteLen

wininet

InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoA
InternetOpenUrlA
InternetCloseHandle
InternetOpenA

bugtrap

BT_SetDumpType
BT_SetFlags
BT_SetAppName
BT_SetSupportServer
BT_InstallSehFilter
BT_InsLogEntry
BT_GetLogFileName
BT_OpenLogFile
BT_AddLogFile
BT_SetAppVersion

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c55f23124373effdd89442ea654156f1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ijl11

ddraw

winmm

ws2_32

dsound

imm32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

wininet

bugtrap

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 448KB - Virtual size: 447KB

.data Size: 46KB - Virtual size: 2.5MB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 236KB - Virtual size: 235KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 448KB - Virtual size: 447KB

.data
Size: 46KB - Virtual size: 2.5MB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 236KB - Virtual size: 235KB