2024-06-28_34333828e74492b1383fa5620e0f3617_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-28_34333828e74492b1383fa5620e0f3617_mafia
Size

4.4MB
MD5

34333828e74492b1383fa5620e0f3617
SHA1

da2537edc95e97c139dbba317e452bb19613cd65
SHA256

51b9f3bbc96bab8896e67cc88c9a2dfdc88a47f66f2136feba825c9f7aa27d3c
SHA512

428037f2ff7a04858a37b862fa5de93e925ccfa3fa3517371a42e31c492927b78ff58b81fa7c3d4216250e5eb7ea4b3789ade020478e636737ca9b3009859b3b
SSDEEP

98304:zk6tof1nd/2jEJ01MOBnCL9Dn0EnoBmpaX3L6CM9e0AuXoj9ghi1RebMIg9Cbk/X:zk6SdAY2bEL9DndQ2CM9e0AuXojDIg9z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-28_34333828e74492b1383fa5620e0f3617_mafia

Files

2024-06-28_34333828e74492b1383fa5620e0f3617_mafia
.exe windows:5 windows x86 arch:x86

62e218ddbac9b1ff8086bb1f41a1908c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\6.BackUp Data\2021.06.15 박재현 백업\작업 소스\20210614\무인\스마트무인\Src\RadarProject Eagle Eye4\RadarProject\Release\RadarProject.pdb

Imports

byda_sdk

?initBydaSDK_Flag@CByda_SDK@@QAEXXZ
?makeConnEndPacket@CByda_SDK@@QAEXPAUcommConnEnd@@@Z
?checkCommInfoFromReqReply@CByda_SDK@@QAEEPAUcommConnReqReply@@@Z
?checkDevInfoFromReqReply@CByda_SDK@@QAEEPAUcommConnReqReply@@@Z
?makeConnReqPacket@CByda_SDK@@QAEXPAUcommConnReq@@@Z
??0CByda_SDK@@QAE@XZ
?procBufCont@CByda_SDK@@QAEXXZ
?getTrackDataAll@CByda_SDK@@QAEXPAUtrackBuffer@@PAUtrackOutSt@@@Z
?checkParamDataIn@CByda_SDK@@QAEEPAUtrackOutSt@@@Z
?checkTrackCheckSum@CByda_SDK@@QAEEPAUtrackOutSt@@UcommSendDataHeader@@@Z
?getTrackOut@CByda_SDK@@QAEXPAUcommSendDataHeader@@PADPAUtrackOutSt@@@Z
?getRadarData@CByda_SDK@@QAEEPADPAG@Z
?initGetRadarScanParams@CByda_SDK@@QAEXXZ
?recvDataProc@CByda_SDK@@QAEEPADFEG@Z
?initGetRadarParams@CByda_SDK@@QAEXXZ

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

HeapQueryInformation
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetStringTypeW
GetTimeZoneInformation
SetHandleCount
GetStdHandle
HeapCreate
GetFileType
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringW
CompareStringW
WriteConsoleW
GetProcessHeap
CreateFileW
SetEnvironmentVariableA
VirtualQuery
SetStdHandle
ExitProcess
GetConsoleCP
HeapReAlloc
GetLastError
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateEventA
CloseHandle
SetEvent
SetThreadPriority
WaitForMultipleObjects
ResetEvent
ExitThread
Sleep
TerminateThread
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
InitializeCriticalSection
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
GetLocalTime
WritePrivateProfileStringA
SystemTimeToFileTime
SetLastError
DeactivateActCtx
LoadLibraryA
GetModuleHandleA
GetProcAddress
ActivateActCtx
GetFileAttributesA
CreateDirectoryA
LocalAlloc
GetSystemInfo
VirtualAlloc
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
CreateThread
FindResourceExW
GetNumberFormatA
GetWindowsDirectoryA
SetErrorMode
VirtualProtect
GetTempPathA
SearchPathA
GetProfileIntA
GetFileSizeEx
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetFileAttributesExA
GetACP
GetOEMCP
GetCPInfo
GlobalFlags
LocalFree
GetCurrentDirectoryA
GetPrivateProfileStringA
FileTimeToSystemTime
TlsFree
CreateFileA
WriteFile
SetFilePointer
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
GetShortPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
MoveFileA
DeleteFileA
lstrcmpiA
GetThreadLocale
GetStringTypeExA
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
ReplaceFileA
GetPrivateProfileIntA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
GetFileSize
GlobalReAlloc
lstrcmpA
GetSystemDirectoryW
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
lstrcpyA
FindResourceA
FreeResource
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
CompareStringA
LoadLibraryW
lstrcmpW
GetModuleHandleW
InterlockedExchange
SuspendThread
GetCurrentThreadId
GetCurrentProcessId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFree
CopyFileA
GlobalSize
GlobalUnlock
SetEndOfFile
lstrlenW
MultiByteToWideChar
MulDiv
lstrlenA
ResumeThread
GetOverlappedResult
ReadFile
FormatMessageA
GetCommMask
ClearCommError
WaitCommEvent
PurgeComm
SetCommState
BuildCommDCBA
GetCommState
SetCommMask
SetCommTimeouts
FreeLibrary
GlobalLock
GlobalAlloc
GetModuleFileNameA
QueryPerformanceCounter
QueryPerformanceFrequency
TryEnterCriticalSection
GetTickCount
GetExitCodeThread
InterlockedDecrement
InterlockedIncrement
ReleaseMutex
CreateMutexA
SetLocalTime

user32

CharUpperBuffA
MonitorFromPoint
UpdateLayeredWindow
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
CopyImage
GetIconInfo
IsMenu
DestroyAcceleratorTable
SetLayeredWindowAttributes
EnumDisplayMonitors
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
SystemParametersInfoA
CharUpperA
NotifyWinEvent
MessageBeep
LoadCursorA
LoadMenuW
DeleteMenu
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
TabbedTextOutA
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
MapVirtualKeyA
GetKeyNameTextA
DrawStateA
WaitMessage
GetSysColorBrush
SetClassLongA
GetMenuItemInfoA
LoadCursorW
EnableScrollBar
FrameRect
FillRect
WindowFromPoint
SetCapture
LockWindowUpdate
GetUpdateRect
GetAsyncKeyState
UnionRect
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
SetPropA
GetPropA
RemovePropA
GetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PostQuitMessage
CreateAcceleratorTableA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
MessageBoxA
GetClassInfoExA
RegisterClassA
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
CallWindowProcA
PtInRect
DestroyWindow
GetClassLongA
SetForegroundWindow
SetParent
GetTopWindow
SetWindowRgn
IsZoomed
IsRectEmpty
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetCursorPos
ValidateRect
GetClassNameA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
WinHelpA
DestroyIcon
SetFocus
GetWindowThreadProcessId
IsWindowEnabled
EqualRect
GetDlgItem
GetDlgCtrlID
SetCursor
GetCapture
ReleaseCapture
LoadAcceleratorsA
SetActiveWindow
IsIconic
InsertMenuItemA
CreatePopupMenu
GetClassInfoA
IntersectRect
OffsetRect
CopyRect
GetLastActivePopup
SetMenu
GetDesktopWindow
ShowWindow
AdjustWindowRectEx
SetWindowPos
GetWindowLongA
SetWindowLongA
IsWindow
RegisterClipboardFormatA
MapDialogRect
SetWindowContextHelpId
LoadAcceleratorsW
ShowOwnedPopups
RealChildWindowFromPoint
SetCursorPos
CopyIcon
SubtractRect
GetNextDlgGroupItem
PostThreadMessageA
SetMenuDefaultItem
TranslateAcceleratorA
TranslateMDISysAccel
BringWindowToTop
GetActiveWindow
DrawMenuBar
CreateWindowExA
DefMDIChildProcA
GetMenu
DefFrameProcA
GetMenuState
GetMenuStringA
GetMenuDefaultItem
UnregisterClassA
CopyAcceleratorTableA
ToAsciiEx
GetKeyboardLayout
MonitorFromWindow
GetKeyboardState
AppendMenuA
EnumChildWindows
GetTabbedTextExtentW
MapVirtualKeyExA
IsCharLowerA
CreateMenu
GetWindowRgn
HideCaret
InvertRect
DrawIcon
InvalidateRgn
CharNextA
DestroyCursor
IsClipboardFormatAvailable
GetMonitorInfoA
GetDoubleClickTime
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
ClientToScreen
UpdateWindow
KillTimer
IsWindowVisible
RedrawWindow
GetSystemMetrics
LoadImageA
EnableMenuItem
GetSystemMenu
DrawTextA
SetRect
ReleaseDC
GetDC
LoadIconW
InvalidateRect
GetWindow
LoadBitmapW
GetSysColor
InflateRect
GetWindowRect
ScreenToClient
GetParent
SetTimer
FindWindowA
LoadIconA
GetKeyState
wsprintfA
EnableWindow
IsChild
GetClientRect
PostMessageA
SetRectEmpty
SendMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
CheckDlgButton

gdi32

RestoreDC
SetPolyFillMode
SetROP2
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
StartDocA
PtVisible
RectVisible
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
SaveDC
CreatePatternBrush
GetObjectType
CreateHatchBrush
CreateRoundRectRgn
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateEllipticRgn
CreatePolygonRgn
GetBkColor
GetTextColor
Polyline
Polygon
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetDIBColorTable
GetDIBits
StretchBlt
SetPixel
RoundRect
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetCharWidthA
OffsetRgn
GetRgnBox
ExtFloodFill
GetPaletteEntries
SetPaletteEntries
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
GetNearestPaletteIndex
GetSystemPaletteEntries
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
EnumFontFamiliesExA
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetTextExtentPoint32W
SetPixelV
GetStockObject
GetTextMetricsA
CreateFontIndirectA
CreateSolidBrush
CreateRectRgnIndirect
CreateBitmap
SetBkColor
DeleteDC
CreateDCA
CopyMetaFileA
GetDeviceCaps
Ellipse
GetTextExtentPoint32A
SetTextColor
PatBlt
SetBkMode
SelectObject
CreateDIBSection
TextOutA
Rectangle
CreatePen
DeleteObject
RealizePalette
SelectPalette
CreatePalette
BitBlt
StretchDIBits
SetStretchBltMode
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectA

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
GetJobA
ClosePrinter

advapi32

GetUserNameA
GetFileSecurityA
RegOpenKeyExW
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueA
RegCloseKey
SetFileSecurityA

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
DragFinish
ExtractIconA
SHAddToRecentDocs
SHGetDesktopFolder
SHGetMalloc
SHGetFileInfoA
SHAppBarMessage
DragQueryFileA

comctl32

InitCommonControlsEx
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Destroy
ImageList_DrawEx
ImageList_Create

shlwapi

PathFindExtensionA
PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecW
PathIsUNCA

ole32

StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleLockRunning
CoGetClassObject
CoRevokeClassObject
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleCreateMenuDescriptor
CLSIDFromString
OleUninitialize
CoCreateGuid
CreateStreamOnHGlobal
CoInitialize
CoInitializeEx
CoCreateInstance
CoUninitialize
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
StringFromCLSID
CoTaskMemFree
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
OleDestroyMenuDescriptor
OleGetClipboard
IsAccelerator
OleTranslateAccelerator

oleaut32

SysFreeString
OleCreateFontIndirect
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysStringLen
SysAllocString
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen

oledlg

ord8

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup

ws2_32

WSASetLastError
WSAAsyncSelect
ioctlsocket
connect
WSAStartup
recvfrom
sendto
WSACleanup
bind
gethostbyname
send
accept
WSAGetLastError
inet_ntoa
htonl
recv
__WSAFDIsSet
select
closesocket
htons
inet_addr
setsockopt
socket

himage

ord16071
ord16084

roseekimgprocesslib

RoseekDrawImg3
RoseekDrawImg4
RoseekGetImgHeight
RoseekGetImgWidth
RoseekDecodeImgFromMem
RoseekCreateOneIMGUtilObj
RoseekCloseIMGUtilObj

rsmediaplayer

ROSEEK_MPRun
ROSEEK_SetCallbackFunction
ROSEEK_MPSetRetryInterval
ROSEEK_MPOpenEx
ROSEEK_MPClose
ROSEEK_MPStartRecord
ROSEEK_MPStopRecord
ROSEEK_MPResizeVideoWindow
ROSEEK_MPStop
ROSEEK_MPSetRecordFilesDir

eagleeyeremoteupdatelib

Roseek_RemoteUpdate

ijl15

ord2
ord4
ord3
ord6

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

abimkjs
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

62e218ddbac9b1ff8086bb1f41a1908c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

byda_sdk

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

ws2_32

himage

roseekimgprocesslib

rsmediaplayer

eagleeyeremoteupdatelib

ijl15

oleacc

imm32

winmm

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 376KB - Virtual size: 375KB

.data Size: 27KB - Virtual size: 57KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 224KB - Virtual size: 225KB

abimkjs Size: - Virtual size: 4KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 376KB - Virtual size: 375KB

.data
Size: 27KB - Virtual size: 57KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 224KB - Virtual size: 225KB

abimkjs
Size: - Virtual size: 4KB