2024-06-29_413e0ed78f6316e0c264d4b4c93e8145_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-29_413e0ed78f6316e0c264d4b4c93e8145_mafia
Size

2.6MB
MD5

413e0ed78f6316e0c264d4b4c93e8145
SHA1

b76b7a67c54a172a5b0e7ad9da45372841ba053e
SHA256

415fdfd6bf0fc35b0c9c352e63d97df803aa3a50887a2f6c6a7e8db2a3c2f722
SHA512

6174dffd1d96cbf9b65adb072f991480e8df3fb4118df62d1ab57480aaae0bfae814ffbea8a1859a6fe408dba0b9fc87b96fd925a25f3277c21bcae64d774751
SSDEEP

49152:4unVbrLJxDP9b/AAG6VskTNHEUWDEreT/VOYQiw/L/8tlFM8xA2F7lwGal:4uVbrLJxDP9ckDPxrZYQiw/4tP22

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-29_413e0ed78f6316e0c264d4b4c93e8145_mafia

Files

2024-06-29_413e0ed78f6316e0c264d4b4c93e8145_mafia
.exe windows:5 windows x86 arch:x86

72461468a62b81ba326bef9c3765c7b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\dwilliams\Desktop\DC - Brush with Death\game\trunk\bin\win32\DarkCanvas_BrushWithDeath.pdb

Imports

openal32

alGetString
alcGetString
alcGetContextsDevice
alcGetCurrentContext
alcDestroyContext
alcMakeContextCurrent
alcCloseDevice
alcCreateContext
alcOpenDevice
alGetBufferi
alGetSourcef
alSourcePause
alSourceStop
alSourcePlay
alSourceQueueBuffers
alGenBuffers
alSourcei
alSourcef
alSource3f
alGenSources
alDeleteBuffers
alDeleteSources
alSourceUnqueueBuffers
alGetSourcei
alGetError
alBufferData

alut

alutExit

winmm

timeGetTime

d3dx9_42

D3DXCreateTexture
D3DXMatrixOrthoOffCenterLH

d3d9

Direct3DCreate9

kernel32

GetCommandLineA
DeleteFileA
GetModuleHandleW
DecodePointer
EncodePointer
SetEndOfFile
HeapSetInformation
GetStartupInfoW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RtlUnwind
DeleteFileW
HeapReAlloc
RaiseException
VirtualQuery
GetProcessHeap
SetEnvironmentVariableA
CompareStringW
CreateFileW
WriteConsoleW
SetStdHandle
CreateFileA
GetStringTypeW
IsValidLocale
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
Sleep
CreateThread
WaitForSingleObject
GetCurrentProcess
GetCurrentProcessId
OutputDebugStringW
GetTempPathW
GetTempFileNameW
lstrlenW
CopyFileW
GetLastError
GetCommandLineW
LoadLibraryW
GetProcAddress
FreeLibrary
CloseHandle
SetThreadExecutionState
ExitProcess
GetSystemInfo
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
GetVersion
GetModuleFileNameW
GetFileAttributesW
SetLastError
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileW
FindNextFileW
CreateDirectoryW
InterlockedIncrement
InterlockedDecrement
GetLocalTime
QueryPerformanceCounter
QueryPerformanceFrequency
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTickCount
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadFile
SetFilePointer
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThreadId
TlsFree
LCMapStringW
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
GetStdHandle
WriteFile
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
InterlockedExchange

gdiplus

GdiplusStartup
GdipGetImageEncoders
GdipDisposeImage
GdipSaveImageToFile
GdiplusShutdown
GdipGetImageEncodersSize
GdipCreateBitmapFromFile

user32

SendMessageW
LoadCursorFromFileA
SetCursor
FindWindowA
LoadCursorW
SetWindowLongW
SetWindowPos
GetDesktopWindow
PostMessageW
SystemParametersInfoW
MessageBoxW
SetWindowTextW
DestroyWindow
DispatchMessageW
TranslateMessage
PeekMessageW
MessageBoxA
SetFocus
SetForegroundWindow
CreateWindowExW
AdjustWindowRectEx
RegisterClassExW
LoadIconA
PostQuitMessage
MapVirtualKeyW
GetKeyState
GetClientRect
ScreenToClient
GetCursorPos
DefWindowProcW
GetWindowLongW
ShowWindow
GetSystemMetrics
RedrawWindow

gdi32

DeleteObject
GetStockObject

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegFlushKey

shell32

ShellExecuteA
DragAcceptFiles
SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW

ws2_32

WSAGetLastError
recv
send
connect
socket
gethostbyname
WSAStartup
htons

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72461468a62b81ba326bef9c3765c7b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

openal32

alut

winmm

d3dx9_42

d3d9

kernel32

gdiplus

user32

gdi32

advapi32

shell32

ws2_32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 297KB - Virtual size: 297KB

.data Size: 15KB - Virtual size: 534KB

.rsrc Size: 240KB - Virtual size: 239KB

.reloc Size: 106KB - Virtual size: 106KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 297KB - Virtual size: 297KB

.data
Size: 15KB - Virtual size: 534KB

.rsrc
Size: 240KB - Virtual size: 239KB

.reloc
Size: 106KB - Virtual size: 106KB