2024-07-03_5efab2d6b4988d65c23371a2f89b7f31_mafia_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-03_5efab2d6b4988d65c23371a2f89b7f31_mafia_revil
Size

4.2MB
MD5

5efab2d6b4988d65c23371a2f89b7f31
SHA1

717d01254748824c17c32c7f8481fb741cdeed4a
SHA256

f603e31eb50efa67741676e93d6ae89a01dd90f7f17ac8ee1de4de6a154997d9
SHA512

8e562810a7eacf923b6280af8f46c71a3966f584e5f3731011757e73276355f58a96c802653e480fb74c84f7e9b8617cbabaf023ec8f642f6006fd3edb858414
SSDEEP

98304:wMX6JVkHSdJ+dw32A1ZBAE/KWQ4SKHdngNvfn7K9:w23U32cd44SKqN7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-03_5efab2d6b4988d65c23371a2f89b7f31_mafia_revil

Files

2024-07-03_5efab2d6b4988d65c23371a2f89b7f31_mafia_revil
.exe windows:5 windows x86 arch:x86

c764188dde97b3b62c08743b68ecd330

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\works\3dmlauncher\Release\GameLinks.pdb

Imports

wldap32

ord35
ord32
ord200
ord30
ord26
ord79
ord60
ord143
ord211
ord22
ord46
ord33
ord301
ord27
ord50
ord41

kernel32

lstrcmpA
InterlockedIncrement
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
ResumeThread
GetFileSizeEx
MoveFileW
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GlobalFlags
InterlockedExchange
CompareStringA
GetLocaleInfoW
GetStartupInfoW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetDriveTypeA
DeleteFileA
MoveFileA
LocalAlloc
ExitProcess
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
RtlUnwind
RaiseException
SetStdHandle
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
GetConsoleCP
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetFullPathNameA
GetCurrentDirectoryA
GetTimeZoneInformation
VirtualAlloc
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA
FileTimeToLocalFileTime
CreateFileA
GlobalAddAtomW
SetErrorMode
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
FlushConsoleInputBuffer
GetSystemTime
FindFirstFileA
GlobalFindAtomW
QueryPerformanceCounter
GetVersion
GetModuleHandleA
ExpandEnvironmentStringsA
LoadLibraryA
FreeLibrary
GetStdHandle
GetFileType
PeekNamedPipe
VerSetConditionMask
VerifyVersionInfoA
SleepEx
FormatMessageA
SetLastError
WritePrivateProfileStringW
GetLocalTime
GetFileTime
UnmapViewOfFile
GetFileInformationByHandle
FileTimeToSystemTime
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
ReadFile
SetFilePointer
GlobalMemoryStatus
InterlockedDecrement
GlobalMemoryStatusEx
WriteFile
GetDriveTypeW
GetLogicalDrives
FindClose
FindNextFileW
lstrlenA
GetVersionExW
Process32NextW
Process32FirstW
Module32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameA
SetUnhandledExceptionFilter
GetFileSize
GetCurrentProcess
CreateFileW
GetCurrentThreadId
LoadLibraryW
SetEvent
CreateEventA
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SetProcessWorkingSetSize
OpenProcess
CreateProcessW
GetTickCount
GetModuleHandleW
GetProcAddress
GetFullPathNameW
ExpandEnvironmentStringsW
SetFileAttributesW
GetFileAttributesW
TerminateProcess
GetExitCodeProcess
FindFirstFileW
lstrlenW
WaitForMultipleObjects
LeaveCriticalSection
SetThreadPriority
EnterCriticalSection
WaitForSingleObject
DeleteCriticalSection
OutputDebugStringW
ReleaseSemaphore
InitializeCriticalSection
CreateSemaphoreW
GetCurrentProcessId
CreateDirectoryW
DeleteFileW
GetModuleFileNameW
GetTempPathW
MultiByteToWideChar
Sleep
CloseHandle
ReleaseMutex
GetLastError
CreateMutexW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateWaitableTimerA
WaitForMultipleObjectsEx
InterlockedExchangeAdd
ResetEvent
OpenEventA
WaitForSingleObjectEx
SetWaitableTimer
DosDateTimeToFileTime
InterlockedCompareExchange
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
HeapReAlloc

user32

InvalidateRect
DestroyMenu
MoveWindow
SetWindowTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
CharUpperW
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetMessageW
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
LoadCursorW
GetSysColorBrush
RegisterWindowMessageW
SetCursor
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextLengthW
MonitorFromWindow
RegisterClassExW
GetWindowRgn
GetWindowTextW
GetForegroundWindow
DispatchMessageW
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
CreateWindowExW
ReleaseCapture
SetRect
GetMonitorInfoW
UnionRect
SetCapture
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetCaretBlinkTime
SetCaretPos
GetCaretPos
HideCaret
ShowCaret
CreateCaret
CharPrevW
GetMenu
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
UnhookWindowsHookEx
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDC
ReleaseDC
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
LoadIconW
PostQuitMessage
BringWindowToTop
ShowWindow
KillTimer
IsCharAlphaW
SystemParametersInfoW
SetTimer
PostMessageW
GetUpdateRect
CharNextW
wvsprintfW
IsZoomed
wsprintfW
SendMessageW
GetClientRect
GetDlgItem
IsRectEmpty
GetGUIThreadInfo
CreateAcceleratorTableW
InvalidateRgn
SetWindowRgn

gdi32

CombineRgn
CreateRectRgnIndirect
GetTextMetricsW
GetTextExtentPoint32W
CreateFontIndirectW
CreateSolidBrush
CreatePen
SelectObject
GetStockObject
CreateCompatibleDC
CreateBitmap
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
Escape
ExtTextOutW
TextOutW
OffsetViewportOrgEx
CreatePolygonRgn
GdiFlush
GetCharABCWidthsW
RoundRect
CreatePenIndirect
StretchBlt
CreateRoundRectRgn
Rectangle
PtInRegion
CreateDIBSection
RectVisible
PtVisible
BitBlt
CreateRectRgn
SelectClipRgn
MoveToEx
LineTo
SetMapMode
SetStretchBltMode
SetBkMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
DeleteObject
GetObjectA
CreateCompatibleBitmap
GetDeviceCaps
SetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyExW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegEnumKeyW
RegCloseKey
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteKeyW

shell32

SHGetFolderPathW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHChangeNotify
ShellExecuteW

shlwapi

StrToIntW
PathFileExistsW
PathAppendW
PathFileExistsA
PathFindFileNameW
PathFindExtensionW
UrlUnescapeW
PathStripToRootW
PathIsUNCW

ole32

CoInitializeEx
CreateStreamOnHGlobal
CLSIDFromProgID
OleLockRunning
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

VariantInit
VariantClear
VariantChangeType
SysAllocString
SysFreeString

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

EmptyWorkingSet
EnumProcesses

msi

ord113

ws2_32

shutdown
gethostname
ioctlsocket
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup

wininet

InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetSetOptionExW
InternetQueryDataAvailable
InternetOpenUrlW

imm32

ImmGetContext
ImmSetCompositionFontW
ImmReleaseContext
ImmSetCompositionWindow

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipLoadImageFromStream
GdipImageSelectActiveFrame
GdipGetImageHeight
GdipGetImageWidth
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDrawImage
GdipGraphicsClear
GdipDrawImageRectI
GdipDrawString
GdipGetFamily
GdipDeleteFontFamily
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipCloneBrush
GdiplusStartup
GdiplusShutdown
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdipDeleteBrush
GdipFree
GdipAlloc

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 434KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c764188dde97b3b62c08743b68ecd330

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wldap32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

version

psapi

msi

ws2_32

wininet

imm32

comctl32

gdiplus

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 434KB - Virtual size: 434KB

.data Size: 54KB - Virtual size: 78KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 129KB - Virtual size: 129KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 434KB - Virtual size: 434KB

.data
Size: 54KB - Virtual size: 78KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 129KB - Virtual size: 129KB