2024-07-09_6deb4b0fe4ac3f29e355f23462615c0d_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-09_6deb4b0fe4ac3f29e355f23462615c0d_mafia
Size

10.4MB
MD5

6deb4b0fe4ac3f29e355f23462615c0d
SHA1

7563c79e8154d0fadeb1892e3b08b7c001620004
SHA256

403538d20c60cc5318bf5af34f8942623c7062307f26cc6dbe4b74bde4369ed3
SHA512

044501ec3e1d8cfaa89249dc87c5dc2e7292b1d3bc06d2ac9565613f217f0eb874d07b65f75bf4b46a190cf16451ff2ac56c5ea923b9969aa3f7dbfb22b701d2
SSDEEP

196608:EaWP0B3mZ16o8ihOZKeoMTOR3i+yPADJVzucEVS:EaWP0BWKri85DOo+Z6cEV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-09_6deb4b0fe4ac3f29e355f23462615c0d_mafia

Files

2024-07-09_6deb4b0fe4ac3f29e355f23462615c0d_mafia
.exe windows:5 windows x86 arch:x86

369b247dd206b21a1dd6fc8e85f5de4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\source\pvpWar81\Client\Game\output\Release\SFrame.pdb

Imports

kernel32

ReadConsoleInputA
SetConsoleMode
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetCurrentDirectoryW
GetSystemInfo
GetEnvironmentVariableA
GetACP
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
SetLastError
lstrcmpA
InterlockedPopEntrySList
InterlockedPushEntrySList
CreateToolhelp32Snapshot
Process32Next
OpenProcess
Process32First
LocalAlloc
RemoveDirectoryA
FormatMessageA
DebugBreak
FlushConsoleInputBuffer
SetEnvironmentVariableA
CompareStringW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
LoadLibraryW
SetConsoleCtrlHandler
FlushInstructionCache
FlushFileBuffers
WriteConsoleW
SetHandleCount
GetFileType
HeapCreate
GetLocaleInfoW
IsDebuggerPresent
UnhandledExceptionFilter
IsValidCodePage
GetOEMCP
HeapSize
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
ExitThread
HeapReAlloc
GetModuleHandleW
GetConsoleMode
GetConsoleCP
RtlUnwind
DecodePointer
EncodePointer
GetStringTypeW
PeekNamedPipe
GetStdHandle
SetStdHandle
GetFileInformationByHandle
VirtualQuery
GetModuleFileNameW
IsBadReadPtr
VirtualProtect
ExitProcess
GetComputerNameA
TerminateThread
CreateThread
CopyFileA
SetUnhandledExceptionFilter
HeapFree
GetProcessHeap
HeapAlloc
SetEndOfFile
VirtualAlloc
IsDBCSLeadByte
lstrcmpiA
GetModuleHandleA
lstrlenW
GetCurrentProcess
lstrcpyA
InitializeCriticalSectionAndSpinCount
RaiseException
GetVersionExA
GetLocaleInfoA
CompareStringA
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
CreateMutexA
OpenMutexA
WaitForSingleObject
ReleaseMutex
GetTickCount
GetSystemDirectoryA
WideCharToMultiByte
CreateDirectoryA
GetSystemDefaultLangID
GlobalMemoryStatus
WritePrivateProfileStringA
GetCurrentDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
lstrcatA
GetVersion
GetCurrentThread
SetThreadPriority
WaitForMultipleObjects
SetEvent
CreateEventA
IsBadWritePtr
GetCurrentThreadId
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
CreateProcessA
FindFirstFileA
FindNextFileA
FindClose
LoadLibraryA
GetProcAddress
FreeLibrary
QueryPerformanceCounter
QueryPerformanceFrequency
OutputDebugStringA
InitializeCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteFileA
GetFileAttributesA
SetFileAttributesA
VirtualFree
SetFilePointer
GetDriveTypeW
GetFullPathNameA
InterlockedCompareExchange
InterlockedExchange
UnmapViewOfFile
CreateFileW
CreateFileMappingA
MapViewOfFile
IsProcessorFeaturePresent
WriteFile
GetTempPathA
GetTempFileNameA
LocalFree
lstrlenA
MultiByteToWideChar
GetLastError
GetLocalTime
InterlockedDecrement
InterlockedIncrement
CreateFileA
GetFileSize
ReadFile
CloseHandle

ws2_32

socket
closesocket
WSACleanup
connect
sendto
gethostbyname
inet_addr
htons
WSAStartup
send
__WSAFDIsSet
recv
select

imm32

ImmGetOpenStatus
ImmIsIME
ImmGetProperty
ImmGetCompositionStringW
ImmGetIMEFileNameA
ImmGetVirtualKey
ImmGetContext
ImmGetConversionStatus
ImmReleaseContext
ImmSetConversionStatus
ImmGetCandidateListW
ImmNotifyIME

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

psapi

GetModuleFileNameExW
GetModuleFileNameExA
GetProcessMemoryInfo

d3d9

Direct3DCreate9

devil

ilSaveImage
ilGetData
ilGenImages
ilTexImage
ilGetError
ilSave
ilLoadImage
ilDeleteImages
ilInit
ilEnable
ilBindImage
ilSetInteger
ilOriginFunc

ilu

iluFlipImage
iluErrorString

user32

ShowWindow
SetRect
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetUserObjectInformationW
GetProcessWindowStation
RedrawWindow
BringWindowToTop
GetClientRect
GetAsyncKeyState
MessageBoxA
ClientToScreen
ReleaseCapture
SetCapture
PostQuitMessage
ShowCursor
GetSystemMetrics
SetCursor
SetFocus
SetWindowPos
SetWindowLongA
CharNextExA
DrawTextA
ScreenToClient
SendMessageA
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SetClipboardData
EmptyClipboard
GetKeyboardLayout
CharPrevA
PostMessageA
SetWindowTextA
EnableWindow
CallWindowProcA
CreateWindowExA
GetWindowLongA
wsprintfA
GetKeyState
DestroyWindow
LoadStringA
LoadAcceleratorsA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetParent
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
CreateAcceleratorTableA
LoadCursorA
GetClassInfoExA
IsWindow
GetDesktopWindow
GetFocus
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
FillRect
GetClassNameA
GetDlgItem
GetParent
IsChild
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
MoveWindow
GetSysColor
AdjustWindowRect
UpdateWindow
SetWindowTextW
LoadIconA
RegisterClassExA
CharNextA
DefWindowProcA
GetWindowRect
UnregisterClassA

gdi32

BitBlt
CreateCompatibleBitmap
GetStockObject
GetTextExtentPoint32A
CreateDIBSection
SelectObject
SetTextAlign
SetBkMode
SetBkColor
SetTextColor
GetDeviceCaps
CreateFontA
DeleteDC
DeleteObject
CreateCompatibleDC
SetMapMode
CreateSolidBrush
GetObjectA

comdlg32

GetOpenFileNameA

advapi32

RegisterEventSourceA
ReportEventA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
CryptDestroyHash
RegEnumValueA
GetUserNameA
CryptDestroyKey
CryptReleaseContext
DeregisterEventSource
RegOpenKeyA
RegEnumKeyExA
RegQueryInfoKeyW

shell32

SHGetFolderPathA
ShellExecuteA

ole32

OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
OleUninitialize
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VarUI4FromStr
SysAllocString
SysAllocStringLen
SysFreeString
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantCopy
VariantClear
VariantInit
OleCreateFontIndirect

iphlpapi

GetAdaptersInfo
GetIfTable

dbghelp

MiniDumpWriteDump
SymFromAddr
StackWalk
SymInitialize
SymSetOptions
SymGetLineFromAddr
SymCleanup
SymFunctionTableAccess
SymGetModuleBase

wintrust

WinVerifyTrust

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CertCloseStore
CryptMsgGetParam
CryptMsgClose

wininet

InternetReadFile
InternetCloseHandle
InternetQueryDataAvailable
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenUrlA
HttpQueryInfoA
InternetOpenA

audiere

_AdrOpenSampleSourceFromFile@8
_AdrGetSampleSize@4
_AdrOpenSound@12

mss32

_AIL_set_digital_master_volume_level@8
_AIL_set_listener_3D_position@16
_AIL_register_stream_callback@8
_AIL_set_room_type@8
_AIL_set_redist_directory@4
_AIL_set_DirectSound_HWND@8
_AIL_release_sample_handle@4
_AIL_set_sample_3D_position@16
_AIL_set_sample_volume_levels@12
_AIL_set_sample_processor@12
_AIL_close_digital_driver@4
_AIL_stream_status@4
_AIL_enumerate_filters@12
_AIL_set_file_callbacks@16
_AIL_set_listener_3D_orientation@28
_AIL_stream_sample_handle@4
_AIL_set_sample_3D_distances@16
_AIL_mem_free_lock@4
_AIL_set_stream_loop_count@8
_AIL_set_sample_low_pass_cut_off@8
_AIL_set_sample_playback_rate@8
_AIL_set_sample_loop_count@8
_AIL_file_read@8
_AIL_stop_sample@4
_AIL_allocate_sample_handle@4
_AIL_set_sample_reverb_levels@12
_AIL_shutdown@0
_AIL_close_stream@4
_AIL_room_type@4
_AIL_sample_stage_property@24
_AIL_sample_status@4
_AIL_open_digital_driver@16
_AIL_startup@0
_AIL_start_stream@4
_AIL_set_named_sample_file@20
_AIL_pause_stream@8
_AIL_start_sample@4
_AIL_open_stream@12

Sections

.text
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 230KB - Virtual size: 559KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 633B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 695KB - Virtual size: 694KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 501KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

369b247dd206b21a1dd6fc8e85f5de4f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

imm32

version

psapi

d3d9

devil

ilu

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

iphlpapi

dbghelp

wintrust

crypt32

wininet

audiere

mss32

Sections

.text Size: 6.8MB - Virtual size: 6.8MB

.rodata Size: 11KB - Virtual size: 10KB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 230KB - Virtual size: 559KB

.tls Size: 1024B - Virtual size: 633B

.rsrc Size: 695KB - Virtual size: 694KB

.reloc Size: 501KB - Virtual size: 501KB

.text
Size: 6.8MB - Virtual size: 6.8MB

.rodata
Size: 11KB - Virtual size: 10KB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 230KB - Virtual size: 559KB

.tls
Size: 1024B - Virtual size: 633B

.rsrc
Size: 695KB - Virtual size: 694KB

.reloc
Size: 501KB - Virtual size: 501KB