2024-09-06_6708f19b51a504ea01d4b9eea837ca0b_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-06_6708f19b51a504ea01d4b9eea837ca0b_mafia
Size

3.1MB
MD5

6708f19b51a504ea01d4b9eea837ca0b
SHA1

48eeafcf797960bfee05743ed0d715dc30277304
SHA256

4d725174fcc45bc6ff8a19ac1202a167ff3b12083364f121d54b891dc837879d
SHA512

be6dd10184b69e8f8ddd7529d3f853cd6985b92cf790da3ba64954daca524239fb7a834a259028ad6a6453880548e57a3ad50d8c60155164dec0962eb866e487
SSDEEP

98304:Jf2ZEkSXLjk4ztv02OGHxOW02OGHxOErszBip+iaRyvLOcM:Jf4SXLjQzBk+9yvLI

Score

1^/10

Malware Config

Signatures

Files

2024-09-06_6708f19b51a504ea01d4b9eea837ca0b_mafia
.exe windows:5 windows x86 arch:x86

db9a8f379aa183e2702a3e40ce25b1ab

Code Sign

b9:71:62:f1:f4:77:0c:c4:43:7a:7a:84:22:94:31:ab:99:76:89:03
Signer

Actual PE Digest

b9:71:62:f1:f4:77:0c:c4:43:7a:7a:84:22:94:31:ab:99:76:89:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\dev\ManiacGameTool_V2_2914\trunk\bin\Release\fzgame.pdb

Imports

kernel32

GetVersion
GetVersionExW
SetUnhandledExceptionFilter
MoveFileExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FindFirstFileW
FindNextFileW
ResetEvent
CreateFileW
GetFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
SetEvent
FindFirstFileA
FindClose
GetLocalTime
GetTempPathA
WritePrivateProfileStringA
MoveFileW
MultiByteToWideChar
lstrlenA
CreateEventW
WaitForMultipleObjects
CopyFileW
FreeLibrary
LoadLibraryW
GetProcAddress
GetLastError
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
lstrlenW
GetCurrentThreadId
WaitForSingleObject
CloseHandle
OutputDebugStringW
Sleep
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
GetTimeZoneInformation
GetProcessHeap
SetStdHandle
InterlockedExchange
LCMapStringW
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetLocaleInfoW
GetStdHandle
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapReAlloc
GetFileAttributesA
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapAlloc
HeapFree
FindFirstFileExW
ExitThread
DecodePointer
EncodePointer
RtlUnwind
SetFileTime
FormatMessageW
SetEndOfFile
DosDateTimeToFileTime
DuplicateHandle
GetFileType
MulDiv
SetLastError
LocalFree
CreateDirectoryW
GetNativeSystemInfo
SystemTimeToFileTime
CreateMutexW
OpenEventW
GetCurrentProcess
CreateProcessW
TerminateProcess
GetCurrentProcessId
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
WriteFile
SetFilePointer
GetFileSize
DeleteFileW
GetFileAttributesW
GetVolumeInformationW
GetSystemDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
RemoveDirectoryA
DeleteFileA
FindNextFileA
ReadFile
GetFileSizeEx
FileTimeToLocalFileTime
VirtualFree
VirtualAlloc
RaiseException
FileTimeToDosDateTime
VirtualQuery
GetSystemInfo
GlobalMemoryStatus
lstrcpyW
GetSystemTimeAsFileTime
SizeofResource
LockResource
LoadResource
FindResourceW
FlushFileBuffers
lstrcpynW
OutputDebugStringA
GetEnvironmentVariableW
SetEnvironmentVariableW
FreeResource
GetComputerNameW
GetACP
CreateDirectoryA
CreateFileA
VerSetConditionMask
VerifyVersionInfoW
GetTempPathW
GetDiskFreeSpaceExW
GetDriveTypeW
GetPrivateProfileStringA
CopyFileA
InterlockedExchangeAdd
CreateThread
TerminateThread
ExitProcess
GetCurrentDirectoryW
GetTickCount

user32

KillTimer
RegisterClassW
LoadCursorW
ShowWindow
IsWindow
CreateWindowExW
GetDC
SystemParametersInfoW
GetWindow
DestroyMenu
DefWindowProcW
SendMessageW
EnableWindow
LoadIconW
SetWindowsHookExW
CallNextHookEx
RegisterHotKey
UnregisterHotKey
UnhookWindowsHookEx
GetAsyncKeyState
SetCursor
ScreenToClient
MoveWindow
GetSubMenu
GetParent
wsprintfW
wvsprintfW
GetWindowTextW
MessageBoxW
wsprintfA
IsIconic
GetMonitorInfoW
MonitorFromWindow
IsZoomed
LoadMenuW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
SetFocus
GetSystemMetrics
CallWindowProcW
GetPropW
SetPropW
ClientToScreen
GetClassInfoExW
GetKeyState
InvalidateRect
SetCapture
ReleaseCapture
PtInRect
ReleaseDC
GetFocus
EndPaint
UpdateLayeredWindow
IsRectEmpty
BeginPaint
GetUpdateRect
MapWindowPoints
CharNextW
IntersectRect
FillRect
DrawTextW
CharPrevW
SetRect
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetSysColor
GetWindowTextLengthW
SetWindowTextW
InvalidateRgn
CreateAcceleratorTableW
OffsetRect
InflateRect
RegisterClassExW
DestroyWindow
LoadImageW
SetTimer
GetMenuItemID
IsWindowVisible
GetWindowRect
SetWindowPos
PostMessageW
GetWindowLongW
SetWindowLongW
SetWindowRgn
GetClientRect
RegisterWindowMessageW
GetCursorPos
SetForegroundWindow

gdi32

SelectClipRgn
TextOutW
GetTextExtentPoint32W
LineTo
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
CreateSolidBrush
SetBkMode
ExtTextOutW
SetTextColor
RoundRect
CreatePenIndirect
DeleteDC
DeleteObject
CreateDIBSection
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetBkColor
MoveToEx
SetStretchBltMode
StretchBlt
GetObjectA
SetWindowOrgEx
SaveDC
RestoreDC
BitBlt
Rectangle
CreatePen
GetStockObject
GetObjectW
CreateFontIndirectW
GetTextMetricsW
CreateRoundRectRgn
GetCharABCWidthsW

comdlg32

GetOpenFileNameW

shell32

DragQueryFileW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
Shell_NotifyIconW
DragFinish
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderLocation
SHFileOperationW
SHGetFolderPathA

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysAllocString
SysFreeString

shlwapi

UrlIsW
PathFileExistsW
PathFindExtensionA

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipFree
GdipAlloc
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteFont
GdipCreateLineBrushI
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDrawString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCloneBrush
GdipGetImageWidth
GdipDisposeImage

dbghelp

MiniDumpWriteDump
MakeSureDirectoryPathExists

wininet

InternetWriteFile
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestExW
InternetQueryDataAvailable
InternetSetOptionW
HttpQueryInfoW
InternetCrackUrlW
InternetCloseHandle
HttpEndRequestW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
HttpSendRequestW
InternetOpenA

urlmon

CoInternetParseUrl
ObtainUserAgentString

ws2_32

recv
htonl
htons
ntohl
send
closesocket

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

advapi32

SetEntriesInAclW
AllocateAndInitializeSid
GetSecurityInfo
CloseServiceHandle
StartServiceW
QueryServiceStatus
OpenServiceW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyW
RegOpenKeyExA
GetCurrentHwProfileW
OpenSCManagerW
FreeSid
SetSecurityInfo

ole32

OleLockRunning
CLSIDFromString
CoInitialize
CLSIDFromProgID
CoCreateInstance
CoTaskMemFree
CoUninitialize

comctl32

ord17
_TrackMouseEvent

Exports

Exports

??4IPhoneData@@QAEAAV0@ABV0@@Z
?BpDict_2_Xml@IPhoneData@@SA_NPAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Bplist2Xml@IPhoneData@@SA_NPAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?CFArrayCount@IPhoneData@@SAHPBX@Z
?CFArrayGetBool@IPhoneData@@SA_NPBXHPA_N@Z
?CFArrayGetInt@IPhoneData@@SA_NPBXHPAH@Z
?CFArrayGetString@IPhoneData@@SA_NPBXHPADH@Z
?CFDataGetBytePtr@IPhoneData@@SAPADPBX@Z
?CFDataGetLength@IPhoneData@@SAHPBX@Z
?CFRelease@IPhoneData@@SAXPBX@Z
?GetArrayByDictionary@IPhoneData@@SAPBXPBXPAD@Z
?GetArrayByPlist@IPhoneData@@SAPBXPBDHPAD@Z
?GetBooleanByDictionary@IPhoneData@@SA_NPBXPADPA_N@Z
?GetBooleanByDictionaryArray@IPhoneData@@SA_NPBXPADPA_N@Z
?GetBooleanByPlist@IPhoneData@@SA_NPBDPADPA_N@Z
?GetDataByDictionary@IPhoneData@@SA_NPBXPADPAPAX@Z
?GetDataByDictionaryArray@IPhoneData@@SA_NPBXPADPAPAX@Z
?GetDataByPlist@IPhoneData@@SA_NPBDIPADPAPAX@Z
?GetDesignationDictionaryByDictionaryArray@IPhoneData@@SA_NPBXPADHPAPAX@Z
?GetDictionaryArrayByDictionary@IPhoneData@@SA_NPBXPADPAPAX@Z
?GetDictionaryArrayByDictionaryArray@IPhoneData@@SA_NPBXPADPAPAX@Z
?GetDictionaryArrayByPlist@IPhoneData@@SA_NPBDIPADPAPAX@Z
?GetDictionaryArrayByPlist@IPhoneData@@SA_NPBDPADPAPAX@Z
?GetDictionaryByDictionary@IPhoneData@@SA_NPBXPADPAPAX@Z
?GetDictionaryByDictionaryArray@IPhoneData@@SA_NPBXPADPAPAX@Z
?GetDictionaryByPlist@IPhoneData@@SA_NPBDHPADPAPAX@Z
?GetIndexDictionaryByDictionaryArray@IPhoneData@@SA_NPBXHPAPAX@Z
?GetInteger64ByDictionary@IPhoneData@@SA_NPBXPADPA_J@Z
?GetIntegerByDictionary@IPhoneData@@SA_NPBXPADPAH@Z
?GetIntegerByDictionaryArray@IPhoneData@@SA_NPBXPADPAH@Z
?GetIntegerByPlist@IPhoneData@@SA_NPBDIPADPAH@Z
?GetStringByDictionary@IPhoneData@@SA_NPBXPAD1H@Z
?GetStringByDictionary@IPhoneData@@SA_NPBXPADPA_WH@Z
?GetStringByDictionaryArray@IPhoneData@@SA_NPBXPADPA_WH@Z
?GetStringByPlist@IPhoneData@@SA_NPBDHPAD1H@Z
?GetStringByPlist@IPhoneData@@SA_NPBDHPADPA_WH@Z
?Xml2Bplist@IPhoneData@@SA_NPADAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
GetITunesVersion
Initialize
LoadITunesDLL

Sections

.text
Size: 980KB - Virtual size: 980KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 289KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db9a8f379aa183e2702a3e40ce25b1ab

Code Sign

b9:71:62:f1:f4:77:0c:c4:43:7a:7a:84:22:94:31:ab:99:76:89:03Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

shell32

oleaut32

shlwapi

gdiplus

dbghelp

wininet

urlmon

ws2_32

iphlpapi

version

advapi32

ole32

comctl32

Exports

Exports

Sections

.text Size: 980KB - Virtual size: 980KB

.rdata Size: 313KB - Virtual size: 313KB

.data Size: 289KB - Virtual size: 363KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 78KB - Virtual size: 77KB

b9:71:62:f1:f4:77:0c:c4:43:7a:7a:84:22:94:31:ab:99:76:89:03
Signer

.text
Size: 980KB - Virtual size: 980KB

.rdata
Size: 313KB - Virtual size: 313KB

.data
Size: 289KB - Virtual size: 363KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 78KB - Virtual size: 77KB