2024-09-11_aeba0f08f9721485b46d31c88e5740bf_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-11_aeba0f08f9721485b46d31c88e5740bf_mafia
Size

6.8MB
MD5

aeba0f08f9721485b46d31c88e5740bf
SHA1

b4800043319243e33e46209bf0f31b6d6670dff3
SHA256

e25c4cbd772c3896511f09bb32f7fa60f9b8e300567939dc4d16f4ca7b61c176
SHA512

88f540e368be723f68dff482573980732362d6ac7bfad75fe84ea909a5933158f2ca95e5a712db2d6aa092c281e26170cadb56841d21b113abf74fdb25753ec1
SSDEEP

98304:9Cfu1ra1XUXtbPyUCx+b53D33qOWbdoBj7bi9SH03zP2dTk8:9CWcgmUCx+b53DHbUdo5i7zPK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-11_aeba0f08f9721485b46d31c88e5740bf_mafia

Files

2024-09-11_aeba0f08f9721485b46d31c88e5740bf_mafia
.exe windows:5 windows x86 arch:x86

de5b201a1d88eb7502a7a3e425d8525c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

GGXXACPR_Win.pdb

Imports

steam_api

SteamAPI_Init
SteamAPI_WriteMiniDump
SteamAPI_RunCallbacks
SteamAPI_RestartAppIfNecessary
SteamAPI_Shutdown
SteamAPI_SetMiniDumpComment
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_GetHSteamUser
SteamAPI_RegisterCallback
SteamInternal_ContextInit
SteamInternal_FindOrCreateUserInterface

dbghelp

MiniDumpWriteDump

kernel32

GetFileType
SetHandleCount
QueryPerformanceCounter
Sleep
QueryPerformanceFrequency
GetFileSize
WriteFile
ReadFile
CreateFileW
CloseHandle
FindResourceW
LoadResource
GetModuleHandleW
SizeofResource
LockResource
CreateFileA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindClose
DeleteCriticalSection
PulseEvent
WaitForSingleObject
CreateEventW
ResumeThread
CreateThread
FileTimeToSystemTime
SetThreadPriority
GetTickCount
GetSystemTimeAsFileTime
GetOverlappedResult
GetFileTime
lstrcpyW
InterlockedIncrement
SetEvent
CreateDirectoryW
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
lstrcmpiA
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
SetFilePointer
FindFirstFileW
OutputDebugStringW
GetFileAttributesW
GetTimeZoneInformation
lstrlenW
GetLocalTime
FindNextFileW
ResetEvent
ReleaseSemaphore
GetLastError
CreateSemaphoreW
WaitForMultipleObjects
CreateMutexW
FreeLibrary
SetUnhandledExceptionFilter
VerSetConditionMask
GetCurrentProcess
OpenProcess
LoadLibraryW
GetSystemPowerStatus
GetModuleFileNameW
VerifyVersionInfoW
OpenMutexW
GetCurrentDirectoryW
GetEnvironmentStringsW
LoadLibraryA
LocalAlloc
SetCurrentDirectoryW
IsDebuggerPresent
GetCurrentThreadId
ReleaseMutex
GetCurrentProcessId
CheckRemoteDebuggerPresent
LocalFree
CreateFiber
ConvertThreadToFiber
SwitchToFiber
DeleteFiber
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetEnvironmentVariableA
SetEnvironmentVariableW
FatalAppExitA
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapCreate
GetStringTypeW
LCMapStringW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
RaiseException
GetLocaleInfoW
GetStdHandle
HeapSize
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitThread
HeapAlloc
ExitProcess
HeapFree
DecodePointer
EncodePointer
DebugBreak
OutputDebugStringA
CreateDirectoryA
InterlockedExchange
FreeEnvironmentStringsW
GetVersionExW
GetCurrentThread
HeapReAlloc
CompareStringW
SetStdHandle
WriteConsoleW
GetThreadPriority
SetEndOfFile
GetProcessHeap
InterlockedCompareExchange
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetConsoleCtrlHandler
lstrcmpiW
VirtualAlloc
DuplicateHandle
VirtualFree
GetSystemInfo
lstrcpynW
InterlockedDecrement
MulDiv
lstrcmpW
GetModuleFileNameA
GetProcAddress

user32

GetForegroundWindow
CloseClipboard
wvsprintfA
AdjustWindowRect
UpdateWindow
GetSystemMetrics
MessageBoxW
ShowWindow
SetWindowPos
SetWindowLongW
InvalidateRect
SetRect
DispatchMessageW
DefWindowProcW
SendMessageW
SetWindowTextA
FlashWindowEx
GetQueueStatus
EmptyClipboard
OpenClipboard
SetClipboardData
MessageBoxA
RegisterClassW
ReleaseCapture
CreateWindowExW
GetCursorPos
ReleaseDC
PeekMessageW
LoadIconW
ShowCursor
TranslateMessage
GetDC
GetClientRect
LoadCursorW
TrackMouseEvent
PostMessageW
SetCapture
IsIconic
SetProcessDPIAware
PostQuitMessage
GetWindowRect
ScreenToClient
SetCursor
DestroyWindow
MsgWaitForMultipleObjects
wvsprintfW
RegisterWindowMessageW
PostThreadMessageW
wsprintfW

gdi32

DeleteDC
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
AddFontResourceExW
SelectObject

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetMalloc
SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderLocation

ole32

CoTaskMemAlloc
CoSetProxyBlanket
CoFreeUnusedLibraries
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx
CoInitialize

oleaut32

SysFreeString
SysAllocString

winmm

timeEndPeriod
timeBeginPeriod
mmioRead
mmioWrite
mmioOpenW
timeSetEvent
timeGetTime
timeKillEvent
mmioGetInfo
mmioSeek
mmioDescend
mmioCreateChunk
mmioClose
mmioAdvance
mmioAscend
mmioSetInfo

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

xinput1_3

ord2
ord3
ord4

shlwapi

StrCmpIW
PathFindFileNameW
PathFileExistsW
StrCmpW
PathIsDirectoryW

d3dx9_43

D3DXSaveTextureToFileW
D3DXCreateFontIndirectW
D3DXCreateEffectEx
D3DXVec3Normalize
D3DXVec4Transform
D3DXMatrixRotationZ
D3DXMatrixRotationX
D3DXMatrixMultiply
D3DXMatrixTranspose
D3DXMatrixRotationY

ws2_32

htons
htonl
ntohl
sendto
ntohs

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de5b201a1d88eb7502a7a3e425d8525c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

steam_api

dbghelp

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winmm

d3d9

dinput8

xinput1_3

shlwapi

d3dx9_43

ws2_32

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 1.2MB - Virtual size: 3.4MB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 404KB - Virtual size: 404KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 1.2MB - Virtual size: 3.4MB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 404KB - Virtual size: 404KB