cfxmafia_alpha[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

cfxmafia_alpha.exe
Size

4.1MB
MD5

64f25b7837d5464c3560b57e32ffdf7f
SHA1

77c005a161d5b9a2990ed5dcafdca7b10a0f7a72
SHA256

0dc4054c40dfef4690f9a8c4539af970505d8ff72ad5d9159492cb385c51eefd
SHA512

a4947df59699f04801992af6b5d8f892d3513a3a29dca082e41c9cd58068f4c2527234ded91474922c5098b8623823517c0cfc98ff5a45c423b8c3bd7a3179dd
SSDEEP

49152:zEEPQqPj93VtZSJWyPP6aFY2/Dvj62BM0UWiRA7j7GqyBav3KwMgZeexm3ksZRZN:RH2JWNO36uM0FildqMgY5ksZnQy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfxmafia_alpha.exe

Files

cfxmafia_alpha.exe
.exe windows x64

Password: infected

c2c012cdc797d8f83c853cc389270ced

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

AreFileApisANSI
CloseHandle
ConvertFiberToThread
ConvertThreadToFiber
CreateDirectoryW
CreateEventW
CreateFiber
CreateFileW
CreateToolhelp32Snapshot
DecodePointer
DeleteCriticalSection
DeleteFiber
EnterCriticalSection
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeConsole
FreeLibrary
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileType
GetLastError
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleW
GetProcAddress
GetStdHandle
GetSystemTimeAsFileTime
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringW
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleA
ReadConsoleW
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleMode
SetEvent
SetLastError
SetUnhandledExceptionFilter
SwitchToFiber
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerSetConditionMask
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile

user32

ClientToScreen
CloseClipboard
CreateWindowExW
DefWindowProcA
DispatchMessageA
EmptyClipboard
GetCapture
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetForegroundWindow
GetKeyState
GetProcessWindowStation
GetSystemMetrics
GetUserObjectInformationW
GetWindowRect
IsWindowUnicode
LoadCursorA
MessageBoxA
MonitorFromWindow
MoveWindow
OpenClipboard
PeekMessageA
RegisterClassExA
ReleaseCapture
ReleaseDC
ScreenToClient
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetProcessDPIAware
SetWindowPos
ShowWindow
TrackMouseEvent
TranslateMessage
UnregisterClassA
UpdateWindow

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0ios_base@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1ios_base@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Id_cnt@id@locale@std@@0HA
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IEAAXPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
_Xtime_get_ticks

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
getnameinfo
getsockname
getsockopt
htons
inet_ntop
inet_pton
ioctlsocket
listen
ntohs
recv
send
setsockopt
socket

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VarBstrCat
VariantClear
VariantInit

ole32

CoCreateInstance
CoInitializeEx
CoSetProxyBlanket

advapi32

DeregisterEventSource
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceA
ReportEventA

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

imm32

ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

dwmapi

DwmEnableBlurBehindWindow
DwmGetColorizationColor
DwmIsCompositionEnabled

bcrypt

BCryptGenRandom

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
__std_exception_copy
__std_exception_destroy
__std_terminate
memchr
memcmp
memcpy
memmove
memset
strchr
strrchr
strstr
wcsstr

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vsscanf
_fileno
_fseeki64
_get_stream_buffer_pointers
_set_fmode
_setmode
_wfopen
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fopen_s
fputc
fputs
fread
fseek
fsetpos
ftell
fwrite
setvbuf
ungetc

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_c_exit
_cexit
_configure_narrow_argv
_crt_atexit
_errno
_exit
_get_initial_narrow_environment
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
exit
raise
signal
strerror_s
terminate

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_time64

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_stat64i32
_unlock_file

api-ms-win-crt-string-l1-1-0

_strdup
_stricmp
_strnicmp
isspace
strcat
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strspn
wcslen

api-ms-win-crt-math-l1-1-0

__setusermatherr
acosf
atan2f
ceilf
cosf
fmodf
ldexp
log
logf
pow
powf
sinf
sqrtf

api-ms-win-crt-convert-l1-1-0

atof
atoi
strtol
strtoul

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

qsort

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 539KB - Virtual size: 539KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.6MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

c2c012cdc797d8f83c853cc389270ced

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

kernel32

user32

msvcp140

ws2_32

oleaut32

ole32

advapi32

gdi32

imm32

d3dcompiler_47

dwmapi

bcrypt

vcruntime140

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 539KB - Virtual size: 539KB

.data Size: 86KB - Virtual size: 123KB

.pdata Size: 51KB - Virtual size: 50KB

.00cfg Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 45B

.rsrc Size: 512B - Virtual size: 424B

.reloc Size: 1.6MB - Virtual size: 5.7MB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 539KB - Virtual size: 539KB

.data
Size: 86KB - Virtual size: 123KB

.pdata
Size: 51KB - Virtual size: 50KB

.00cfg
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 45B

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 1.6MB - Virtual size: 5.7MB