50c8836faf04eee240bdea027f6ecbfe_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

50c8836faf04eee240bdea027f6ecbfe_mafia_JC.exe
Size

571KB
MD5

50c8836faf04eee240bdea027f6ecbfe
SHA1

7adee10e2a285ee06eca7f2cd597e922c2945549
SHA256

ee497f2427eb490fc1f46be703d17dbffd1c07dd1837a605254ab25284a6203c
SHA512

db0cb707da9ce400718909bbf73b1c93e00e82c36cd7dd356c058ce69ef64a4bda5939422c07ea06c719e6b41a5b88247a5ae05a05ab4fe4b5d08074f0998367
SSDEEP

12288:MSgpp6AwkEXwrB1jq3OgFYbRhPP9cOSYxHN+Tm:Rgp9EX4jqMb9fbH7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50c8836faf04eee240bdea027f6ecbfe_mafia_JC.exe

Files

50c8836faf04eee240bdea027f6ecbfe_mafia_JC.exe
.exe windows x86

5d699e68c7c25e04f05663e81f1ab283

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32Next
WinExec
CloseHandle
OpenProcess
Process32First
CreateToolhelp32Snapshot
InterlockedDecrement
GetProcessHeap
SetEndOfFile
CreateFileW
CreateFileA
WriteConsoleW
SetStdHandle
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
WideCharToMultiByte
InterlockedIncrement
InterlockedExchange
MultiByteToWideChar
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
lstrlenA
LocalFree
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleW
ExitProcess
GetCommandLineA
HeapSetInformation
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
IsProcessorFeaturePresent
HeapCreate
WriteFile
GetModuleFileNameW
ReadFile
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LoadLibraryW
GetLocaleInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA

advapi32

GetLengthSid
LookupPrivilegeValueA
SetTokenInformation
OpenProcessToken
AdjustTokenPrivileges

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 429KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d699e68c7c25e04f05663e81f1ab283

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 429KB - Virtual size: 437KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 429KB - Virtual size: 437KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB