926cfed6e6c8a3a9b09e661257b78fef_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

926cfed6e6c8a3a9b09e661257b78fef_mafia_JC.exe
Size

3.6MB
MD5

926cfed6e6c8a3a9b09e661257b78fef
SHA1

f8d43dfbd8dadadd46e9b38ba1a37196c36ae8e1
SHA256

d89c84ef5ac66f8100b5e22c5a9c3c72927971d5827b76882eab2643173f66c5
SHA512

94fa65be3305e17c36f9e7b78472a4bfd944ecd0dc2b63726c18a94fd054406d6432f7a6e2f9b242b093dab514053a14d5509a2c87abbdea2a4dcde66cbe0a8f
SSDEEP

98304:5iznpTonSkepW6eYhKRN4MZxmOVQPsFfV/ZnfU9fRhRBFBTY5QS9EPmh4iOQYAS:U9UfuuIsFfVVIfnl8Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
926cfed6e6c8a3a9b09e661257b78fef_mafia_JC.exe

Files

926cfed6e6c8a3a9b09e661257b78fef_mafia_JC.exe
.exe windows x86

4272477f67f7a507a62bf8d050e026e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
GetFileTime
SetFileTime
GetTempFileNameA
MultiByteToWideChar
GetSystemTime
SystemTimeToFileTime
GetTempPathA
GetDriveTypeA
GetDriveTypeW
FreeLibrary
GetProcAddress
LoadLibraryA
GetLogicalDriveStringsA
GetComputerNameA
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
TlsAlloc
SetLastError
TlsGetValue
TlsSetValue
TlsFree
InterlockedExchangeAdd
SwitchToFiber
CreateFiber
DeleteFiber
GetEnvironmentVariableW
GetModuleHandleW
GetVersion
GetFileType
GetStdHandle
GetModuleHandleA
CreateMutexA
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
InterlockedIncrement
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
FindClose
FindNextFileW
FindFirstFileW
TerminateThread
CreateThread
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetVolumeInformationA
ConvertFiberToThread
ConvertThreadToFiber
FormatMessageW
VerifyVersionInfoW
VerSetConditionMask
GetEnvironmentVariableA
MoveFileExA
LoadLibraryW
GetFileSizeEx
EncodePointer
DecodePointer
HeapFree
HeapAlloc
ExitProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetTimeFormatA
GetTimeZoneInformation
HeapReAlloc
InterlockedDecrement
DeleteFileW
DeleteFileA
FindFirstFileExW
GetFileAttributesA
ExitThread
RaiseException
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetModuleFileNameW
GetCurrentProcess
HeapSize
GetLocaleInfoW
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
RtlUnwind
SetStdHandle
SetHandleCount
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetFullPathNameW
CreateFileW
GetProcessHeap
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
Sleep
GlobalReAlloc
GlobalHandle
GlobalFree
FatalAppExitA
GlobalUnlock
GlobalAlloc
GlobalLock
GlobalSize
GetCurrentProcessId
CloseHandle
ReadFile
WriteFile
_lcreat
_lclose
SetEndOfFile
SetFilePointer
GetFileSize
CreateFileA
GetLastError
GetTickCount
OutputDebugStringA
GetThreadLocale
GetDateFormatA
GetModuleFileNameA
SetCurrentDirectoryA
GetCurrentThreadId
WideCharToMultiByte

user32

GetUserObjectInformationW
SetDlgItemTextA
UnhookWindowsHookEx
SetWindowsHookExA
GetDlgItem
MessageBoxA
CallNextHookEx
VkKeyScanA
CreateAcceleratorTableA
CopyAcceleratorTableA
DestroyAcceleratorTable
TranslateMDISysAccel
IsDialogMessageA
GetProcessWindowStation
SendMessageA
MoveWindow
IsWindowVisible
ShowWindow
CreateWindowExA
DestroyWindow
DispatchMessageA
TranslateAcceleratorA
TranslateMessage
SetTimer
GetMessageA
GetMenu
GetClientRect
IsIconic
SetCursorPos
EmptyClipboard
GetWindow
wsprintfA
GetClassNameA
IsWindow
GetClassInfoA
GetWindowLongA
SetWindowLongA
RegisterClassA
CallWindowProcA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
ClientToScreen
SetScrollRange
SetScrollPos
GetScrollPos
MessageBoxIndirectA
SystemParametersInfoA
LoadAcceleratorsA
ReleaseDC
SwapMouseButton
MessageBeep
GetKeyboardState
GetAsyncKeyState
InsertMenuItemA
DeleteMenu
wsprintfW
GetMenuState
GetMenuItemInfoA
GetMenuStringA
CreatePopupMenu
InsertMenuW
InsertMenuA
SetMenuItemInfoA
ModifyMenuA
IsWindowEnabled
GetSysColor
CheckDlgButton
IsDlgButtonChecked
GetActiveWindow
CheckRadioButton
GetDlgCtrlID
GetDlgItemTextA
SetCursor
GetKeyState
CreateCursor
DestroyCursor
GetSystemMetrics
CloseClipboard
RegisterClipboardFormatA
GetClipboardData
MessageBoxW
OpenClipboard
SetClipboardData
SetActiveWindow
SetCapture
GetDC
InvalidateRect
ScrollWindow
GetCursorPos
ReleaseCapture
UpdateWindow
ValidateRect
GetWindowThreadProcessId
ShowOwnedPopups
ToAscii
GetSystemMenu
CreateDialogParamA
PeekMessageA
EnableWindow
SetWindowPos
GetMenuItemID
GetSubMenu
EnableMenuItem
DrawMenuBar
GetMenuItemCount
CheckMenuItem
EndPaint
ScreenToClient
GetWindowRect
IsChild
IsZoomed
LoadMenuA
LoadIconA
SetFocus
BeginPaint
DefWindowProcA
SetMenu
DefMDIChildProcA
DestroyMenu
LoadCursorA
PostQuitMessage
GetFocus
GetParent
DefFrameProcA
SetParent

gdi32

CreateEllipticRgn
CreatePolygonRgn
GetRgnBox
PtInRegion
CreateRectRgnIndirect
CombineRgn
CreateRectRgn
BeginPath
MoveToEx
Arc
FrameRgn
Pie
LineTo
DeleteEnhMetaFile
LPtoDP
CreateEnhMetaFileA
SetTextColor
StretchBlt
CreateFontIndirectA
SetBrushOrgEx
UnrealizeObject
SetBkMode
SelectClipRgn
Rectangle
Ellipse
FillRgn
OffsetClipRgn
EndPath
StretchDIBits
GetTextExtentPointA
CreatePatternBrush
Polyline
FillPath
CreatePen
PolyBezier
GetTextMetricsA
SetROP2
RoundRect
PaintRgn
CloseEnhMetaFile
TextOutA
EndPage
StartPage
CreateDCA
SetAbortProc
StartDocA
EndDoc
CreatePalette
SetPaletteEntries
GetSystemPaletteEntries
SetBkColor
CreateSolidBrush
CopyEnhMetaFileA
GetEnhMetaFileHeader
GetBitmapBits
SetWindowOrgEx
BitBlt
PatBlt
SetViewportOrgEx
DeleteDC
GetDeviceCaps
GetDIBits
CreateBitmap
DeleteObject
SelectObject
GetPaletteEntries
CreateCompatibleDC
CreateCompatibleBitmap
RealizePalette
SelectPalette
CreateICA
GetObjectA
GetStockObject
GetWindowOrgEx
GetViewportOrgEx
CreateFontA
GetNearestColor
GetPixel

comdlg32

CommDlgExtendedError
PrintDlgA
GetOpenFileNameA
GetSaveFileNameA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

advapi32

CryptDestroyHash
GetNamedSecurityInfoW
GetSecurityInfo
GetUserNameA
RegQueryValueExA
RegOpenKeyExA
DeregisterEventSource
ReportEventW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
FreeSid
AllocateAndInitializeSid
SetNamedSecurityInfoW
SetSecurityInfo
CryptImportKey
CryptEncrypt
CryptHashData
CryptGetHashParam
CryptAcquireContextA
CryptGenRandom
CryptDestroyKey
CryptGetUserKey
CryptGetProvParam
CryptEnumProvidersW
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashW
RegisterEventSourceW
CryptExportKey
CryptAcquireContextW
CryptReleaseContext
SetEntriesInAclA

wsock32

closesocket
send
WSAGetLastError
WSACleanup
WSAStartup
recv
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
socket
connect
WSASetLastError
inet_addr
gethostname
__WSAFDIsSet
select
listen
accept
getservbyport
gethostbyaddr
htonl
ioctlsocket
inet_ntoa
gethostbyname
getservbyname

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertFindExtension
CryptDecodeObjectEx
CryptQueryObject
CertAddCertificateContextToStore
CryptStringToBinaryA
PFXImportCertStore
CertDuplicateCertificateContext
CertFindCertificateInStore
CertCreateCertificateChainEngine
CertOpenStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertOpenSystemStoreA
CertEnumCertificatesInStore
CertCloseStore

ws2_32

getaddrinfo
freeaddrinfo
getnameinfo
WSAIoctl
WSACloseEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
WSACreateEvent

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 518KB - Virtual size: 518KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 242KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4272477f67f7a507a62bf8d050e026e4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

comctl32

advapi32

wsock32

crypt32

ws2_32

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 518KB - Virtual size: 518KB

.data Size: 242KB - Virtual size: 303KB

.rsrc Size: 41KB - Virtual size: 40KB

.reloc Size: 127KB - Virtual size: 127KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 518KB - Virtual size: 518KB

.data
Size: 242KB - Virtual size: 303KB

.rsrc
Size: 41KB - Virtual size: 40KB

.reloc
Size: 127KB - Virtual size: 127KB