006356276c2dfd93f00055fdf78be16b_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

006356276c2dfd93f00055fdf78be16b_mafia_JC.exe
Size

10.0MB
MD5

006356276c2dfd93f00055fdf78be16b
SHA1

e9e84ee722cfc03cd7a1721bc0fc0fb210713f66
SHA256

136c0e8490cf708ffac6c421da43265d06c4fe059d280824138c9ac2e216268b
SHA512

23ae8bf211ed536e74e3e546291395347349b8bf90826344c17b0f1e5cc64391bd588ccf4492ec90ce57340893bf0da0c04f0644ab4bc20f2eb2d57f4232f8ca
SSDEEP

196608:Wh1wdRCLtoVBdQVFMN2PO/LrPTZ++Ieceo6Pd8td0aFL7j9gBDIu/:WY6UrPTzIB6PdDaF6J/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
006356276c2dfd93f00055fdf78be16b_mafia_JC.exe

Files

006356276c2dfd93f00055fdf78be16b_mafia_JC.exe
.exe windows x86

048cabdd8651aadfe0b86965fdcf1e5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
FindNextFileW
GetLogicalDriveStringsW
GetFileSize
SetFilePointer
SetEndOfFile
FileTimeToSystemTime
GetSystemInfo
GetModuleHandleW
GlobalMemoryStatus
FileTimeToDosDateTime
GetSystemTime
SystemTimeToFileTime
VirtualFree
VirtualAlloc
WaitForSingleObject
SetEvent
InitializeCriticalSection
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
CreateProcessW
FindResourceW
SizeofResource
LoadResource
LockResource
SetErrorMode
GetLocalTime
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
FindResourceExW
lstrcpynW
GetFileAttributesW
lstrcatW
lstrcmpiW
HeapAlloc
GetProcessHeap
GetModuleHandleA
HeapFree
MoveFileExW
Sleep
CopyFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
RaiseException
SetLastError
FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
GetDiskFreeSpaceExW
GlobalFree
TerminateThread
CreateMutexW
OpenMutexW
OutputDebugStringW
GetLastError
ReadFile
GetStdHandle
WriteFile
EnterCriticalSection
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
CreateFileA
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FlushFileBuffers
GetConsoleCP
RtlUnwind
SetHandleCount
HeapCreate
GetLocaleInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetSystemTimeAsFileTime
ExitProcess
CreateThread
ExitThread
EncodePointer
DecodePointer
InterlockedPopEntrySList
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
LoadLibraryA
FindClose
GetTempFileNameW
GetTempPathW
SearchPathW
GetCurrentDirectoryW
lstrlenW
GetFullPathNameW
DeleteFileW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
SetFileAttributesW
SetFileTime
CreateFileW
GetSystemDirectoryW
GetWindowsDirectoryW
LocalFree
FormatMessageW
GetModuleFileNameW
LoadLibraryW
LoadLibraryExW
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
SetConsoleMode
GetConsoleMode
GetVersionExW
GetCommandLineW
SetFileApisToOEM
GetDriveTypeW
CompareFileTime
SetCurrentDirectoryW
GetProcAddress
FileTimeToLocalFileTime
GetCurrentProcess
GetProcessTimes
GetTickCount
OpenEventW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CloseHandle
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
GetVersion
LeaveCriticalSection
WaitForMultipleObjects
DeleteCriticalSection

user32

MessageBoxA
CharUpperA
UnregisterClassA
LoadCursorW
RegisterClassExW
GetProcessWindowStation
GetUserObjectInformationW
SetWindowLongW
CharNextA
GetWindowLongW
DestroyAcceleratorTable
GetDesktopWindow
GetDC
InvalidateRect
CallWindowProcW
InvalidateRgn
GetClientRect
ReleaseDC
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
CharLowerW
CharUpperW
DefWindowProcW
PostMessageW
FindWindowExW
GetWindowThreadProcessId
SendMessageTimeoutW
FindWindowW
MessageBoxW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
GetDlgItem
SendMessageW
IsWindow
GetClassNameW
GetSysColor
CharNextW
SetWindowPos
RedrawWindow

gdi32

CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
LookupPrivilegeValueW
AdjustTokenPrivileges
LookupAccountNameW
GetFileSecurityW
InitializeSecurityDescriptor
GetUserNameW
BuildExplicitAccessWithNameW
DeleteAce
GetExplicitEntriesFromAclW
SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW
RegCloseKey
RegOpenKeyW
SetFileSecurityW
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAccessAllowedAce
AddAce
EqualSid
GetAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
OpenProcessToken

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleInitialize
StringFromCLSID
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
CoInitialize
CoCreateInstance
OleUninitialize

oleaut32

SysAllocStringLen
VariantCopy
VariantClear
SysAllocStringByteLen
SysAllocString
SysFreeString
VariantInit
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect

psapi

GetModuleFileNameExW

shlwapi

SHSetValueW
PathRemoveFileSpecW
StrCpyW
PathStripToRootW
PathIsSameRootW
PathAddBackslashW
StrCmpW
SHDeleteValueW
SHDeleteKeyW
SHGetValueW
PathAppendW
PathFileExistsW
PathIsDirectoryW

comctl32

InitCommonControlsEx

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpOpen
WinHttpCloseHandle
WinHttpSetOption

Sections

.text
Size: 781KB - Virtual size: 781KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

048cabdd8651aadfe0b86965fdcf1e5d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

psapi

shlwapi

comctl32

wtsapi32

winhttp

Sections

.text Size: 781KB - Virtual size: 781KB

.rdata Size: 156KB - Virtual size: 155KB

.data Size: 54KB - Virtual size: 78KB

.rsrc Size: 8.9MB - Virtual size: 8.9MB

.reloc Size: 80KB - Virtual size: 79KB

.text
Size: 781KB - Virtual size: 781KB

.rdata
Size: 156KB - Virtual size: 155KB

.data
Size: 54KB - Virtual size: 78KB

.rsrc
Size: 8.9MB - Virtual size: 8.9MB

.reloc
Size: 80KB - Virtual size: 79KB