1b09f571063607b46d68dc0cb0180f6f_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1b09f571063607b46d68dc0cb0180f6f_mafia_JC.exe
Size

4.1MB
MD5

1b09f571063607b46d68dc0cb0180f6f
SHA1

294322afd2a3d443fcabffc17577709db577d33d
SHA256

b2e7b635d5665b7729a4ee854e4ccce9f41d9ad835fd98b10647a3e0d75a6a85
SHA512

5d910d45c32fb6c8bda21468c70f8e9ddfc0a7ddca9b78251762a008301c4d47087c9b5097cb73bb063a52339d7ed5fd4ca8c172105795e26030072992be311e
SSDEEP

98304:Uj1UXW47vj3bFFVXDXEGITZzoLrsvmt65wmlDXbBqm1Dyoj9ghi1RebMIg9Cbk/0:U+Xd3btqzuBJmlDXbBqm1uojDIg9CbkL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b09f571063607b46d68dc0cb0180f6f_mafia_JC.exe

Files

1b09f571063607b46d68dc0cb0180f6f_mafia_JC.exe
.exe windows x86

26fe35618821530dac59d64fae098a14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA
timeGetTime

iphlpapi

GetAdaptersInfo

psapi

GetModuleFileNameExA

kernel32

GetStartupInfoW
RtlUnwind
RaiseException
ExitThread
HeapQueryInformation
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsValidCodePage
GetStringTypeW
GetStdHandle
GetLocaleInfoW
HeapSetInformation
EnumSystemLocalesA
IsValidLocale
LCMapStringW
GetConsoleCP
GetConsoleMode
SetHandleCount
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
CompareStringW
WriteConsoleW
GetProcessHeap
CreateFileW
SetEnvironmentVariableA
IsProcessorFeaturePresent
ExitProcess
WideCharToMultiByte
SizeofResource
GetDriveTypeW
LoadResource
FindResourceW
QueryPerformanceCounter
CreateEventA
CloseHandle
SetEvent
WaitForSingleObject
HeapReAlloc
ResetEvent
MultiByteToWideChar
FindFirstFileA
FindClose
FindNextFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleA
GetProcAddress
GetCurrentProcess
OpenProcess
CreateProcessA
GetCommandLineA
GetCurrentThread
LoadLibraryA
GetModuleFileNameA
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32First
Module32Next
GetSystemDefaultLangID
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
DeleteFileA
MoveFileA
SetCurrentDirectoryW
GetCurrentDirectoryW
LockResource
VirtualQuery
GetVersion
GlobalMemoryStatus
FlushConsoleInputBuffer
GetDriveTypeA
FindFirstFileExA
ReadConsoleInputA
SetConsoleMode
GetFileInformationByHandle
PeekNamedPipe
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
FindResourceExW
VirtualProtect
GetProfileIntA
SetErrorMode
GetNumberFormatA
GetWindowsDirectoryA
GetFileSizeEx
GetFileAttributesExA
GetVolumeInformationA
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
WriteFile
ReadFile
lstrcmpiA
GetStringTypeExA
GetCurrentDirectoryA
lstrcpyA
GetSystemDirectoryW
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetACP
Sleep
GlobalFlags
InterlockedDecrement
SetThreadPriority
InterlockedIncrement
GetTempFileNameA
GetFileTime
GetUserDefaultLCID
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
lstrcmpA
GetModuleHandleW
GetThreadLocale
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
SuspendThread
ResumeThread
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryW
lstrcmpW
lstrlenW
MulDiv
lstrlenA
ActivateActCtx
DeactivateActCtx
SetLastError
CreateMutexA
GetTimeZoneInformation
GetSystemTime
GetVersionExA
GetSystemInfo
GetTickCount
HeapSize
CreateFileA
HeapFree
HeapAlloc
HeapCreate
GlobalSize
VirtualAlloc
LocalAlloc
SetFileAttributesA
GetFileAttributesA
GetTempPathA
RemoveDirectoryA
SetCurrentDirectoryA
SearchPathA
GetDiskFreeSpaceExA
GetFullPathNameA
LocalFree
FormatMessageA
CreateDirectoryA
FreeLibrary
GlobalFree
GlobalUnlock
InterlockedExchange
GlobalLock
GlobalAlloc
FreeResource
FindResourceA
CopyFileA
GetExitCodeThread
CreateThread
IsBadWritePtr
UnmapViewOfFile
MapViewOfFile
GetLastError
CreateFileMappingA
GetFileSize
SetEndOfFile
SetFilePointer

user32

DrawIconEx
GetIconInfo
HideCaret
DrawFocusRect
InvertRect
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
GetNextDlgGroupItem
LoadImageW
EnumChildWindows
LockWindowUpdate
IsMenu
MonitorFromPoint
SetClassLongA
NotifyWinEvent
CreateAcceleratorTableA
LoadAcceleratorsW
DestroyAcceleratorTable
GetAsyncKeyState
CharUpperA
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
WaitMessage
LoadMenuW
UnionRect
GetSystemMenu
DeleteMenu
InvalidateRgn
CopyAcceleratorTableA
SetLayeredWindowAttributes
EnumDisplayMonitors
CopyImage
GetSysColorBrush
RealChildWindowFromPoint
ShowOwnedPopups
DrawStateA
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatA
MessageBeep
IsZoomed
LoadCursorA
DestroyCursor
SetCursorPos
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadImageA
DestroyIcon
LoadAcceleratorsA
InsertMenuItemA
IntersectRect
BringWindowToTop
TranslateAcceleratorA
CharNextA
IsIconic
ReleaseCapture
SetCursor
LoadCursorW
SetCapture
SetWindowRgn
DrawIcon
OffsetRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
FillRect
DestroyMenu
GetMenuItemInfoA
InflateRect
WindowFromPoint
MapVirtualKeyA
GetKeyNameTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
DrawEdge
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
MessageBoxA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
CallWindowProcA
GetMenu
CopyRect
GetWindowTextLengthA
GetWindowTextA
SetFocus
SetWindowPos
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemInt
CheckDlgButton
GetWindow
DrawFrameControl
IsCharLowerA
MapVirtualKeyExA
IsClipboardFormatAvailable
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
FrameRect
GetUpdateRect
CharUpperBuffA
CopyIcon
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
SubtractRect
CreateMenu
GetDoubleClickTime
GetWindowRgn
ModifyMenuA
GetProcessWindowStation
GetUserObjectInformationW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
PtInRect
ScreenToClient
LoadBitmapW
GetClipboardData
LoadIconA
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
ReleaseDC
GetDC
GetDlgItem
IsDlgButtonChecked
GetDesktopWindow
SetParent
LoadIconW
GetMessagePos
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IsWindow
GetParent
GetClientRect
EqualRect
IsRectEmpty
GetSystemMetrics
SetRect
SetRectEmpty
PeekMessageA
InvalidateRect
GetWindowRect
GetFocus
AppendMenuA
CreatePopupMenu
GetCursorPos
SendMessageA
UnregisterClassA
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
PostThreadMessageA
PostQuitMessage
KillTimer
SetTimer
GetShellWindow
GetWindowThreadProcessId
PostMessageA
EnableWindow
GetScrollRange
SystemParametersInfoA

gdi32

GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateEllipticRgn
DPtoLP
LPtoDP
Ellipse
GetBkColor
GetTextColor
SetMapMode
CreateFontA
StretchDIBits
GetTextMetricsA
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetRectRgn
CombineRgn
GetMapMode
GetRgnBox
OffsetRgn
CreateRoundRectRgn
StretchBlt
SetPixel
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
CreatePolygonRgn
Polyline
Polygon
Rectangle
EnumFontFamiliesExA
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
ExtFloodFill
SetPaletteEntries
GetTextFaceA
SetPixelV
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32A
PatBlt
CreateRectRgnIndirect
CreateBitmap
SetBkColor
SetTextColor
CreateDCA
CopyMetaFileA
GetDeviceCaps
GetDIBits
RealizePalette
SelectPalette
GetStockObject
CreateFontIndirectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
BitBlt
CreateCompatibleBitmap
CreateDIBSection
GetObjectA
SetDIBColorTable
SelectObject
DeleteDC
GetCharWidthA
CreateCompatibleDC
DeleteObject

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
ReportEventA
DeregisterEventSource
GetUserNameA
RegEnumValueA
RegQueryValueExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueA
RegisterEventSourceA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFileInfoA
Shell_NotifyIconA
SHGetMalloc
SHAppBarMessage
ShellExecuteA
SHAddToRecentDocs
DragQueryFileA
DragFinish
SHBrowseForFolderA

comctl32

_TrackMouseEvent
InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathRemoveFileSpecW
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

RegisterDragDrop
CLSIDFromProgID
CLSIDFromString
CoInitializeEx
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
OleLockRunning
DoDragDrop
OleGetClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoCreateGuid
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
RevokeDragDrop
CoLockObjectExternal

oleaut32

GetErrorInfo
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
OleCreateFontIndirect
SysAllocStringLen
VariantChangeType
VarBstrFromDec
VarBstrFromDate
SysAllocString
VariantInit
VariantCopy
SysStringByteLen
SysStringLen
VariantClear
SysAllocStringByteLen

oledlg

ord8

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateFromHDC
GdiplusStartup
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdiplusShutdown
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipFree
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize

ws2_32

inet_ntoa
__WSAFDIsSet
select
getservbyname
gethostname
WSACleanup
WSAStartup
ioctlsocket
shutdown
send
recvfrom
recv
getpeername
gethostbyname
setsockopt
connect
closesocket
WSAGetLastError
accept
WSAAsyncGetHostByName
WSAAsyncSelect
socket
WSASetLastError
ntohs
inet_addr
htons

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26fe35618821530dac59d64fae098a14

Headers

DLL Characteristics

File Characteristics

Imports

winmm

iphlpapi

psapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

ws2_32

oleacc

imm32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 473KB - Virtual size: 472KB

.data Size: 89KB - Virtual size: 5.7MB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 240KB - Virtual size: 239KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 473KB - Virtual size: 472KB

.data
Size: 89KB - Virtual size: 5.7MB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 240KB - Virtual size: 239KB