1d5cdd247cddc61c1a360ed18e2f7a31_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1d5cdd247cddc61c1a360ed18e2f7a31_mafia_JC.exe
Size

1.1MB
MD5

1d5cdd247cddc61c1a360ed18e2f7a31
SHA1

f5e22a468f3b7a386453d100c81b3761277ec731
SHA256

e7ad8568ebe58b7c32462508abd715663c3c3c8b966f5b5f83ab58afd7561cff
SHA512

5a7b6a77afe3f07236dbad05a3ee2ed3ab55a7e218c2b931390a5ea85a5e85dbad63ef67631844836038f7e66fc0acaa58669fced84430c9c032174fea4f67b2
SSDEEP

24576:6NwWY9Ns5Vm7giQR6Lcalw9OcfixVRYjQS/bImVPtBUTaBiMzp/3IHQOl5jjA:Mrus7i/7qKVRwb3ViaHp/7Ol5jjA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d5cdd247cddc61c1a360ed18e2f7a31_mafia_JC.exe

Files

1d5cdd247cddc61c1a360ed18e2f7a31_mafia_JC.exe
.exe windows x86

a9333d236b25235c36cbd39c46c3e445

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
htons
inet_ntoa
getpeername
inet_addr
setsockopt
ioctlsocket
connect
shutdown
WSASetLastError
closesocket
ntohs
gethostname
getsockname
recv
send
bind
gethostbyname
getsockopt
getservbyname
sendto
htonl
WSAStartup
WSACleanup
__WSAFDIsSet
WSAGetLastError
select

kernel32

CloseHandle
GetStdHandle
MultiByteToWideChar
Sleep
GetTempPathA
SetCurrentDirectoryA
FlushConsoleInputBuffer
GetVersionExA
GetModuleFileNameA
ReadConsoleInputA
LoadLibraryA
GlobalMemoryStatus
DeleteFileA
SetConsoleMode
SetConsoleCtrlHandler
GetVersion
GetModuleHandleA
SetEnvironmentVariableA
CompareStringW
CreateFileW
GetProcessHeap
SetEndOfFile
GetDriveTypeW
WriteConsoleW
GetFileAttributesA
CreateProcessA
GetExitCodeProcess
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
SetFilePointer
ReadFile
IsValidCodePage
GetOEMCP
GetComputerNameA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
DeleteCriticalSection
GetCurrentProcessId
WaitForSingleObject
GetExitCodeThread
GetCurrentThreadId
GetLastError
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
CreateMutexA
CreateSemaphoreA
ReleaseSemaphore
ReleaseMutex
GetCurrentProcess
GetSystemTimeAsFileTime
FindFirstFileA
FindClose
FindNextFileA
GetTickCount
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
CreateDirectoryW
GetProcAddress
GetModuleHandleW
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
RtlUnwind
HeapAlloc
GetTimeFormatA
GetDateFormatA
RaiseException
MoveFileA
HeapFree
HeapReAlloc
ExitThread
CreateThread
GetCPInfo
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
SetStdHandle
SetLastError
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
IsProcessorFeaturePresent
FreeLibrary
LoadLibraryW
GetLocaleInfoW
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTimeZoneInformation
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
GetCurrentDirectoryW
GetACP

advapi32

CreateServiceA
ReportEventA
RegisterEventSourceA
ControlService
SetServiceStatus
DeregisterEventSource
RegisterServiceCtrlHandlerA
OpenSCManagerW
DeleteService
StartServiceCtrlDispatcherA
CloseServiceHandle
OpenServiceA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

user32

GetDesktopWindow
GetProcessWindowStation
MessageBoxA
GetUserObjectInformationW

Sections

.text
Size: 807KB - Virtual size: 807KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9333d236b25235c36cbd39c46c3e445

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

advapi32

winmm

user32

Sections

.text Size: 807KB - Virtual size: 807KB

.rdata Size: 235KB - Virtual size: 234KB

.data Size: 47KB - Virtual size: 130KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 58KB - Virtual size: 57KB

.text
Size: 807KB - Virtual size: 807KB

.rdata
Size: 235KB - Virtual size: 234KB

.data
Size: 47KB - Virtual size: 130KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 58KB - Virtual size: 57KB