2372e15a4a27fbc934c10ef159cabd60_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2372e15a4a27fbc934c10ef159cabd60_mafia_JC.exe
Size

5.3MB
MD5

2372e15a4a27fbc934c10ef159cabd60
SHA1

f8ebc6a398920a5de4150ee5808e8f0f3315de5b
SHA256

5b2508347c09cc74df45f1e0f1a9945ec94dde39e89f7c247e1d7b093ffeb704
SHA512

72ae39f1646e011e715ce8d0e349cf4dd329c6abaf7962e0fb47b2e3dfb13070d9b2208d820f6f14127d6aeebac6b0b3a0d2cc62960e74493756e201fc95347f
SSDEEP

49152:N46x6Gms7cdwIMGGrl8h06o7tQz9Cg3yv5V/hTI6qptbgxkfLS7I6uGNPhLpsifk:V6E7cKjrW4MK5zexrhUoau7O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2372e15a4a27fbc934c10ef159cabd60_mafia_JC.exe

Files

2372e15a4a27fbc934c10ef159cabd60_mafia_JC.exe
.exe windows x86

d6441459a9e794ff7c490ad9341ede6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
SetErrorMode
FindNextFileA
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceA
FlushViewOfFile
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GlobalMemoryStatus
GetSystemInfo
SetEndOfFile
SetFilePointer
UnmapViewOfFile
GetProcessTimes
GetCurrentProcess
TerminateProcess
GetCommandLineA
HeapSetInformation
DecodePointer
EncodePointer
GetModuleHandleW
ExitProcess
GetCurrentProcessId
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFileType
MultiByteToWideChar
ReadFile
CreateFileA
HeapFree
HeapReAlloc
HeapAlloc
DeleteFileA
GetDriveTypeW
GetFullPathNameA
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
MoveFileA
FindFirstFileExW
GetFileAttributesA
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
SetStdHandle
DuplicateHandle
FindFirstFileA
RtlUnwind
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapCreate
HeapDestroy
GetTickCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
IsDebuggerPresent
FatalAppExitA
LoadLibraryW
GetLocaleInfoW
LCMapStringW
IsProcessorFeaturePresent
GetProcessHeap
GetCurrentDirectoryW
SetCurrentDirectoryW
WriteConsoleW
GetFullPathNameW
CreateFileW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
CreatePipe
RaiseException
HeapSize
CompareStringW
SetEnvironmentVariableA
CreateFileMappingA
MapViewOfFile
CloseHandle
GetModuleHandleA
GetProcAddress
GetLastError
FormatMessageA
LocalFree
GetModuleFileNameA
GetSystemTime
SystemTimeToFileTime
SetConsoleCtrlHandler
FreeLibrary
FindClose
GetVersionExA
GetSystemTimeAsFileTime
GetFileSize
CreateMutexA
ReleaseMutex
InitializeCriticalSection
GetTimeFormatA
GetDateFormatA
GetDriveTypeA
FindFirstFileExA
GetCurrentDirectoryA
SetCurrentDirectoryA
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLogicalDrives
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
OutputDebugStringA
GetCurrentThreadId
InterlockedExchange
InterlockedCompareExchange
FlushFileBuffers
Sleep

user32

MessageBoxA
GetDC
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
ReleaseDC
EmptyClipboard

gdi32

DeleteEnhMetaFile
CreateDIBSection
RealizePalette
CreateCompatibleDC
DeleteObject
SelectObject
SetWinMetaFileBits
DeleteMetaFile
GetMetaFileBitsEx
GetMetaFileA
GetEnhMetaFileHeader
GetEnhMetaFileW
GetEnhMetaFileA
BitBlt
DeleteDC
CreateBitmapIndirect
SelectPalette
GetObjectA
PlayEnhMetaFile

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegEnumKeyA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegEnumValueA

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
SafeArrayRedim

wsock32

WSAGetLastError
WSACleanup
closesocket
select
send
recv
getsockopt
__WSAFDIsSet
connect
inet_ntoa
socket
htons
gethostbyname
WSAStartup
ntohs
listen
bind
getsockname

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 294KB - Virtual size: 475KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 445B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6441459a9e794ff7c490ad9341ede6c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

oleaut32

wsock32

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 294KB - Virtual size: 475KB

.tls Size: 512B - Virtual size: 445B

.rsrc Size: 120KB - Virtual size: 119KB

.reloc Size: 163KB - Virtual size: 163KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 294KB - Virtual size: 475KB

.tls
Size: 512B - Virtual size: 445B

.rsrc
Size: 120KB - Virtual size: 119KB

.reloc
Size: 163KB - Virtual size: 163KB