29c970ea280aba817223359c545d92cb_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

29c970ea280aba817223359c545d92cb_mafia_JC.exe
Size

207KB
MD5

29c970ea280aba817223359c545d92cb
SHA1

85b7ea35848dec8152045afb9f1d0838031280f8
SHA256

84d5ecdf289c4c67ce7de966508fea5907177053afece3ecdf2e5af65a25a5c2
SHA512

390ae348ead8f59b526c84049935d92d17ba585170dc85bf29013a96c5b7e73232299d6c542dfe7049d3c161f768f3f0a09b8b2d33a1e5286980ef4ae4fbab25
SSDEEP

6144:mEW4W3Gc+S1u+8co6ppj8OAXZ1bS+wNPV0ud:3Nepj89nbS+wNPVn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29c970ea280aba817223359c545d92cb_mafia_JC.exe

Files

29c970ea280aba817223359c545d92cb_mafia_JC.exe
.exe windows x86

ff58590d1e5149a3e6e0b1643f4588b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryW
GetModuleHandleW
CreateThread
WaitForSingleObject
CloseHandle
WriteConsoleW
FlushFileBuffers
SetStdHandle
SetFilePointer
IsValidLocale
GetVersionExW
GetUserDefaultLCID
GetCurrentProcess
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
FindClose
GetLastError
RemoveDirectoryW
FindNextFileW
FindFirstFileW
lstrlenW
lstrcpyW
lstrcmpiW
CreateFileW
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
InterlockedExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RtlUnwind
HeapAlloc
HeapReAlloc
RaiseException
GetSystemTimeAsFileTime
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA

user32

UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
DefWindowProcW
DestroyWindow

ole32

CoTaskMemAlloc
CoCreateGuid
CoTaskMemFree

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff58590d1e5149a3e6e0b1643f4588b3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Sections

.text Size: 150KB - Virtual size: 150KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 6KB - Virtual size: 78KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 150KB - Virtual size: 150KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 6KB - Virtual size: 78KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB