3602dedd1ba0618113db14f92411e0cb_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3602dedd1ba0618113db14f92411e0cb_mafia_JC.exe
Size

1.6MB
MD5

3602dedd1ba0618113db14f92411e0cb
SHA1

5e8f39e2c76d003bc37d24798d32fb6b96236a3b
SHA256

55fc06cbe90fb16ce4741b6ca3dc4a05e7c1061af0bb2a6974d34b6d4ba223c4
SHA512

d5bc1b0c439f7abc143f4b5befd2dd314937ae5f8f6999b322225bfa37ec208a48a968018b411f2b1b0dd5f75e5a06ce0322eedbb81e3fc373e55a5bc479375a
SSDEEP

24576:tY6ipFUSEgP61HvUlgHQCun2/6o1uo7NHWVEbWBMC:gFUSEnHvUlaE2/6o97NHWVE6BMC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3602dedd1ba0618113db14f92411e0cb_mafia_JC.exe

Files

3602dedd1ba0618113db14f92411e0cb_mafia_JC.exe
.exe windows x86

a5d63dd1782a474219cc6eaa93195e4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
MoveFileW
MoveFileExW
GetVersionExW
RemoveDirectoryW
FindNextFileW
DeviceIoControl
SetEndOfFile
AllocConsole
GetStdHandle
SetConsoleTextAttribute
SetConsoleTitleW
GetDateFormatW
GetTimeFormatW
GetEnvironmentVariableW
GetFileTime
FileTimeToSystemTime
OpenProcess
GetSystemTimeAsFileTime
IsWow64Process
FindClose
FindFirstFileW
GetTickCount
DeleteFileW
GetUserDefaultLCID
SleepEx
VerifyVersionInfoA
VerSetConditionMask
SetLastError
ExpandEnvironmentStringsA
FormatMessageA
CreateProcessW
WaitForSingleObject
CloseHandle
GetVolumeInformationW
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
MulDiv
GetLocalTime
GetSystemTime
LoadLibraryA
GetUserDefaultUILanguage
GetSystemInfo
CopyFileW
CreateToolhelp32Snapshot
Process32NextW
GetProcessId
Process32FirstW
GetTempPathW
GetBinaryTypeW
lstrlenA
LocalFree
GetTimeZoneInformation
GetProcessHeap
GetDriveTypeW
SetEnvironmentVariableA
WriteConsoleW
FreeLibrary
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
HeapSize
FlushFileBuffers
SetHandleCount
GetConsoleMode
GetConsoleCP
ExitProcess
WriteFile
CreateDirectoryW
GetFileAttributesW
WideCharToMultiByte
GetCurrentDirectoryW
ReadFile
SetFilePointer
CreateFileW
GetModuleFileNameW
OpenEventW
WaitForMultipleObjects
CreateEventW
SetEvent
GetCurrentThreadId
GetLastError
GetModuleHandleW
DeleteCriticalSection
InterlockedDecrement
Sleep
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
GetExitCodeProcess
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
HeapFree
ExitThread
HeapDestroy
HeapCreate
GetLocaleInfoW
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CompareStringW
LCMapStringW
ResumeThread
CreateThread
GetCPInfo
HeapAlloc
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
GetProcAddress
HeapReAlloc
RtlUnwind
RaiseException
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetFileType
InitializeCriticalSectionAndSpinCount
SetStdHandle
MultiByteToWideChar

user32

CreateWindowExW
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
DispatchMessageW
PeekMessageW
TranslateMessage
GetWindowRect
SetCapture
TrackMouseEvent
ReleaseCapture
IsWindowVisible
GetForegroundWindow
SetWindowTextW
IsIconic
SetForegroundWindow
BringWindowToTop
SetActiveWindow
SetFocus
GetWindowThreadProcessId
AttachThreadInput
RegisterClassExW
LoadCursorW
LoadIconW
ShowScrollBar
ReleaseDC
UpdateLayeredWindow
GetWindowDC
ShowWindow
IsWindow
ScreenToClient
GetClientRect
GetAsyncKeyState
GetKeyState
SetTimer
GetCursorPos
GetDesktopWindow
GetWindowLongW
SetWindowLongW
DefWindowProcW
GetSystemMetrics
DestroyWindow
SendMessageW
FindWindowW
PostQuitMessage
PostMessageW
KillTimer
GetParent
LoadStringW
FindWindowExW
EnableWindow
BeginPaint
GetSysColor
FillRect
EndPaint
MessageBoxW
DrawAnimatedRects
DrawCaption
DrawEdge
DrawIcon
DrawFocusRect
DrawMenuBar
DrawFrameControl
DrawTextW
GetMonitorInfoW
MonitorFromPoint
EnumDesktopWindows
EnumChildWindows
GetWindowTextW
wsprintfW
SetWindowPos
MoveWindow
OpenClipboard

gdi32

CreateBitmap
CreatePen
DrawEscape
TextOutW
SetBkColor
CreateBitmapIndirect
GetDeviceCaps
CreateSolidBrush
DeleteObject
SelectObject
CreateCompatibleDC
CreateDIBitmap
CreateDIBSection
CreateDiscardableBitmap
CreateFontW

advapi32

LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
CryptCreateHash
CryptAcquireContextA
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
AdjustTokenPrivileges
RegQueryInfoKeyW
RegEnumValueW

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetPathFromIDListW
ShellExecuteW
SHGetFolderPathW
SHAppBarMessage
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderW

ole32

CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoCreateGuid
OleInitialize
OleCreate
StringFromGUID2
CoSetProxyBlanket
CreateStreamOnHGlobal

oleaut32

SysAllocStringLen
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString

gdiplus

GdipSetInterpolationMode
GdipFree
GdipDisposeImage
GdipCloneImage
GdipGetImagePixelFormat
GdipCloneBitmapAreaI
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSetCompositingMode
GdipSetCompositingQuality
GdipDrawImageI
GdipGetImageWidth
GdipGetImageHeight
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdiplusStartup
GdipDrawImagePointRectI
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipGraphicsClear
GdipDrawString
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipAlloc

urlmon

URLDownloadToFileW
ObtainUserAgentString
UrlMkSetSessionOption
UrlMkGetSessionOption

ws2_32

WSAStartup
WSASetLastError
__WSAFDIsSet
WSACleanup
WSAGetLastError
select
ioctlsocket
gethostbyname
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv

iphlpapi

GetAdaptersInfo

wininet

InternetQueryOptionW
InternetOpenW
InternetOpenUrlA
InternetCloseHandle
InternetGetConnectedState
InternetReadFile

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

comctl32

ord410
DrawStatusTextW
ord412
ord413

rpcrt4

UuidCreate

shlwapi

PathCanonicalizeW
PathAppendW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathIsRelativeW

Sections

.text
Size: 739KB - Virtual size: 738KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 682KB - Virtual size: 691KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5d63dd1782a474219cc6eaa93195e4b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

urlmon

ws2_32

iphlpapi

wininet

version

psapi

comctl32

rpcrt4

shlwapi

Sections

.text Size: 739KB - Virtual size: 738KB

.rdata Size: 121KB - Virtual size: 121KB

.data Size: 682KB - Virtual size: 691KB

.rsrc Size: 47KB - Virtual size: 47KB

.reloc Size: 50KB - Virtual size: 50KB

.text
Size: 739KB - Virtual size: 738KB

.rdata
Size: 121KB - Virtual size: 121KB

.data
Size: 682KB - Virtual size: 691KB

.rsrc
Size: 47KB - Virtual size: 47KB

.reloc
Size: 50KB - Virtual size: 50KB