335b94d3d5f1a21da9cd46a9cfc320d4_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

335b94d3d5f1a21da9cd46a9cfc320d4_mafia_JC.exe
Size

2.0MB
MD5

335b94d3d5f1a21da9cd46a9cfc320d4
SHA1

750d54259d0d8185d51c84b02ae49017ef0a022a
SHA256

a4f85a955b2cf375b99b1fdd51fc1c7938b691d7b02705be7fe81ea75bbe31f9
SHA512

0106298d632aed3865810819bbc8ca5a6aa760bf1be11a78918008d301a024e06ae9618a7e591ab5679377628b7a9dfb28875706780c1f5014e9906d3df5ca61
SSDEEP

24576:o5SPUSwrLJR4zoExUwGI0kJ6ROURiHReLh3LJo1+0Bhy+DHj7nd3tnpYPDy8rxd9:oBSwrLS1AjRiHALuYKjbTnWLVBDhV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
335b94d3d5f1a21da9cd46a9cfc320d4_mafia_JC.exe

Files

335b94d3d5f1a21da9cd46a9cfc320d4_mafia_JC.exe
.exe windows x86

621cae66369874f2d5c458b699758c9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

connect
WSAStartup
gethostname
ioctlsocket
select
__WSAFDIsSet
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
WSASetLastError
WSACleanup
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
socket
closesocket
WSAGetLastError

wldap32

ord41
ord46
ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27

shlwapi

PathAppendW
SHRegGetUSValueW
PathFileExistsW

dbghelp

MakeSureDirectoryPathExists

kernel32

GetConsoleCP
HeapCreate
InitializeCriticalSectionAndSpinCount
SetHandleCount
TlsFree
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
GetConsoleMode
ExitThread
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
HeapReAlloc
RtlUnwind
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapAlloc
HeapFree
InterlockedExchange
DecodePointer
EncodePointer
InterlockedDecrement
CreateThread
WideCharToMultiByte
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteFileW
GetPrivateProfileSectionNamesW
lstrcmpA
GetPrivateProfileStringW
MultiByteToWideChar
GetEnvironmentVariableW
FindFirstFileW
MoveFileExW
GetCurrentProcess
CreateDirectoryW
WaitForSingleObject
GetModuleHandleW
WriteFile
InitializeCriticalSection
CopyFileW
GetVersionExW
GetFileAttributesW
TerminateProcess
GetModuleFileNameW
CreateFileW
GetProcAddress
MoveFileW
GetLocaleInfoW
FindNextFileW
DeleteCriticalSection
CloseHandle
FreeResource
FindResourceW
LoadResource
CreateProcessW
SizeofResource
GetStdHandle
GetLastError
LockResource
GetFileSize
SetFilePointer
UnmapViewOfFile
SystemTimeToFileTime
GetTickCount
FileTimeToSystemTime
ReadFile
GetLocalTime
GetFileInformationByHandle
FindClose
SetFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
CreateFileA
DeviceIoControl
GetVolumeInformationW
GetSystemDefaultLangID
GetProcessHeap
GetSystemInfo
lstrcmpiW
ExpandEnvironmentStringsA
SetLastError
SleepEx
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
FreeLibrary
LoadLibraryA
GetFullPathNameW
GetFullPathNameA
TlsGetValue
SetEndOfFile
InterlockedIncrement
UnlockFile
LockFile
GetSystemTimeAsFileTime
TlsSetValue
GetFileAttributesA
FlushFileBuffers
GetTempPathW
LockFileEx
GetCurrentThreadId
TlsAlloc
GetTempPathA
GetSystemTime
DeleteFileA
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
SetStdHandle
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
LoadLibraryW
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
ExitProcess

user32

SendMessageW
GetClassNameW
EnumWindows
FindWindowW
GetDesktopWindow
wsprintfW
GetSystemMetrics

advapi32

CryptDuplicateKey
CryptAcquireContextW
RegOpenKeyExW
GetUserNameW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
CryptEncrypt
CryptCreateHash
CryptDestroyKey
CryptDecrypt
CryptDestroyHash
CryptHashData
CryptDeriveKey

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteExW

Exports

Exports

_sqlite3_key_interop@12
_sqlite3_rekey_interop@12

Sections

.text
Size: 709KB - Virtual size: 709KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

621cae66369874f2d5c458b699758c9a

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

shlwapi

dbghelp

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 709KB - Virtual size: 709KB

.data Size: 9KB - Virtual size: 20KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 709KB - Virtual size: 709KB

.data
Size: 9KB - Virtual size: 20KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 29KB - Virtual size: 29KB