3fa052bc7aeff66e65a82608ee2d2282_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3fa052bc7aeff66e65a82608ee2d2282_mafia_JC.exe
Size

539KB
MD5

3fa052bc7aeff66e65a82608ee2d2282
SHA1

81c0363170f9c2de6c12ecba23c92e8986cdc28c
SHA256

47745a6237207df826b8f4c801737ac168a7c32d2e500cbe90d0dc9e59b14b69
SHA512

1a956e85592a400936938d46d47c3075b0bceef558cab80fb907a48190d208953fafc763c1fee5a4c38b9736289b191eee326c916b47223481e457d4e212105b
SSDEEP

12288:XXtpjPXh6FhHeq48NW0BjSVR/ShZBERbh/OIOA1z5WvtVvXeI7i1+I4Y4N56aF1s:tpjXhWeZK3Bc9S5ERb9OXAN5MXW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fa052bc7aeff66e65a82608ee2d2282_mafia_JC.exe

Files

3fa052bc7aeff66e65a82608ee2d2282_mafia_JC.exe
.exe windows x86

0d05a8b85b20bf7083842b7d7f0d086b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipFree
GdipDeleteBrush
GdiplusStartup
GdiplusShutdown
GdipDrawLineI
GdipSetSmoothingMode
GdipCreateFromHDC
GdipSetPenWidth
GdipDeleteGraphics
GdipDeletePen
GdipAlloc
GdipCreateSolidFill
GdipSetPenColor
GdipDrawArc
GdipFillRectangle
GdipFillEllipse
GdipCloneBrush
GdipCreatePen1

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

mmioCreateChunk
mmioAscend
mmioWrite
mmioOpenW
midiOutClose
midiOutUnprepareHeader
mmioClose
midiOutShortMsg
midiOutLongMsg
timeGetTime
midiOutGetDevCapsW
midiOutGetNumDevs
midiInGetDevCapsW
midiInGetNumDevs
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
timeKillEvent
timeSetEvent
midiInOpen
midiInPrepareHeader
midiInAddBuffer
midiInStart
midiInStop
midiInReset
midiInUnprepareHeader
midiInClose
midiOutOpen
midiOutPrepareHeader

ws2_32

connect
send
recv
closesocket
WSAStartup
WSACleanup
setsockopt
htons
getservbyname
socket
gethostbyaddr
gethostbyname
inet_addr

kernel32

IsDebuggerPresent
WriteConsoleW
FlushFileBuffers
InterlockedExchange
HeapReAlloc
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetHandleCount
GetLocaleInfoW
ExitProcess
HeapSize
LCMapStringW
Sleep
GlobalFree
GlobalHandle
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleW
DeleteFileW
_lclose
_lopen
CreateDirectoryA
GetWindowsDirectoryA
_lread
SetFileTime
_lwrite
_lcreat
GetFileTime
GetSystemDirectoryA
GetModuleFileNameW
LocalFree
GetCommandLineW
GetVolumeInformationW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
GetTempFileNameW
GetTempPathW
CloseHandle
CreateFileW
GetLastError
CreateDirectoryW
FormatMessageW
GetVersionExW
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
WriteFile
SetFilePointer
ReadFile
QueryPerformanceCounter
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
CreateEventW
SetEvent
SetThreadPriority
ExpandEnvironmentStringsA
LoadLibraryA
GetModuleFileNameA
ReleaseMutex
CreateMutexA
GetCurrentProcessId
GetModuleHandleA
HeapFree
RtlUnwind
RaiseException
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
HeapAlloc
ExitThread
ResumeThread
CreateThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetFileAttributesA
IsProcessorFeaturePresent
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedCompareExchange
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

user32

wsprintfA
SetWindowPos
MonitorFromPoint
GetWindowLongW
GetParent
SetCursor
LoadCursorW
RegisterClassExW
CreateWindowExW
GetAsyncKeyState
GetSystemMetrics
InvalidateRect
MoveWindow
GetWindowRect
FillRect
GetSysColor
OffsetRect
SetFocus
SetWindowTextA
SendMessageW
GetDlgItem
GetDlgItemTextA
EndDialog
GetDesktopWindow
DialogBoxParamW
SetWindowTextW
MessageBoxW
ScreenToClient
GetCursorPos
CheckMenuItem
GetMenuState
GetMenu
ModifyMenuW
GetMenuStringW
MessageBoxA
GetDC
ReleaseDC
DrawTextW
TabbedTextOutA
DrawTextA
DrawIconEx
LoadIconW
SetDlgItemTextA
EnableWindow
SendDlgItemMessageW
GetMenuStringA
GetMenuItemRect
ModifyMenuA
TrackPopupMenu
ClientToScreen
CharUpperW
GetDlgItemTextW
CallWindowProcW
PostMessageW
SetWindowLongW
FrameRect
SendDlgItemMessageA
DrawMenuBar
DeleteMenu
InsertMenuW
GetMenuItemCount
GetSubMenu
MessageBeep
EnableMenuItem
SetRect
wsprintfW
SetForegroundWindow
CharLowerW
ReleaseCapture
SetCapture
GetKeyState
DefWindowProcW
LoadMenuW
SetTimer
GetDoubleClickTime
PostQuitMessage
KillTimer
DestroyMenu
EndPaint
BeginPaint
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
ShowWindow
RegisterWindowMessageW

gdi32

ExtTextOutA
GetDeviceCaps
CreateCompatibleBitmap
CreatePen
CreateSolidBrush
DeleteObject
CreateRectRgn
SelectClipRgn
GetStockObject
Rectangle
GetTextMetricsW
GetTextExtentPoint32A
Polyline
SetBkColor
GetBkColor
TextOutA
SaveDC
SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
CreateFontIndirectW
RestoreDC
BitBlt
CreateCompatibleDC
DeleteDC
SelectObject
GetBkMode
SetBkMode
GetTextAlign
SetTextAlign
GetTextColor
SetTextColor

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteW
DragFinish
DragQueryFileW
DragAcceptFiles
CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

Sections

.text
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d05a8b85b20bf7083842b7d7f0d086b

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

version

winmm

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 303KB - Virtual size: 303KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 10KB - Virtual size: 55KB

.rsrc Size: 132KB - Virtual size: 131KB

.reloc Size: 31KB - Virtual size: 30KB

.text
Size: 303KB - Virtual size: 303KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 10KB - Virtual size: 55KB

.rsrc
Size: 132KB - Virtual size: 131KB

.reloc
Size: 31KB - Virtual size: 30KB