588da3cb765d92d6a600d3c0f49bb725_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

588da3cb765d92d6a600d3c0f49bb725_mafia_JC.exe
Size

998KB
MD5

588da3cb765d92d6a600d3c0f49bb725
SHA1

8c1bf208120830a76a3910534ca396cb350867b2
SHA256

1d41cbc5439d7f5d7b1bd8ec019886c91afd0a6d98f7f841c65000dfcaee29ef
SHA512

d3ed02ff9448f29d88bf631b2e586f76021fa533daafda49a35d812e7f578ae903d3140f6c17957bd8ac0583545350dd377a1e27a92174ef8cbce421446b4eb7
SSDEEP

24576:D7pYoSuqF9MzSGnWNlcex7vo0DJG7rnrw3d9P+/mmW:D7eduqFq5o7vo6QTs3LPd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
588da3cb765d92d6a600d3c0f49bb725_mafia_JC.exe

Files

588da3cb765d92d6a600d3c0f49bb725_mafia_JC.exe
.exe windows x86

178888433a37237361645cf858263372

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TryEnterCriticalSection
TlsGetValue
WaitForSingleObject
SetEvent
InitializeCriticalSection
TlsSetValue
TerminateThread
LeaveCriticalSection
GetCurrentProcessId
ResetEvent
DeleteCriticalSection
TlsAlloc
CreateThread
GetComputerNameA
GetCurrentProcess
SetConsoleCtrlHandler
GetModuleFileNameA
CloseHandle
CreateToolhelp32Snapshot
CreateMailslotA
CancelIo
WaitForMultipleObjects
Process32Next
LoadLibraryA
GetProcAddress
GetLastError
GetOverlappedResult
ReadFile
CreateEventA
WriteFile
FormatMessageA
Process32First
CreateFileA
QueryPerformanceFrequency
MultiByteToWideChar
Sleep
GetTickCount
EnterCriticalSection
QueryPerformanceCounter
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
HeapSize
HeapReAlloc
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetStringTypeW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryW
LoadLibraryW
CreateFileW
SetFilePointer
GetTimeZoneInformation
IsProcessorFeaturePresent
GetConsoleMode
GetConsoleCP
GetStartupInfoW
GetFileType
SetHandleCount
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetStdHandle
HeapCreate
GetCurrentThreadId
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
WideCharToMultiByte
GetTimeFormatA
GetDateFormatA
GetModuleHandleW
ExitProcess
DecodePointer
GetDriveTypeW
GetFullPathNameA
GetCommandLineA
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsFree
SetLastError

advapi32

ControlService
OpenSCManagerA
SetServiceStatus
RegOpenKeyExA
ReportEventA
RegisterServiceCtrlHandlerExA
StartServiceA
DeregisterEventSource
CreateServiceA
RegQueryValueExA
ChangeServiceConfig2A
DeleteService
StartServiceCtrlDispatcherA
RegisterEventSourceA
CloseServiceHandle
OpenServiceA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
InitiateSystemShutdownA
RegCloseKey

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

ws2_32

connect
WSAStartup
inet_addr
getaddrinfo
select
WSAGetLastError
htons
setsockopt
sendto
WSAIoctl
recv
bind
socket
freeaddrinfo
__WSAFDIsSet
closesocket
send
getsockopt
WSASocketA
ntohl
ioctlsocket
gethostname
ntohs
htonl
recvfrom
accept
getpeername
listen
WSACleanup
getsockname

Sections

.text
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 547KB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

178888433a37237361645cf858263372

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

setupapi

ws2_32

Sections

.text Size: 290KB - Virtual size: 290KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 547KB - Virtual size: 5.0MB

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 290KB - Virtual size: 290KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 547KB - Virtual size: 5.0MB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 34KB - Virtual size: 34KB