71c5deb5044b9ef7559e05846fe255de_mafia_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

71c5deb5044b9ef7559e05846fe255de_mafia_JC.exe
Size

625KB
MD5

71c5deb5044b9ef7559e05846fe255de
SHA1

910061492f2e4148e040a49d56cc1aa15ed70324
SHA256

c743754a63f5234bfe182dc05dec99dcb2ace1ec4ada2ef6614f9772a07f8d61
SHA512

094f24585259138e16a1c33a0eee3261b036d5f72d9bad62037dd9abb5e5a4b5045031150da6f9738132269079ac980f3adfdf3d47f4eb8a41f12ff9a4d32a1c
SSDEEP

12288:Ve9d+OeO+OeNhBBhhBBH9PnQaE5kfTy0fve7cvN/mI13OCiT1J5vrd30a+TAQ//r:eVOOCiT1JxrZ0F99jpZU9T5fQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71c5deb5044b9ef7559e05846fe255de_mafia_JC.exe

Files

71c5deb5044b9ef7559e05846fe255de_mafia_JC.exe
.exe windows x86

c626124c23b09a22e4c90ad6dd5ef5d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
WaitForMultipleObjects
SetEvent
MoveFileA
CopyFileExA
OpenMutexA
OpenSemaphoreA
GetCurrentThreadId
CreateFileA
GetSystemTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
GetExitCodeThread
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
FlushFileBuffers
SetNamedPipeHandleState
WaitNamedPipeA
WriteFile
GetTickCount
ProcessIdToSessionId
GetCurrentProcessId
WinExec
GlobalMemoryStatusEx
GetModuleFileNameA
FormatMessageA
Beep
WideCharToMultiByte
lstrlenW
CreateFileW
SetEnvironmentVariableA
CompareStringW
SetStdHandle
WriteConsoleW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
CreateSemaphoreA
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetLocaleInfoW
LoadLibraryW
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameW
HeapCreate
SetFilePointer
GetConsoleMode
GetConsoleCP
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
ExitProcess
GetModuleHandleW
GetSystemTimeAsFileTime
GetTimeZoneInformation
ExitThread
HeapReAlloc
RaiseException
GetVersionExA
ReleaseMutex
ReleaseSemaphore
CreateEventA
SetConsoleCtrlHandler
GetCommandLineA
CreateDirectoryA
SetErrorMode
MultiByteToWideChar
lstrlenA
MoveFileExA
GetSystemDirectoryA
FindNextFileA
LoadLibraryA
FreeLibrary
DeleteFileA
SetFileAttributesA
CreatePipe
ReadFile
FindFirstFileA
FindClose
CreateThread
Sleep
LocalAlloc
LocalFree
GetCurrentThread
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
GetFileAttributesA
GetDriveTypeA
GetVolumeInformationA
CreateProcessA
WaitForSingleObject
CloseHandle
GetModuleHandleA
GetProcAddress
GetCurrentProcess
VerSetConditionMask
VerifyVersionInfoW
GetComputerNameA
GetUserDefaultLCID
RtlUnwind
DecodePointer
EncodePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
QueryPerformanceCounter
SetEndOfFile

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

netapi32

Netbios

user32

PostQuitMessage
SetWindowPos
GetWindowTextA
EnumWindows
wsprintfA
PostThreadMessageA
GetClassNameA
GetActiveWindow
SetForegroundWindow
CreatePopupMenu
AppendMenuA
GetCursorPos
TrackPopupMenu
DestroyMenu
MessageBoxA
PeekMessageA
GetDC
ReleaseDC
SendMessageA
PostMessageA
KillTimer
DefWindowProcA
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
LoadIconA
LoadCursorA
RegisterClassA
IsWindow
DestroyWindow
GetPropA
SetPropA
SetWindowTextA
SetDlgItemTextA
GetDlgItem
ShowWindow
SetTimer
EndDialog
GetParent
GetWindowLongA
DialogBoxParamA
GetDesktopWindow
GetWindowRect

gdi32

GetTextExtentPoint32A
TextOutA
GetStockObject

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
StartServiceA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
DuplicateTokenEx
CreateProcessAsUserA
DuplicateToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
FreeSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
LookupAccountSidA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocStringLen
VariantChangeType
VariantClear
VariantInit

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c626124c23b09a22e4c90ad6dd5ef5d5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

userenv

netapi32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

Sections

.text Size: 403KB - Virtual size: 403KB

.rdata Size: 122KB - Virtual size: 121KB

.data Size: 26KB - Virtual size: 227KB

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 68KB - Virtual size: 68KB

.text
Size: 403KB - Virtual size: 403KB

.rdata
Size: 122KB - Virtual size: 121KB

.data
Size: 26KB - Virtual size: 227KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 68KB - Virtual size: 68KB