834034b7c8f32bc55370d40b7101c948_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

834034b7c8f32bc55370d40b7101c948_mafia_JC.exe
Size

843KB
MD5

834034b7c8f32bc55370d40b7101c948
SHA1

868825bdb78db5e59acab0e4ab4ed367f44510b0
SHA256

435d734d2cb1cafb5043ad0a1a33d4d1573a307c9d1d8387e9a1d5d5a94b29d2
SHA512

7901512e758a0049478cd9058413c3773009ce283772892b9afef4ae10fee3d1392cbb22068c57110b14450268636e795330ba882bc09d9732e73ee20bd994f0
SSDEEP

12288:BBEFq5j9pEDabvGaPi+k6sR2KRE7eTySPe9IJXCtb65aMtpjEbjZncIm/:BWFq5j9piab5a+kTR7E7XKa4aML4nh+/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
834034b7c8f32bc55370d40b7101c948_mafia_JC.exe

Files

834034b7c8f32bc55370d40b7101c948_mafia_JC.exe
.exe windows x86

c4aa81e36c71c783d54ce4d31201893e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExW
GetModuleHandleExW
CreateDirectoryW
GetTickCount
SizeofResource
GetModuleFileNameW
LoadResource
MoveFileW
LockResource
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
LocalFree
SetEnvironmentVariableA
FindResourceW
CloseHandle
WTSGetActiveConsoleSessionId
GetLastError
GetFileAttributesW
GetExitCodeProcess
GetTempPathW
WaitForSingleObject
CompareStringW
GetProcessHeap
SetEndOfFile
SetStdHandle
WriteConsoleW
SetFilePointer
ReadFile
FlushFileBuffers
GetTimeZoneInformation
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
CreateFileA
lstrlenW
DeleteFileA
GetCurrentProcess
OutputDebugStringA
LoadLibraryW
GetProcAddress
FreeLibrary
CreateFileW
SetFileTime
FindNextFileW
FindClose
HeapFree
FindFirstFileExW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
RaiseException
GetCPInfo
RtlUnwind
HeapAlloc
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleHandleW
ExitProcess
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WriteFile
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetLocaleInfoW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc

user32

wsprintfW

advapi32

CreateProcessAsUserW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
QueryServiceConfigW

shlwapi

SHCreateStreamOnFileEx
ord12
StrStrIW

psapi

GetModuleBaseNameA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

shell32

SHGetFolderLocation
SHGetPathFromIDListW
ord155
SHCreateDirectoryExW

oleaut32

SysFreeString
VariantClear
SysAllocString

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 620KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4aa81e36c71c783d54ce4d31201893e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

psapi

userenv

wtsapi32

shell32

oleaut32

Sections

.text Size: 166KB - Virtual size: 165KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 620KB - Virtual size: 620KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 166KB - Virtual size: 165KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 620KB - Virtual size: 620KB

.reloc
Size: 15KB - Virtual size: 14KB