9971eba29c6d85b8936595d7f678ce2e_mafia_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9971eba29c6d85b8936595d7f678ce2e_mafia_JC.exe
Size

855KB
MD5

9971eba29c6d85b8936595d7f678ce2e
SHA1

da6f6979a333a11bd9970a8c3616f693f07d2d6f
SHA256

dd2020fe2729d1e7aace39e89fffc926049e247c0f43f4c42b571bd824d9df23
SHA512

1395637fe0305610e5a1e082bf7c5d3992befa39c16fded6a7e8c42bed8a66936fff913a757afb48d6594f9d587b182d9410cd5f349543be3512884b6206659a
SSDEEP

24576:YsnlPXo7Li5a6a88oPxe2HL70j4xk7cn21hWB8PTf:HXbHPxee70j4xZn21hWif

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9971eba29c6d85b8936595d7f678ce2e_mafia_JC.exe

Files

9971eba29c6d85b8936595d7f678ce2e_mafia_JC.exe
.exe windows x86

daadd1fbd8a7aa95a995761381822d0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
FreeLibrary
GetProcAddress
LoadLibraryA
LocalAlloc
GetModuleHandleA
VirtualProtect
LocalFree

Sections

.text
Size: 475KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ