bc11e3b68b119cb7909624d2a3a49a02_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

bc11e3b68b119cb7909624d2a3a49a02_mafia_JC.exe
Size

2.2MB
MD5

bc11e3b68b119cb7909624d2a3a49a02
SHA1

980457cfcbc7b50d1bc56660d4f905d5a2ca9248
SHA256

1a295c41c2c728844f9bff26f8a53d242035bc88a79969fcc19eeca999a0acee
SHA512

8cc797226cfcdf34303936f37ac60994db4aed89d275e97031410cd8625968459e82910d595e91328770efffd664d2125a9e3fb7d84950d3e2a77aec3fe36591
SSDEEP

49152:q7pSgLsAF+Zo0He+xZkTOnThG24WDu1AEb8Ex0kH:spS+F+ZlHeykTuyRP0k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc11e3b68b119cb7909624d2a3a49a02_mafia_JC.exe

Files

bc11e3b68b119cb7909624d2a3a49a02_mafia_JC.exe
.exe windows x86

8ef858be9af9d2a80cdbe9975dce2b95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipFree
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipCreatePen1
GdipDeletePen
GdipCreatePath
GdipDeletePath
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesColorKeys
GdipSetImageAttributesWrapMode
GdipSetPenDashStyle
GdipAddPathLineI
GdipAddPathArcI
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSaveImageToFile
GdipGetImageWidth
GdipAlloc
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdiplusStartup
GdipGetImageHeight
GdipGetImagePixelFormat
GdiplusShutdown
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipDrawImageRectI
GdipMeasureString
GdipDrawString
GdipReleaseDC
GdipCreateFromHDC
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipCloneImage
GdipCreateHICONFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePaletteSize

iphlpapi

GetIfEntry
GetExtendedTcpTable
GetAdaptersInfo
NotifyAddrChange
GetExtendedUdpTable

wsock32

ioctlsocket
ntohs

fltlib

FilterConnectCommunicationPort
FilterSendMessage

kernel32

CreateFileMappingW
lstrlenW
GetCurrentThreadId
SetLastError
ReadFile
GetFileSizeEx
CreateFileA
MoveFileExW
MoveFileW
TerminateProcess
DeleteFileW
SetFileAttributesW
GetFileAttributesW
GetExitCodeThread
CreateThread
WriteFile
CreateFileW
FreeResource
GetWindowsDirectoryW
GetFullPathNameW
CreateDirectoryW
GetTempFileNameW
DeleteFileA
MoveFileA
GetLocalTime
GetComputerNameW
HeapFree
HeapAlloc
GetProcessHeap
SetProcessAffinityMask
SuspendThread
SetProcessWorkingSetSize
GetSystemDirectoryW
GetVersion
Module32NextW
Module32FirstW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
WriteProcessMemory
VirtualProtect
CreateMutexW
DeviceIoControl
IsBadCodePtr
IsBadReadPtr
FileTimeToDosDateTime
MapViewOfFile
GetCurrentProcessId
SetUnhandledExceptionFilter
CopyFileW
SetFilePointer
EnumResourceNamesW
LoadLibraryExW
GetDriveTypeW
GetLogicalDrives
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcatW
GetStartupInfoW
CreateProcessW
EnterCriticalSection
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleFileNameW
lstrcpyW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
Sleep
InterlockedDecrement
GetCurrentProcess
LocalFree
CloseHandle
MultiByteToWideChar
GetVersionExW
GetLastError
GlobalMemoryStatusEx
WideCharToMultiByte
GetModuleHandleW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryW
GetProcAddress
FreeLibrary
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
RaiseException
CreateEventW
WaitForSingleObject
UnmapViewOfFile
FlushInstructionCache
GetCommandLineW
OpenProcess
InterlockedCompareExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
GetTickCount
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
WriteConsoleW
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
HeapDestroy
lstrlenA
GetModuleHandleA
LoadLibraryA
InterlockedExchange
LocalAlloc
InterlockedPopEntrySList
InterlockedIncrement
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetTimeZoneInformation
SetConsoleCtrlHandler
FatalAppExitA
GetStringTypeW
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
GetLocaleInfoW
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
UnhandledExceptionFilter
HeapCreate
GetStdHandle
GetCPInfo
LCMapStringW
HeapSetInformation
GetCommandLineA
GetFileAttributesA
ExitProcess
ResumeThread
ExitThread
GetSystemTimeAsFileTime
RtlUnwind
GetEnvironmentVariableW
GetCurrentDirectoryW
GetTempPathW
GetShortPathNameW
GetLongPathNameW
ExpandEnvironmentStringsW
GetSystemInfo
GetUserDefaultUILanguage
MulDiv
IsBadStringPtrW
lstrcmpiW
GetFileSize
SetEvent
TerminateThread
DecodePointer
EncodePointer
VirtualAlloc

gdi32

SetStretchBltMode
SelectClipRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SaveDC
GetDIBits
StretchBlt
RestoreDC
GetObjectW
CreateRectRgn
GetBitmapBits
LineTo
MoveToEx
CreatePen
Rectangle
GetStockObject
RoundRect
GdiFlush
TextOutW
GetCharABCWidthsW
SetBkColor
CreateSolidBrush
SetBitmapBits
SetWindowOrgEx
CreateRoundRectRgn
GetTextMetricsW
OffsetRgn
CombineRgn
GetTextExtentPoint32W
SetBkMode
SetTextColor
SetViewportOrgEx
GetObjectA
GetDeviceCaps
CreateFontIndirectW
CreateDIBSection
BitBlt
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
PtInRegion

advapi32

AdjustTokenPrivileges
OpenSCManagerW
OpenServiceW
LookupPrivilegeValueW
FreeSid
OpenProcessToken
SetNamedSecurityInfoW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
DeleteAce
SetEntriesInAclW
AllocateAndInitializeSid
RegCloseKey
RegSetValueExW
RegCreateKeyW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegFlushKey
RegCreateKeyExW
GetUserNameW
StartServiceW
ControlService
CloseServiceHandle
CreateServiceW

shell32

SHGetFileInfoW
SHAppBarMessage
SHGetFolderPathW
SHGetPathFromIDListW
ord727
ShellExecuteW
SHGetSpecialFolderLocation

ole32

CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoTaskMemFree
CoInitialize
OleInitialize
OleUninitialize
ReleaseStgMedium
OleDuplicateData
OleCreateStaticFromData
OleSetContainedObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
StgCreateDocfile
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

SysAllocStringLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
VariantInit
VariantClear
SysFreeString
SysAllocString
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

shlwapi

PathFindExtensionW
PathFindFileNameW
PathFileExistsA
wvnsprintfW
PathFileExistsW
PathAppendW

wininet

HttpSendRequestExW
HttpOpenRequestW
InternetConnectW
InternetWriteFile
HttpEndRequestW
InternetOpenW
InternetSetOptionW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

pdh

PdhAddCounterW
PdhOpenQueryW
PdhCollectQueryData
PdhGetFormattedCounterValue

psapi

EnumProcessModules
QueryWorkingSet
GetModuleFileNameExW
EnumProcesses

dbghelp

MiniDumpWriteDump

comctl32

_TrackMouseEvent
ord17

Sections

.text
Size: 831KB - Virtual size: 831KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ef858be9af9d2a80cdbe9975dce2b95

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

iphlpapi

wsock32

fltlib

kernel32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

version

pdh

psapi

dbghelp

comctl32

Sections

.text Size: 831KB - Virtual size: 831KB

.rdata Size: 160KB - Virtual size: 160KB

.data Size: 14KB - Virtual size: 203KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 56KB - Virtual size: 56KB

.text
Size: 831KB - Virtual size: 831KB

.rdata
Size: 160KB - Virtual size: 160KB

.data
Size: 14KB - Virtual size: 203KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 56KB - Virtual size: 56KB