bc398245f424efa728a48751b0dfc691_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

bc398245f424efa728a48751b0dfc691_mafia_JC.exe
Size

21.7MB
MD5

bc398245f424efa728a48751b0dfc691
SHA1

242b5c48e35cd1f8539aeb62becc93b88d96cf65
SHA256

486a181080fe25ef62a5fe4d2602d8096e326d162e9aac7367280630c3b94311
SHA512

e326ab0a290ad5794784ef5bd53ad877dffb567cd1566ce25eebd5f0b58153ef0ae44395dd91ac790b89df62bf7dcc644ebc05b63becbe5cd4adbcaf1803fc38
SSDEEP

393216:H03hEwScttbxV20Gp5rl1vLPfgaQivCAxAxTu5G12m:R6nxV20w/vLPoaQ2FxHG1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc398245f424efa728a48751b0dfc691_mafia_JC.exe

Files

bc398245f424efa728a48751b0dfc691_mafia_JC.exe
.exe windows x86

a0ca70e9cb9341e9ca255ce4271675f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
OpenMutexW
ReleaseMutex
SetCurrentDirectoryW
CreateIoCompletionPort
CreateJobObjectW
AssignProcessToJobObject
ResumeThread
GetCurrentThreadId
GetExitCodeProcess
OpenFileMappingW
MapViewOfFile
CreateFileMappingW
CreateMutexW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
ReleaseSemaphore
CreateSemaphoreW
CopyFileExW
WaitNamedPipeW
OpenJobObjectW
lstrcpynW
MulDiv
FlushInstructionCache
PeekNamedPipe
CreatePipe
IsDebuggerPresent
GetProcessHeap
ConnectNamedPipe
CreateNamedPipeW
SetProcessAffinityMask
WritePrivateProfileStringW
UnmapViewOfFile
GetDateFormatA
GetTimeFormatA
DeleteFileA
CreateProcessA
MoveFileA
GetSystemInfo
VirtualProtect
DecodePointer
EncodePointer
InitializeCriticalSection
GetStringTypeW
InterlockedExchange
GetFileSizeEx
InterlockedIncrement
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
HeapReAlloc
TlsSetValue
HeapAlloc
HeapDestroy
HeapCreate
ExitThread
GetQueuedCompletionStatus
GetStartupInfoW
RtlUnwind
LCMapStringW
GetCPInfo
CompareStringW
UnhandledExceptionFilter
GetACP
GetOEMCP
IsValidCodePage
CreateFileW
ReadFile
SetHandleCount
GetFileType
GetFileAttributesA
CreateFileA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SystemTimeToFileTime
GetSystemTime
SetFilePointer
SetFilePointerEx
GetOverlappedResult
CancelIo
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
TlsFree
TlsAlloc
SetUnhandledExceptionFilter
VirtualQuery
FormatMessageW
LoadLibraryW
GetStdHandle
SetFileTime
lstrlenW
ExitProcess
SetStdHandle
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableA
WriteFile
GetFileAttributesExW
CreateDirectoryW
MoveFileExW
CopyFileW
MoveFileW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
GetModuleFileNameW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetShortPathNameW
GetLongPathNameW
CreateThread
ResetEvent
WaitForMultipleObjects
RaiseException
SetEvent
CreateEventW
GetSystemWindowsDirectoryW
SetEnvironmentVariableW
GetPrivateProfileStringW
GetUserDefaultUILanguage
GetLocaleInfoW
GetCommandLineW
GetComputerNameW
SetLastError
HeapSetInformation
TlsGetValue
GetVersionExW
HeapFree
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
LeaveCriticalSection
EnterCriticalSection
Sleep
GetModuleFileNameA
LoadLibraryA
FormatMessageA
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcessId
DuplicateHandle
LocalFree
LocalAlloc
IsProcessInJob
GetProcessId
WaitForSingleObject
SetInformationJobObject
QueryInformationJobObject
TerminateJobObject
TerminateProcess
OpenProcess
GetCurrentProcess
GetModuleHandleW
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
InterlockedDecrement
CloseHandle

user32

DrawFrameControl
DrawTextW
GetActiveWindow
SetUserObjectSecurity
GetUserObjectSecurity
OpenWindowStationW
DialogBoxParamW
EndDialog
GetSubMenu
LoadAcceleratorsW
TranslateAcceleratorW
SetTimer
SetFocus
GetSysColor
KillTimer
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetParent
SystemParametersInfoW
GetMenuItemCount
RemoveMenu
GetMenuItemInfoW
SetMenuItemInfoW
TrackPopupMenu
LoadMenuW
RegisterClassExW
MapWindowPoints
GetMessagePos
SetCursor
LoadCursorW
EndPaint
BeginPaint
SwitchDesktop
LoadImageW
MessageBoxW
GetAsyncKeyState
SetProcessWindowStation
CreateWindowStationW
CreateDesktopW
GetSystemMetrics
GetDesktopWindow
UserHandleGrantAccess
SetThreadDesktop
GetThreadDesktop
OpenDesktopW
GetUserObjectInformationW
GetProcessWindowStation
IsDialogMessageW
AdjustWindowRectEx
GetMenu
EnableWindow
GetWindowTextLengthW
RedrawWindow
OffsetRect
ScreenToClient
GetDlgItem
SetWindowLongW
SetWindowPos
GetWindowRect
PeekMessageW
GetMessageW
GetClassInfoExW
CreateWindowExW
GetDC
CreateDialogParamW
CloseDesktop
CloseWindowStation
DestroyCursor
DestroyMenu
CallWindowProcW
TranslateMessage
DispatchMessageW
ShowWindow
DestroyWindow
PostQuitMessage
MoveWindow
PtInRect
SetWindowTextW
InvalidateRect
GetKeyState
LoadStringW
IsWindowVisible
GetDlgCtrlID
GetWindowLongW
SendMessageW
GetWindowTextW
GetClassNameW
GetClientRect
IsWindowEnabled
WaitForInputIdle
IsWindow
PostMessageW
GetWindowThreadProcessId
EnumChildWindows
EnumWindows
DefWindowProcW
UnregisterClassA

gdi32

DPtoLP
GetDeviceCaps
DeleteObject
CreateFontIndirectW
SetTextColor
DeleteDC
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
Rectangle
SetBkColor
ExtTextOutW
SetBkMode
CreateSolidBrush

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

CreateServiceW
GetSecurityInfo
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
IsValidSid
GetLengthSid
CopySid
CheckTokenMembership
GetTokenInformation
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
LsaNtStatusToWinError
LsaOpenPolicy
RegEnumKeyW
RegEnumValueW
RegDeleteValueW
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
OpenServiceW
OpenSCManagerW
RegCreateKeyExW
StartServiceW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetAce
GetAclInformation
EqualSid
SetSecurityDescriptorDacl
AddAce
InitializeAcl
InitializeSecurityDescriptor
MakeAbsoluteSD
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
CloseServiceHandle
RegSetValueExW
GetSecurityDescriptorSacl
DeleteService

shell32

SHGetSpecialFolderPathW
SHChangeNotify
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
ord680
CommandLineToArgvW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString

comctl32

ImageList_SetBkColor
ImageList_Add
InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_Replace

userenv

UnloadUserProfile

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

wintrust

WinVerifyTrust

crypt32

CryptMsgClose
CertCloseStore
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertFreeCertificateContext

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

uxtheme

IsThemeActive
IsAppThemed
SetWindowTheme
OpenThemeData
DrawThemeBackground
DrawThemeEdge
CloseThemeData

urlmon

ObtainUserAgentString

activeds

ord3

wininet

InternetQueryOptionW
InternetSetOptionW
InternetOpenW
InternetCloseHandle
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCrackUrlW
InternetOpenUrlW
InternetConnectW

rpcrt4

UuidToStringW
UuidCreateSequential
RpcStringFreeW

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetCancelConnection2W
WNetAddConnection2W

Sections

.text
Size: 1000KB - Virtual size: 1000KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0ca70e9cb9341e9ca255ce4271675f7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

userenv

psapi

wintrust

crypt32

version

uxtheme

urlmon

activeds

wininet

rpcrt4

mpr

Sections

.text Size: 1000KB - Virtual size: 1000KB

.rdata Size: 274KB - Virtual size: 273KB

.data Size: 20KB - Virtual size: 29KB

.rsrc Size: 297KB - Virtual size: 296KB

.reloc Size: 64KB - Virtual size: 64KB

.text
Size: 1000KB - Virtual size: 1000KB

.rdata
Size: 274KB - Virtual size: 273KB

.data
Size: 20KB - Virtual size: 29KB

.rsrc
Size: 297KB - Virtual size: 296KB

.reloc
Size: 64KB - Virtual size: 64KB