Static task
static1
Behavioral task
behavioral1
Sample
d1c745434112e64c13ff8f9ed0217ed8_mafia_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
d1c745434112e64c13ff8f9ed0217ed8_mafia_JC.exe
Resource
win10v2004-20230703-en
General
-
Target
d1c745434112e64c13ff8f9ed0217ed8_mafia_JC.exe
-
Size
3.1MB
-
MD5
d1c745434112e64c13ff8f9ed0217ed8
-
SHA1
bea0c0b9585ac0240ef6bbf7681d508a8aa88b12
-
SHA256
eaad6a4a89092ccc6d91797d8a98645c18da69b9425922f143c1bf30cf1abd95
-
SHA512
d191a1ea3893fdba7724cdba5a7c2c0d869bf4723c8fe6bee03024f031bdbacaeec21d5479a07e247d92fcfadffd0be0628330d5072edabf4a61f976e1d071f7
-
SSDEEP
98304:dLKbvm9Nbobf/WP2ErOTEQJXGPF+AyTLmWJygOEyWWe/XGxk4U:d+bvCNbobf/WPXv43VODe/XGxZU
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d1c745434112e64c13ff8f9ed0217ed8_mafia_JC.exe
Files
-
d1c745434112e64c13ff8f9ed0217ed8_mafia_JC.exe.exe windows x86
cca62ab4db2275a967103bc7f49839cb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
OpenFile
GetFileSize
_lclose
ReadFile
FindFirstFileA
ExitProcess
GlobalFree
TerminateThread
OutputDebugStringA
HeapAlloc
GetProcessHeap
HeapFree
GetSystemInfo
PostQueuedCompletionStatus
GetQueuedCompletionStatus
FormatMessageA
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
GlobalAlloc
CreateIoCompletionPort
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceW
LocalFree
GlobalUnlock
GlobalLock
GlobalSize
CopyFileA
SetLastError
GetModuleHandleA
CompareStringA
GetModuleHandleW
GetModuleFileNameW
DeactivateActCtx
ReleaseActCtx
ActivateActCtx
GetCurrentProcessId
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalGetAtomNameA
lstrcmpA
FileTimeToSystemTime
lstrcmpiA
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FindClose
GetVolumeInformationA
GetFullPathNameA
GlobalAddAtomA
GlobalFlags
SetThreadPriority
ResumeThread
GetCurrentThreadId
GetFileAttributesExA
FileTimeToLocalFileTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
GetLocaleInfoA
GetUserDefaultUILanguage
GlobalDeleteAtom
lstrcmpW
LoadLibraryW
GetVersionExA
GlobalFindAtomA
FreeResource
FindResourceA
GetACP
lstrcpyA
GetCurrentDirectoryA
GetCPInfo
GetOEMCP
GetWindowsDirectoryA
GetNumberFormatA
GetTempFileNameA
GetTempPathA
GetProfileIntA
SearchPathA
VirtualProtect
GetUserDefaultLCID
FindResourceExW
EncodePointer
DecodePointer
RtlUnwind
GetSystemTimeAsFileTime
RaiseException
ExitThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
VirtualAlloc
VirtualQuery
HeapReAlloc
HeapQueryInformation
HeapSize
SetStdHandle
GetFileType
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetHandleCount
GetStdHandle
GetTimeZoneInformation
IsProcessorFeaturePresent
HeapCreate
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetLocaleInfoW
GetStringTypeW
LCMapStringW
CompareStringW
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
GetPrivateProfileStringA
CreateThread
GetLastError
CloseHandle
Sleep
GetCurrentProcess
CreateDirectoryA
GetLocalTime
GetModuleFileNameA
CreateFileA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetPrivateProfileIntA
DeleteCriticalSection
GetTickCount
user32
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
GetNextDlgTabItem
CreateDialogIndirectParamA
SetRectEmpty
SystemParametersInfoA
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadCursorW
SetCursor
ShowOwnedPopups
DeleteMenu
InvalidateRect
InflateRect
GetMenuItemInfoA
DestroyMenu
IntersectRect
RedrawWindow
GetMenuDefaultItem
CreatePopupMenu
IsRectEmpty
MapVirtualKeyA
SetCapture
GetAsyncKeyState
ReleaseCapture
InvertRect
DrawFocusRect
HideCaret
EnableScrollBar
NotifyWinEvent
MessageBeep
OffsetRect
GetIconInfo
CopyImage
LoadImageA
GetNextDlgGroupItem
DrawIconEx
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
WindowFromPoint
SetClassLongA
LoadMenuW
GetSystemMenu
DrawStateA
DrawEdge
DrawFrameControl
CopyAcceleratorTableA
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
SetCursorPos
BringWindowToTop
LockWindowUpdate
GetKeyNameTextA
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
IsCharLowerA
MapVirtualKeyExA
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
InsertMenuItemA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
PostThreadMessageA
WaitMessage
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
RegisterClipboardFormatA
CopyIcon
CharUpperBuffA
GetDoubleClickTime
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
SetMenu
SetScrollRange
GetScrollRange
ShowScrollBar
TabbedTextOutA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetWindowPlacement
GetMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetForegroundWindow
SetWindowPos
MoveWindow
IsDialogMessageA
SendDlgItemMessageA
CheckDlgButton
GetScrollPos
SetScrollPos
SetFocus
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetFocus
GetDesktopWindow
RealChildWindowFromPoint
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
CharUpperA
DestroyIcon
GetWindowTextLengthA
GetWindowTextA
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
GetSystemMetrics
GetSysColor
GetSysColorBrush
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
wsprintfA
MessageBoxA
CallWindowProcA
SetWindowLongA
TrackPopupMenu
IsWindow
SendMessageA
SetDlgItemTextA
EndDialog
GetDlgItem
ShowWindow
CreateDialogParamA
ReleaseDC
FillRect
GetDC
SetWindowTextA
SetTimer
UpdateWindow
CreateWindowExA
DefWindowProcA
DialogBoxParamA
KillTimer
GetClientRect
PostQuitMessage
DestroyWindow
RegisterClassExA
LoadCursorA
LoadIconA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
LoadStringA
SetRect
IsIconic
IsWindowVisible
PostMessageA
RegisterWindowMessageA
LoadIconW
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
GetClassInfoExA
ScrollWindow
gdi32
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
SetPixel
CopyMetaFileA
CreateDCA
CreateBitmap
SetBkColor
GetObjectA
SaveDC
RestoreDC
SetPolyFillMode
SetROP2
SetMapMode
GetClipBox
ExcludeClipRect
CreatePalette
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
DeleteObject
CreateSolidBrush
GetStockObject
TextOutA
SetTextColor
CreateFontA
SelectObject
SetBkMode
RectVisible
ExtTextOutA
Escape
GetBkColor
DPtoLP
PatBlt
CombineRgn
SetRectRgn
GetTextExtentPoint32A
GetTextCharsetInfo
EnumFontFamiliesA
GetTextMetricsA
CreateRectRgnIndirect
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
CreateCompatibleBitmap
CreateFontIndirectA
CreateDIBitmap
CreateHatchBrush
CreatePen
GetObjectType
SelectPalette
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
IntersectClipRect
GetDeviceCaps
GetTextFaceA
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
EnumFontFamiliesExA
GetRgnBox
OffsetRgn
Rectangle
msimg32
TransparentBlt
AlphaBlend
comctl32
ord17
ImageList_GetIconSize
shlwapi
PathFindExtensionA
PathFindFileNameA
PathIsUNCA
PathStripToRootA
PathRemoveFileSpecW
wsock32
closesocket
WSAStartup
WSAAsyncSelect
accept
listen
bind
connect
gethostbyname
ioctlsocket
ntohs
WSACleanup
shutdown
recvfrom
htons
socket
htonl
WSAGetLastError
inet_addr
send
recv
ws2_32
WSARecv
WSAAccept
WSASend
WSASocketA
WSASendTo
mumsg
??1CMsg@@QAE@XZ
?Get@CMsg@@QAEPADH@Z
?LoadWTF@CMsg@@QAEXPAD@Z
??0CMsg@@QAE@XZ
oleacc
AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject
gdiplus
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI
GdipBitmapUnlockBits
imm32
ImmGetContext
ImmGetOpenStatus
ImmReleaseContext
winmm
PlaySoundA
winspool.drv
OpenPrinterA
DocumentPropertiesA
ClosePrinter
comdlg32
GetFileTitleA
advapi32
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegEnumKeyExA
RegQueryValueExA
shell32
SHGetSpecialFolderLocation
SHAppBarMessage
SHGetFileInfoA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderA
DragFinish
DragQueryFileA
ole32
OleDestroyMenuDescriptor
OleGetClipboard
CoLockObjectExternal
RevokeDragDrop
OleCreateMenuDescriptor
DoDragDrop
OleLockRunning
IsAccelerator
RegisterDragDrop
OleTranslateAccelerator
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
oleaut32
SysStringLen
VariantClear
SysFreeString
VariantChangeType
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
VariantInit
SysAllocString
Sections
.text Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 386KB - Virtual size: 386KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 44KB - Virtual size: 220.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 769KB - Virtual size: 768KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ