d44acf4a9636a9b150174f3f12d17277_mafia_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d44acf4a9636a9b150174f3f12d17277_mafia_JC.exe
Size

832KB
MD5

d44acf4a9636a9b150174f3f12d17277
SHA1

e135256365e7c81fbeab874564136d7307a27413
SHA256

9665a398991bb2ab0e05b8971616da97a939173cfd166a8bd0bf845ee53e1bb8
SHA512

835537dbdce98d0b6f3c439a626be176b8f53a87ee6c23543bf8a5f1ab5d2a1427760b4bf110d3fc016752a6f2ae6bca4ea7f6453dda8d778a462df30c9b9ab9
SSDEEP

24576:ULsuD7rSEKiU5nDHjbeJfrrx4akFjFKI:UsrVnDDbqfZ4akjFn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d44acf4a9636a9b150174f3f12d17277_mafia_JC.exe

Files

d44acf4a9636a9b150174f3f12d17277_mafia_JC.exe
.exe windows x86

06fa29813db6c1f98441703604fe5cf8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
VirtualProtect
ExitProcess

Sections

.text
Size: 475KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ