dbcba147fdf7c17d269c6b857a984c72_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

dbcba147fdf7c17d269c6b857a984c72_mafia_JC.exe
Size

399KB
MD5

dbcba147fdf7c17d269c6b857a984c72
SHA1

336bcf0fe1c170eb31ef6cee664295f86a752cde
SHA256

84bf5bcc61f90ee8722aeada382e3c72dd64228a6cca30c90f2703b06016e18a
SHA512

8b0ddfd2b48bc3fcc155070619f7fff040b83bded24b13aeebc59dd95bd54b212f89fdc9c01c9bc87d180aa7656959ea791e643012180383bc04139842c59180
SSDEEP

12288:FGrr69BCJqck7IC36kbYqPZhYVWwOF9K:crr6fsmf6kEqoOF9K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbcba147fdf7c17d269c6b857a984c72_mafia_JC.exe

Files

dbcba147fdf7c17d269c6b857a984c72_mafia_JC.exe
.exe windows x86

8f5452b283d02fc0bf04464be15d4d0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
GetCurrentProcess
TerminateProcess
OpenProcess
LoadLibraryW
GetModuleFileNameW
CreateProcessW
WTSGetActiveConsoleSessionId
GetTempPathW
FreeLibrary
GetFileAttributesW
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExW
GetCurrentThreadId
WaitForMultipleObjects
GlobalFree
CompareStringW
SetEndOfFile
WriteConsoleW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
DeleteFileW
GetFileSize
WriteFile
ReadFile
CreateFileW
ReleaseMutex
CloseHandle
CreateMutexW
CreateThread
Sleep
WaitForSingleObject
TerminateThread
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
GetProcAddress
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
CreateDirectoryW
RaiseException
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InterlockedExchange
SetEnvironmentVariableA
SetConsoleCtrlHandler
FatalAppExitA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
LCMapStringW
GetLocaleInfoW
GetTimeZoneInformation
IsProcessorFeaturePresent
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
GetStdHandle
ExitProcess
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
RtlUnwind
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapReAlloc
HeapSize

user32

GetWindowLongW
SetWindowLongW

advapi32

RegOpenKeyW
RegEnumKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
CreateProcessAsUserW
GetUserNameW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CryptCreateHash
CryptGetHashParam
CryptHashData
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW

shell32

SHGetFolderPathW

ole32

StringFromCLSID
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

SysFreeString

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW
PathRemoveBackslashW
PathSkipRootW
PathCanonicalizeW
PathFileExistsW
PathIsDirectoryW

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

wtsapi32

WTSQueryUserToken

rpcrt4

UuidCreate

ws2_32

recv
connect
socket
getaddrinfo
closesocket
select
WSAGetLastError
send
bind
accept
listen
freeaddrinfo
WSAStartup
WSACleanup

wininet

HttpOpenRequestW
InternetConnectW
InternetReadFile
HttpQueryInfoW
InternetCloseHandle
InternetOpenW
InternetQueryOptionW
InternetSetOptionW
HttpSendRequestW

Sections

.text
Size: 339KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f5452b283d02fc0bf04464be15d4d0f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

wtsapi32

rpcrt4

ws2_32

wininet

Sections

.text Size: 339KB - Virtual size: 338KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 1024B - Virtual size: 712B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 339KB - Virtual size: 338KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 712B

.reloc
Size: 12KB - Virtual size: 11KB