faba478545bfdedb671ba0b09a01e702_mafia_JC[.]exe | Triage

Sharing

General

Target

faba478545bfdedb671ba0b09a01e702_mafia_JC.exe
Size

840KB
MD5

faba478545bfdedb671ba0b09a01e702
SHA1

4912ab44c31683d9a6f4432a7f83cbd991b28389
SHA256

7e9a0f8fd6e5618d9089d5120fd52236c8f7e1a42f23a95053acfb278b807182
SHA512

b1fc4fb446c54ed493cdf6c9f46b2b3e7ad3b2d4319a25b026bc35f6723ac0393e23449fadef8528b744921872469cdc27d4f037bb50049436b2433c28ff5d59
SSDEEP

24576:PKlWndkhe/R0g52y3/mes6c124hBB/QlWLggE9rEEsA:ylWUA6y3eeP024hBdknElA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
faba478545bfdedb671ba0b09a01e702_mafia_JC.exe

Files

faba478545bfdedb671ba0b09a01e702_mafia_JC.exe
.exe windows x86

06fa29813db6c1f98441703604fe5cf8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
VirtualProtect
ExitProcess

Sections

.text
Size: 478KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ