2023-08-22_10f740bc770c370e31c460f6c90bf766_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-22_10f740bc770c370e31c460f6c90bf766_mafia_JC.exe
Size

759KB
MD5

10f740bc770c370e31c460f6c90bf766
SHA1

7299926ee2992779468ece7712110aeec6dfffbb
SHA256

ccce423c743a1e939a2a1115b38b630bfb0a89a44d8063dcf5232cd3e2cd13ca
SHA512

4339d4d85670397237139f8f5ae66757f53dfce9e3cac09cb75c0b40a37675369d337ce250b6fb80b05ee54eb9b6814a128a723a8b4bf82c2af9a552f5fd0933
SSDEEP

12288:/zB2hzhXEjpl9Obdc//IDCAU9PqDjvhtJJNqEvrzEMKWyHkVrn4OQXgGokwJWE5i:rB2hzhwNPqDMyr46N5gw+yT9D7KU8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-22_10f740bc770c370e31c460f6c90bf766_mafia_JC.exe

Files

2023-08-22_10f740bc770c370e31c460f6c90bf766_mafia_JC.exe
.exe windows x86

d1a1e9dc07a4f24265409ac47b873cdc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTime
SuspendThread
ResumeThread
DeleteFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
FindFirstFileA
FindClose
FindNextFileA
GetCurrentDirectoryA
TerminateProcess
ReadFile
CreateMutexA
ReleaseMutex
GetVersionExA
GlobalLock
SetEvent
InitializeCriticalSection
CreateEventA
MulDiv
GlobalUnlock
ResetEvent
GetVersion
lstrcpyA
FindResourceA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByte
lstrlenW
FlushInstructionCache
RaiseException
SetLastError
lstrcmpiA
LoadLibraryExA
DeleteCriticalSection
CloseHandle
Module32Next
SetEndOfFile
CreateFileW
SetStdHandle
WriteConsoleW
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentThreadId
SetHandleCount
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
GetModuleFileNameW
GetStdHandle
ExitProcess
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
LCMapStringW
RtlUnwind
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineA
CreateThread
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
GetTempPathA
GetModuleHandleW
VirtualProtect
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
HeapSize
HeapReAlloc
HeapDestroy
DecodePointer
EncodePointer
InterlockedCompareExchange
SetFilePointer
CreateDirectoryA
FlushFileBuffers
GetFileAttributesA
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetSystemDefaultLangID
LocalFree
GetFileTime
CreateToolhelp32Snapshot
GetModuleHandleA
GetModuleFileNameA
SetEnvironmentVariableA
CreatePipe
GetSystemInfo
GlobalMemoryStatusEx
LockResource
Process32Next
OpenThread
LoadLibraryA
GetLocalTime
GetTempFileNameA
GlobalFree
SetFileAttributesA
EnterCriticalSection
GetProcAddress
GetLastError
Module32First
InterlockedExchange
GetShortPathNameA
MultiByteToWideChar
GetEnvironmentVariableA
Thread32Next
FileTimeToSystemTime
CreateProcessA
LeaveCriticalSection
IsBadCodePtr
SizeofResource
Sleep
WideCharToMultiByte
Thread32First
GlobalAlloc
OpenProcess
WriteFile
IsBadReadPtr
GetThreadContext
GetCurrentThread
GetTickCount
WaitForSingleObject
SetHandleInformation
Process32First
GetCurrentProcess
SetUnhandledExceptionFilter
LoadResource
FreeLibrary
FindResourceW
FindResourceExW
lstrcpynA
VirtualQuery
RtlCaptureContext
lstrlenA
GetFileSize
LocalAlloc
GetSystemPowerStatus
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentProcessId
UnhandledExceptionFilter
FileTimeToLocalFileTime
CreateFileA
GetFileType

user32

CopyImage
LoadImageA
GetKeyboardLayout
GetSystemMetrics
GetDesktopWindow
ReleaseDC
BringWindowToTop
GetForegroundWindow
GetDC
GetClientRect
SetForegroundWindow
MoveWindow
CopyRect
DrawFrameControl
GetDlgCtrlID
LoadCursorA
CallWindowProcA
MapWindowPoints
IsWindowVisible
LoadStringA
EqualRect
ShowWindow
SetWindowPos
GetSysColor
DefWindowProcA
GetDlgItem
UnregisterClassA
GetWindowThreadProcessId
MonitorFromWindow
GetWindowLongA
InvalidateRect
MessageBoxA
SetWindowLongA
SetRect
OffsetRect
InflateRect
GetMonitorInfoA
PtInRect
BeginPaint
SendMessageA
IsWindowEnabled
LoadIconA
GetParent
DrawIconEx
GetKeyState
DrawTextA
KillTimer
SetCapture
FillRect
PostQuitMessage
GetWindow
IsWindow
ReleaseCapture
GetWindowRect
GetMessageA
RegisterClassExA
GetClassInfoExA
CharNextA
TranslateMessage
CreateWindowExA
PeekMessageA
GetActiveWindow
DispatchMessageA
EndPaint
ClientToScreen
DestroyWindow
SetCursor
SetWindowRgn
SetTimer

gdi32

MoveToEx
GetTextExtentPoint32A
LineTo
SetTextColor
GetDeviceCaps
StretchBlt
CreateFontIndirectA
SetBkColor
CreateBitmap
GetClipRgn
SelectClipRgn
SetRectRgn
CreateRectRgnIndirect
CombineRgn
RectInRegion
OffsetRgn
SaveDC
CreateRectRgn
CreatePen
RoundRect
GetPixel
GetStockObject
ExtTextOutA
RestoreDC
CreateSolidBrush
TextOutA
BitBlt
DeleteDC
CreateDIBSection
SetDIBColorTable
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
Rectangle
SetBkMode

advapi32

RegOpenKeyA
OpenProcessToken
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyW
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
LookupAccountSidA
GetTokenInformation
RegQueryInfoKeyA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoInitializeSecurity
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

OleLoadPicture
SysFreeString
VarUI4FromStr
SafeArrayGetUBound
SafeArrayGetElement
VariantChangeType
VariantInit
SafeArrayDestroy
VariantCopy
VariantClear
SafeArrayGetLBound
SysAllocString

shlwapi

PathAppendA
SHGetValueA
SHSetValueA
StrToIntA
PathFindExtensionA
PathStripPathA
PathFileExistsA
PathFindExtensionW
PathRemoveFileSpecA

gdiplus

GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImageHeight
GdipFree
GdipCreateBitmapFromScan0
GdipLoadImageFromStream
GdipCreateFromHDC
GdipCreateImageAttributes
GdipSetImageAttributesColorKeys
GdipDisposeImageAttributes
GdipDrawImageRectI
GdipDrawImageRectRectI
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipSaveImageToFile
GdipGetImagePaletteSize
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromFile
GdipDisposeImage
GdipBitmapUnlockBits
GdipDrawImageI
GdipAlloc
GdiplusShutdown
GdipGetImageEncodersSize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

dbghelp

SymCleanup
SymFunctionTableAccess64
SymSetOptions
SearchTreeForFile
SymFromAddr
StackWalk64
SymInitialize
SymGetModuleBase64
SymGetLineFromAddr64

psapi

GetProcessMemoryInfo

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpSendRequestA
InternetSetCookieA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetAttemptConnect
InternetConnectA
InternetCloseHandle

comctl32

_TrackMouseEvent

imm32

ImmIsIME
ImmGetDescriptionA

Sections

.text
Size: 518KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1a1e9dc07a4f24265409ac47b873cdc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

version

dbghelp

psapi

wininet

comctl32

imm32

Sections

.text Size: 518KB - Virtual size: 517KB

.rdata Size: 93KB - Virtual size: 93KB

.data Size: 15KB - Virtual size: 30KB

.rsrc Size: 93KB - Virtual size: 92KB

.reloc Size: 38KB - Virtual size: 40KB

.text
Size: 518KB - Virtual size: 517KB

.rdata
Size: 93KB - Virtual size: 93KB

.data
Size: 15KB - Virtual size: 30KB

.rsrc
Size: 93KB - Virtual size: 92KB

.reloc
Size: 38KB - Virtual size: 40KB