2023-08-22_4d078ff9322b256657b2639e68e37663_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-22_4d078ff9322b256657b2639e68e37663_mafia_JC.exe
Size

221KB
MD5

4d078ff9322b256657b2639e68e37663
SHA1

1fc014ce45acacd142673bfc0fb039fcfdd7d16d
SHA256

f34ee8a9eadca14c8281f8d45f63ed520cd8e771057d956348841a6c04283838
SHA512

616efe35348daee86105056ece58118935e9e021643d6a80083e04e7911db5e2cc1f399d9f7f7f284867a2d929aa5d13a4886918cf0c8828a78915810d8b01ce
SSDEEP

3072:tDrLNcLfu/37alQJ2jDYDc82S6GzqzQuqRF/CFlk3L27fmMC6Duvm:tXpcju/rxJ2jmcf3sOlkydC+p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-22_4d078ff9322b256657b2639e68e37663_mafia_JC.exe

Files

2023-08-22_4d078ff9322b256657b2639e68e37663_mafia_JC.exe
.exe windows x86

0b96360939b2d4d33b3308bc15884249

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlite3

sqlite3_prepare_v2
sqlite3_mprintf
sqlite3_step
sqlite3_finalize
sqlite3_column_int
sqlite3_busy_timeout
sqlite3_errmsg
sqlite3_column_text
sqlite3_column_count
sqlite3_open
sqlite3_exec
sqlite3_close
sqlite3_column_type
sqlite3_changes
sqlite3_free

kernel32

GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
HeapSize
LoadLibraryW
CloseHandle
EnumSystemLocalesA
GetConsoleMode
GetConsoleCP
SetFilePointer
ReadFile
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
Sleep
GetVersionExW
GetEnvironmentVariableA
IsValidLocale
HeapReAlloc
SetStdHandle
WriteConsoleW
CreateFileA
CreateFileW
SetEndOfFile
FlushFileBuffers
HeapAlloc
GetCurrentThreadId
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetProcessHeap
GetProcAddress
GetModuleHandleW
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
GetCPInfo
RtlUnwind
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegQueryInfoKeyW
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegEnumKeyExW

shell32

ShellExecuteA

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b96360939b2d4d33b3308bc15884249

Headers

DLL Characteristics

File Characteristics

Imports

sqlite3

kernel32

advapi32

shell32

Sections

.text Size: 166KB - Virtual size: 165KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 166KB - Virtual size: 165KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB