2023-08-22_ca9614db9d0208217b27f984c3efc4fe_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-22_ca9614db9d0208217b27f984c3efc4fe_mafia_JC.exe
Size

1.7MB
MD5

ca9614db9d0208217b27f984c3efc4fe
SHA1

198bfe3980fe0d61783b71e80d67677bb27d28fa
SHA256

8d5f5a036b91858050cf0ab45f715cf8110f591daee69d11f58ce92105b14faf
SHA512

0a4b09e7035330cc2506f3afe97a460ef461d3a4647b14e826db6619eeb6fd4c06f5977cc6d500a430780e87bea98217393b8a8eb3b086129a1012d4c68db617
SSDEEP

24576:FYZ5M/tZFNJ8bdpMzJ62+nxPAgImCjJvkikmh:8qZjJ8bdpMNcxPAUC9vkikmh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-22_ca9614db9d0208217b27f984c3efc4fe_mafia_JC.exe

Files

2023-08-22_ca9614db9d0208217b27f984c3efc4fe_mafia_JC.exe
.exe windows x86

b06df850b8e0527644b6aaac38f4bcf6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
MoveFileW
MoveFileExW
GetVersionExW
RemoveDirectoryW
FindNextFileW
DeviceIoControl
SetEndOfFile
AllocConsole
GetStdHandle
SetConsoleTextAttribute
SetConsoleTitleW
GetDateFormatW
GetTimeFormatW
GetEnvironmentVariableW
GetFileTime
FileTimeToSystemTime
OpenProcess
GetSystemTimeAsFileTime
IsWow64Process
FindClose
FindFirstFileW
GetTickCount
DeleteFileW
GetUserDefaultLCID
SleepEx
VerifyVersionInfoA
VerSetConditionMask
SetLastError
ExpandEnvironmentStringsA
FormatMessageA
CreateProcessW
WaitForSingleObject
CloseHandle
GetVolumeInformationW
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
MulDiv
GetLocalTime
GetSystemTime
LoadLibraryA
GetSystemInfo
CopyFileW
CreateToolhelp32Snapshot
Process32NextW
GetProcessId
Process32FirstW
GetTempPathW
GetBinaryTypeW
GetUserDefaultUILanguage
lstrlenA
LocalFree
GetTimeZoneInformation
GetProcessHeap
GetDriveTypeW
SetEnvironmentVariableA
WriteConsoleW
FreeLibrary
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
HeapSize
FlushFileBuffers
SetHandleCount
GetConsoleMode
GetConsoleCP
ExitProcess
WriteFile
CreateDirectoryW
GetFileAttributesW
WideCharToMultiByte
GetCurrentDirectoryW
ReadFile
SetFilePointer
CreateFileW
GetModuleFileNameW
OpenEventW
WaitForMultipleObjects
CreateEventW
SetEvent
GetCurrentThreadId
GetLastError
GetModuleHandleW
DeleteCriticalSection
InterlockedDecrement
Sleep
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
GetExitCodeProcess
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
HeapFree
ExitThread
HeapDestroy
HeapCreate
GetLocaleInfoW
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CompareStringW
LCMapStringW
ResumeThread
CreateThread
GetCPInfo
HeapAlloc
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
GetProcAddress
HeapReAlloc
RtlUnwind
RaiseException
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetFileType
InitializeCriticalSectionAndSpinCount
SetStdHandle
MultiByteToWideChar

user32

CreateWindowExW
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
DispatchMessageW
PeekMessageW
TranslateMessage
GetWindowRect
SetCapture
TrackMouseEvent
ReleaseCapture
IsWindowVisible
GetForegroundWindow
SetWindowTextW
IsIconic
SetForegroundWindow
BringWindowToTop
SetActiveWindow
SetFocus
GetWindowThreadProcessId
AttachThreadInput
RegisterClassExW
LoadCursorW
LoadIconW
ShowScrollBar
ReleaseDC
UpdateLayeredWindow
GetWindowDC
ShowWindow
IsWindow
ScreenToClient
GetClientRect
GetAsyncKeyState
GetKeyState
SetTimer
GetCursorPos
GetDesktopWindow
GetWindowLongW
SetWindowLongW
DefWindowProcW
GetSystemMetrics
DestroyWindow
SendMessageW
FindWindowW
PostQuitMessage
PostMessageW
KillTimer
GetParent
LoadStringW
FindWindowExW
EnableWindow
BeginPaint
GetSysColor
FillRect
EndPaint
MessageBoxW
DrawAnimatedRects
DrawCaption
DrawEdge
DrawIcon
DrawFocusRect
DrawMenuBar
DrawFrameControl
DrawTextW
GetMonitorInfoW
MonitorFromPoint
EnumDesktopWindows
EnumChildWindows
GetWindowTextW
wsprintfW
SetWindowPos
MoveWindow
OpenClipboard

gdi32

CreateBitmap
CreatePen
DrawEscape
TextOutW
SetBkColor
CreateBitmapIndirect
GetDeviceCaps
CreateSolidBrush
DeleteObject
SelectObject
CreateCompatibleDC
CreateDIBitmap
CreateDIBSection
CreateDiscardableBitmap
CreateFontW

advapi32

LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
CryptCreateHash
CryptAcquireContextA
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
AdjustTokenPrivileges
RegQueryInfoKeyW
RegEnumValueW

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetPathFromIDListW
ShellExecuteW
SHGetFolderPathW
SHAppBarMessage
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderW

ole32

CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoCreateGuid
OleInitialize
OleCreate
StringFromGUID2
CoSetProxyBlanket
CreateStreamOnHGlobal

oleaut32

SysAllocStringLen
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString

gdiplus

GdipSetInterpolationMode
GdipFree
GdipDisposeImage
GdipCloneImage
GdipGetImagePixelFormat
GdipCloneBitmapAreaI
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSetCompositingMode
GdipSetCompositingQuality
GdipDrawImageI
GdipGetImageWidth
GdipGetImageHeight
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdiplusStartup
GdipDrawImagePointRectI
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipGraphicsClear
GdipDrawString
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipAlloc

urlmon

URLDownloadToFileW
ObtainUserAgentString
UrlMkSetSessionOption
UrlMkGetSessionOption

ws2_32

WSAStartup
WSASetLastError
__WSAFDIsSet
WSACleanup
WSAGetLastError
select
ioctlsocket
gethostbyname
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv

iphlpapi

GetAdaptersInfo

wininet

InternetQueryOptionW
InternetOpenW
InternetOpenUrlA
InternetCloseHandle
InternetGetConnectedState
InternetReadFile

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

comctl32

ord410
DrawStatusTextW
ord412
ord413

rpcrt4

UuidCreate

shlwapi

PathCanonicalizeW
PathAppendW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathIsRelativeW

Sections

.text
Size: 826KB - Virtual size: 825KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 684KB - Virtual size: 693KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b06df850b8e0527644b6aaac38f4bcf6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

urlmon

ws2_32

iphlpapi

wininet

version

psapi

comctl32

rpcrt4

shlwapi

Sections

.text Size: 826KB - Virtual size: 825KB

.rdata Size: 150KB - Virtual size: 149KB

.data Size: 684KB - Virtual size: 693KB

.rsrc Size: 47KB - Virtual size: 47KB

.reloc Size: 61KB - Virtual size: 60KB

.text
Size: 826KB - Virtual size: 825KB

.rdata
Size: 150KB - Virtual size: 149KB

.data
Size: 684KB - Virtual size: 693KB

.rsrc
Size: 47KB - Virtual size: 47KB

.reloc
Size: 61KB - Virtual size: 60KB