2023-08-26_164d8a60285b420ceb87fd23e3d4382e_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-26_164d8a60285b420ceb87fd23e3d4382e_mafia_JC.exe
Size

4.5MB
MD5

164d8a60285b420ceb87fd23e3d4382e
SHA1

959c150cd778292db68498f9b511d30ee472cdb8
SHA256

cc54c9af6184f33a77c9755b471f1e7fe52727690866ea41221c72dff04e2791
SHA512

763cd3b9b335cb5c20de906d3e70008ddbd486d3be645fba242752bab33a1b22e7a568ba88f92fba641eefc0c5e968594f9a1ac8ecd667f40a3a5cf7fcede51e
SSDEEP

98304:OLCRBgIPGfcivD5pk5/5Rzc1E+yJBRhaLFCZUh9VpkEc6nYTZx3:n1P4lpy5cyJcQefRc6QZZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-26_164d8a60285b420ceb87fd23e3d4382e_mafia_JC.exe

Files

2023-08-26_164d8a60285b420ceb87fd23e3d4382e_mafia_JC.exe
.exe windows x86

344369ff4f2f5d8da22ccc706fd7a77b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetUserNameA

comctl32

InitCommonControls

gdi32

GetStockObject
GetDeviceCaps

kernel32

GetModuleHandleW
GetVersionExW
DeleteCriticalSection
GetCommandLineW
MultiByteToWideChar
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetLastError
GetModuleFileNameW
QueryPerformanceFrequency
QueryPerformanceCounter
lstrlenW
GetVersionExA
CreateFileW
GetTimeZoneInformation
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetSystemTimeAsFileTime
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStringTypeW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
InitializeCriticalSection
RaiseException
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
CreateFileA
GetCurrentProcessId
CloseHandle
SetFilePointer
HeapCreate
GetFileType
LockResource
GetStdHandle
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedExchange
ReadFile
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
FreeLibrary
GetLocaleInfoW
GetLocaleInfoA
Sleep
FindFirstFileA
FindNextFileA
FindClose
LocalAlloc
HeapSize
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
WriteFile
IsProcessorFeaturePresent
ExitProcess
DecodePointer
HeapAlloc
HeapFree
HeapReAlloc
EncodePointer
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
CreateDirectoryA
RtlUnwind
GetDriveTypeW
GetFullPathNameA
GetCommandLineA
HeapSetInformation
GetStartupInfoW

shell32

ExtractIconW
CommandLineToArgvW
SHGetFolderPathA
ShellExecuteA

user32

GetForegroundWindow
SetCapture
ReleaseCapture
SystemParametersInfoA
PeekMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
LoadCursorW
RegisterClassW
SetRect
CreateWindowExW
ScreenToClient
ClipCursor
PostQuitMessage
DefWindowProcW
GetWindowLongW
SetWindowLongW
ShowWindow
SetMenu
GetWindowPlacement
GetMenu
SetWindowPlacement
SetWindowPos
IsIconic
AdjustWindowRect
GetWindowRect
IsZoomed
IsWindowVisible
GetSystemMetrics
MessageBoxW
GetClientRect
SystemParametersInfoW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetWindowInfo
GetCursorPos
SendMessageW
ShowCursor
GetDC

winmm

timeGetTime

Sections

.text
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text1
Size: 704KB - Virtual size: 704KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc1
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Geddon
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

344369ff4f2f5d8da22ccc706fd7a77b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

shell32

user32

winmm

Sections

.text Size: 504KB - Virtual size: 504KB

.rdata Size: 100KB - Virtual size: 100KB

.data Size: 640KB - Virtual size: 640KB

.reloc Size: 32KB - Virtual size: 32KB

.text1 Size: 704KB - Virtual size: 704KB

.adata Size: 64KB - Virtual size: 64KB

.data1 Size: 128KB - Virtual size: 128KB

.reloc1 Size: 64KB - Virtual size: 64KB

.pdata Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 364KB - Virtual size: 364KB

.Geddon Size: 4KB - Virtual size: 4KB

.text
Size: 504KB - Virtual size: 504KB

.rdata
Size: 100KB - Virtual size: 100KB

.data
Size: 640KB - Virtual size: 640KB

.reloc
Size: 32KB - Virtual size: 32KB

.text1
Size: 704KB - Virtual size: 704KB

.adata
Size: 64KB - Virtual size: 64KB

.data1
Size: 128KB - Virtual size: 128KB

.reloc1
Size: 64KB - Virtual size: 64KB

.pdata
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 364KB - Virtual size: 364KB

.Geddon
Size: 4KB - Virtual size: 4KB