2023-08-26_eb06e534b58145a7b0cbbc1927898e66_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-26_eb06e534b58145a7b0cbbc1927898e66_mafia_JC.exe
Size

913KB
MD5

eb06e534b58145a7b0cbbc1927898e66
SHA1

2da91df246212b9b4759722990dc14a8f23913e7
SHA256

2a80968c79695cbfca757c413e061c0adfee4066a8a42caa82ec28845c5446ea
SHA512

bc84324d32608691312659921cfa493442ff372f600a7183c0abb27283c6716f8512b8732ec505b146baa0b13b98ee96595703a6e26505dcbb7cdf58fb93469a
SSDEEP

24576:ifzWOvMY4N9nTyt8HR51b+AQeFKrl4vg+k7+dgm:EzHmjyt8HR9QryvgV4V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-26_eb06e534b58145a7b0cbbc1927898e66_mafia_JC.exe

Files

2023-08-26_eb06e534b58145a7b0cbbc1927898e66_mafia_JC.exe
.exe windows:5 windows x86

79d5c3fabc01563b7153e6670eb60f36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

duilib

?OnFinalMessage@WindowImplBase@DuiLib@@UAEXPAUHWND__@@@Z
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@UtagPOINT@@@Z
?GetCaptionRect@CPaintManagerUI@DuiLib@@QAEAAUtagRECT@@XZ
??BCWindowWnd@DuiLib@@QBEPAUHWND__@@XZ
?Offset@CDuiRect@DuiLib@@QAEXHH@Z
??0CDuiRect@DuiLib@@QAE@XZ
?GetRoundCorner@CPaintManagerUI@DuiLib@@QBE?AUtagSIZE@@XZ
??0CDuiRect@DuiLib@@QAE@ABUtagRECT@@@Z
?HandleMessage@CWindowWnd@DuiLib@@MAEJIIJ@Z
?SetValue@CProgressUI@DuiLib@@QAEXH@Z
?HandleMessage@WindowImplBase@DuiLib@@UAEJIIJ@Z
??0CDuiString@DuiLib@@QAE@PB_WH@Z
??8CDuiString@DuiLib@@QBE_NPB_W@Z
?MessageLoop@CPaintManagerUI@DuiLib@@SAXXZ
?CenterWindow@CWindowWnd@DuiLib@@QAEXXZ
?SetIcon@CWindowWnd@DuiLib@@QAEXI@Z
?Create@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PB_WKKHHHHPAUHMENU__@@@Z
??1CDuiString@DuiLib@@QAE@XZ
?SetResourcePath@CPaintManagerUI@DuiLib@@SAXPB_W@Z
??BCDuiString@DuiLib@@QBEPB_WXZ
??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z
?GetInstancePath@CPaintManagerUI@DuiLib@@SA?AVCDuiString@2@XZ
?SetInstance@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
??1WindowImplBase@DuiLib@@UAE@XZ
?CreateControl@WindowImplBase@DuiLib@@UAEPAVCControlUI@2@PB_W@Z
?MessageHandler@WindowImplBase@DuiLib@@UAEJIIJAA_N@Z
?GetMessageMap@WindowImplBase@DuiLib@@MBEPBUDUI_MSGMAP@2@XZ
?GetStyle@WindowImplBase@DuiLib@@UAEJXZ
?HandleCustomMessage@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseMove@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonUp@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSetFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKillFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKeyDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnCreate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnChar@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseHover@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseWheel@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcPaint@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcCalcSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcActivate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnDestroy@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnClose@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?GetZIPFileName@WindowImplBase@DuiLib@@UBE?AVCDuiString@2@XZ
?OnClick@WindowImplBase@DuiLib@@MAEXAAUtagTNotifyUI@2@@Z
?GetSuperClassName@CWindowWnd@DuiLib@@MBEPB_WXZ
?MessageHandler@CPaintManagerUI@DuiLib@@QAE_NIIJAAJ@Z
??0WindowImplBase@DuiLib@@QAE@XZ

kernel32

FindNextFileW
DeleteFileW
CopyFileW
MoveFileW
MoveFileExW
SetFilePointer
WriteFile
GetModuleHandleW
GetCurrentProcess
GetVersionExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
WaitForMultipleObjects
GetCurrentProcessId
CreateProcessW
WaitForSingleObject
GetTempPathW
ExpandEnvironmentStringsA
LocalAlloc
LocalFree
SizeofResource
LockResource
RemoveDirectoryW
FindResourceW
FindResourceExW
CreateFileA
SetPriorityClass
DeviceIoControl
InterlockedDecrement
GetCurrentDirectoryW
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
ExitThread
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
FindClose
FindFirstFileW
GetDriveTypeW
ReadFile
GetFileSize
CreateFileW
FileTimeToSystemTime
GetLocalTime
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
CreateMutexW
GetLastError
GetProcAddress
FreeLibrary
OpenProcess
ReleaseMutex
GetModuleFileNameW
GetExitCodeProcess
ExitProcess
CreateThread
SetThreadPriority
CloseHandle
lstrlenA
SetFileTime
GetModuleHandleA
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
PeekNamedPipe
FormatMessageA
SleepEx
SetEnvironmentVariableA
CompareStringW
SetStdHandle
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
SetHandleCount
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
GetCurrentThreadId
SetLastError
TlsFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
GetStdHandle
GetFileType
WriteConsoleW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetSystemTime
GetFullPathNameW
GetFullPathNameA
UnlockFile
LockFileEx
LockFile
SetEndOfFile
FlushFileBuffers
GetTempPathA
GetFileAttributesA
Sleep
LoadResource
InterlockedIncrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteFileA

user32

GetClientRect
SetWindowRgn
GetWindowRect
IsIconic
GetMonitorInfoW
ScreenToClient
MonitorFromWindow
IsZoomed
PostQuitMessage
PostMessageW
MessageBoxW
FindWindowW
wsprintfW
ShowWindow

gdi32

CreateRoundRectRgn
DeleteObject

advapi32

CryptCreateHash
CryptReleaseContext
CryptEncrypt
CryptDestroyKey
CryptAcquireContextA
CryptDestroyHash
CryptGetHashParam
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptHashData
CryptImportKey

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHFileOperationW

ole32

CoInitialize
CoTaskMemFree
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

shlwapi

PathFileExistsW
SHCreateStreamOnFileEx

ws2_32

gethostname
ioctlsocket
WSACleanup
WSAStartup
WSASetLastError
__WSAFDIsSet
listen
select
recv
send
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
WSAGetLastError

wldap32

ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord50
ord60
ord143
ord211
ord46
ord41
ord27
ord22
ord301

psapi

GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 665KB - Virtual size: 664KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79d5c3fabc01563b7153e6670eb60f36

Headers

DLL Characteristics

File Characteristics

Imports

duilib

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

wldap32

psapi

iphlpapi

Sections

.text Size: 665KB - Virtual size: 664KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 90KB - Virtual size: 90KB

.reloc Size: 31KB - Virtual size: 30KB

.text
Size: 665KB - Virtual size: 664KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 90KB - Virtual size: 90KB

.reloc
Size: 31KB - Virtual size: 30KB