2023-08-27_2c1733757c0c6356da80376d1bdb0646_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-27_2c1733757c0c6356da80376d1bdb0646_mafia_JC.exe
Size

481KB
MD5

2c1733757c0c6356da80376d1bdb0646
SHA1

06e05d0ad159e4523c592d2fdb65eeff12e1cefd
SHA256

475148715eed9b614131b592280da1b138055ec51c8b4bfc674f581a716823a6
SHA512

9492ea616d82a8750353ca9983948c8f33bfb15d62647bf8c48d31599f7c5e4037f9942822d4ace2108e969048110c7f86b61862e2b90c0352949d5ae72673aa
SSDEEP

12288:7zOWGCYxRhZJaG+jrM1eQZlC/lItv1Ke5/NhaAlxWocpCpFifZ8PD9gTU7rVgWK0:G9C8pWUPWWKapgygo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-27_2c1733757c0c6356da80376d1bdb0646_mafia_JC.exe

Files

2023-08-27_2c1733757c0c6356da80376d1bdb0646_mafia_JC.exe
.exe windows:5 windows x86

39117cec7a91a0eff6a36ddd906cf807

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
SetLastError
LoadLibraryW
CreateFileW
WriteFile
CreateProcessW
WTSGetActiveConsoleSessionId
GetTempPathW
FindClose
FindNextFileW
RemoveDirectoryW
FindFirstFileW
ReadFile
SystemTimeToTzSpecificLocalTime
GetSystemTime
HeapAlloc
GetProcessHeap
GetCurrentProcess
HeapFree
GetVersionExW
WriteConsoleW
CreateFileA
InterlockedExchange
SetConsoleCtrlHandler
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidLocale
TerminateProcess
GetLocaleInfoA
GetUserDefaultLCID
FatalAppExitA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
SetFilePointer
GetFileAttributesW
CreateMutexW
WaitForSingleObject
ReleaseMutex
CloseHandle
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetProcAddress
lstrlenW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
DeleteFileW
lstrlenA
MultiByteToWideChar
FindResourceExW
RaiseException
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
GetCurrentThreadId
LeaveCriticalSection
GetFileType
SetHandleCount
LCMapStringW
Sleep
ExitProcess
IsProcessorFeaturePresent
GetLocaleInfoW
GetStdHandle
HeapCreate
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
EnterCriticalSection
EnumSystemLocalesA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineW
EncodePointer
DecodePointer
RtlUnwind
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
HeapDestroy
SetEndOfFile

user32

MapWindowPoints
GetWindowLongW
EndDialog
PostQuitMessage
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
LoadImageW
GetWindow
DestroyWindow
SendMessageW
SetWindowPos
GetParent
SetWindowLongW
DefWindowProcW
CharNextW
GetSystemMetrics
IsDialogMessageW

advapi32

GetSidSubAuthority
RegCreateKeyExW
RegOpenKeyW
RegEnumKeyW
RegEnumValueW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
OpenProcessToken
GetTokenInformation
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CreateProcessAsUserW
GetUserNameW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoInitialize
StringFromCLSID
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

PathAppendW
PathAddBackslashW
PathCanonicalizeW
PathRemoveFileSpecW
PathFindFileNameW

comctl32

InitCommonControlsEx

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW

wtsapi32

WTSQueryUserToken

rpcrt4

UuidCreate

urlmon

URLDownloadToFileW
URLOpenBlockingStreamW

wininet

DeleteUrlCacheEntryW

Sections

.text
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39117cec7a91a0eff6a36ddd906cf807

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

psapi

wtsapi32

rpcrt4

urlmon

wininet

Sections

.text Size: 380KB - Virtual size: 379KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 380KB - Virtual size: 379KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 15KB - Virtual size: 15KB