2023-08-27_3b2d1d6ee35c381e849ec6292cdfb59a_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-27_3b2d1d6ee35c381e849ec6292cdfb59a_mafia_JC.exe
Size

593KB
MD5

3b2d1d6ee35c381e849ec6292cdfb59a
SHA1

ea19aa198842ed613a618f01e337240794045e50
SHA256

c37d1b337e6a1df67fe8fdcfc2155254527985890219ad6318f8b83e3852d3cc
SHA512

2ca16c840a466c66ef077d54a70120eb3b60cd3b30928dc1f43cd7e6a1f76d6fdc11d46c2c3154de5b75196d8e6ed5986205b853925bc6241973b33240eae18f
SSDEEP

12288:p2+SkudwTvelQUvoCSo5EbrQtKg0Th2X7XKsHOn8eonqxq+E:mkuAeQUvNSoS0C4X9Qf4qxq7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-27_3b2d1d6ee35c381e849ec6292cdfb59a_mafia_JC.exe

Files

2023-08-27_3b2d1d6ee35c381e849ec6292cdfb59a_mafia_JC.exe
.exe windows:5 windows x86

764cb6f16f1a66ff525db4acfef5f745

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetTickCount
GetSystemInfo
OutputDebugStringW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FreeLibrary
LoadLibraryW
SetEnvironmentVariableA
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
CompareStringW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
GetModuleHandleW
GlobalLock
GetACP
GetCPInfo
Sleep
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStdHandle
WriteFile
ExitProcess
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineW
DecodePointer
EncodePointer
RtlUnwind
GetSystemTimeAsFileTime
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
IsValidCodePage
GlobalAlloc
InitializeCriticalSectionAndSpinCount
GlobalUnlock
MulDiv
lstrcmpW
GetModuleFileNameW
OpenMutexW
CreateMutexW
ReleaseMutex
SetEvent
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetTempPathW
GetTempFileNameW
CreateDirectoryW
CreateThread
CreateFileW
GetFileSize
ReadFile
ExpandEnvironmentStringsW
OpenProcess
TerminateProcess
GetVersionExW
DeleteFileW
MoveFileExW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CloseHandle
lstrlenA
MultiByteToWideChar
SizeofResource
RaiseException
lstrlenW
lstrcmpA
LocalAlloc
LocalFree
GetLastError
DeleteCriticalSection
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
GetOEMCP

user32

MapWindowPoints
GetWindow
GetParent
PostMessageW
GetClientRect
RegisterClassExW
BringWindowToTop
CreateWindowExW
GetWindowThreadProcessId
DestroyWindow
SendMessageW
FindWindowW
keybd_event
GetForegroundWindow
EnumWindows
GetMonitorInfoW
GetWindowRect
MonitorFromWindow
LoadCursorW
SetWindowLongW
IsWindow
SetForegroundWindow
AttachThreadInput
DispatchMessageW
TranslateMessage
GetMessageW
MessageBoxW
SetWindowTextW
GetClassInfoExW
GetWindowTextW
MoveWindow
ShowWindow
CallWindowProcW
DefWindowProcW
GetSysColor
CharNextW
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
SetWindowPos
GetWindowLongW
PostThreadMessageW
UnregisterClassA
GetSystemMetrics
GetSystemMenu
EnableMenuItem
RegisterWindowMessageW
GetWindowTextLengthW
PostQuitMessage
LoadIconW
CreateAcceleratorTableW
GetFocus
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect

gdi32

GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
GetStockObject

advapi32

CloseEventLog
CryptDestroyKey
CryptEncrypt
CryptGetKeyParam
CryptAcquireContextW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
RevertToSelf
OpenEventLogW
GetNumberOfEventLogRecords
GetOldestEventLogRecord
ReadEventLogW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
ImpersonateLoggedOnUser
OpenProcessToken
DuplicateTokenEx
RegEnumKeyExW
RegQueryInfoKeyW
CryptReleaseContext

shell32

SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW

ole32

CoCreateInstance
CoAddRefServerProcess
CoReleaseServerProcess
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CoTaskMemAlloc
CLSIDFromString
CreateStreamOnHGlobal
CoInitialize
CoInitializeSecurity
CoUninitialize
OleUninitialize
OleInitialize

oleaut32

SysAllocString
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysFreeString
VariantInit
SysStringLen
VarBstrCat
VarBstrCmp
VariantClear
SysAllocStringLen

shlwapi

PathAddExtensionW
PathAppendW
PathQuoteSpacesW
PathRemoveExtensionW
PathStripPathW
PathFileExistsW

urlmon

ObtainUserAgentString
URLDownloadToFileW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

crypt32

PFXImportCertStore
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptDecodeObject
PFXIsPFXBlob
CryptImportPublicKeyInfo

wintrust

WinVerifyTrust

iphlpapi

GetAdaptersInfo

wininet

HttpOpenRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
InternetQueryOptionW
InternetSetOptionW
InternetConnectW
HttpSendRequestA
InternetCloseHandle
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindCloseUrlCache
InternetOpenW
InternetCrackUrlW
HttpSendRequestW
InternetReadFile

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

Sections

.text
Size: 398KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

764cb6f16f1a66ff525db4acfef5f745

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

version

crypt32

wintrust

iphlpapi

wininet

rpcrt4

Sections

.text Size: 398KB - Virtual size: 398KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 9KB - Virtual size: 35KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 62KB - Virtual size: 62KB

.text
Size: 398KB - Virtual size: 398KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 9KB - Virtual size: 35KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 62KB - Virtual size: 62KB