2023-08-27_7e7592498cc31bd8d7d1ce43b6a6474e_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-27_7e7592498cc31bd8d7d1ce43b6a6474e_mafia_JC.exe
Size

721KB
MD5

7e7592498cc31bd8d7d1ce43b6a6474e
SHA1

4ce2e8420ac6018326edf770793bf392eb800b13
SHA256

65bb2c7105328c5ad9aa47da731c9f99759379ea0a2f7cd3c0ee9117f13403ee
SHA512

42d1451fc6e8e42888e6bc8a0646aa770f89865bea19b4a4c0f65a68acd7af61cb3b7d7ef3c5c771d69ca5eb1df9d9c9aa612e12a06fa4c3f016f5bf7ba25e66
SSDEEP

12288:LiuGkWDLTeoFuYzBTODnPpf5ShaoSDYkfNl7/6BdpM60ZVN9q4NXfHLz712XaA:uNkWD3Fu6aDhUAoSDYkfNl7/AdAZP9Hs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-27_7e7592498cc31bd8d7d1ce43b6a6474e_mafia_JC.exe

Files

2023-08-27_7e7592498cc31bd8d7d1ce43b6a6474e_mafia_JC.exe
.exe windows:5 windows x86

5fcded9372e8b14ada4c3cfbd11c1cf2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

closesocket
gethostbyname
gethostbyaddr
recv
send
listen
accept
WSACleanup
WSAStartup
htons
socket
connect
setsockopt
ioctlsocket
WSAGetLastError

netapi32

Netbios

dbghelp

MiniDumpWriteDump

shfolder

SHGetFolderPathA

comctl32

ord17

iphlpapi

GetAdaptersAddresses

kernel32

GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
SetEnvironmentVariableA
SetEnvironmentVariableW
QueryPerformanceCounter
GetFileType
HeapSize
FreeEnvironmentStringsW
InterlockedExchange
HeapCreate
CompareStringW
GetStringTypeW
GetEnvironmentStringsW
GetUserDefaultLCID
CloseHandle
LocalFree
GetLastError
FormatMessageA
FreeLibrary
LoadLibraryA
CallNamedPipeA
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
ResetEvent
WaitForSingleObject
SetLastError
DisconnectNamedPipe
FlushFileBuffers
ConnectNamedPipe
GetOverlappedResult
WriteFile
ReadFile
Sleep
WaitForMultipleObjects
CreateEventA
SetEvent
GetCurrentThreadId
GetProfileStringA
CreateMutexA
CreateSemaphoreA
ReleaseMutex
ReleaseSemaphore
InterlockedIncrement
InterlockedDecrement
SetThreadLocale
GetTickCount
GetModuleHandleA
SetThreadPriority
GetCurrentThread
SetProcessShutdownParameters
SetConsoleCtrlHandler
AllocConsole
FreeConsole
Beep
GetComputerNameA
ExitProcess
GetExitCodeProcess
CreateProcessA
GetCurrentProcess
GetCurrentProcessId
GetLocalTime
CreateDirectoryA
GetTempPathA
SetConsoleCursorInfo
SetConsoleMode
GetLocaleInfoA
GetConsoleScreenBufferInfo
SetConsoleWindowInfo
SetConsoleScreenBufferSize
GetLargestConsoleWindowSize
GetNumberOfConsoleInputEvents
FlushConsoleInputBuffer
GetConsoleCursorInfo
GetConsoleMode
GetStdHandle
FillConsoleOutputAttribute
SetConsoleCursorPosition
lstrcmpiA
CompareStringA
GetModuleFileNameA
GetEnvironmentVariableA
SuspendThread
ResumeThread
GetExitCodeThread
TerminateThread
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
GetVersion
GetLocaleInfoW
GetModuleFileNameW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
CreateFileW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
RemoveDirectoryW
RemoveDirectoryA
CreateDirectoryW
MoveFileW
MoveFileA
DeleteFileW
DeleteFileA
GetFileAttributesW
GetDriveTypeW
GetDriveTypeA
FindClose
GetFullPathNameW
GetFullPathNameA
FindNextFileW
FindFirstFileExW
FindNextFileA
FindFirstFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcessHeap
SetEndOfFile
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
HeapSetInformation
GetCommandLineA
DuplicateHandle
CreatePipe
GetFileAttributesA
GetModuleHandleW
SetFilePointer
GetSystemTimeAsFileTime
SetStdHandle
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
SetHandleCount
WriteConsoleW
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
GetNumberOfConsoleMouseButtons
RtlUnwind
DecodePointer
EncodePointer
HeapFree
HeapAlloc
RaiseException
GetConsoleCP
ExitThread
CreateThread
HeapReAlloc

user32

CharLowerBuffA
CharUpperBuffA
CharLowerA
CharUpperA
GetProcessWindowStation
GetUserObjectInformationA
OemToCharA
PostThreadMessageA
GetMessageA
CreateDialogParamA
PostQuitMessage
DialogBoxParamA
SetDlgItemTextA
GetDlgItem
SendMessageA
SetFocus
EndDialog
GetDlgItemTextA
GetParent
GetWindow
GetWindowRect
CharToOemA
GetClientRect
MapWindowPoints
SetWindowPos
SetWindowsHookExA
UnhookWindowsHookEx
DestroyWindow
UnregisterClassA
RegisterClassA
CreateWindowExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
PeekMessageW
DispatchMessageW
PeekMessageA
IsWindowUnicode
TranslateMessage
GetAsyncKeyState
CallNextHookEx
PostMessageA
MsgWaitForMultipleObjects
MessageBoxA
OemToCharBuffA
CharToOemBuffA
SystemParametersInfoA
DispatchMessageA

winspool.drv

OpenPrinterA
StartDocPrinterA
WritePrinter
EndDocPrinter
ClosePrinter

advapi32

RegOpenKeyExA
RegQueryValueExA
GetUserNameA
RegCloseKey

Sections

.text
Size: 517KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fcded9372e8b14ada4c3cfbd11c1cf2

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

netapi32

dbghelp

shfolder

comctl32

iphlpapi

kernel32

user32

winspool.drv

advapi32

Sections

.text Size: 517KB - Virtual size: 516KB

.rdata Size: 107KB - Virtual size: 106KB

.data Size: 20KB - Virtual size: 34KB

.rsrc Size: 36KB - Virtual size: 36KB

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 517KB - Virtual size: 516KB

.rdata
Size: 107KB - Virtual size: 106KB

.data
Size: 20KB - Virtual size: 34KB

.rsrc
Size: 36KB - Virtual size: 36KB

.reloc
Size: 39KB - Virtual size: 39KB