2023-08-27_8659ea5670f47664f3dde0f924f01b5f_mafia_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2023-08-27_8659ea5670f47664f3dde0f924f01b5f_mafia_JC.exe
Size

900KB
MD5

8659ea5670f47664f3dde0f924f01b5f
SHA1

d4e55c46621bdf24c2cb5c739f863cb124b5a1b8
SHA256

b518361e24e87ecb5a7bbc3075a374cf788c0eda3a891ae4a072ba5360213e6e
SHA512

f39872c1cf9007f9979c4c7b69d70b9064cd1d2aa6dfac634f8552fcb3dc107016895fcef7b90680759eb6059074a0c50b375f7ded7c82e2d4d08ee723ec876e
SSDEEP

12288:kxfHW+ETzGhDC15FJKIfprT1GxoR5pfkpXSq6dHlcnAigFNf0g8WwhspyaVZtnPU:BNRYypfkgqRnuZwtkZtnVYekKRmhZP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-27_8659ea5670f47664f3dde0f924f01b5f_mafia_JC.exe

Files

2023-08-27_8659ea5670f47664f3dde0f924f01b5f_mafia_JC.exe
.exe windows:5 windows x86

071dc177cb524c1e545e6319f357ca10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostQuitMessage
SetForegroundWindow
LoadIconA
CallNextHookEx
IsWindowEnabled
SetFocus
SendMessageA
DrawTextExA
IsDialogMessageA
TranslateMessage
RegisterClassExA
OffsetRect
GetWindowTextA
GetAsyncKeyState
SetActiveWindow
CloseClipboard
GetMessageA
DestroyWindow
GetNextDlgTabItem
AdjustWindowRect
FindWindowA
LoadCursorA
SetDlgItemTextA
CallWindowProcA
SetClipboardData
EnableWindow
UpdateWindow
SetWindowTextA
GetSystemMetrics
UnhookWindowsHookEx
GetForegroundWindow
SetWindowLongA
AdjustWindowRectEx
OpenClipboard
DispatchMessageA
ShowWindow
SetWindowsHookExA
DefWindowProcA
GetDlgItem
RegisterClassA
MessageBoxA
UnregisterClassA
GetClipboardData
CreateWindowExA
PeekMessageA
EmptyClipboard

gdi32

DeleteDC
GetStockObject
GetTextExtentPointA
SelectObject
CreateDCA

ole32

CoUninitialize
CLSIDFromProgID
CoInitialize
CoCreateInstance

kernel32

SetEnvironmentVariableA
CompareStringW
CreateFileW
GetProcessHeap
SetEndOfFile
WriteConsoleW
FlushFileBuffers
HeapReAlloc
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryW
GetTimeZoneInformation
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentThreadId
SetLastError
IsBadWritePtr
SetEvent
CreateEventA
LocalFree
TerminateProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
CreateFileA
lstrlenA
VirtualQuery
FreeLibrary
InterlockedDecrement
GetCurrentProcess
QueryPerformanceCounter
GlobalLock
WaitForSingleObject
GetTickCount
GetCurrentThread
VirtualFree
GetDriveTypeA
GlobalAlloc
GetVolumeInformationA
Sleep
CreateProcessA
GetEnvironmentVariableA
MultiByteToWideChar
SetThreadPriority
GlobalUnlock
CreateDirectoryA
SetCurrentDirectoryA
FindFirstFileA
GetLastError
GetProcAddress
VirtualAlloc
RemoveDirectoryA
SetFileAttributesA
FindClose
LoadLibraryA
GlobalMemoryStatusEx
DeviceIoControl
GetSystemInfo
GetModuleFileNameA
FindNextFileA
GetModuleHandleA
LoadLibraryExA
CreateMutexA
GetProcessAffinityMask
QueryPerformanceFrequency
SetThreadAffinityMask
CloseHandle
GetTempPathA
CopyFileExA
DeleteFileA
WideCharToMultiByte
InterlockedIncrement
InterlockedExchange
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
ExitThread
ResumeThread
CreateThread
GetModuleHandleW
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
GetCPInfo
RtlUnwind
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ReadFile
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
WriteFile
GetModuleFileNameW
GetLocaleInfoW
HeapCreate
HeapSize
SetStdHandle
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP

ws2_32

inet_addr
WSAStartup
inet_ntoa
connect
ioctlsocket
send
recv
select
WSAGetLastError
WSARecvFrom
setsockopt
WSACleanup
bind
socket
__WSAFDIsSet
closesocket
gethostbyname
WSASendTo
ntohl
ntohs
htonl
htons

advapi32

RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
OpenProcessToken
RegQueryInfoKeyA
RegDeleteValueA
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
GetTokenInformation
RegCloseKey

shell32

SHGetFolderPathA

winmm

mmioSetInfo
mmioAdvance
mmioSeek
mmioDescend
mmioAscend
mmioClose
mmioCreateChunk
mmioWrite
timeEndPeriod
timeGetTime
timeBeginPeriod
mmioRead
mmioOpenA
mmioGetInfo

dsound

ord11
ord2

dinput8

DirectInput8Create

oleaut32

VariantChangeType
SysAllocString
VariantClear
VariantCopy
VariantInit
SysFreeString

Sections

.text
Size: 679KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

071dc177cb524c1e545e6319f357ca10

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

ole32

kernel32

ws2_32

advapi32

shell32

winmm

dsound

dinput8

oleaut32

Sections

.text Size: 679KB - Virtual size: 679KB

.rdata Size: 149KB - Virtual size: 148KB

.data Size: 20KB - Virtual size: 46KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 679KB - Virtual size: 679KB

.rdata
Size: 149KB - Virtual size: 148KB

.data
Size: 20KB - Virtual size: 46KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 36KB - Virtual size: 36KB