2023-08-26_a5bd9e5d8d8b9f2b211fb3ce26b17312_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-26_a5bd9e5d8d8b9f2b211fb3ce26b17312_mafia_JC.exe
Size

2.5MB
MD5

a5bd9e5d8d8b9f2b211fb3ce26b17312
SHA1

b1a50d29e107b586cddfa2257863cfd3cbdd7d3d
SHA256

ad3fcff4295392e4fc0b72fe36c6a361bc01998a6cc0a45154246d86911380cf
SHA512

3328b4c1fc1a5298d62bd70c01545ce8bd390d4399b1b791b84561fab1b3973862d860723d5d33276441239cddbfc526fa6202e4a28569bb7b2a0938dc4d252c
SSDEEP

49152:4V3V6aZ78jf6p3VYBAJYCAnv/lhvxuR94FKsNG3gqoC+:4tc6p2aJYCAnHzvxuRmFRmgzC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-26_a5bd9e5d8d8b9f2b211fb3ce26b17312_mafia_JC.exe

Files

2023-08-26_a5bd9e5d8d8b9f2b211fb3ce26b17312_mafia_JC.exe
.exe windows:5 windows x86

9c1df827766ac62004889b8b24268762

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
GetCurrentProcess
lstrcatW
lstrcpyW
lstrlenW
GetWindowsDirectoryW
CopyFileW
SetFileAttributesW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
GetVersionExW
GetSystemDirectoryW
GetFullPathNameW
GetModuleHandleW
FindNextFileW
FindFirstFileW
LeaveCriticalSection
EnterCriticalSection
TlsAlloc
InterlockedDecrement
InterlockedIncrement
TlsSetValue
TlsGetValue
DeleteCriticalSection
WriteConsoleW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
InterlockedExchange
Sleep
CreatePipe
SetHandleInformation
CreateProcessW
ReadFile
GetExitCodeProcess
DeviceIoControl
WaitForSingleObject
GetSystemTime
SystemTimeToFileTime
SetLastError
FormatMessageW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersion
FindResourceW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetCurrentThreadId
CreateDirectoryW
GetFileAttributesW
GetLastError
GetTempPathW
DeleteFileW
GetTempFileNameW
MoveFileExW
CloseHandle
WriteFile
LockResource
CreateFileW
SizeofResource
LoadResource
InitializeCriticalSection
GetLocaleInfoA
GetUserDefaultLCID
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
TlsFree
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
IsProcessorFeaturePresent
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCPInfo
HeapAlloc
RaiseException
RtlUnwind
HeapSetInformation
GetCommandLineW
HeapFree
DecodePointer
EncodePointer
GetStringTypeW
InterlockedCompareExchange
SetStdHandle

advapi32

RegOpenKeyExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW
RegEnumKeyExW
CreateServiceW
RegQueryValueExW
RegCloseKey
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenThreadToken
OpenProcessToken
QueryServiceConfigW
ControlService
StartServiceW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
DeleteService
CloseServiceHandle

shell32

SHFileOperationW
ord680
SHGetFolderPathW

ole32

CoTaskMemFree

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathAppendW

setupapi

SetupDiGetINFClassW
SetupGetSourceFileLocationW
SetupGetSourceInfoW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiSetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupGetIntField
SetupDiGetActualSectionToInstallW
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetStringFieldW
SetupIterateCabinetW
SetupCloseInfFile

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c1df827766ac62004889b8b24268762

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

version

shlwapi

setupapi

Sections

.text Size: 161KB - Virtual size: 160KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 7KB - Virtual size: 17KB

.rsrc Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 161KB - Virtual size: 160KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 7KB - Virtual size: 17KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 21KB - Virtual size: 21KB