2023-08-26_70d61cd50ad739ab0b71c98134a0bbe5_mafia_revil_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-26_70d61cd50ad739ab0b71c98134a0bbe5_mafia_revil_JC.exe
Size

2.6MB
MD5

70d61cd50ad739ab0b71c98134a0bbe5
SHA1

ac9a175121ef29c8ed9daf8bbe59a235402a73cf
SHA256

aa7037575f46491e4e69b31a4f37d3756f87ff597b4ddb317a3a5f126c85ce0f
SHA512

39d6efccdf8b3ef79c42c4fb378e4255eb160880244d4dbe00753b0fc62e773e340f6e79a3fa139031b88e5a17f822bb7aefd0750d58e075050f60ae2b3080c3
SSDEEP

49152:ve73ysmtEfdOtzmR41RXa4B9lYSnCKvTCdp/8e2ustwgbr2mhjEe30jaNf1TWbdz:mzyLEVKzmyRXeSnb28e2uQ2U023W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-26_70d61cd50ad739ab0b71c98134a0bbe5_mafia_revil_JC.exe

Files

2023-08-26_70d61cd50ad739ab0b71c98134a0bbe5_mafia_revil_JC.exe
.exe windows:5 windows x86

6f19cfcf3e8bc63a032d0f2d4a073762

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

SafeArrayAccessData
VariantClear
SafeArrayGetLBound
SysStringLen
SysAllocString
VariantInit
SysFreeString
SafeArrayGetUBound
SysAllocStringByteLen

crypt32

CertGetCertificateContextProperty
CertVerifyTimeValidity
CertDeleteCertificateFromStore
PFXVerifyPassword
PFXImportCertStore
CertCreateCertificateContext
CryptStringToBinaryA
CertOpenStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertCloseStore
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringA
CertDuplicateCertificateContext

iphlpapi

GetAdaptersInfo

winhttp

WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSetOption
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpSendRequest
WinHttpCloseHandle
WinHttpWriteData
WinHttpQueryDataAvailable
WinHttpQueryOption

dclibxml2

xmlFree
xmlTextReaderAttributeCount
xmlTextReaderDepth
xmlTextReaderName
xmlNodeListGetString
xmlFreeTextReader
xmlStrcmp
xmlNewTextReaderFilename
xmlTextReaderValue
xmlCleanupParser
xmlFreeDoc
xmlDocGetRootElement
xmlParseFile
xmlParseMemory
xmlTextReaderRead
xmlTextReaderGetAttribute

kernel32

WriteFile
WideCharToMultiByte
Sleep
CopyFileW
SizeofResource
GetVersionExW
GetFileAttributesW
FileTimeToSystemTime
CreateFileW
MultiByteToWideChar
GetLastError
GetProcAddress
MoveFileW
FindClose
LockResource
RemoveDirectoryW
GetModuleHandleA
FindNextFileW
FileTimeToLocalFileTime
DeleteFileW
CreateThread
SetEvent
CreateEventW
SystemTimeToFileTime
GetEnvironmentVariableA
GetFileSize
CreateFileA
FindFirstFileA
LoadLibraryA
GetCurrentProcess
GetLocaleInfoA
FreeLibrary
TerminateProcess
GetVersionExA
GetFileSizeEx
DeleteFileA
FindNextFileA
GetSystemInfo
GetTimeZoneInformation
GetSystemTime
GetLocalTime
QueryPerformanceCounter
LoadResource
LocalFree
FormatMessageA
FormatMessageW
GlobalFree
GlobalAlloc
GetComputerNameExW
lstrlenA
GetCurrentThreadId
lstrlenW
FlushFileBuffers
GetCurrentProcessId
ReadFile
DeleteTimerQueue
CreateTimerQueue
CopyFileA
CreateTimerQueueTimer
CreateDirectoryA
GetFileAttributesExA
GetTickCount
LocalAlloc
GetVersion
lstrcmpiA
LoadLibraryW
SetFilePointer
GetCurrentDirectoryW
CreateDirectoryW
GetSystemDirectoryA
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
GetFileType
GetStdHandle
FlushConsoleInputBuffer
GlobalMemoryStatus
SetLastError
CreateMutexA
SuspendThread
ResumeThread
ReleaseMutex
RtlUnwind
PeekNamedPipe
GetFileInformationByHandle
GetSystemTimeAsFileTime
HeapSetInformation
GetCommandLineA
GetFileAttributesA
SetFileAttributesA
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
DecodePointer
EncodePointer
InterlockedExchange
MoveFileExA
GetModuleFileNameA
LocalLock
LocalUnlock
FindResourceW
FindResourceExW
FindFirstFileW
CloseHandle
WaitForSingleObject
ExitProcess
GetModuleHandleW
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetDriveTypeA
FindFirstFileExA
ExitThread
GetCPInfo
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleFileNameW
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapCreate
SetHandleCount
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
InterlockedDecrement
SystemTimeToTzSpecificLocalTime
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetConsoleCP
GetFullPathNameA
SetEndOfFile
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW

wsclientsocket

?CreateAsyncSocket@AsyncSocket@ClientSocket@SocketUtils@@SAPAV123@HAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H_NK0AAUstProxyDetails@23@@Z
?registerSendCompleteHandler@AsyncSocket@ClientSocket@SocketUtils@@QAEXP6AXPAXHK@Z@Z
?registerBinaryMessageHandler@AsyncSocket@ClientSocket@SocketUtils@@QAEXP6AXPAEHK@Z@Z
?registerTextMessageHandler@AsyncSocket@ClientSocket@SocketUtils@@QAEXP6AXPADHK@Z@Z
?registerCloseHandler@AsyncSocket@ClientSocket@SocketUtils@@QAEXP6AXHPADK@Z@Z
?registerErrorHandler@AsyncSocket@ClientSocket@SocketUtils@@QAEXP6AXHPADK@Z@Z
?registerConnectHandler@AsyncSocket@ClientSocket@SocketUtils@@QAEXP6AXK@Z@Z
?setProxyPassword@SocketAdapter@ClientSocket@SocketUtils@@UAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setProxyUserName@SocketAdapter@ClientSocket@SocketUtils@@UAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setProxyPort@SocketAdapter@ClientSocket@SocketUtils@@UAEXH@Z
?setProxyHostName@SocketAdapter@ClientSocket@SocketUtils@@UAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setProxySwitch@SocketAdapter@ClientSocket@SocketUtils@@UAEX_N@Z
?setProxyDetails@SocketAdapter@ClientSocket@SocketUtils@@UAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H00@Z
?setConnectionDetails@SocketAdapter@ClientSocket@SocketUtils@@UAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H_N0H00@Z
?setConnectionMode@SocketAdapter@ClientSocket@SocketUtils@@UAEX_N@Z
?setServerPort@SocketAdapter@ClientSocket@SocketUtils@@UAEXH@Z
?setServerHostName@SocketAdapter@ClientSocket@SocketUtils@@UAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getLastErrorMsg@SocketAdapter@ClientSocket@SocketUtils@@QAEPADXZ

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
wsprintfW

shell32

SHCreateDirectoryExW
SHGetFolderPathW

odbc32

ord12
ord41
ord31
ord1
ord2
ord20
ord16
ord19
ord3
ord49
ord48
ord72
ord26
ord36
ord29
ord39
ord43
ord11
ord18
ord8
ord4
ord13
ord9

shlwapi

PathFileExistsW
PathIsDirectoryEmptyW
StrStrIA
PathFindExtensionA
StrTrimA

ws2_32

closesocket
WSAGetLastError
WSASetLastError
send
WSAStartup
shutdown
WSACleanup
recv

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
CryptReleaseContext
CryptGenKey
CryptGetUserKey
CryptAcquireContextA
CryptDestroyHash
CryptGenRandom
CryptSetHashParam
CryptSignHashA
CryptExportKey
CryptGetProvParam
CryptEnumProvidersA
ReportEventA
DeregisterEventSource
CryptHashData
CryptCreateHash
CryptDecrypt
ControlService
CryptGetHashParam
CloseServiceHandle
RegSetValueExA
OpenServiceW
RegisterEventSourceA
CryptDestroyKey
RegCreateKeyExA
RegDeleteValueA
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
OpenSCManagerW

netapi32

NetGetJoinInformation
DsGetDcNameA
NetApiBufferFree

Exports

Exports

??0AsyncSocket@ClientSocket@SocketUtils@@QAE@ABV012@@Z
??0SocketAdapter@ClientSocket@SocketUtils@@QAE@ABV012@@Z
??4AsyncSocket@ClientSocket@SocketUtils@@QAEAAV012@ABV012@@Z
??4SocketAdapter@ClientSocket@SocketUtils@@QAEAAV012@ABV012@@Z
??_7AsyncSocket@ClientSocket@SocketUtils@@6B@
??_7SocketAdapter@ClientSocket@SocketUtils@@6B@

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 421KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 676KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6f19cfcf3e8bc63a032d0f2d4a073762

Headers

DLL Characteristics

File Characteristics

Imports

ole32

oleaut32

crypt32

iphlpapi

winhttp

dclibxml2

kernel32

wsclientsocket

user32

shell32

odbc32

shlwapi

ws2_32

advapi32

netapi32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 421KB - Virtual size: 421KB

.data Size: 94KB - Virtual size: 114KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 676KB - Virtual size: 680KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 421KB - Virtual size: 421KB

.data
Size: 94KB - Virtual size: 114KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 676KB - Virtual size: 680KB