2023-08-26_17fc02393a6f9d8637779a84bf1056d3_mafia_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2023-08-26_17fc02393a6f9d8637779a84bf1056d3_mafia_JC.exe
Size

198KB
MD5

17fc02393a6f9d8637779a84bf1056d3
SHA1

19644e4cb2fd0561d6735457735136bc97fd4d7f
SHA256

330537ae9bd1663a78215cffedc83193ba5ceb20144c9f510147ea9d7cd74528
SHA512

26206c25d9cb77d4d6c416f1d5227921ea16631579aa0bbf76695a4d8de2576f8d4a0b9e6591847e3c44b614c04d3909ec99f42fcc07e50acf0de885091fc2f2
SSDEEP

3072:9wLJ55MfojnZ0f0ZGhVeybD9h2fn0mEEkRewYF8NjckJkPg4CKf0:9wLJ55YobZ0f0ZocyenBEh/YaNLJoCK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-26_17fc02393a6f9d8637779a84bf1056d3_mafia_JC.exe

Files

2023-08-26_17fc02393a6f9d8637779a84bf1056d3_mafia_JC.exe
.exe windows:5 windows x86

68d9ee963cc40ab0a18fb86d6b01d7ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
inet_addr
select
recvfrom
sendto
accept
listen
ntohs
getsockname
bind
ioctlsocket
WSAStartup
closesocket
recv
send
WSAGetLastError
connect
htons
gethostbyname
socket

kernel32

GetTickCount
FormatMessageW
GetModuleFileNameA
SetLastError
GetCurrentProcess
CreateToolhelp32Snapshot
Process32NextW
GetModuleHandleW
GetProcAddress
CloseHandle
WaitForSingleObject
GetSystemTime
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
GetLastError
CreateThread
Sleep
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
SetStdHandle
CreateFileA
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetProcessHeap
GetCurrentProcessId
QueryPerformanceCounter
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
CreateFileW
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
CreateProcessA
DuplicateHandle
SetFileAttributesA
GetFileAttributesA
ExitThread
ResumeThread
GetCommandLineA
HeapSetInformation
RtlUnwind
GetCPInfo
RaiseException
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetStartupInfoW
CreatePipe
GetExitCodeProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW

advapi32

OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherW
ControlService
StartServiceA
OpenSCManagerA
DeleteService
OpenServiceA
CloseServiceHandle
CreateServiceA
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetSecurityDescriptorSacl
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl

shell32

ShellExecuteA

easyhook32

_RhInjectLibrary@28

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68d9ee963cc40ab0a18fb86d6b01d7ae

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

kernel32

advapi32

shell32

easyhook32

Sections

.text Size: 137KB - Virtual size: 136KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 6KB - Virtual size: 21KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 137KB - Virtual size: 136KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 6KB - Virtual size: 21KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 10KB - Virtual size: 10KB