Static task
static1
Behavioral task
behavioral1
Sample
2023-08-25_3a7a488e099e2e891a002f60fa1231d9_mafia_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2023-08-25_3a7a488e099e2e891a002f60fa1231d9_mafia_JC.exe
Resource
win10v2004-20230915-en
General
-
Target
2023-08-25_3a7a488e099e2e891a002f60fa1231d9_mafia_JC.exe
-
Size
8.3MB
-
MD5
3a7a488e099e2e891a002f60fa1231d9
-
SHA1
d6c7e786b7abb0a8ae68d103969403c4780eedeb
-
SHA256
2debd80e68949d6bc7d5d628bc3325ca2d1c3f0053b07c0a9a0d02780399fc83
-
SHA512
7ac28e1b143c50cdb6016a24de2f6b7e9cef4a999d46c60037519de1c5dab52678ca42c8aaad9262b8281bd8b37ee7343bec58827a7bc53871b285897c8583fd
-
SSDEEP
196608:ZFw/fsqClwD6rKzs1HPBPYa/ZClp4USP2is2kgEzNTQVZExIAv:ZK/fsqClwD2r1HPxYACl2USP2is2kgEd
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2023-08-25_3a7a488e099e2e891a002f60fa1231d9_mafia_JC.exe
Files
-
2023-08-25_3a7a488e099e2e891a002f60fa1231d9_mafia_JC.exe.exe windows:5 windows x86
d68c22ac6271dff37f1fab30a97b04f5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetFileInformationByHandle
GetDriveTypeA
FindFirstFileExA
GetCurrentDirectoryW
LocalAlloc
GetVersion
GlobalMemoryStatus
GetModuleFileNameA
CreateSemaphoreA
GetLastError
SetConsoleMode
FlushConsoleInputBuffer
SleepEx
PeekNamedPipe
ExpandEnvironmentStringsA
GetDriveTypeW
GetFullPathNameA
FileTimeToLocalFileTime
FileTimeToSystemTime
ReadConsoleInputA
InterlockedPopEntrySList
InterlockedPushEntrySList
CreateFileW
CompareStringW
GetProcessHeap
SetEndOfFile
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetExitCodeProcess
CreatePipe
GetTimeZoneInformation
LoadLibraryA
FreeLibrary
GetConsoleMode
GetConsoleCP
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetSystemInfo
GetModuleHandleA
WaitForSingleObject
CreateThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GlobalMemoryStatusEx
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
RaiseException
GetCurrentThreadId
WideCharToMultiByte
lstrlenW
GetProcAddress
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
Sleep
IsDBCSLeadByte
FlushInstructionCache
GetCurrentProcess
lstrcmpA
MulDiv
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
CloseHandle
WaitForMultipleObjects
CreateDirectoryA
WriteFile
CreateFileA
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
VirtualFree
VirtualAlloc
SetThreadAffinityMask
GetCurrentThread
GetSystemDefaultLangID
IsDebuggerPresent
OutputDebugStringA
GetComputerNameA
lstrcpynA
ReleaseSemaphore
FindClose
CopyFileA
MoveFileA
DeleteFileA
GetFileAttributesExA
FindFirstFileA
FindNextFileA
GetLocaleInfoA
GetUserGeoID
LocalFree
FormatMessageA
GetVersionExA
SetFilePointer
GetFileSize
ReadFile
SetEvent
ResetEvent
CreateEventA
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DecodePointer
RtlUnwind
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetModuleHandleW
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
VirtualProtect
VirtualQuery
ExitThread
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
CreateProcessA
DuplicateHandle
GetCPInfo
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
GetTickCount
GetCurrentProcessId
GetLocaleInfoW
SetConsoleCtrlHandler
LoadLibraryW
GetACP
user32
DispatchMessageA
TranslateMessage
PeekMessageA
DefWindowProcA
CharNextA
WaitMessage
PostQuitMessage
DestroyWindow
GetSysColor
MoveWindow
SetWindowPos
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetDlgItem
GetClassNameA
ReleaseCapture
GetKeyState
CallWindowProcA
EndPaint
BeginPaint
DestroyAcceleratorTable
GetWindow
GetFocus
ShowCursor
GetDesktopWindow
SendMessageA
IsWindow
GetClassInfoExA
LoadCursorA
RegisterClassExA
CreateWindowExA
CreateAcceleratorTableA
RegisterWindowMessageA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
SetForegroundWindow
GetMenu
GetWindowRect
AdjustWindowRectEx
ClipCursor
SetCursor
LoadImageA
wsprintfA
ShowWindow
GetActiveWindow
CopyRect
GetSystemMetrics
RegisterRawInputDevices
SetCursorPos
GetCapture
GetCursorPos
GetRawInputData
GetAsyncKeyState
IsWindowVisible
mouse_event
UnregisterClassA
GetWindowLongA
SetFocus
SetWindowLongA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
FillRect
d3d9
Direct3DCreate9
d3dx9_41
D3DXLoadSurfaceFromMemory
D3DXCheckTextureRequirements
D3DXCreateTexture
D3DXLoadSurfaceFromSurface
D3DXGetShaderVersion
D3DXCreateFontA
D3DXSaveTextureToFileInMemory
D3DXCreateTextureFromFileInMemoryEx
shlwapi
PathRemoveFileSpecA
PathIsDirectoryA
comctl32
ord17
_TrackMouseEvent
InitCommonControlsEx
fmodex
?createSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?createStream@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?setCallback@Channel@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PAUFMOD_CHANNEL@@W4FMOD_CHANNEL_CALLBACKTYPE@@PAX2@Z@Z
?setPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@II@Z
?release@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setVolume@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?getMasterChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVChannelGroup@2@@Z
?setPaused@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?getPaused@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?getMute@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?setMute@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?update@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setReverbProperties@System@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_REVERB_PROPERTIES@@@Z
?addGroup@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAV12@@Z
?createChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAPAVChannelGroup@2@@Z
?init@System@FMOD@@QAG?AW4FMOD_RESULT@@HIPAX@Z
?setSoftwareFormat@System@FMOD@@QAG?AW4FMOD_RESULT@@HW4FMOD_SOUND_FORMAT@@HHW4FMOD_DSP_RESAMPLER@@@Z
?setSpeakerMode@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_SPEAKERMODE@@@Z
?getVersion@System@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z
?setFileSystem@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PBDHPAIPAPAX2@ZP6G?AW43@PAX4@ZP6G?AW43@44I14@ZP6G?AW43@4I4@ZP6G?AW43@PAUFMOD_ASYNCREADINFO@@4@Z5H@Z
?setCallback@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PAUFMOD_SYSTEM@@W4FMOD_SYSTEM_CALLBACKTYPE@@PAX2@Z@Z
?getPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
?setPaused@Channel@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?stop@Channel@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getVolume@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAM@Z
?isPlaying@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?getUserData@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAPAX@Z
?setReverbProperties@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_REVERB_CHANNELPROPERTIES@@@Z
?setChannelGroup@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAVChannelGroup@2@@Z
?setLoopCount@Channel@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?setUserData@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAX@Z
?playSound@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_CHANNELINDEX@@PAVSound@2@_NPAPAVChannel@2@@Z
?release@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
FMOD_System_Create
FMOD_Debug_SetLevel
FMOD_Memory_Initialize
?setLoopCount@Sound@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getLength@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
?getOpenState@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAW4FMOD_OPENSTATE@@PAIPA_N2@Z
FMOD_Memory_GetStats
?setFrequency@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?getDefaults@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAM00PAH@Z
?setVolume@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
dinput8
DirectInput8Create
ws2_32
htons
bind
socket
connect
freeaddrinfo
getsockopt
WSASetLastError
ntohs
getpeername
getsockname
recv
send
WSAGetLastError
closesocket
getaddrinfo
shutdown
sendto
recvfrom
listen
accept
__WSAFDIsSet
WSACleanup
gethostbyname
WSAStartup
select
ioctlsocket
gethostname
setsockopt
winmm
timeEndPeriod
timeBeginPeriod
timeGetTime
gdi32
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectA
GetStockObject
CreateFontIndirectA
DPtoLP
CreateDCA
GetBitmapBits
DeleteObject
advapi32
RegFlushKey
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegQueryInfoKeyW
RegEnumKeyExA
shell32
ShellExecuteA
SHGetFolderPathA
ShellExecuteExA
SHFileOperationA
ExtractIconExA
ole32
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitializeEx
CoSetProxyBlanket
oleaut32
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
VarUI4FromStr
SysFreeString
SysStringLen
SysAllocStringLen
SysAllocString
wldap32
ord46
ord41
ord301
ord22
ord211
ord143
ord60
ord50
ord26
ord200
ord27
ord79
ord35
ord33
ord32
ord30
Sections
.text Size: 5.6MB - Virtual size: 5.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 984KB - Virtual size: 984KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 444KB - Virtual size: 444KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 764KB - Virtual size: 764KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 540KB - Virtual size: 540KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ