Static task
static1
Behavioral task
behavioral1
Sample
NEAS.NEAS2023-09-07_48f213a212b8a391f757c56f4be168d1_mafiaexe_JC.exe
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral2
Sample
NEAS.NEAS2023-09-07_48f213a212b8a391f757c56f4be168d1_mafiaexe_JC.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
General
-
Target
NEAS.NEAS2023-09-07_48f213a212b8a391f757c56f4be168d1_mafiaexe_JC.exe
-
Size
3.3MB
-
MD5
48f213a212b8a391f757c56f4be168d1
-
SHA1
848b9ec715d790682b8fa5b2700646552becfbd8
-
SHA256
d215072a7228800875e146d09371d1b947db21114622fcbe32921f712bd54cf0
-
SHA512
47913145505a0874599ad52b0f9df3adc83a04d3e102d97ac242865ab3e97aa51d13516565711bfd53bee48c799648217d0cf657045d7937d9efbb00ff8a5ca1
-
SSDEEP
98304:ISRZ7CHGb/iBnnd9kniOcheGFRZkflngKZVwazNWArzScy7MkDnIOYO83Jd1G:b7C3HySKZ5z8AicyAzOYO83Jd1G
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.NEAS2023-09-07_48f213a212b8a391f757c56f4be168d1_mafiaexe_JC.exe
Files
-
NEAS.NEAS2023-09-07_48f213a212b8a391f757c56f4be168d1_mafiaexe_JC.exe.exe windows:5 windows x86
530e002072565634fc803846439a82b5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
SetConsoleCtrlHandler
GetConsoleCP
GetDriveTypeW
GetStartupInfoW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
FatalAppExitA
CreateFileW
GetLocaleInfoW
CompareStringW
IsProcessorFeaturePresent
HeapDestroy
HeapCreate
LCMapStringW
GetStringTypeW
IsValidCodePage
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SizeofResource
ExitProcess
HeapQueryInformation
HeapSize
CreateThread
ExitThread
GetFileType
SetStdHandle
RaiseException
HeapSetInformation
GetNumberOfConsoleInputEvents
PeekConsoleInputA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
EncodePointer
DecodePointer
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
HeapAlloc
HeapFree
RtlUnwind
LocalLock
LocalUnlock
FindResourceExW
ReplaceFileA
GetProcessHeap
VirtualProtect
SearchPathA
GetProfileIntA
GetNumberFormatA
GetTempFileNameA
GetPrivateProfileIntA
GetACP
lstrcpyA
GetSystemDirectoryW
GetOEMCP
GetCPInfo
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
InterlockedExchange
FindResourceA
FreeResource
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryW
lstrcmpW
GlobalFlags
InterlockedIncrement
GetModuleHandleW
CompareStringA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
lstrcmpA
SetErrorMode
SetThreadPriority
GetAtomNameA
GlobalGetAtomNameA
GetVolumeInformationA
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiA
GetThreadLocale
GetStringTypeExA
GetFileSizeEx
LocalFileTimeToFileTime
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
ReleaseSemaphore
CreateSemaphoreA
SetEnvironmentVariableA
SetCurrentDirectoryW
GetUserDefaultLCID
CopyFileA
GlobalSize
lstrlenW
MulDiv
FreeLibrary
GetStdHandle
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterA
SetConsoleCursorPosition
GetConsoleWindow
GetCommandLineA
SuspendThread
ResumeThread
GetCurrentProcess
GetCurrentThread
DuplicateHandle
ReleaseMutex
OpenThread
WritePrivateProfileSectionA
WritePrivateProfileStringA
TerminateThread
GetCurrentProcessId
lstrlenA
WaitForSingleObject
GetHandleInformation
SetFilePointerEx
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
VerLanguageNameA
GlobalMemoryStatus
InitializeCriticalSection
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
MoveFileA
GetSystemTime
SystemTimeToFileTime
GetPrivateProfileSectionA
GetEnvironmentVariableA
GetComputerNameA
GetFullPathNameA
GetCurrentDirectoryA
CreateMutexA
FormatMessageA
LocalFree
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetWindowsDirectoryA
GetTempPathA
GetModuleFileNameA
GetDiskFreeSpaceA
CreateProcessA
GetExitCodeProcess
GetShortPathNameA
ActivateActCtx
DeactivateActCtx
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetSystemTimeAsFileTime
GetFileAttributesA
GetFileTime
SetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersionExA
SetFileAttributesA
DeleteFileA
GetCurrentThreadId
ReadFile
WriteFile
SetEndOfFile
GetFileAttributesExA
SetFilePointer
CreateFileA
GetFileSize
GetLastError
SetLastError
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
WaitForMultipleObjects
ResetEvent
SetEvent
Sleep
CloseHandle
CreateEventA
GetTickCount
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
GetCurrentDirectoryW
user32
OpenClipboard
GetUpdateRect
FrameRect
SendNotifyMessageA
IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
PostThreadMessageA
CreateMenu
InSendMessage
IsMenu
UpdateLayeredWindow
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
GetMenuBarInfo
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
CreateDialogIndirectParamA
EndDialog
GetNextDlgGroupItem
LoadImageA
GetIconInfo
GetNextDlgTabItem
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
CopyAcceleratorTableA
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateA
MessageBeep
ReleaseCapture
SetCapture
GetSystemMenu
LoadMenuW
SetClassLongA
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
KillTimer
DeleteMenu
ShowOwnedPopups
SetCursor
IsIconic
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
PostQuitMessage
DestroyMenu
GetMenuItemInfoA
DestroyIcon
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconW
WinHelpA
IsChild
GetCapture
GetClassLongA
SetClipboardData
GetPropA
RemovePropA
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
RedrawWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
CallWindowProcA
GetMenu
IntersectRect
InflateRect
GetDesktopWindow
RealChildWindowFromPoint
GetClassNameA
PtInRect
GetFocus
SetFocus
SetWindowPos
ScrollWindowEx
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetWindow
UnregisterClassA
GetWindowTextLengthA
LoadCursorA
GetSysColorBrush
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
CharUpperA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
MapVirtualKeyA
GetKeyNameTextA
CopyRect
IsWindow
GetSysColor
CloseClipboard
EmptyClipboard
LoadImageW
RegisterClipboardFormatA
CopyIcon
CharUpperBuffA
GetDoubleClickTime
IsCharLowerA
MapVirtualKeyExA
SubtractRect
GetDialogBaseUnits
MapDialogRect
DrawIcon
DestroyCursor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
WindowFromDC
GetWindowRgn
GetDCEx
GetTabbedTextExtentW
GetTabbedTextExtentA
SetPropA
TabbedTextOutA
FillRect
UnhookWindowsHookEx
MsgWaitForMultipleObjectsEx
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
EnumWindows
GetWindowTextA
LoadIconA
PostMessageA
GetWindowLongA
OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
GetSystemMetrics
SendMessageA
GetClientRect
SetRect
GetParent
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
InvalidateRect
GetDlgItem
GetWindowRect
ShowWindow
EnumChildWindows
EnableWindow
SystemParametersInfoA
SwitchDesktop
OpenDesktopA
CloseDesktop
PeekMessageA
TranslateMessage
GetMessageA
DispatchMessageA
SetTimer
gdi32
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetNearestColor
GetBkMode
GetWindowOrgEx
EnumFontFamiliesExA
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetTextExtentPoint32W
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
SetPixelV
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetPolyFillMode
LPtoDP
Escape
ExtTextOutA
TextOutA
Rectangle
RoundRect
SetPixel
StretchBlt
GetDIBits
SetDIBColorTable
GetRgnBox
OffsetRgn
GetSystemPaletteEntries
SetViewportExtEx
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
Polygon
Ellipse
Polyline
CreateEllipticRgn
GetTextColor
GetBkColor
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
GetCurrentObject
StretchDIBits
CreateFontA
GetCharWidthA
GetTextCharsetInfo
EnumFontFamiliesA
GetTextMetricsA
CreateCompatibleBitmap
CreateDIBitmap
GetTextExtentPoint32A
DPtoLP
GetMapMode
CombineRgn
SetRectRgn
CreateFontIndirectA
PatBlt
CreateRectRgnIndirect
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreateBitmap
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
GetROP2
IntersectClipRect
RectVisible
PtVisible
StartDocA
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectA
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetLayout
GetLayout
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
CreateDCA
EnumFontsA
GetDeviceCaps
CopyMetaFileA
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
GetClipBox
ExcludeClipRect
ScaleViewportExtEx
msimg32
AlphaBlend
TransparentBlt
comdlg32
GetFileTitleA
winspool.drv
DocumentPropertiesA
OpenPrinterA
GetPrinterA
ClosePrinter
GetJobA
EnumPrintersA
advapi32
SetSecurityDescriptorDacl
CreateServiceA
OpenSCManagerA
DeleteService
OpenServiceA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
GetFileSecurityA
SetFileSecurityA
RegEnumKeyA
RegQueryValueA
RegOpenKeyExW
RegSetValueA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
RegEnumKeyExA
RegDeleteKeyA
RegEnumValueA
RegDeleteValueA
LookupAccountNameA
RegGetKeySecurity
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
AddAce
GetAce
AddAccessAllowedAce
CloseServiceHandle
RegSetKeySecurity
CryptDecrypt
CryptEncrypt
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptSetKeyParam
CryptDestroyHash
CryptDestroyKey
CryptGetUserKey
CryptExportKey
CryptGetKeyParam
CryptReleaseContext
EnumDependentServicesA
ChangeServiceConfigA
QueryServiceConfigA
ControlService
QueryServiceStatus
StartServiceA
EnumServicesStatusA
GetUserNameA
RegOpenKeyExA
shell32
SHAppBarMessage
ExtractIconA
SHAddToRecentDocs
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteExA
SHBrowseForFolderA
SHGetMalloc
SHGetFileInfoA
DragQueryFileA
DragFinish
ShellExecuteA
comctl32
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Remove
ImageList_DrawEx
shlwapi
PathIsUNCA
PathFindFileNameA
PathFindExtensionA
PathRemoveExtensionA
PathStripToRootA
PathRemoveFileSpecW
ole32
WriteClassStg
WriteFmtUserTypeStg
OleRegGetMiscStatus
OleCreateLinkFromData
OleRegEnumVerbs
CreateGenericComposite
OleRegGetUserType
OleGetIconOfClass
OleCreateLinkToFile
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
StringFromGUID2
CoDisconnectObject
CoCreateInstance
CLSIDFromString
CoCreateGuid
CoInitialize
CoUninitialize
CoInitializeEx
StgCreateDocfile
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CreateFileMoniker
StgOpenStorage
StgIsStorageFile
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleSetMenuDescriptor
CreateStreamOnHGlobal
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
PropVariantCopy
StgCreateDocfileOnILockBytes
CoTaskMemFree
OleCreateFromFile
OleSetContainedObject
GetHGlobalFromILockBytes
OleSave
WriteClassStm
OleSaveToStream
OleCreateFromData
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateDataAdviseHolder
CreateOleAdviseHolder
CoGetMalloc
GetRunningObjectTable
OleIsRunning
OleQueryLinkFromData
OleQueryCreateFromData
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CreateItemMoniker
OleRun
OleLoad
OleCreate
OleCreateStaticFromData
SetConvertStg
oleaut32
VariantTimeToSystemTime
SysAllocString
VariantInit
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
SysReAllocStringLen
SysAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
VariantChangeType
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VarBstrFromDate
VarDateFromStr
SysFreeString
VarUdateFromDate
SystemTimeToVariantTime
SafeArrayGetElement
oledlg
ord8
version
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
ws2_32
bind
WSACleanup
closesocket
WSAIoctl
WSAGetLastError
WSASocketA
WSAStartup
inet_addr
ntohl
shutdown
recv
recvfrom
select
sendto
gethostbyname
setsockopt
ioctlsocket
connect
socket
send
WSAEventSelect
htons
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSACreateEvent
listen
accept
getpeername
htonl
inet_ntoa
getsockopt
WSASetEvent
WSACloseEvent
gethostbyaddr
oleacc
LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject
gdiplus
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
imm32
ImmGetContext
ImmGetOpenStatus
ImmReleaseContext
winmm
PlaySoundA
Sections
.text Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 578KB - Virtual size: 578KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 37KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 196KB - Virtual size: 195KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ