NEAS[.]2023-09-06_5d7d9a909513b9cf2c755efd43dd2656_mafia_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.2023-09-06_5d7d9a909513b9cf2c755efd43dd2656_mafia_JC.exe
Size

273KB
MD5

5d7d9a909513b9cf2c755efd43dd2656
SHA1

9630a24a9b0992a55fe74f9a87f307c22209a99c
SHA256

2825526045868dc752b9f9989d2fa5493e87125d33c98014aea488d962cdfd05
SHA512

6b65c68da6807eb49e9386fefe17eebf8a76e018035e98551c10cee2935ac9ffea36bd638ecc2352dffd2e639ee2fa46820600e6d044272e8c911a0738de6f18
SSDEEP

6144:z18ltm5Ymh7ypAIHzil/WbRhGQeVGmCzMW4ZIgg8:OtmSe7ypvHq/JQeVNCb4Zz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2023-09-06_5d7d9a909513b9cf2c755efd43dd2656_mafia_JC.exe

Files

NEAS.2023-09-06_5d7d9a909513b9cf2c755efd43dd2656_mafia_JC.exe
.exe windows:5 windows x86

20b3fcbebc9b9dc09e92d7318fdb5a7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpSendRequestA
InternetSetOptionA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA
InternetQueryOptionA
HttpOpenRequestA
InternetConnectA

kernel32

GetFileSize
ReadFile
GetCurrentProcess
lstrlenA
SetFilePointer
GetTempPathA
InterlockedExchange
WaitForSingleObject
WriteFile
GetModuleFileNameA
ExpandEnvironmentStringsA
CreateProcessA
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
OutputDebugStringA
GetDiskFreeSpaceExA
LoadLibraryA
CreateEventA
ResetEvent
SetEvent
DeleteFileA
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
GetExitCodeProcess
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
GetModuleHandleA
GetLocaleInfoW
GetStringTypeW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetModuleFileNameW
ExitProcess
GetFileType
GetStdHandle
SetHandleCount
GetCurrentThreadId
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
GetProcAddress
CreateFileA
GetLastError
SetEndOfFile
CloseHandle
CreateThread
Sleep
MultiByteToWideChar
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
WriteConsoleW
SetStdHandle
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
InitializeCriticalSection
CreateFileW
FreeEnvironmentStringsW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement

user32

GetWindowRect
GetDesktopWindow
GetScrollInfo
DefWindowProcW
SetTimer
RegisterClassExW
LoadCursorA
LoadIconA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
LoadStringA
KillTimer
MessageBoxW
SetWindowTextA
PostQuitMessage
EnumWindows
SetForegroundWindow
IsWindowVisible
GetWindowThreadProcessId
InvalidateRect
SetWindowTextW
MessageBoxA
EndPaint
GetSysColor
GetClientRect
BeginPaint
SendMessageA
UpdateWindow
ShowWindow
SetWindowPos
EnableWindow
CreateWindowExW

gdi32

TextOutA
SetBkMode
SetBkColor
SetTextColor
CreateFontIndirectA
ExtTextOutA

advapi32

RegQueryInfoKeyA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA
ReportEventA
RegisterEventSourceA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoCreateInstance
CoInitialize

shlwapi

PathFindFileNameA

comctl32

InitCommonControlsEx

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20b3fcbebc9b9dc09e92d7318fdb5a7e

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 182KB - Virtual size: 182KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 7KB - Virtual size: 152KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 182KB - Virtual size: 182KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 7KB - Virtual size: 152KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 14KB - Virtual size: 13KB