NEAS[.]2023-09-06_8e3357a8ddf54de4dd44e67a01e02be9_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2023-09-06_8e3357a8ddf54de4dd44e67a01e02be9_mafia_JC.exe
Size

3.7MB
MD5

8e3357a8ddf54de4dd44e67a01e02be9
SHA1

3944d5a312b8af22eabdc080eebe2484d26b814e
SHA256

50760f87bbf0d1edb4fec3ef712ff0ca0ff4dfd4fb00f42f356c801ebe832a6f
SHA512

dc48dc087b31d312a4436df9d2ea4bfbf6aed9e1135a3b5ad3786acc255aae8b2d21dad0a864d0c73c2a3fccc75907ed92ffe380ffc5e7b708fc32e593724afe
SSDEEP

98304:MdtTDX8JQsrNExsSO9oMUylW++afHMZI2ZOnhrTfsuQxsnec7HO9:MdtTDXRcfT2cniBsnec7Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2023-09-06_8e3357a8ddf54de4dd44e67a01e02be9_mafia_JC.exe

Files

NEAS.2023-09-06_8e3357a8ddf54de4dd44e67a01e02be9_mafia_JC.exe
.exe windows:5 windows x86

e3f7c169744d8a5fec2f9dcb4dd3d087

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetUserDel
NetLocalGroupAddMembers
NetUserAdd
NetUserSetInfo

kernel32

IsValidLocale
GetCurrentDirectoryW
SetCurrentDirectoryW
EnumSystemLocalesA
CreateFileW
LCMapStringW
WriteConsoleW
CompareStringW
GetDriveTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
GetLocaleInfoW
SetConsoleCtrlHandler
GetStdHandle
SetHandleCount
FatalAppExitA
GetConsoleMode
GetConsoleCP
HeapDestroy
HeapCreate
GetStringTypeW
IsValidCodePage
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapQueryInformation
HeapSize
SetStdHandle
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
GetFileType
PeekNamedPipe
GetFileInformationByHandle
ExitProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapAlloc
RaiseException
HeapFree
DecodePointer
EncodePointer
RtlUnwind
LocalLock
LocalUnlock
FindResourceExW
GetDiskFreeSpaceA
ReplaceFileA
GetUserDefaultLCID
VirtualProtect
SearchPathA
SizeofResource
LockResource
LoadResource
GetProfileIntA
InitializeCriticalSectionAndSpinCount
GetTempFileNameA
GetNumberFormatA
GetWindowsDirectoryA
SetErrorMode
lstrcpyA
GetACP
GetOEMCP
GetCPInfo
GlobalFlags
FindNextFileA
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiA
GetStringTypeExA
GetAtomNameA
GetFileTime
GetFileSizeEx
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SetFileAttributesA
GetFileAttributesExA
CreateFileA
GetThreadLocale
GetTickCount
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetModuleHandleW
SuspendThread
SetThreadPriority
WaitForMultipleObjects
CreateEventA
ReleaseSemaphore
CreateSemaphoreA
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
FindResourceA
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
CompareStringA
LoadLibraryW
ActivateActCtx
DeactivateActCtx
lstrcmpW
SetLastError
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
MulDiv
CreateThread
ExitThread
ResetEvent
SetEvent
GetTempPathA
CopyFileA
ResumeThread
FormatMessageA
LocalFree
GetLocalTime
GetCurrentThreadId
DeleteFileA
MoveFileA
GetCurrentProcess
lstrcpynA
GetModuleFileNameA
SetCurrentDirectoryA
OpenMutexA
CreateMutexA
CreateDirectoryA
GetSystemDefaultLangID
ReleaseMutex
CreateProcessA
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetFileAttributesA
Sleep
lstrlenA
FreeLibrary
GetVersionExA
LoadLibraryA
GetProcAddress
MultiByteToWideChar
GetCurrentDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetLastError
WideCharToMultiByte
FindResourceW
SetEnvironmentVariableA

user32

UnregisterClassA
GetDialogBaseUnits
RealChildWindowFromPoint
LoadCursorA
GetSysColorBrush
CharUpperA
CharNextA
RegisterClipboardFormatA
MessageBeep
GetNextDlgGroupItem
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
SetCursor
SystemParametersInfoA
GetMenuItemInfoA
InflateRect
GetMessageA
TranslateMessage
ValidateRect
MsgWaitForMultipleObjectsEx
ReleaseCapture
SetCapture
InvalidateRgn
IntersectRect
OffsetRect
IsRectEmpty
CopyAcceleratorTableA
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
ScrollWindowEx
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
SetRectEmpty
MonitorFromWindow
LoadAcceleratorsA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
GetWindow
EndPaint
BeginPaint
GetWindowDC
EnableWindow
SetWindowPos
SendMessageA
GetClientRect
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
RemoveMenu
DestroyMenu
GetCursorPos
GetSubMenu
TrackPopupMenu
LoadIconA
LoadMenuA
PostQuitMessage
GetSystemMetrics
GetParent
KillTimer
SetTimer
IsIconic
DrawIcon
FindWindowA
IsWindowVisible
ShowWindow
SetForegroundWindow
FlashWindow
DeleteMenu
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadCursorW
DestroyIcon
PostThreadMessageA
RedrawWindow
GetMenuDefaultItem
CreatePopupMenu
MapVirtualKeyA
GetAsyncKeyState
InvertRect
DrawFocusRect
HideCaret
EnableScrollBar
NotifyWinEvent
GetWindowLongA
SetWindowLongA
LoadImageA
LoadIconW
SetActiveWindow
GetSystemMenu
AppendMenuA
SetRect
GetSysColor
MessageBoxA
GetIconInfo
CopyImage
DrawIconEx
TranslateAcceleratorA
BringWindowToTop
PeekMessageA
InsertMenuItemA
GetTabbedTextExtentA
GetTabbedTextExtentW
GetWindowRgn
GetMenuBarInfo
ReuseDDElParam
UnpackDDElParam
WindowFromPoint
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
LoadMenuW
SetClassLongA
ShowScrollBar
GetWindowRect
UpdateWindow
InvalidateRect
WindowFromDC
DestroyCursor
GetDCEx
EnumChildWindows
SubtractRect
GetDoubleClickTime
CharUpperBuffA
CopyIcon
GetUpdateRect
FrameRect
SendNotifyMessageA
IsClipboardFormatAvailable
SetMenuDefaultItem
CreateMenu
InSendMessage
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
WaitMessage
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExA
IsCharLowerA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetKeyNameTextA
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFrameControl
DrawEdge
GetMonitorInfoA
DrawStateA

gdi32

TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateHatchBrush
CreateRectRgnIndirect
GetRgnBox
CreateFontIndirectA
GetBkColor
GetTextColor
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextMetricsA
GetCharWidthA
CreateFontA
StretchDIBits
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
RectVisible
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
GetCurrentObject
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
GetDIBits
StretchBlt
SetPixel
Rectangle
OffsetRgn
EnumFontFamiliesExA
RoundRect
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetTextExtentPoint32W
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
StartDocA
PtVisible
GetWindowExtEx
GetViewportExtEx
GetObjectA
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetLayout
GetLayout
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
GetDeviceCaps
DeleteObject
GetPixel
BitBlt
CreateCompatibleDC
GetTextExtentPoint32A
CreatePalette
CreateBitmap
CreateSolidBrush

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
GetJobA
ClosePrinter

advapi32

GetServiceKeyNameA
RegQueryValueExA
RegOpenKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
LookupAccountNameA
InitializeAcl
RegOpenKeyExA
GetFileSecurityA
SetFileSecurityA
RegEnumKeyExA
RegOpenKeyExW
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueA
ControlService
OpenSCManagerA
RegCloseKey
CloseServiceHandle
OpenServiceA
QueryServiceStatus
StartServiceA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

SHGetSpecialFolderLocation
SHFileOperationA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
Shell_NotifyIconA
ShellExecuteExA
SHAppBarMessage
DragQueryFileA
DragFinish
ShellExecuteA
SHGetDesktopFolder
ExtractIconA
SHAddToRecentDocs
SHGetFileInfoA

comctl32

ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Remove
ImageList_DrawEx

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

ole32

OleDuplicateData
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreate
OleLoad
GetHGlobalFromILockBytes
OleSetContainedObject
CreateDataAdviseHolder
CreateOleAdviseHolder
CoGetMalloc
GetRunningObjectTable
OleIsRunning
OleQueryLinkFromData
OleQueryCreateFromData
CoGetClassObject
CoLockObjectExternal
OleInitialize
OleGetClipboard
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
StringFromGUID2
CoCreateInstance
OleSaveToStream
CoFreeUnusedLibraries
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleGetIconOfClass
OleCreateLinkToFile
CreateILockBytesOnHGlobal
CoDisconnectObject
CoCreateGuid
CLSIDFromProgID
CLSIDFromString
OleUninitialize
RevokeDragDrop
CreateItemMoniker
CreateGenericComposite
OleRegEnumVerbs
OleRun
CoUninitialize
CoInitialize
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoInitializeEx
CreateStreamOnHGlobal
StgCreateDocfile
CreateFileMoniker
StgOpenStorage
StgIsStorageFile
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleSetMenuDescriptor
DoDragDrop
SetConvertStg
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
OleRegGetMiscStatus
PropVariantCopy
OleSave
WriteClassStm
RegisterDragDrop
OleCreateFromFile

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysAllocString
VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SafeArrayDestroy
OleCreateFontIndirect
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
VariantCopy
SafeArrayRedim
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
VariantClear
VariantInit
SafeArrayCreate
SysAllocStringLen
SysFreeString

oledlg

ord8

iphlpapi

GetAdaptersInfo
SendARP
GetIfTable

ws2_32

WSACleanup
WSAStartup
ntohl
setsockopt
getservbyname
WSAGetLastError
socket
bind
closesocket
select
__WSAFDIsSet
recvfrom
inet_ntoa
sendto
ntohs
inet_addr
htonl
htons

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenClassRegKey
SetupDiEnumDeviceInfo
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA

rpcrt4

UuidToStringA
RpcStringFreeA

libcrypto

SEC_setLogLevel
SEC_setLogFile

libsigcbb_vrf

IPSI_SIGNVRF_validateCert
IPSI_SIGNVRF_verifyHashSingleFile
IPSI_SIGNVRF_verifySignatureFile
IPSI_SIGNVRF_libraryInit
IPSI_SIGNVRF_ctxNew
IPSI_SIGNVRF_libraryFini
IPSI_SIGNVRF_ctxLoadPubCertFile
IPSI_SIGNVRF_ctxFree
IPSI_SIGNVRF_caStoreNew
IPSI_SIGNVRF_loadCACertFile
IPSI_SIGNVRF_caStoreFree

wsnmp32

ord501
ord603
ord604
ord904
ord300
ord400
ord107
ord105
ord204
ord504
ord205
ord302
ord402
ord203
ord200
ord101
ord103
ord500
ord605
ord903
ord999
ord600
ord220
ord602

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 632KB - Virtual size: 631KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3f7c169744d8a5fec2f9dcb4dd3d087

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

iphlpapi

ws2_32

setupapi

rpcrt4

libcrypto

libsigcbb_vrf

wsnmp32

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 632KB - Virtual size: 631KB

.data Size: 42KB - Virtual size: 306KB

.idata Size: 27KB - Virtual size: 26KB

.rsrc Size: 103KB - Virtual size: 102KB

.reloc Size: 203KB - Virtual size: 203KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 632KB - Virtual size: 631KB

.data
Size: 42KB - Virtual size: 306KB

.idata
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 103KB - Virtual size: 102KB

.reloc
Size: 203KB - Virtual size: 203KB