NEAS[.]2023-09-08_c13d4a6f1ff56d41571348654c86b2af_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2023-09-08_c13d4a6f1ff56d41571348654c86b2af_mafia_JC.exe
Size

804KB
MD5

c13d4a6f1ff56d41571348654c86b2af
SHA1

2836003704066e2d093f25b3f52ca028c6803322
SHA256

0cbb743d90db640864bba3eda1fe43a1c7a429d09e9c822779d8ee315a9791a9
SHA512

86a6ad1c2b215e3f2bb9b88228778d61fad593adaf06ac3c9e5db2eed37227824a102b7d59cda287d3fc5981e85d26f51c228e196d2f60787598f8a974b433fe
SSDEEP

12288:s30U4u2cnHbph5BjeyXrjD36DKzG5QC4bUcpIbd7YCP6:s309cnxFnn6DKSeLIb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2023-09-08_c13d4a6f1ff56d41571348654c86b2af_mafia_JC.exe

Files

NEAS.2023-09-08_c13d4a6f1ff56d41571348654c86b2af_mafia_JC.exe
.exe windows:5 windows x86

e5b0340e8da8143fa148d039e290e1b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

kernel32

GetVersionExA
GetVersion
WaitForSingleObject
WaitForMultipleObjects
ResetEvent
ReleaseMutex
CreateMutexW
CreateEventW
GetTimeZoneInformation
TryEnterCriticalSection
SetEndOfFile
CreateFileW
CreateFileA
SetStdHandle
WriteConsoleW
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateThread
GetStringTypeW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
ExitProcess
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetModuleHandleA
GetCurrentThreadId
CloseHandle
GetCurrentProcess
GetLastError
CreateDirectoryA
GetPrivateProfileStringA
Sleep
SetEvent
CompareStringW
GetLocaleInfoW
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapCreate
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
HeapDestroy
HeapAlloc
HeapFree
SetEnvironmentVariableA
HeapSize
GetProcessHeap
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetLocalTime
VirtualProtect
VirtualAlloc
GetProcAddress
GetModuleHandleW
GetSystemInfo
VirtualQuery

user32

GetMessageA
BeginPaint
SetWindowsHookExA
PostQuitMessage
DefWindowProcA
DispatchMessageA
TranslateMessage
UnhookWindowsHookEx
EndPaint
TranslateAcceleratorA
RegisterWindowMessageA
DestroyWindow
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostMessageA
GetMenuItemID
LoadMenuA
GetSubMenu
DestroyMenu
SetMenuDefaultItem
LoadStringA
LoadAcceleratorsA
RegisterClassExA
CreateWindowExA
LockWorkStation
LoadIconA
LoadCursorA
CallNextHookEx

advapi32

GetUserNameA
GetSidLengthRequired
InitializeSid
EqualSid
CopySid
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetLengthSid
OpenProcessToken
GetTokenInformation

shell32

SHCreateDirectoryExA
Shell_NotifyIconA
SHGetFolderPathA

shlwapi

PathAppendA

userenv

UnloadUserProfile

ws2_32

ntohs
htons
getservbyname
ntohl
inet_addr
__WSAFDIsSet
select
accept
connect
bind
listen
closesocket
shutdown
send
recv
sendto
recvfrom
getsockname
getpeername
setsockopt
getsockopt
socket
ioctlsocket
freeaddrinfo
getaddrinfo
getnameinfo
gethostname
WSACleanup
WSALookupServiceEnd
WSALookupServiceNextA
WSALookupServiceBeginA
WSAGetLastError
WSAStartup
WSAAddressToStringA

Exports

Exports

?keyBrdEvent@@YGJHIJ@Z
?mouseEvent@@YGJHIJ@Z

Sections

.text
Size: 493KB - Virtual size: 492KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5b0340e8da8143fa148d039e290e1b3

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

kernel32

user32

advapi32

shell32

shlwapi

userenv

ws2_32

Exports

Exports

Sections

.text Size: 493KB - Virtual size: 492KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 13KB - Virtual size: 26KB

.rsrc Size: 161KB - Virtual size: 160KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 493KB - Virtual size: 492KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 13KB - Virtual size: 26KB

.rsrc
Size: 161KB - Virtual size: 160KB

.reloc
Size: 32KB - Virtual size: 32KB