NEAS[.]2023-09-06_45822bb8260569e45a0e9b13aecc0152_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2023-09-06_45822bb8260569e45a0e9b13aecc0152_mafia_JC.exe
Size

493KB
MD5

45822bb8260569e45a0e9b13aecc0152
SHA1

49a4140ad19ca3ff3c9ca395577e7ed4e01c04d8
SHA256

db9e9dc76b1457a063ca8a77b8b71711acbf331910b466edb29a194d32ffe4d9
SHA512

00ac33493b242e8bcc5dc28c7add3467744137efa35ca65e78a43ecef33d4929f813142e09d5855a5c66d2737430c296ce50f880481c02b957a3d7e618e274b7
SSDEEP

12288:lSH9uNZGwh4YIO92ABAAFVfny0Ybz7vshPqIMSBnQZ3ekGbKrezpO1pfajGMHIq:29sGQxION9TY37EBQ8bFO14jGy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2023-09-06_45822bb8260569e45a0e9b13aecc0152_mafia_JC.exe

Files

NEAS.2023-09-06_45822bb8260569e45a0e9b13aecc0152_mafia_JC.exe
.exe windows:5 windows x86

29886ed5393e6577eecbcf8223593fc4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipAlloc
GdipDisposeImage
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipFree
GdipImageRotateFlip
GdiplusStartup
GdipCloneImage
GdipCreateBitmapFromFile
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth

dsound

ord1

winmm

mmioAscend
mmioDescend
mmioOpenA
mmioSetInfo
mmioAdvance
mmioGetInfo
mmioRead
PlaySoundA
mmioClose

kernel32

FlushFileBuffers
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetCurrentDirectoryW
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
GetModuleFileNameW
HeapSize
HeapReAlloc
HeapCreate
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetTickCount
FindFirstFileA
FindClose
DeleteFileA
RemoveDirectoryA
FindNextFileA
CopyFileA
GetLastError
MultiByteToWideChar
lstrlenA
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
ExitProcess
GetVersionExA
Sleep
InitializeCriticalSection
QueryPerformanceFrequency
DeleteCriticalSection
ExitThread
GetCommandLineA
GetStdHandle
AllocConsole
WriteConsoleA
lstrcpyA
LoadLibraryW
GlobalLock
GlobalAlloc
LocalFree
FormatMessageA
WriteFile
SetFilePointer
GetFileType
SetHandleCount
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ReadFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetStartupInfoW
HeapSetInformation
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
DecodePointer
EncodePointer
GetFullPathNameA
GetDriveTypeW
CloseHandle
CreateThread
GetCurrentThreadId
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapAlloc
HeapFree
GetLocalTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
WriteConsoleW
SetEndOfFile
CompareStringW
GetProcessHeap
GetTimeZoneInformation
LCMapStringW
GetStringTypeW
CreateFileW
GlobalUnlock
CreateDirectoryA
RtlUnwind

user32

PtInRect
MessageBoxA
IntersectRect
PostMessageA
UpdateWindow
MoveWindow
GetClientRect
GetDC
ShowWindow
GetWindowRect
FlashWindow
EndPaint
BeginPaint
DefWindowProcA
PostQuitMessage
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
CreateWindowExA
ReleaseDC
DestroyWindow
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
wvsprintfA
UnionRect
GetKeyState
SetRect
LoadIconA
LoadCursorA
RegisterClassExA
SystemParametersInfoA
OffsetRect

gdi32

BitBlt
GetTextExtentPoint32A
SetBkColor
CreateDIBSection
CreateCompatibleDC
SelectObject
SetBkMode
DeleteDC
GetDeviceCaps
TextOutA
CreateFontA
SetTextColor
DeleteObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

ShellExecuteA
SHGetFolderPathA

ole32

CoInitialize
StringFromGUID2

shlwapi

PathAppendA

ws2_32

ntohs
inet_addr
gethostbyname
recv
__WSAFDIsSet
send
closesocket
WSAStartup
connect
htons
ioctlsocket
setsockopt
socket
WSAGetLastError
inet_ntoa
htonl
select

Sections

.text
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29886ed5393e6577eecbcf8223593fc4

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

dsound

winmm

kernel32

user32

gdi32

comdlg32

shell32

ole32

shlwapi

ws2_32

Sections

.text Size: 367KB - Virtual size: 367KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 12KB - Virtual size: 2.1MB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 34KB - Virtual size: 36KB

.text
Size: 367KB - Virtual size: 367KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 12KB - Virtual size: 2.1MB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 34KB - Virtual size: 36KB