NEAS[.]2023-09-05_75f937cd214073ef1870a2a5b2138f78_mafia_magniber_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.2023-09-05_75f937cd214073ef1870a2a5b2138f78_mafia_magniber_JC.exe
Size

4.1MB
MD5

75f937cd214073ef1870a2a5b2138f78
SHA1

b7e563c60e51be52415f6ae0ad627f5a95499377
SHA256

6c022374d18c126efe13b28257eee63d6304736e4091e9c4f38faaf3fe746565
SHA512

ac59d9d40cbb1dbf5f0c0aff37540d0a6b74f9b2edb1b78b6a2c20818f1d1b07a42629aa1709c64253e432f8cc6ddb5b820af2033192e501bbfda050045c8448
SSDEEP

98304:YGm1LyaHDBHvFheR1ApWWbPyVjHJUR5Et6:1eHDBHdhe1K3b6VjHJUvh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2023-09-05_75f937cd214073ef1870a2a5b2138f78_mafia_magniber_JC.exe

Files

NEAS.2023-09-05_75f937cd214073ef1870a2a5b2138f78_mafia_magniber_JC.exe
.exe windows:5 windows x86

b72a5b74c6966926c0be19ff8baa6b1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameA
GetCommandLineW
GetModuleFileNameW
SetCurrentDirectoryW
GetFileAttributesW
HeapDestroy
FlushInstructionCache
HeapCreate
LockResource
LoadResource
SizeofResource
FindResourceW
FreeResource
GetFullPathNameW
GetModuleHandleA
MulDiv
LoadLibraryW
GetVersionExA
GetTickCount
CreateDirectoryW
GetCurrentProcess
SystemTimeToFileTime
DosDateTimeToFileTime
VirtualProtect
LoadLibraryA
GetThreadLocale
SetLastError
lstrlenW
IsBadReadPtr
GetProcessHeap
HeapFree
HeapAlloc
FreeLibrary
WinExec
GetDiskFreeSpaceExA
MoveFileA
WritePrivateProfileStringA
SetCurrentDirectoryA
ExitProcess
GetTempPathA
GetCurrentProcessId
InterlockedIncrement
CreateToolhelp32Snapshot
FindNextFileW
FindNextFileA
Process32NextW
Process32FirstW
GetLocalTime
InterlockedCompareExchange
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
SetEnvironmentVariableA
CompareStringW
DuplicateHandle
GetDriveTypeW
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
InterlockedExchange
SetConsoleCtrlHandler
GetTimeZoneInformation
FlushFileBuffers
FatalAppExitA
SetHandleCount
GetConsoleMode
GetConsoleCP
GetStringTypeW
InitializeCriticalSectionAndSpinCount
HeapSize
LCMapStringW
RaiseException
GetLocaleInfoW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetStartupInfoW
HeapSetInformation
ResumeThread
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesA
HeapReAlloc
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CreateThread
GetCurrentThreadId
ExitThread
GetFileType
GetCurrentDirectoryW
SetEndOfFile
CreateEventW
CreateSemaphoreW
ResetEvent
ReleaseSemaphore
InitializeCriticalSection
FindClose
RemoveDirectoryA
GetProcAddress
FindFirstFileA
TerminateProcess
OpenProcess
FindFirstFileW
DeleteFileA
SetFileAttributesW
GetModuleFileNameA
CreateFileMappingW
GetModuleHandleW
MapViewOfFile
MultiByteToWideChar
FormatMessageW
WideCharToMultiByte
DeleteFileW
GetTempPathW
Sleep
CreateProcessW
lstrcmpW
SetFileTime
CreateFileA
SetEvent
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
VirtualAlloc
VirtualFree
CloseHandle
GetLastError
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetFileSize
InterlockedDecrement
lstrlenA

user32

GetFocus
GetActiveWindow
IsWindowVisible
wsprintfW
SendMessageW
ShowWindow
PostMessageW
GetWindow
GetMonitorInfoW
MapWindowPoints
MessageBoxW
SetWindowPos
MonitorFromWindow
GetWindowLongW
GetClientRect
GetWindowRect
DestroyWindow
GetDesktopWindow
DestroyCursor
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
PtInRect
IsRectEmpty
IsWindow
DefWindowProcW
InvertRect
FillRect
GetParent
IsWindowEnabled
DrawIconEx
SetFocus
SetActiveWindow
IsMenu
GetSubMenu
CopyRect
SetRect
EqualRect
InflateRect
IntersectRect
UnionRect
SetCursor
SetTimer
KillTimer
UpdateWindow
SetWindowLongW
InvalidateRect
ScreenToClient
GetDC
ReleaseDC
SetCapture
SetWindowTextW
IsIconic
DestroyIcon
GetCursorPos
ReleaseCapture
GetCapture
HideCaret
CreateCaret
GetCaretBlinkTime
SetCaretPos
IsZoomed
EnableWindow
UpdateLayeredWindow
MessageBoxA
DestroyMenu
AppendMenuW
CreatePopupMenu
SetForegroundWindow
TrackPopupMenu
InsertMenuW
GetMenuItemCount
GetMenuItemInfoW
MapVirtualKeyA
CharLowerBuffW
DrawTextW
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
LoadIconW
EnableMenuItem
GetKeyState
GetSysColor
ClientToScreen
CreateIconFromResource
LoadImageW
LoadBitmapW
CharNextW
OffsetRect
GetIconInfo
RegisterClassExW
CreateWindowExW
CallWindowProcW
GetDlgItem
UnregisterClassW
SetLayeredWindowAttributes
BeginPaint
EndPaint
PostQuitMessage
GetClassNameW
TrackMouseEvent
AnimateWindow

gdi32

SetRectRgn
CreateCompatibleBitmap
SetViewportOrgEx
CreateBitmap
CreateRoundRectRgn
CreateCompatibleDC
StretchBlt
DeleteDC
CreateSolidBrush
SelectObject
Rectangle
SetBkMode
CreateFontIndirectW
GetClipBox
GetDCOrgEx
SetGraphicsMode
GetDeviceCaps
EnumFontsW
GetStockObject
GetObjectW
DeleteObject
BitBlt
CreateDIBSection
CombineRgn
PtInRegion
RectInRegion
GetRgnBox
OffsetRgn
SetTextColor
GetTextColor
ExtSelectClipRgn
SaveDC
CreateRectRgnIndirect
RestoreDC
ExcludeClipRect
IntersectClipRect
CreateRectRgn
GetTextExtentPoint32W
RoundRect
Ellipse
SetWorldTransform
GetWorldTransform
Polyline
Arc
Chord
CreatePen
CreatePatternBrush
GetClipRgn
GetViewportOrgEx
GetCurrentObject

comdlg32

ChooseFontW
ChooseColorW

advapi32

RegQueryInfoKeyW
RegQueryValueExA
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegSaveKeyW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegRestoreKeyW
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegEnumKeyA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteA
SHBrowseForFolderW
ShellExecuteW
CommandLineToArgvW
SHGetPathFromIDListA

ole32

CreateBindCtx
OleLockRunning
CLSIDFromString
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID

oleaut32

GetErrorInfo
SysFreeString
SysStringByteLen
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
CreateErrorInfo
SetErrorInfo
VariantInit
VariantClear
VariantChangeType
SysAllocString

shlwapi

StrToIntExW
PathFileExistsA

netapi32

Netbios

wininet

HttpQueryInfoA
InternetConnectA
InternetCrackUrlA
InternetReadFile
InternetSetOptionA
HttpQueryInfoW
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetReadFileExA
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindCloseUrlCache

ws2_32

send
gethostbyname
closesocket
socket
recv
WSACleanup
setsockopt
htons
WSAStartup
connect

psapi

GetProcessImageFileNameA

imagehlp

MakeSureDirectoryPathExists

imm32

ImmReleaseContext
ImmGetContext

gdiplus

GdipGetImageEncodersSize
GdiplusStartup
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncoders
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipDrawImageRectI
GdiplusShutdown
GdipCloneImage

msimg32

GradientFill
AlphaBlend

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b72a5b74c6966926c0be19ff8baa6b1c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

netapi32

wininet

ws2_32

psapi

imagehlp

imm32

gdiplus

msimg32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 310KB - Virtual size: 310KB

.data Size: 35KB - Virtual size: 157KB

.rsrc Size: 300KB - Virtual size: 299KB

.reloc Size: 72KB - Virtual size: 72KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 310KB - Virtual size: 310KB

.data
Size: 35KB - Virtual size: 157KB

.rsrc
Size: 300KB - Virtual size: 299KB

.reloc
Size: 72KB - Virtual size: 72KB