2024-01-27_6390264711f32633c320b893ee9f800b_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-27_6390264711f32633c320b893ee9f800b_mafia
Size

432KB
MD5

6390264711f32633c320b893ee9f800b
SHA1

b41fe3e7a7b51f1b4a6e0d2d2eb826ade0740c37
SHA256

12fac9b17c60f0a6a5146ebccf05315d250a9a90b86a60a9873b9f4631fd3177
SHA512

9cd73a88bd3ef06072ef921e6d74134ecf6db79b326a62918739f445b9225d6727df95a32b4c004861fc2eabd98b5510bcd647d6a25cfa3feb44a7edff754792
SSDEEP

12288:qUymw46LEXg227aFgImtmmZpDgfnoLrUI50DUI0j1L0CIMP2lMC:6D94I5iCjJ+MPmM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-27_6390264711f32633c320b893ee9f800b_mafia

Files

2024-01-27_6390264711f32633c320b893ee9f800b_mafia
.exe windows:5 windows x86 arch:x86

bedd1ca1196dbc3e720081c60a5a1d80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\JXM_V2\_bin_v2_\gw\Goddess.pdb

Imports

libdb181

ord3
ord2

libmysql

mysql_close
mysql_error
mysql_ping
mysql_errno
mysql_real_query
mysql_use_result
mysql_store_result
mysql_real_escape_string
mysql_free_result
mysql_fetch_row
mysql_num_fields
mysql_select_db
mysql_real_connect
mysql_init
mysql_stmt_init
mysql_options
mysql_stmt_execute
mysql_stmt_bind_param
mysql_stmt_bind_result
mysql_stmt_store_result
mysql_stmt_fetch
mysql_query
mysql_affected_rows
mysql_stmt_prepare
mysql_shutdown

sqlite3

sqlite3_finalize
sqlite3_free
sqlite3_exec
sqlite3_column_blob
sqlite3_column_int
sqlite3_step
sqlite3_prepare
sqlite3_column_bytes
sqlite3_bind_blob
sqlite3_errmsg
sqlite3_busy_timeout
sqlite3_busy_handler
sqlite3_column_count
sqlite3_open
sqlite3_column_text
sqlite3_close

kernel32

CreateFileW
WriteConsoleW
SetStdHandle
LoadLibraryW
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
GetLocaleInfoW
GetStringTypeW
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
SetCurrentDirectoryW
GetCurrentDirectoryW
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
FatalAppExitA
GetFileType
GetStdHandle
SetHandleCount
HeapDestroy
HeapCreate
InitializeCriticalSectionAndSpinCount
ReadFile
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
CloseHandle
TerminateThread
WaitForSingleObject
Sleep
SuspendThread
ResumeThread
GetSystemTime
GetLocalTime
CreateThread
SetEndOfFile
LoadLibraryA
FreeLibrary
GetCurrentProcess
OutputDebugStringA
CreateFileA
GetCurrentProcessId
GetCurrentThreadId
CreateDirectoryA
IsDebuggerPresent
GetModuleFileNameA
SetUnhandledExceptionFilter
GetFileAttributesA
GetFileSize
WriteFile
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThread
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
HeapAlloc
GetCPInfo
LCMapStringW
GetStartupInfoW
WritePrivateProfileStringA
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
DeleteFileA
FindNextFileA
FindFirstFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetDriveTypeW
HeapFree
ExitThread
RaiseException
RtlUnwind
DecodePointer
EncodePointer
InterlockedCompareExchange
HeapSize
GetComputerNameA
InterlockedDecrement
GetCurrentDirectoryA
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
TerminateProcess
UnhandledExceptionFilter
GetProcAddress
ExitProcess
FormatMessageA
SetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetPrivateProfileSectionNamesA
GetLastError
CreateEventA
ResetEvent
SetEvent
PulseEvent
InterlockedExchange
GetPrivateProfileStringA

user32

GetDlgItemTextA
MessageBeep
MessageBoxA
SendMessageA
IsWindow
wsprintfA
RegisterClassExA
LoadIconA
LoadCursorA
CreateDialogParamA
ShowWindow
UpdateWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetDlgItemTextA
EnableWindow
GetDlgItemInt
CheckRadioButton
KillTimer
DestroyWindow
PostQuitMessage
SetDlgItemInt
SetTimer
IsDlgButtonChecked
GetDlgItem
SetWindowTextA
PostMessageA

comdlg32

GetOpenFileNameA

shell32

ShellExecuteA

engine

?Load@KTabFile@@UAEHPAD0@Z
?GetInteger@KTabFile@@UAEHHPADHPAHH@Z
?GetString@KTabFile@@UAEHHPAD00KH@Z
?Clear@KTabFile@@UAEXXZ
??1KTabFile@@UAE@XZ
??0KTabFile@@QAE@XZ

ws2_32

gethostname
gethostbyname

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

advapi32

GetUserNameA

Sections

.text
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bedd1ca1196dbc3e720081c60a5a1d80

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libdb181

libmysql

sqlite3

kernel32

user32

comdlg32

shell32

engine

ws2_32

version

advapi32

Sections

.text Size: 323KB - Virtual size: 323KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 7KB - Virtual size: 169KB

.rsrc Size: 30KB - Virtual size: 29KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 323KB - Virtual size: 323KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 7KB - Virtual size: 169KB

.rsrc
Size: 30KB - Virtual size: 29KB

.reloc
Size: 16KB - Virtual size: 16KB