2024-02-01_f2b361fcabd8926cdd2c9c08453f3beb_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-01_f2b361fcabd8926cdd2c9c08453f3beb_mafia
Size

2.7MB
MD5

f2b361fcabd8926cdd2c9c08453f3beb
SHA1

0952d33393b4b98acbf18359808128d74d9b81ba
SHA256

91e97724bf98dcaca0e02ef4489fafbfe3ceb0c6862168cb29ea6af1fb03a333
SHA512

f3944ad8728940f0b0c7f88b5f7ed875410dc1bae98e26bd46e604d0cf4a2b573e47461215d3be5d5b816d19e03c5fcdcfdc5ce79921a6a6010f865704afa17a
SSDEEP

49152:avhEcOZsJsv6tWKFdu9CpLyvL/6mShMZtmjNUVrciV5P+7QVg07xuKThCJVcEtQ7:xdZsJsv6tWKFdu9C+CJVckc

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-01_f2b361fcabd8926cdd2c9c08453f3beb_mafia

Files

2024-02-01_f2b361fcabd8926cdd2c9c08453f3beb_mafia
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0Parser@QJson@@QAE@XZ
??0ParserRunnable@QJson@@QAE@PAVQObject@@@Z
??0QObjectHelper@QJson@@QAE@XZ
??0Serializer@QJson@@QAE@XZ
??0SerializerRunnable@QJson@@QAE@PAVQObject@@@Z
??1Parser@QJson@@QAE@XZ
??1ParserRunnable@QJson@@UAE@XZ
??1QObjectHelper@QJson@@QAE@XZ
??1Serializer@QJson@@QAE@XZ
??1SerializerRunnable@QJson@@UAE@XZ
??_7ParserRunnable@QJson@@6BQObject@@@
??_7ParserRunnable@QJson@@6BQRunnable@@@
??_7SerializerRunnable@QJson@@6BQObject@@@
??_7SerializerRunnable@QJson@@6BQRunnable@@@
??_FParserRunnable@QJson@@QAEXXZ
??_FSerializerRunnable@QJson@@QAEXXZ
?allowSpecialNumbers@Parser@QJson@@QAEX_N@Z
?allowSpecialNumbers@Serializer@QJson@@QAEX_N@Z
?errorLine@Parser@QJson@@QBEHXZ
?errorString@Parser@QJson@@QBE?AVQString@@XZ
?indentMode@Serializer@QJson@@QBE?AW4IndentMode@2@XZ
?metaObject@ParserRunnable@QJson@@UBEPBUQMetaObject@@XZ
?metaObject@SerializerRunnable@QJson@@UBEPBUQMetaObject@@XZ
?parse@Parser@QJson@@QAE?AVQVariant@@ABVQByteArray@@PA_N@Z
?parse@Parser@QJson@@QAE?AVQVariant@@PAVQIODevice@@PA_N@Z
?parsingFinished@ParserRunnable@QJson@@IAEXABVQVariant@@_NABVQString@@@Z
?parsingFinished@SerializerRunnable@QJson@@IAEXABVQByteArray@@_NABVQString@@@Z
?qobject2qvariant@QObjectHelper@QJson@@SA?AV?$QMap@VQString@@VQVariant@@@@PBVQObject@@ABVQStringList@@@Z
?qt_metacall@ParserRunnable@QJson@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacall@SerializerRunnable@QJson@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@ParserRunnable@QJson@@UAEPAXPBD@Z
?qt_metacast@SerializerRunnable@QJson@@UAEPAXPBD@Z
?qt_static_metacall@ParserRunnable@QJson@@CAXPAVQObject@@W4Call@QMetaObject@@HPAPAX@Z
?qt_static_metacall@SerializerRunnable@QJson@@CAXPAVQObject@@W4Call@QMetaObject@@HPAPAX@Z
?qvariant2qobject@QObjectHelper@QJson@@SAXABV?$QMap@VQString@@VQVariant@@@@PAVQObject@@@Z
?run@ParserRunnable@QJson@@UAEXXZ
?run@SerializerRunnable@QJson@@UAEXXZ
?serialize@Serializer@QJson@@QAE?AVQByteArray@@ABVQVariant@@@Z
?serialize@Serializer@QJson@@QAEXABVQVariant@@PAVQIODevice@@PA_N@Z
?setData@ParserRunnable@QJson@@QAEXABVQByteArray@@@Z
?setDoublePrecision@Serializer@QJson@@QAEXH@Z
?setIndentMode@Serializer@QJson@@QAEXW4IndentMode@2@@Z
?setJsonObject@SerializerRunnable@QJson@@QAEXABVQVariant@@@Z
?specialNumbersAllowed@Parser@QJson@@QBE_NXZ
?specialNumbersAllowed@Serializer@QJson@@QBE_NXZ
?staticMetaObject@ParserRunnable@QJson@@2UQMetaObject@@B
?staticMetaObject@SerializerRunnable@QJson@@2UQMetaObject@@B
?staticMetaObjectExtraData@ParserRunnable@QJson@@0UQMetaObjectExtraData@@B
?staticMetaObjectExtraData@SerializerRunnable@QJson@@0UQMetaObjectExtraData@@B
?tr@ParserRunnable@QJson@@SA?AVQString@@PBD0@Z
?tr@ParserRunnable@QJson@@SA?AVQString@@PBD0H@Z
?tr@SerializerRunnable@QJson@@SA?AVQString@@PBD0@Z
?tr@SerializerRunnable@QJson@@SA?AVQString@@PBD0H@Z
?trUtf8@ParserRunnable@QJson@@SA?AVQString@@PBD0@Z
?trUtf8@ParserRunnable@QJson@@SA?AVQString@@PBD0H@Z
?trUtf8@SerializerRunnable@QJson@@SA?AVQString@@PBD0@Z
?trUtf8@SerializerRunnable@QJson@@SA?AVQString@@PBD0H@Z

Sections

UPX0
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 3.7MB

UPX1 Size: 2.7MB - Virtual size: 2.7MB

.rsrc Size: 71KB - Virtual size: 72KB

UPX0
Size: - Virtual size: 3.7MB

UPX1
Size: 2.7MB - Virtual size: 2.7MB

.rsrc
Size: 71KB - Virtual size: 72KB