2024-02-01_07ee3167959ceff3fc9b2d9a8f66510b_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-01_07ee3167959ceff3fc9b2d9a8f66510b_mafia
Size

2.7MB
MD5

07ee3167959ceff3fc9b2d9a8f66510b
SHA1

da28ab175b44a2856d89d5f7059124f65da3d02b
SHA256

fbc569c6397257050dbcb226ed9a9a37e196a86984fc129ffd806ac2ac8b6746
SHA512

6e288cbb02c091017d70a2d54c849f4929774ae7fa92defd9fc0c92c2f39fc73c1fdb42b65f587c2c0beb3d573003e2c6e4f56ae78363e4d07757d30143211f8
SSDEEP

49152:V+OHpxIEZmaJsv6tWKFdu9ChLyvL/6mShMZtmjNUVrciV5P+7QVg076ukTb30+0F:IO77ZpJsv6tWKFdu9CT0+

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-01_07ee3167959ceff3fc9b2d9a8f66510b_mafia

Files

2024-02-01_07ee3167959ceff3fc9b2d9a8f66510b_mafia
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0Parser@QJson@@QAE@XZ
??0ParserRunnable@QJson@@QAE@PAVQObject@@@Z
??0QObjectHelper@QJson@@QAE@XZ
??0Serializer@QJson@@QAE@XZ
??0SerializerRunnable@QJson@@QAE@PAVQObject@@@Z
??1Parser@QJson@@QAE@XZ
??1ParserRunnable@QJson@@UAE@XZ
??1QObjectHelper@QJson@@QAE@XZ
??1Serializer@QJson@@QAE@XZ
??1SerializerRunnable@QJson@@UAE@XZ
??_7ParserRunnable@QJson@@6BQObject@@@
??_7ParserRunnable@QJson@@6BQRunnable@@@
??_7SerializerRunnable@QJson@@6BQObject@@@
??_7SerializerRunnable@QJson@@6BQRunnable@@@
??_FParserRunnable@QJson@@QAEXXZ
??_FSerializerRunnable@QJson@@QAEXXZ
?allowSpecialNumbers@Parser@QJson@@QAEX_N@Z
?allowSpecialNumbers@Serializer@QJson@@QAEX_N@Z
?errorLine@Parser@QJson@@QBEHXZ
?errorString@Parser@QJson@@QBE?AVQString@@XZ
?indentMode@Serializer@QJson@@QBE?AW4IndentMode@2@XZ
?metaObject@ParserRunnable@QJson@@UBEPBUQMetaObject@@XZ
?metaObject@SerializerRunnable@QJson@@UBEPBUQMetaObject@@XZ
?parse@Parser@QJson@@QAE?AVQVariant@@ABVQByteArray@@PA_N@Z
?parse@Parser@QJson@@QAE?AVQVariant@@PAVQIODevice@@PA_N@Z
?parsingFinished@ParserRunnable@QJson@@IAEXABVQVariant@@_NABVQString@@@Z
?parsingFinished@SerializerRunnable@QJson@@IAEXABVQByteArray@@_NABVQString@@@Z
?qobject2qvariant@QObjectHelper@QJson@@SA?AV?$QMap@VQString@@VQVariant@@@@PBVQObject@@ABVQStringList@@@Z
?qt_metacall@ParserRunnable@QJson@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacall@SerializerRunnable@QJson@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@ParserRunnable@QJson@@UAEPAXPBD@Z
?qt_metacast@SerializerRunnable@QJson@@UAEPAXPBD@Z
?qt_static_metacall@ParserRunnable@QJson@@CAXPAVQObject@@W4Call@QMetaObject@@HPAPAX@Z
?qt_static_metacall@SerializerRunnable@QJson@@CAXPAVQObject@@W4Call@QMetaObject@@HPAPAX@Z
?qvariant2qobject@QObjectHelper@QJson@@SAXABV?$QMap@VQString@@VQVariant@@@@PAVQObject@@@Z
?run@ParserRunnable@QJson@@UAEXXZ
?run@SerializerRunnable@QJson@@UAEXXZ
?serialize@Serializer@QJson@@QAE?AVQByteArray@@ABVQVariant@@@Z
?serialize@Serializer@QJson@@QAEXABVQVariant@@PAVQIODevice@@PA_N@Z
?setData@ParserRunnable@QJson@@QAEXABVQByteArray@@@Z
?setDoublePrecision@Serializer@QJson@@QAEXH@Z
?setIndentMode@Serializer@QJson@@QAEXW4IndentMode@2@@Z
?setJsonObject@SerializerRunnable@QJson@@QAEXABVQVariant@@@Z
?specialNumbersAllowed@Parser@QJson@@QBE_NXZ
?specialNumbersAllowed@Serializer@QJson@@QBE_NXZ
?staticMetaObject@ParserRunnable@QJson@@2UQMetaObject@@B
?staticMetaObject@SerializerRunnable@QJson@@2UQMetaObject@@B
?staticMetaObjectExtraData@ParserRunnable@QJson@@0UQMetaObjectExtraData@@B
?staticMetaObjectExtraData@SerializerRunnable@QJson@@0UQMetaObjectExtraData@@B
?tr@ParserRunnable@QJson@@SA?AVQString@@PBD0@Z
?tr@ParserRunnable@QJson@@SA?AVQString@@PBD0H@Z
?tr@SerializerRunnable@QJson@@SA?AVQString@@PBD0@Z
?tr@SerializerRunnable@QJson@@SA?AVQString@@PBD0H@Z
?trUtf8@ParserRunnable@QJson@@SA?AVQString@@PBD0@Z
?trUtf8@ParserRunnable@QJson@@SA?AVQString@@PBD0H@Z
?trUtf8@SerializerRunnable@QJson@@SA?AVQString@@PBD0@Z
?trUtf8@SerializerRunnable@QJson@@SA?AVQString@@PBD0H@Z

Sections

UPX0
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 3.7MB

UPX1 Size: 2.6MB - Virtual size: 2.6MB

.rsrc Size: 38KB - Virtual size: 40KB

UPX0
Size: - Virtual size: 3.7MB

UPX1
Size: 2.6MB - Virtual size: 2.6MB

.rsrc
Size: 38KB - Virtual size: 40KB