C:\COCKPIT42\Jetro COCKPIT Client\Source Control\JDsCockpit\Bin\JDsClient.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-06-28_8f4ae7223812c185cce9dd3d2b87f39e_mafia.exe
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-06-28_8f4ae7223812c185cce9dd3d2b87f39e_mafia.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
2024-06-28_8f4ae7223812c185cce9dd3d2b87f39e_mafia
-
Size
2.0MB
-
MD5
8f4ae7223812c185cce9dd3d2b87f39e
-
SHA1
c01090a6f41601a941bb1b6888e4f92cfbbf48a2
-
SHA256
380d205ad4d9fc84a628d7f2cf5bad357118e7f35b84bb594222fa9f610ece18
-
SHA512
8771530a00003b75305e47b3a3ac51eeb780204876a0785d7d2032d0641bd6227196b065ac1177e66ce9c01241a08a67f338733b7bb86d07a9d3acf62cb6e2b3
-
SSDEEP
49152:6fs7HyZmBZT61JwP/+JzTOuQ1Liwg8MMMMMMMMMMbMMMMMMMMMM6rRnFY:dwm/W4wwhMMMMMMMMMMbMMMMMMMMMM6t
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-06-28_8f4ae7223812c185cce9dd3d2b87f39e_mafia
Files
-
2024-06-28_8f4ae7223812c185cce9dd3d2b87f39e_mafia.exe windows:5 windows x86 arch:x86
94fcbb953318f232ebe1043b4e88a125
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
ReadFile
CreateFileW
WriteFile
GetFileSize
FindClose
FindNextFileW
FindFirstFileW
lstrcpynW
RemoveDirectoryW
DeleteFileW
CopyFileW
MoveFileExW
TerminateProcess
OpenProcess
LocalFree
CreateProcessW
GetComputerNameW
GetExitCodeThread
GetEnvironmentVariableW
FormatMessageW
ExpandEnvironmentStringsW
CreateThread
TerminateThread
GlobalFree
FreeResource
LoadLibraryA
GetSystemDirectoryA
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
TlsFree
TlsAlloc
TlsGetValue
TlsSetValue
InterlockedCompareExchange
InterlockedPushEntrySList
GetProcessHeap
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
HeapDestroy
HeapReAlloc
HeapSize
GetStringTypeW
InitializeCriticalSection
EncodePointer
DecodePointer
VirtualProtect
GetSystemInfo
VirtualQuery
RtlUnwind
GetCPInfo
GetCommandLineW
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetStdHandle
HeapCreate
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
FlushFileBuffers
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleW
SetEndOfFile
GlobalLock
GlobalUnlock
Sleep
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
CreateMutexW
ExitProcess
GetTickCount
GetLocaleInfoW
OutputDebugStringW
GetCurrentProcessId
InterlockedExchange
LoadLibraryW
FreeLibrary
GetProcAddress
WaitForSingleObject
lstrcmpiW
HeapFree
HeapAlloc
MulDiv
lstrcmpW
GetVersionExW
SetEvent
ResetEvent
CreateEventW
CloseHandle
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
SetLastError
GetCurrentThreadId
lstrlenW
GetCurrentProcess
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
GlobalAlloc
user32
SendMessageW
DestroyIcon
CallWindowProcW
DestroyMenu
SetWindowLongW
GetWindowLongW
PostMessageW
GetPriorityClipboardFormat
GetClipboardOwner
GetClipboardData
ClientToScreen
InvalidateRect
IsWindow
SetWindowPos
GetClassInfoExW
LoadCursorW
GetMonitorInfoW
MonitorFromPoint
SetMenuDefaultItem
LoadMenuW
LoadImageW
TrackPopupMenu
GetSubMenu
GetDC
ReleaseDC
CopyRect
OffsetRect
GetClientRect
DefWindowProcW
FillRect
DrawTextW
DrawFocusRect
GetCursorPos
RegisterClassExW
UnregisterClassA
MsgWaitForMultipleObjectsEx
GetUpdateRect
PostThreadMessageW
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
GetIconInfo
CopyIcon
IsDialogMessageW
SendMessageTimeoutW
FindWindowW
CopyImage
EmptyClipboard
SetClipboardData
CreateWindowExW
OpenClipboard
ChangeClipboardChain
GetSysColor
GetFocus
GetKeyState
InflateRect
DestroyWindow
SetWindowTextW
GetMenu
SetMenu
GetSystemMenu
GetWindowRect
GetWindowPlacement
SetWindowPlacement
UpdateWindow
ShowWindow
wsprintfW
SetClipboardViewer
CloseClipboard
LoadAcceleratorsW
GetMessageW
TranslateMessage
DispatchMessageW
MessageBoxW
GetAncestor
EnableWindow
GetKeyboardLayout
GetWindow
EndDialog
GetWindowTextLengthW
GetWindowTextW
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
GetLastActivePopup
LoadStringA
PostQuitMessage
CreatePopupMenu
GetDlgItem
PeekMessageW
CharNextW
CharLowerW
IsWindowVisible
WindowFromPoint
MessageBeep
FrameRect
DrawFrameControl
GetActiveWindow
GetWindowThreadProcessId
IsWindowEnabled
MapWindowPoints
RegisterWindowMessageW
GetMenuStringW
MoveWindow
GetCapture
GetWindowDC
GetMessagePos
PtInRect
ReleaseCapture
ScreenToClient
SetWindowsHookExW
UnhookWindowsHookEx
DialogBoxParamW
GetDesktopWindow
AdjustWindowRectEx
SetCapture
EndPaint
BeginPaint
DrawEdge
SetFocus
GetClassNameW
CallNextHookEx
SetRectEmpty
IsMenu
SetForegroundWindow
SetRect
SystemParametersInfoW
DrawAnimatedRects
GetSystemMetrics
LoadIconW
LoadStringW
CheckMenuRadioItem
EnableMenuItem
AppendMenuW
DeleteMenu
ModifyMenuW
TrackPopupMenuEx
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
SetCursor
LoadBitmapW
FindWindowExW
RemoveMenu
InsertMenuW
TranslateAcceleratorW
GetDlgCtrlID
GetParent
RedrawWindow
GetSysColorBrush
gdi32
CreateBitmap
CreatePatternBrush
PatBlt
CreateSolidBrush
Polygon
CreateCompatibleBitmap
SetViewportOrgEx
GetDIBColorTable
CreatePalette
GetDIBits
GetObjectType
CopyEnhMetaFileW
CopyMetaFileW
CreateHalftonePalette
DeleteObject
GetObjectW
GetStockObject
CreateCompatibleDC
SelectObject
SetDIBColorTable
CreateFontIndirectW
CreateDIBSection
ExcludeClipRect
SetBkMode
SaveDC
RestoreDC
GetDeviceCaps
SelectPalette
RealizePalette
SetStretchBltMode
StretchBlt
ExtTextOutW
SetBkColor
SetTextColor
SetBrushOrgEx
BitBlt
GetTextExtentPoint32W
GetCurrentObject
CreatePen
MoveToEx
LineTo
DeleteDC
comdlg32
ChooseColorW
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW
advapi32
CryptEncrypt
CredFree
CredReadW
CryptDestroyKey
CryptDeriveKey
CryptDecrypt
RegCreateKeyExW
RegOpenKeyExW
GetTokenInformation
EqualSid
CopySid
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetLengthSid
OpenProcessToken
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
CryptReleaseContext
CryptDestroyHash
GetUserNameW
CryptAcquireContextW
CryptCreateHash
CryptGetHashParam
CryptHashData
ConvertSidToStringSidW
shell32
SHGetFileInfoW
ord51
ord43
Shell_NotifyIconW
SHCreateDirectoryExW
ShellExecuteExW
SHGetSpecialFolderPathW
ole32
CLSIDFromProgID
OleRun
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateGuid
StringFromGUID2
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
oleaut32
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayCopy
SysStringLen
SafeArrayGetVartype
SafeArrayGetUBound
GetErrorInfo
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantInit
VariantClear
OleLoadPicture
OleCreatePictureIndirect
VarUI4FromStr
jdssfx
?getSystemMetrics@VirtualMultipleMonitor@System@Jetro@@UAEHH@Z
??0VirtualMultipleMonitor@System@Jetro@@QAE@XZ
??0LogStream@Log@Jetro@@QAE@W4ELevel@12@PB_WH1@Z
??_DLogStream@Log@Jetro@@QAEXXZ
?MustLogLevel@@YA_NW4ELevel@Log@Jetro@@@Z
??0Exception@Jetro@@QAE@ABV01@@Z
??1Exception@Jetro@@UAE@XZ
??0Exception@Jetro@@QAE@QB_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
?MessageBoxW@Jetro@@YGHPAUHWND__@@V_U_STRINGorID@ATL@@1IKV_U_HICONorID@1@@Z
??0ScopedLog@Log@Jetro@@QAE@W4ELevel@12@PB_WH11@Z
??1ScopedLog@Log@Jetro@@QAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
?monitorFromWindow@VirtualMultipleMonitor@System@Jetro@@UAEPAUHMONITOR__@@PAUHWND__@@K@Z
?getWindowMonitorInfo@VirtualMultipleMonitor@System@Jetro@@UAEXPAUHWND__@@PAUtagMONITORINFO@@@Z
?getMonitorCount@VirtualMultipleMonitor@System@Jetro@@UAEHXZ
?getMonitors@VirtualMultipleMonitor@System@Jetro@@UAE?AV?$vector@VMonitorInfoEx@@V?$sfx_allocator@VMonitorInfoEx@@@Jetro@@@std@@XZ
??1VirtualMultipleMonitor@System@Jetro@@UAE@XZ
?GetSfxHeap@@YAPAXXZ
?GetMessageW@Exception@Jetro@@QBEQB_WXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??1Module@System@Jetro@@UAE@XZ
?monitorFromPoint@VirtualMultipleMonitor@System@Jetro@@UAEPAUHMONITOR__@@UtagPOINT@@K@Z
??0Module@System@Jetro@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
?setMonitors@VirtualMultipleMonitor@System@Jetro@@QAEXABV?$vector@VMonitorInfoEx@@V?$sfx_allocator@VMonitorInfoEx@@@Jetro@@@std@@@Z
?EnableVirtualisation@VirtualMultipleMonitor@System@Jetro@@QAEX_N@Z
?MonitorChooser@Jetro@@YGHPAUHWND__@@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?getWorkArea@MultipleMonitor@System@Jetro@@QAEXPAUHWND__@@PAUtagRECT@@@Z
?CreateLogger@@YAXABULoggerConfig@Logger@@@Z
?DestroyLogger@@YAXXZ
??0NullReferenceException@Jetro@@QAE@QB_W@Z
??1NullReferenceException@Jetro@@UAE@XZ
??0NullReferenceException@Jetro@@QAE@ABV01@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$sfx_allocator@_W@Jetro@@@std@@QAEXXZ
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$sfx_allocator@_W@Jetro@@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$sfx_allocator@_W@Jetro@@@2@XZ
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$sfx_allocator@_W@Jetro@@@std@@QAE@H@Z
?LogXmlMessage@Log@Jetro@@YGXPAVCXmlObject@@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
?LogXmlMessage@Log@Jetro@@YGXAAVCStreamOnArray@@_N@Z
?JetroComRaiseError@@YGXJPAUIErrorInfo@@@Z
?JetroExceptionTranslator@@YAXIPAU_EXCEPTION_POINTERS@@@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?ProcessUnhandledException@@YGJXZ
?GetErrorCode@Exception@Jetro@@QBEJXZ
?CreateLogger@@YAXQB_W_N@Z
?GetProcAddress@Module@System@Jetro@@QAEPAXG@Z
?GetErrorMessage@Exception@Jetro@@QBEQB_WXZ
??0SystemException@System@Jetro@@QAE@QB_WK@Z
??1SystemException@System@Jetro@@UAE@XZ
??0SystemException@System@Jetro@@QAE@ABV012@@Z
?Log@Exception@Jetro@@UBEXXZ
?SetErrorCode@Exception@Jetro@@IAAXJZZ
?SetMessage@Exception@Jetro@@IAEXQB_W@Z
?GetProcAddress@Module@System@Jetro@@QAEPAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?monitorFromRect@VirtualMultipleMonitor@System@Jetro@@UAEPAUHMONITOR__@@PBUtagRECT@@K@Z
?Initialize@Exception@Jetro@@IAEXXZ
?SetDescription@ComException@Com@Jetro@@IAEXQB_W@Z
??_7ComException@Com@Jetro@@6B@
??0Exception@Jetro@@IAE@XZ
??0IOException@IO@Jetro@@QAE@QB_W@Z
??1IOException@IO@Jetro@@UAE@XZ
??0IOException@IO@Jetro@@QAE@ABV012@@Z
??1ComException@Com@Jetro@@UAE@XZ
??0ComException@Com@Jetro@@QAE@ABV012@@Z
??0ComException@Com@Jetro@@QAE@QB_WJ@Z
??0ClassNotFoundException@Jetro@@QAE@U_GUID@@QB_W@Z
??1ClassNotFoundException@Jetro@@UAE@XZ
??0ClassNotFoundException@Jetro@@QAE@ABV01@@Z
??0ClassNotFoundException@Jetro@@QAE@QB_W0@Z
??0ArgumentException@Jetro@@QAE@QB_W0@Z
??0ArgumentException@Jetro@@QAE@ABV01@@Z
??1ArgumentException@Jetro@@UAE@XZ
?Print@Exception@Jetro@@MBEXAAV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@@Z
?what@Exception@Jetro@@UBEPBDXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
?GetHandle@Module@System@Jetro@@QBEPAUHINSTANCE__@@XZ
?SetUserResourceInstance@@YAXPAUHINSTANCE__@@@Z
??0SystemException@System@Jetro@@QAE@QB_W@Z
??0FileNotFoundException@IO@Jetro@@QAE@QB_W0@Z
??1FileNotFoundException@IO@Jetro@@UAE@XZ
??0FileNotFoundException@IO@Jetro@@QAE@ABV012@@Z
??0OutOfMemoryException@Jetro@@QAE@QB_W@Z
??1OutOfMemoryException@Jetro@@UAE@XZ
??0OutOfMemoryException@Jetro@@QAE@ABV01@@Z
?LookupErrorMessage@System@Jetro@@YAPA_WK@Z
?getMonitorInfo@VirtualMultipleMonitor@System@Jetro@@UAEXPAUHMONITOR__@@PAUtagMONITORINFO@@@Z
shlwapi
PathFileExistsW
PathIsDirectoryW
PathAppendW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathCreateFromUrlW
StrCmpW
AssocQueryStringW
comctl32
ImageList_Write
CreatePropertySheetPageW
ImageList_Draw
ImageList_DragLeave
ImageList_DragEnter
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_BeginDrag
ImageList_AddMasked
ImageList_LoadImageW
PropertySheetW
ImageList_Remove
DestroyPropertySheetPage
ImageList_DrawIndirect
ord8
ImageList_GetImageCount
CreateStatusWindowW
ImageList_Read
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
ImageList_GetIcon
msimg32
AlphaBlend
gdiplus
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipFree
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
psapi
GetModuleBaseNameW
EnumProcessModules
EnumProcesses
ws2_32
WSACloseEvent
WSAWaitForMultipleEvents
WSACreateEvent
getpeername
getsockname
connect
WSAEnumNetworkEvents
closesocket
socket
WSASetLastError
getservbyport
gethostbyaddr
htons
getservbyname
inet_addr
recv
send
WSAGetLastError
WSAEventSelect
gethostbyname
inet_ntoa
ntohs
ntohl
htonl
WSACleanup
WSAStartup
iphlpapi
GetAdaptersAddresses
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
wininet
HttpQueryInfoW
InternetSetOptionW
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetReadFile
userenv
UnloadUserProfile
Sections
.text Size: 987KB - Virtual size: 987KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 249KB - Virtual size: 249KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 29KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 716KB - Virtual size: 715KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 98KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ