2024-07-22_515638887152d22564d373acfd3039d6_mafia | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-22_515638887152d22564d373acfd3039d6_mafia
Size

467KB
MD5

515638887152d22564d373acfd3039d6
SHA1

429e712c3f69ce21eab021eaab2ea890c0c7a78d
SHA256

c7a606f9bf3c76dc685abe4f728a0ef5cb809ecc43559b84d95697194bea2ccd
SHA512

a5bb20e13f274fbfb68c8bf4c897490ec3a9643fc7ccd3fa3597ee5f48ab19246dace07c285ffe89a12f60cccf386cf1b6647c55c539d770147d1609076eea24
SSDEEP

12288:KRJgcbwCK1XL4INn9AvyjhB9jdDPuzDCfwTu7vdP:BXCK17Zn9ZhBxdSzzuTd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-22_515638887152d22564d373acfd3039d6_mafia

Files

2024-07-22_515638887152d22564d373acfd3039d6_mafia
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u192\11897\build\windows-i586\deploy\jre-image\bin\javaws.pdb

Sections

.text
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 32KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xur
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE