9bb5edc14c8d11c9cff6a194b029565a_mafia_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

9bb5edc14c8d11c9cff6a194b029565a_mafia_JC.exe
Size

1.6MB
MD5

9bb5edc14c8d11c9cff6a194b029565a
SHA1

15ac2ad18207c0f6eb80dab5545ab358c3041e9e
SHA256

bc8eb5c290e806b2c77a2399b8cb9cc477abad6ca922b0969605b54db68fcaff
SHA512

17cdfccdb71b4a876209b3a5026b17b5b08c6a213ff49a6879ffbcc474e4b548cad6969c0d7692d775a6f1607d7874c526a9cc40b0738f93bfe131ac8fd6d80e
SSDEEP

49152:jVwp2HyWLthBpPCWvRcZChqlprHb4Sbnjlxs+DXt5pnfaYZz8h:xy8hBoWvR6ChqlprHb/bjHXzpnfaM0

Score

1^/10

Malware Config

Signatures

Files

9bb5edc14c8d11c9cff6a194b029565a_mafia_JC.exe
.exe windows x86

f069ceca544fc22e801c13f1054db337

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

49:b8:c5:92:8f:d2:88:cb:8d:bc:7b:58:24:ac:1b:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/11/2014, 00:00

Not After

20/11/2015, 23:59

Subject

CN=Reverse Page,O=Reverse Page,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:79:b2:76:38:de:fb:1e:bc:33:7a:07:2e:97:62:ad:2f:1f:85:43
Signer

Actual PE Digest

21:79:b2:76:38:de:fb:1e:bc:33:7a:07:2e:97:62:ad:2f:1f:85:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
GetLocaleInfoW
GetUserDefaultUILanguage
GetSystemDirectoryW
lstrcpyW
GetFileAttributesExW
FileTimeToLocalFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
GetTempFileNameW
GetTempPathW
GetWindowsDirectoryW
GetNumberFormatW
GetTickCount
GetProfileIntW
SearchPathW
VirtualProtect
GetUserDefaultLCID
FindResourceExW
EncodePointer
DecodePointer
HeapFree
HeapSetInformation
GetStartupInfoW
HeapAlloc
RtlUnwind
RaiseException
HeapReAlloc
ExitThread
CreateThread
HeapSize
HeapQueryInformation
ExitProcess
GetSystemTimeAsFileTime
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
LCMapStringW
GetConsoleCP
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEnvironmentVariableA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
lstrcmpiW
GlobalFlags
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
InitializeCriticalSectionAndSpinCount
lstrcmpW
FileTimeToSystemTime
lstrlenA
lstrcmpA
GlobalGetAtomNameW
CompareStringW
InterlockedIncrement
GetModuleHandleW
WaitForSingleObject
GetCurrentThreadId
ResumeThread
SetThreadPriority
CopyFileW
GlobalSize
MulDiv
lstrlenW
GetCurrentProcessId
FreeLibrary
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedDecrement
GetModuleFileNameW
ActivateActCtx
ReleaseActCtx
DeactivateActCtx
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
SetLastError
GetFullPathNameW
GetVolumeInformationW
GetConsoleMode
FindFirstFileW
GetCommandLineW
GetExitCodeProcess
Sleep
GetCurrentDirectoryW
SetErrorMode
GetVersionExW
OpenProcess
GetProcAddress
LoadLibraryW
FormatMessageW
GetLastError
GetCurrentProcess
CloseHandle
CreateProcessW
WideCharToMultiByte
InterlockedExchange
MultiByteToWideChar

user32

BringWindowToTop
LockWindowUpdate
GetMenuDefaultItem
InvertRect
HideCaret
EnableScrollBar
GetNextDlgTabItem
GetIconInfo
LoadImageW
GetNextDlgGroupItem
EndDialog
CreateDialogIndirectParamW
TranslateAcceleratorW
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UnionRect
UpdateLayeredWindow
IsMenu
CreateMenu
PostThreadMessageW
WaitMessage
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
KillTimer
SetTimer
DeleteMenu
ShowOwnedPopups
SetCursor
IntersectRect
InvalidateRect
IsIconic
SetLayeredWindowAttributes
SetRectEmpty
CopyImage
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
CharUpperW
DestroyIcon
RealChildWindowFromPoint
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SetCursorPos
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
UpdateWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
CopyRect
PtInRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
PeekMessageW
ValidateRect
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
SendMessageW
GetParent
GetWindowLongW
GetWindowThreadProcessId
GetDesktopWindow
GetWindowRect
FindWindowExW
GetLastActivePopup
EnableWindow
MessageBoxW
UnhookWindowsHookEx
IsWindowVisible
IsWindowEnabled
GetWindowTextLengthW
GetKeyState
GetCursorPos
ScreenToClient
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
MessageBeep
ReleaseCapture
SetCapture
GetSystemMenu
LoadMenuW
SetClassLongW
NotifyWinEvent
GetAsyncKeyState
SendDlgItemMessageA
WindowFromPoint
EnumDisplayMonitors

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathRemoveFileSpecW

psapi

GetModuleFileNameExW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipDrawImageI

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

gdi32

SelectPalette
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
SaveDC
RestoreDC
SetBkMode
CopyMetaFileW
CreateDCW
GetTextExtentPoint32W
ExtTextOutW
BitBlt
CreateCompatibleDC
CreateFontIndirectW
DeleteObject
GetObjectW
SetBkColor
SetPolyFillMode
SetROP2
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
Escape
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
GetObjectType
SetTextColor
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateDIBitmap
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
SetRectRgn
CombineRgn
PatBlt
DPtoLP
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceW
SetPixelV
CreateBitmap
SetViewportOrgEx
GetDeviceCaps
SelectObject

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

comdlg32

GetFileTitleW

shell32

DragFinish
SHBrowseForFolderW
SHAppBarMessage
DragQueryFileW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW

ole32

OleGetClipboard
RegisterDragDrop
DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleDuplicateData
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
RevokeDragDrop
CoTaskMemAlloc
ReleaseStgMedium
CoLockObjectExternal

oleaut32

VariantClear
VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen
VarBstrFromDate
VariantInit
SysAllocString
SysFreeString

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f069ceca544fc22e801c13f1054db337

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

49:b8:c5:92:8f:d2:88:cb:8d:bc:7b:58:24:ac:1b:f6Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

21:79:b2:76:38:de:fb:1e:bc:33:7a:07:2e:97:62:ad:2f:1f:85:43Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msimg32

comctl32

shlwapi

psapi

oleacc

gdiplus

imm32

winmm

gdi32

winspool.drv

comdlg32

shell32

ole32

oleaut32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 267KB - Virtual size: 267KB

.data Size: 26KB - Virtual size: 56KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 166KB - Virtual size: 165KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

49:b8:c5:92:8f:d2:88:cb:8d:bc:7b:58:24:ac:1b:f6
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

21:79:b2:76:38:de:fb:1e:bc:33:7a:07:2e:97:62:ad:2f:1f:85:43
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 267KB - Virtual size: 267KB

.data
Size: 26KB - Virtual size: 56KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 166KB - Virtual size: 165KB