a108504e9f8802324ca501747f11ee79_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a108504e9f8802324ca501747f11ee79_mafia_JC.exe
Size

672KB
MD5

a108504e9f8802324ca501747f11ee79
SHA1

f639f44c116e95cd98fcd907dfe09714c0b2b8a4
SHA256

4702f55df2ba54aef59e20f2a0c71b8bfa095c03fa5cbe761d002c0038c99b24
SHA512

c6fae6fee7a55451775ad433e3a9bdd5ca25d401adfaf08687c90585abd4faa5ade59a1c727a5d3b817b62a4fb22f3cc87d3826970c504a9809f8e8a07023fd3
SSDEEP

12288:Qk6id5/mAFYyAhzV6IVdG5ZOjuUd/N0XrU8HT2LPF3aBCd4m0oe5nc:Qk6id7rAxAIVdG4Bd/+Xw6T2LPFKLmac

Score

1^/10

Malware Config

Signatures

Files

a108504e9f8802324ca501747f11ee79_mafia_JC.exe
.exe windows x86

90f7240d2754f9ae3316298095d3d719

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:49:f2:91:5f:be:d0:0e:38:ba:b5:fa:81:64:ee:d2
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/02/2018, 00:00

Not After

05/02/2021, 12:00

Subject

CN=MDaemon Technologies\, Ltd.,O=MDaemon Technologies\, Ltd.,L=Grapevine,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

74:ba:28:db:e1:8a:0a:7b:ac:68:b3:22:50:ec:30:16:a0:7f:1d:09
Signer

Actual PE Digest

74:ba:28:db:e1:8a:0a:7b:ac:68:b3:22:50:ec:30:16:a0:7f:1d:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetOpenUrlA
InternetOpenA

kernel32

FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
FindResourceExW
SetErrorMode
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
HeapFree
EncodePointer
DecodePointer
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
RaiseException
RtlUnwind
VirtualAlloc
GetSystemInfo
VirtualQuery
SetFilePointer
HeapQueryInformation
HeapSize
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
IsValidCodePage
CompareStringW
GetStringTypeW
Sleep
SetHandleCount
GetStdHandle
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
LCMapStringW
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleW
CreateFileW
GetProcessHeap
SetEnvironmentVariableA
WriteFile
ReadFile
GetThreadLocale
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
VirtualProtect
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
InterlockedExchange
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalFlags
lstrcmpA
GetCurrentProcessId
GetModuleFileNameA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
FindResourceA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
CompareStringA
InitializeCriticalSectionAndSpinCount
lstrcmpW
GetTickCount
InterlockedDecrement
InterlockedIncrement
WinExec
WaitForSingleObject
CloseHandle
GetSystemTime
GetSystemDirectoryA
WritePrivateProfileStringA
GetFileType
FindClose
FindFirstFileA
CreateDirectoryA
GetTimeZoneInformation
FileTimeToSystemTime
GetFileAttributesA
GetPrivateProfileIntA
CreateFileA
DeleteFileA
GetTempPathA
DeleteCriticalSection
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
GetModuleHandleW
GetFileAttributesExA
GetCurrentProcess
SystemTimeToFileTime
lstrlenA
lstrcpyA
GetVersionExA
LockResource
SizeofResource
LoadLibraryW
GetSystemDirectoryW
LoadResource
FindResourceW
SetLastError
DeactivateActCtx
MultiByteToWideChar
GetACP
WideCharToMultiByte
ActivateActCtx
LoadLibraryA
GetPrivateProfileStringA
GetProcAddress
GetLastError
FreeLibrary
HeapReAlloc

user32

SetCapture
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
UnregisterClassA
SetWindowContextHelpId
MapDialogRect
GetAsyncKeyState
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
IsDialogMessageA
GetMessageA
TranslateMessage
GetCursorPos
DestroyMenu
SetCursor
ReleaseCapture
IntersectRect
OffsetRect
ShowWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetDesktopWindow
RealChildWindowFromPoint
SetWindowTextA
InvalidateRect
GetWindowThreadProcessId
IsWindowEnabled
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
InvalidateRgn
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuState
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetKeyState
SetMenu
SetForegroundWindow
RedrawWindow
IsWindowVisible
ValidateRect
GetClassInfoExA
RegisterClassA
ScreenToClient
EqualRect
GetDlgCtrlID
CallWindowProcA
CopyAcceleratorTableA
CharUpperA
IsRectEmpty
KillTimer
SetTimer
GetDC
SetRect
SetWindowPos
PtInRect
CharNextA
LoadIconW
SetWindowTextW
PostQuitMessage
PostMessageA
GetWindowRect
MoveWindow
UpdateWindow
EnableWindow
GetMenuItemID
GetSubMenu
GetMenu
SetWindowLongA
GetWindowLongA
CreateWindowExA
GetActiveWindow
GetMenuItemCount
IsWindow
AdjustWindowRectEx
EnumDisplayMonitors
GetParent
GetClientRect
SetRectEmpty
GetMonitorInfoA
GetSysColor
GetSysColorBrush
SystemParametersInfoA
GetSystemMetrics
MapWindowPoints
LoadCursorA
CopyRect
GetClassNameA
SendMessageA
DefWindowProcA
GetClassInfoA
GetWindow
MessageBoxA
GetPropA

gdi32

CreateBitmap
GetViewportExtEx
ExtSelectClipRgn
GetMapMode
GetBkColor
EnumFontFamiliesExA
GetTextColor
GetRgnBox
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateSolidBrush
GetClipBox
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetDeviceCaps
CreateFontIndirectA
GetTextCharsetInfo
DeleteObject
CreateRectRgnIndirect
EnumFontFamiliesA
CreatePatternBrush
CreatePen
GetTextMetricsA
CreateDIBitmap
GetObjectA
GetStockObject
GetWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

CryptDestroyKey
CryptVerifySignatureA
CryptImportKey
CryptDestroyHash
CryptGetHashParam
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegDeleteValueA
CryptAcquireContextA
RegCreateKeyExA
RegDeleteKeyA
CryptReleaseContext
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
CryptCreateHash
CryptHashData

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

ole32

CoTaskMemFree
CLSIDFromProgID
CoCreateGuid
CoInitialize
CoUninitialize
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoCreateInstance
CoTaskMemAlloc
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
SafeArrayDestroy
VariantClear
VariantChangeType
VariantInit

oledlg

ord8

oleacc

LresultFromObject
CreateStdAccessibleObject

winhttp

WinHttpQueryAuthSchemes
WinHttpConnect
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpOpen
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetCredentials
WinHttpSetTimeouts

Sections

.text
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90f7240d2754f9ae3316298095d3d719

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:49:f2:91:5f:be:d0:0e:38:ba:b5:fa:81:64:ee:d2Certificate

Extended Key Usages

Key Usages

74:ba:28:db:e1:8a:0a:7b:ac:68:b3:22:50:ec:30:16:a0:7f:1d:09Signer

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

ole32

oleaut32

oledlg

oleacc

winhttp

Sections

.text Size: 423KB - Virtual size: 423KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 15KB - Virtual size: 34KB

.rsrc Size: 69KB - Virtual size: 69KB

.reloc Size: 52KB - Virtual size: 52KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:49:f2:91:5f:be:d0:0e:38:ba:b5:fa:81:64:ee:d2
Certificate

74:ba:28:db:e1:8a:0a:7b:ac:68:b3:22:50:ec:30:16:a0:7f:1d:09
Signer

.text
Size: 423KB - Virtual size: 423KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 15KB - Virtual size: 34KB

.rsrc
Size: 69KB - Virtual size: 69KB

.reloc
Size: 52KB - Virtual size: 52KB