45b1c0e9d907aac77977b5890f34c46e_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

45b1c0e9d907aac77977b5890f34c46e_mafia_JC.exe
Size

2.0MB
MD5

45b1c0e9d907aac77977b5890f34c46e
SHA1

ff1be235f0135642c0926d8e140a62ddcc9d1eaf
SHA256

82073f2157a48ad9170ece7c4318187db9c1709594268829cd5ff796f2eff48d
SHA512

3a69b16911c02a13a48250111d84fcb8f74d360b09d1d7e4759e39671ecfd6dbd165d23fd91da700de72a98f18bbdffda7d00a3284527b7a1cc82c518ee2358f
SSDEEP

49152:oZVy/VonK300NM8TrmIwUbzTOFFPtDjHnox:gVVbUbyFBE

Score

1^/10

Malware Config

Signatures

Files

45b1c0e9d907aac77977b5890f34c46e_mafia_JC.exe
.exe windows x86

c099c2fd75610a4a8fd11b9237dcd833

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:85:d2:06:0f:6f:f0:a7:f2:a7:82:92:9c:3b:d8:9f
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

27/05/2022, 00:00

Not After

27/05/2023, 23:59

Subject

SERIALNUMBER=91440300MA5H7CE01U,CN=深圳市盛天娱乐有限公司,O=深圳市盛天娱乐有限公司,ST=广东省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:89:19:f9:94:f9:c1:11:c2:d4:d5:aa:41:11:1d:82:27:cc:d5:ca:9f:45:44:c5:62:e6:e0:f6:da:1b:2a:bb
Signer

Actual PE Digest

69:89:19:f9:94:f9:c1:11:c2:d4:d5:aa:41:11:1d:82:27:cc:d5:ca:9f:45:44:c5:62:e6:e0:f6:da:1b:2a:bb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

viapi

xge_lookupItem
xge_init
xge_unit
xge_ReadItemInfo
xge_LockItem
xge_SetItemAct
xge_queryClientAbility
xge_DestroyItem
xge_joinserver
xge_GetItemStatus
xge_EnableLog
xge_configClient
xge_getitemscontent
xge_createitem

kernel32

GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
GetCommandLineW
GetModuleHandleExW
CreateEventW
GetSystemDefaultLangID
VirtualAlloc
VirtualFree
InterlockedCompareExchange
SetThreadContext
GetThreadContext
VirtualProtectEx
VirtualQueryEx
LoadLibraryExA
OutputDebugStringW
OutputDebugStringA
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleHandleExA
InitializeCriticalSection
TerminateThread
Sleep
GetTickCount
SetEvent
OpenProcess
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
WriteFile
FindNextFileW
ReadFile
SetThreadExecutionState
SystemTimeToFileTime
GetLocalTime
GetTempPathW
GetSystemInfo
GetDiskFreeSpaceExW
SetFilePointer
DeviceIoControl
GetDriveTypeW
GetLogicalDrives
GetPrivateProfileStringW
GetSystemDefaultLCID
MoveFileExW
TerminateProcess
GetOverlappedResult
WaitForMultipleObjects
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
ResetEvent
ExitThread
OpenEventW
SetNamedPipeHandleState
WaitNamedPipeW
OpenFileMappingW
GetVolumeInformationA
GlobalFree
GlobalAlloc
InterlockedExchangeAdd
lstrlenW
DeleteFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
GetFileSize
CompareFileTime
ReplaceFileW
GetFileAttributesW
GetFileAttributesExW
SetCurrentDirectoryW
RemoveDirectoryW
GetLongPathNameW
GetTempFileNameW
GetCurrentDirectoryW
QueryDosDeviceW
GetLogicalDriveStringsW
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
SetFileTime
GetFileInformationByHandle
CreateThread
SetThreadPriority
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
QueryPerformanceCounter
GetSystemTimeAsFileTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
QueryPerformanceFrequency
GetNativeSystemInfo
WaitForSingleObject
CreateFileMappingW
MapViewOfFile
VirtualProtect
LoadLibraryW
GetProcAddress
FreeLibrary
LocalFree
GetVersionExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
UnmapViewOfFile
GetCurrentThread
IsBadWritePtr
VirtualQuery
CreateToolhelp32Snapshot
Thread32First
OpenThread
GetCurrentProcessId
SuspendThread
ResumeThread
Thread32Next
SetUnhandledExceptionFilter
HeapFree
GetProcessHeap
LocalAlloc
FormatMessageW
FormatMessageA
SetEnvironmentVariableA
CompareStringW
GetFullPathNameA
CreateFileA
WriteConsoleW
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
SetStdHandle
FatalAppExitA
GetTimeZoneInformation
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitProcess
IsValidCodePage
GetOEMCP
HeapAlloc
SetLastError
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
CopyFileW
CreateProcessW
CloseHandle
MoveFileW
HeapSize
InterlockedExchange
MultiByteToWideChar
InterlockedPushEntrySList
IsProcessorFeaturePresent
InterlockedPopEntrySList
GetStringTypeW
EncodePointer
DecodePointer
GetACP
GetLocaleInfoW
GetStdHandle
GetCPInfo
LCMapStringW
GetFullPathNameW
GetStartupInfoW
GlobalLock
GlobalUnlock
lstrcpyW
FreeResource
MulDiv
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
HeapSetInformation
TryEnterCriticalSection
lstrcmpW

user32

RegisterWindowMessageW
InflateRect
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
GetMenu
AdjustWindowRectEx
SetCursor
SetCapture
ReleaseCapture
UpdateWindow
ShowWindow
RedrawWindow
ClientToScreen
EnableWindow
PtInRect
SetParent
EndPaint
BeginPaint
SetWindowRgn
InvalidateRect
IsWindowEnabled
GetPropW
SetWindowLongW
SetTimer
KillTimer
GetClassInfoExW
LoadCursorW
DestroyWindow
DefWindowProcW
GetWindowLongW
CallWindowProcW
RegisterClassExW
CreateWindowExW
PostMessageW
FindWindowW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CharNextW
CreateDialogParamW
SetForegroundWindow
GetForegroundWindow
IsWindowVisible
IsDialogMessageW
IsWindow
SetWindowPos
MapWindowPoints
GetClassNameW
RemovePropW
EnableScrollBar
SetRect
EqualRect
UnionRect
SetActiveWindow
GetScrollInfo
SetScrollPos
ScrollWindowEx
SetScrollInfo
GetCapture
DrawEdge
FillRect
SetRectEmpty
LoadBitmapW
GetKeyState
GetMessagePos
ScreenToClient
GetKeyboardLayout
MapVirtualKeyExW
GetKeyNameTextW
GetSysColor
GetScrollPos
GetDC
GetDlgItem
IntersectRect
DrawTextW
MoveWindow
OffsetRect
IsRectEmpty
CopyRect
SetPropW
UnregisterClassA
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
GetWindow
GetParent
PostQuitMessage
GetActiveWindow
GetCursorPos
ReleaseDC
GetWindowDC
SubtractRect
GetFocus
mouse_event
RegisterClassW
SetFocus
GetMessageA
CharUpperW
ExitWindowsEx
SystemParametersInfoW
wsprintfW
MsgWaitForMultipleObjects
CreateWindowExA
SendMessageW
RegisterClassA
PostThreadMessageW
UnregisterClassW
GetSystemMetrics
LoadImageW
LoadIconW

gdi32

CreateSolidBrush
CreateBitmap
CreatePatternBrush
PatBlt
RestoreDC
SaveDC
GetTextColor
GetBkColor
SetTextAlign
GetTextMetricsW
GetStockObject
SelectObject
MoveToEx
LineTo
ExtTextOutW
SetBkColor
ExcludeClipRect
DeleteObject
RoundRect
GetObjectW
CreatePen
StretchBlt
CreateFontIndirectW
CreateCompatibleBitmap
CreateCompatibleDC
GetClipBox
BitBlt
GetCurrentObject
CreatePolygonRgn
SetViewportOrgEx
DeleteDC
SetTextColor
SetBkMode
CreateDIBSection
SetStretchBltMode
Rectangle

advapi32

RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
SetSecurityDescriptorSacl
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
SetSecurityInfo
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHFileOperationW
Shell_NotifyIconW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

PathAppendW
PathFindFileNameW
PathRemoveFileSpecW
PathIsDirectoryW
PathFileExistsW

comctl32

ImageList_LoadImageW
_TrackMouseEvent
InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

EnumProcesses
GetModuleFileNameExW
GetMappedFileNameW
GetProcessImageFileNameW

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

ws2_32

send
WSACleanup
inet_ntoa
gethostbyname
WSAStartup
select
WSAAsyncGetHostByName
htons
accept
WSAWaitForMultipleEvents
listen
getsockopt
ioctlsocket
WSAIoctl
connect
recvfrom
inet_addr
htonl
WSAGetLastError
WSAEventSelect
ntohs
getsockname
setsockopt
sendto
recv
bind
socket
__WSAFDIsSet
closesocket
WSACancelAsyncRequest

netapi32

Netbios

iphlpapi

GetAdaptersInfo

gdiplus

GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdiplusShutdown
GdipSetStringFormatFlags
GdipDrawImageRect
GdipGetFontSize
GdipGetFontStyle
GdipAddPathString
GdipGetPathWorldBounds
GdipDeletePath
GdipCreatePath
GdipCloneBrush
GdipGetLogFontW
GdipCreateFont
GdipDrawString
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDrawImageRectRect
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdiplusStartup

curl

curl_easy_init
curl_multi_perform
curl_multi_timeout
curl_multi_remove_handle
curl_easy_getinfo
curl_multi_info_read
curl_multi_add_handle
curl_slist_append
curl_slist_free_all
curl_formfree
curl_easy_cleanup
curl_multi_fdset
curl_formadd
curl_easy_setopt
curl_multi_init
curl_multi_cleanup

msimg32

GradientFill
AlphaBlend

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c099c2fd75610a4a8fd11b9237dcd833

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

c9:85:d2:06:0f:6f:f0:a7:f2:a7:82:92:9c:3b:d8:9fCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

69:89:19:f9:94:f9:c1:11:c2:d4:d5:aa:41:11:1d:82:27:cc:d5:ca:9f:45:44:c5:62:e6:e0:f6:da:1b:2a:bbSigner

Headers

DLL Characteristics

File Characteristics

Imports

viapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

psapi

winmm

ws2_32

netapi32

iphlpapi

gdiplus

curl

msimg32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 182KB - Virtual size: 182KB

.data Size: 49KB - Virtual size: 65KB

.detourd Size: 512B - Virtual size: 12B

.detourc Size: 4KB - Virtual size: 4KB

.rsrc Size: 366KB - Virtual size: 365KB

.reloc Size: 62KB - Virtual size: 62KB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

c9:85:d2:06:0f:6f:f0:a7:f2:a7:82:92:9c:3b:d8:9f
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

69:89:19:f9:94:f9:c1:11:c2:d4:d5:aa:41:11:1d:82:27:cc:d5:ca:9f:45:44:c5:62:e6:e0:f6:da:1b:2a:bb
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 182KB - Virtual size: 182KB

.data
Size: 49KB - Virtual size: 65KB

.detourd
Size: 512B - Virtual size: 12B

.detourc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 366KB - Virtual size: 365KB

.reloc
Size: 62KB - Virtual size: 62KB