68f9f97c8375e11984b18e56ec21f789_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

68f9f97c8375e11984b18e56ec21f789_mafia_JC.exe
Size

3.4MB
MD5

68f9f97c8375e11984b18e56ec21f789
SHA1

2d5be0f11e8c5ff5c58b0e332f90f5076573d248
SHA256

4e5c399880aa6d30a105ab0702ee0d9c12eddf716e3633fd7e4d9a729008f39f
SHA512

3a5bb3d00794a5d2270b684e075d43fb5b2b499f10296ff27aae5b904efa9220def63636e0f46ee3822583c1443bb50f05b414e16b38304158ae0d957a93e288
SSDEEP

98304:ggTlAWt+hOBkC/qGvvR29B1GcbBZLG0KxDAVFz5Gp2EKDGze2uMNEGz:ggmClh2lmaz5Gp2EKKpNnz

Score

1^/10

Malware Config

Signatures

Files

68f9f97c8375e11984b18e56ec21f789_mafia_JC.exe
.exe windows x86

0f241059b9d197a3d33c7e315e372108

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:17:ff:37:68:90:c0:f1:b4:a9:91:bd:27:05:bd:08
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/06/2021, 00:00

Not After

06/06/2022, 23:59

Subject

SERIALNUMBER=91310105572715984J,CN=上海艺赛旗软件股份有限公司,O=上海艺赛旗软件股份有限公司,ST=上海市,C=CN,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bc:6e:00:87:77:22:a0:5f:2d:c0:22:0d:01:a3:80:a8:30:e1:e7:9c:7a:86:49:af:e7:ed:a7:3b:c9:5f:ef:13
Signer

Actual PE Digest

bc:6e:00:87:77:22:a0:5f:2d:c0:22:0d:01:a3:80:a8:30:e1:e7:9c:7a:86:49:af:e7:ed:a7:3b:c9:5f:ef:13

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
DeleteFileW
SetFilePointerEx
GetTickCount
ReadFile
Sleep
FindFirstFileW
FindClose
MultiByteToWideChar
GetShortPathNameW
WideCharToMultiByte
GetProcAddress
LoadLibraryW
GetPrivateProfileStringW
GetCurrentProcess
ProcessIdToSessionId
GetCurrentProcessId
PeekNamedPipe
GetLocalTime
GetFileSize
SetFilePointer
GetModuleHandleW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GlobalAlloc
GlobalLock
GlobalUnlock
CreateMutexW
GetPrivateProfileSectionNamesW
CreateEventW
WaitForSingleObject
WritePrivateProfileStringW
TerminateThread
ReadConsoleInputA
SetConsoleMode
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
FormatMessageA
SetLastError
GetStdHandle
GetFileType
WaitForMultipleObjects
ExpandEnvironmentStringsA
SleepEx
GetStartupInfoW
TerminateProcess
GetFileSizeEx
SetEndOfFile
SetFileAttributesW
GetFileAttributesExW
CopyFileW
GetFullPathNameW
GlobalFree
InterlockedExchange
GetModuleFileNameW
GetVersionExW
FreeLibrary
WriteFile
CreateFileA
GetVersionExA
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
OutputDebugStringA
GetTempPathA
GetLongPathNameA
GetModuleHandleA
VirtualQuery
GetModuleFileNameA
GetFileAttributesA
GetPrivateProfileIntA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetEvent
ResumeThread
GlobalMemoryStatus
GetVersion
FlushConsoleInputBuffer
GetSystemTime
GetProcessHeap
GetFullPathNameA
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
SetConsoleCtrlHandler
SetHandleCount
SetEnvironmentVariableA
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
IsValidCodePage
GetLastError
CreateFileW
GetFileAttributesW
GetOEMCP
GetACP
GetCPInfo
HeapCreate
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitProcess
HeapSize
HeapQueryInformation
SetStdHandle
GetFileInformationByHandle
FindFirstFileExA
GetDriveTypeA
HeapReAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
FindFirstFileExW
GetDriveTypeW
GetSystemInfo
VirtualAlloc
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceW
FileTimeToLocalFileTime
DeactivateActCtx
ActivateActCtx
InitializeCriticalSectionAndSpinCount
LocalAlloc
LocalFree
lstrcmpiW
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationW
MulDiv
GlobalSize
ReleaseActCtx
InterlockedDecrement
SystemTimeToFileTime
GetFileTime
GlobalReAlloc
GlobalHandle
LocalReAlloc
InterlockedIncrement
CompareStringW
GlobalGetAtomNameW
lstrcmpA
lstrlenA
SetThreadPriority
lstrcmpW
GlobalFlags
GlobalAddAtomW
GlobalDeleteAtom
GlobalFindAtomW
FreeResource
GetLocaleInfoW
GetUserDefaultUILanguage
GetSystemDirectoryW
lstrcpyW
GetCurrentDirectoryW
GetWindowsDirectoryW
GetNumberFormatW
GetTempFileNameW
GetTempPathW
GetProfileIntW
SearchPathW
VirtualProtect
GetUserDefaultLCID
FindResourceExW
DecodePointer
EncodePointer
HeapFree
HeapAlloc
ExitThread
CreateThread
GetCommandLineW
HeapSetInformation
WriteConsoleW
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
MoveFileA
DeleteFileA
GetTimeZoneInformation

user32

BeginPaint
EndPaint
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
SetWindowTextW
PtInRect
GetWindowRect
GetDlgCtrlID
RealChildWindowFromPoint
GetFocus
DestroyIcon
SetFocus
SetScrollPos
GetScrollPos
CheckDlgButton
GetDlgItem
SendDlgItemMessageW
IsDialogMessageW
IsWindow
SetWindowLongW
MoveWindow
ShowWindow
SetWindowPos
CopyRect
InflateRect
IntersectRect
CheckMenuItem
EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetMenu
CallWindowProcW
DefWindowProcW
GetWindowPlacement
SetWindowPlacement
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
PostMessageW
GetClientRect
UpdateWindow
RedrawWindow
ShowScrollBar
SetForegroundWindow
GetScrollRange
SetScrollRange
SetMenu
TrackPopupMenu
ScrollWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
GetWindowDC
GetForegroundWindow
RemovePropW
GetPropW
SetPropW
GetClassLongW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
LoadIconW
RegisterWindowMessageW
IsIconic
PostQuitMessage
GetMenuItemInfoW
DestroyMenu
SystemParametersInfoW
CopyImage
SetRectEmpty
EnumDisplayMonitors
SetLayeredWindowAttributes
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
SetCursor
ShowOwnedPopups
DeleteMenu
InvalidateRect
SetTimer
KillTimer
GetMenuDefaultItem
CreatePopupMenu
IsRectEmpty
MapVirtualKeyW
SetCapture
GetAsyncKeyState
ReleaseCapture
InvertRect
DrawFocusRect
HideCaret
EnableScrollBar
NotifyWinEvent
MessageBeep
OffsetRect
GetIconInfo
LoadImageW
GetNextDlgGroupItem
DrawIconEx
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
WindowFromPoint
SetClassLongW
LoadMenuW
GetSystemMenu
DrawStateW
DrawEdge
DrawFrameControl
CopyAcceleratorTableW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
SetRect
SetCursorPos
BringWindowToTop
LockWindowUpdate
GetKeyNameTextW
IsCharLowerW
MapVirtualKeyExW
UnionRect
UpdateLayeredWindow
IsMenu
TranslateAcceleratorW
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
PostThreadMessageW
WaitMessage
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
FrameRect
GetUpdateRect
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
TabbedTextOutW
FillRect
GetWindowTextLengthW
LoadCursorW
GetSysColor
GetSysColorBrush
GetParent
GetWindowLongW
IsWindowEnabled
EnableWindow
MessageBoxW
UnhookWindowsHookEx
GetMenuState
GetDC
DrawTextW
ReleaseDC
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SendMessageW
IsWindowVisible
GetWindowTextW
MonitorFromPoint
GetSystemMetrics
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
CharUpperW
GetDesktopWindow
GetClassNameW
GetWindowThreadProcessId
GetWindow
SetActiveWindow
GetLastActivePopup

gdi32

CopyMetaFileW
CreateDCW
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateBitmap
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectW
CreateRectRgnIndirect
SetRectRgn
CombineRgn
PatBlt
DPtoLP
GetTextExtentPoint32W
SelectObject
GetObjectW
CreateCompatibleDC
DeleteObject
SetDIBColorTable
GetDeviceCaps
CreateDIBSection
DeleteDC
CreateDIBitmap
CreateCompatibleBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateRoundRectRgn
CreatePolygonRgn
GetTextFaceW
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
StretchBlt
SetPixel
Rectangle
OffsetRgn
GetRgnBox
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
EnumFontFamiliesExW

advapi32

ReportEventA
DeregisterEventSource
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegCloseKey
RegisterEventSourceA
RegOpenKeyExW
RegQueryValueExW

shell32

SHBrowseForFolderW
SHCreateDirectoryExA
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetDesktopFolder
DragFinish
DragQueryFileW
SHAppBarMessage

ole32

OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleDuplicateData
CoTaskMemAlloc
CoInitializeEx
DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance
ReleaseStgMedium

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathRemoveExtensionA
PathIsDirectoryA
PathStripToRootW
PathRemoveFileSpecW
PathFindFileNameW
PathIsUNCW

ws2_32

recvfrom
getservbyname
htonl
shutdown
WSACleanup
WSAStartup
gethostname
gethostbyname
WSASetLastError
connect
__WSAFDIsSet
recv
send
WSAIoctl
getsockname
ntohs
bind
setsockopt
inet_addr
htons
WSAGetLastError
ioctlsocket
listen
accept
closesocket
sendto
getaddrinfo
freeaddrinfo
getpeername
getsockopt
select
socket

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

wldap32

ord79
ord35
ord33
ord200
ord30
ord26
ord50
ord301
ord27
ord41
ord46
ord143
ord60
ord217
ord211
ord32
ord22

gdiplus

GdipAlloc
GdipGetImagePaletteSize
GdipBitmapLockBits
GdipCloneImage
GdipGetImageWidth
GdipDrawImageI
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImageHeight
GdipFree
GdiplusShutdown
GdipDisposeImage

winmm

PlaySoundW

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

bcrypt

BCryptDecrypt
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCreateHash
BCryptGetProperty
BCryptHashData
BCryptDestroyHash
BCryptFinishHash
BCryptVerifySignature
BCryptDestroyKey
BCryptImportKeyPair
BCryptSignHash
BCryptEncrypt
BCryptImportKey

crypt32

CryptDecodeObjectEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

comdlg32

GetFileTitleW

oleaut32

SysFreeString
SysAllocString
VariantInit
VarBstrFromDate
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
VariantClear

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 633KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f241059b9d197a3d33c7e315e372108

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:17:ff:37:68:90:c0:f1:b4:a9:91:bd:27:05:bd:08Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

bc:6e:00:87:77:22:a0:5f:2d:c0:22:0d:01:a3:80:a8:30:e1:e7:9c:7a:86:49:af:e7:ed:a7:3b:c9:5f:ef:13Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msimg32

comctl32

shlwapi

ws2_32

wtsapi32

wldap32

gdiplus

winmm

oleacc

imm32

bcrypt

crypt32

version

winspool.drv

comdlg32

oleaut32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 633KB - Virtual size: 632KB

.data Size: 66KB - Virtual size: 109KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 248KB - Virtual size: 247KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:17:ff:37:68:90:c0:f1:b4:a9:91:bd:27:05:bd:08
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

bc:6e:00:87:77:22:a0:5f:2d:c0:22:0d:01:a3:80:a8:30:e1:e7:9c:7a:86:49:af:e7:ed:a7:3b:c9:5f:ef:13
Signer

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 633KB - Virtual size: 632KB

.data
Size: 66KB - Virtual size: 109KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 248KB - Virtual size: 247KB