ad5c14b8c10793067bc5360e8bcf133a_mafia_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ad5c14b8c10793067bc5360e8bcf133a_mafia_JC.exe
Size

2.0MB
MD5

ad5c14b8c10793067bc5360e8bcf133a
SHA1

6c975c6ac845445fd58c54165d33fcc7be2bac7e
SHA256

93fcc3625d44c3d90e22a3ba6666eb668fdc5b7980c44be1f741e42e2f8cfcf6
SHA512

5f9619a6bcd9a7ba9ba694d255b1b2e30608682ae20a11db8099474fad54835e8dd0662acfbe56600deb93ccbc17320293c483beb91507ee7f3f4af29030dae9
SSDEEP

49152:x7cRPUTm2NqGAQnvUnWAQzcFdda49nTsZ412gl31Ks6/7ck:RlTm2EGAQnvUnWNcFdda4eg7oH

Score

1^/10

Malware Config

Signatures

Files

ad5c14b8c10793067bc5360e8bcf133a_mafia_JC.exe
.exe windows x86

87d12e7e0dfe16969ffabdb2c6f695e3

Code Sign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:0f:63:2d:f0:9c:0a:79:d1:0c:fb:c3:66:04:cd:2b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/09/2012, 00:00

Not After

19/09/2013, 23:59

Subject

CN=Adobe Systems Incorporated,OU=CS Production+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

84:cc:7d:23:e2:14:46:de:50:58:a6:02:19:a8:f4:ce:3d:d0:0a:51
Signer

Actual PE Digest

84:cc:7d:23:e2:14:46:de:50:58:a6:02:19:a8:f4:ce:3d:d0:0a:51

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHCreateDirectoryExW
ShellExecuteExW
ord680
ShellExecuteW
CommandLineToArgvW
SHGetSpecialFolderPathW

shlwapi

PathStripPathW
PathIsNetworkPathW
PathIsFileSpecW
PathAddExtensionW
PathAppendW
PathRenameExtensionW
PathRemoveExtensionW
PathFileExistsW
PathRemoveFileSpecW
PathIsDirectoryW

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpSetOption
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpSetCredentials
WinHttpSendRequest
WinHttpConnect
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryAuthSchemes

comctl32

ord17

kernel32

GetProcessHeap
CompareStringW
SetStdHandle
IsDBCSLeadByteEx
SetEnvironmentVariableA
WriteConsoleW
IsValidLocale
GetLocaleInfoA
EnumSystemLocalesW
GetModuleHandleW
GetACP
GetProcAddress
GetUserDefaultUILanguage
MultiByteToWideChar
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetLastError
CloseHandle
DosDateTimeToFileTime
CreateFileA
SetFileTime
GetFileAttributesA
FlushFileBuffers
GetFileTime
LocalFileTimeToFileTime
FindFirstFileW
FreeLibrary
CreateProcessW
GetCurrentProcess
WaitForSingleObject
WideCharToMultiByte
LoadLibraryW
GetExitCodeProcess
GetModuleFileNameW
GetTempPathW
FindClose
RemoveDirectoryW
FindNextFileW
DeleteFileW
SetFileAttributesW
lstrlenA
InterlockedIncrement
InterlockedDecrement
CreateMutexW
Sleep
ReleaseSemaphore
CreateSemaphoreW
LocalAlloc
OpenSemaphoreW
ReleaseMutex
GetCurrentProcessId
LocalFree
GetVersionExW
GetSystemTime
FindResourceW
LoadResource
SizeofResource
LockResource
TerminateThread
ResumeThread
CreateThread
SetEndOfFile
SetFilePointerEx
GetFileAttributesW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetFileSizeEx
GlobalFree
GetDateFormatW
GetTimeFormatW
GetLocalTime
OpenMutexW
GetFileSize
SetLastError
CreateDirectoryW
GetFullPathNameW
GetFullPathNameA
QueryPerformanceCounter
UnlockFile
LockFile
GetTickCount
GetSystemTimeAsFileTime
FormatMessageA
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
GetDiskFreeSpaceA
GetCurrentThreadId
GetTempPathA
AreFileApisANSI
DeleteFileA
ConnectNamedPipe
CreateNamedPipeW
GetStringTypeW
EnumSystemLocalesA
InterlockedExchange
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
ExitProcess
HeapFree
HeapAlloc
RtlUnwind
RaiseException
MoveFileW
GetTimeZoneInformation
HeapReAlloc
LCMapStringW
GetCPInfo
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapCreate
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetOEMCP
IsValidCodePage
GetLocaleInfoW
HeapSize
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
InterlockedCompareExchange

user32

LoadAcceleratorsW
DispatchMessageW
TranslateMessage
wsprintfW
GetMessageW
GetWindowTextLengthW
GetSystemMenu
LoadImageW
PostMessageW
DialogBoxParamW
EnableMenuItem
GetDlgItem
EndDialog
SendDlgItemMessageW
ShowWindow
TranslateAcceleratorW
MessageBoxW
GetDlgItemTextW
SendMessageW
EnableWindow
SetWindowTextW

advapi32

RegQueryValueExA
RegOpenKeyExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
GetUserNameW
CryptHashData
CryptDestroyHash

ole32

StringFromGUID2
CoCreateGuid
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoInitialize
OleRun
CLSIDFromString
CLSIDFromProgID

oleaut32

SysAllocString
SysStringLen
VariantClear
VariantCopy
VariantInit
SysFreeString
GetErrorInfo

Sections

.text
Size: 925KB - Virtual size: 925KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 790KB - Virtual size: 789KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87d12e7e0dfe16969ffabdb2c6f695e3

Code Sign

02:3a:64Certificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

68:0f:63:2d:f0:9c:0a:79:d1:0c:fb:c3:66:04:cd:2bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

84:cc:7d:23:e2:14:46:de:50:58:a6:02:19:a8:f4:ce:3d:d0:0a:51Signer

Headers

DLL Characteristics

File Characteristics

Imports

shell32

shlwapi

winhttp

comctl32

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 925KB - Virtual size: 925KB

.rdata Size: 211KB - Virtual size: 211KB

.data Size: 18KB - Virtual size: 34KB

.rsrc Size: 790KB - Virtual size: 789KB

.reloc Size: 52KB - Virtual size: 52KB

02:3a:64
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

68:0f:63:2d:f0:9c:0a:79:d1:0c:fb:c3:66:04:cd:2b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

84:cc:7d:23:e2:14:46:de:50:58:a6:02:19:a8:f4:ce:3d:d0:0a:51
Signer

.text
Size: 925KB - Virtual size: 925KB

.rdata
Size: 211KB - Virtual size: 211KB

.data
Size: 18KB - Virtual size: 34KB

.rsrc
Size: 790KB - Virtual size: 789KB

.reloc
Size: 52KB - Virtual size: 52KB