c35f6415ab3b9484ba8db9112e9f4b9b_mafia_magniber_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

c35f6415ab3b9484ba8db9112e9f4b9b_mafia_magniber_JC.exe
Size

33.3MB
MD5

c35f6415ab3b9484ba8db9112e9f4b9b
SHA1

d7854ee3c1778b47135a9ab112368c1fbd84bbea
SHA256

7ab9124d6437758af723cbaca1cc6893bdeb0924edb6a72301f6beef801cc00e
SHA512

9438dc65f648e62236ba473d9f6ac952f9e98b46cf3710edb21a11e7a14eb654bcac467dab4b7dbcd38c7004c9838e846b92f61d39b3cefdee73359f71dece42
SSDEEP

393216:8a2lMhvXlcG7YnalQ7+6stVmQOPY++UOK2UAOsBtM7VoqcpctI71av6a3iVCJGh5:Bxb6stVmy++o8ODeMIBavrSVvcaenog4

Score

1^/10

Malware Config

Signatures

Files

c35f6415ab3b9484ba8db9112e9f4b9b_mafia_magniber_JC.exe
.exe windows x86

7183126b78cc8cac8a691fb766450fe5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:f7:9a:a9:33:5b:79:4d:70:77:9f:71:90:61:af:f2
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21-01-2013 00:00

Not After

26-01-2015 12:00

Subject

CN=PSafe Tecnologia S.A.,O=PSafe Tecnologia S.A.,L=Rio de Janeiro,ST=Rio de Janeiro,C=BR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:7a:49:a4:ed:fc:92:3f:6d:e8:9c:4a:31:00:7d:fd:65:3c:e8:8b
Signer

Actual PE Digest

38:7a:49:a4:ed:fc:92:3f:6d:e8:9c:4a:31:00:7d:fd:65:3c:e8:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
WriteConsoleW
SetStdHandle
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
FlushFileBuffers
GetFileType
SetHandleCount
HeapSize
GetStdHandle
GetLocaleInfoW
GetUserDefaultLCID
TlsFree
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalFree
RtlUnwind
FindResourceExW
GetConsoleCP
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetCPInfo
FormatMessageA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
CompareStringW
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
DeleteCriticalSection
CreateMutexA
GetModuleFileNameA
OpenMutexA
SetLastError
RaiseException
WideCharToMultiByte
AreFileApisANSI
GetDateFormatA
GetTimeFormatA
GetFileAttributesExW
CreateThread
ExitThread
DeviceIoControl
RemoveDirectoryW
OpenEventA
GetExitCodeProcess
WaitForSingleObject
CreateSemaphoreA
DuplicateHandle
OpenProcess
SetFilePointer
SetEnvironmentVariableW
SetEndOfFile
InitializeCriticalSection
GetConsoleMode
GetEnvironmentVariableW
SetErrorMode
GetCommandLineW
CloseHandle
LockResource
GlobalFree
SetThreadLocale
FlushInstructionCache
GlobalUnlock
GetSystemTimeAsFileTime
SetEvent
HeapFree
GetCurrentProcess
CreateEventA
HeapAlloc
GetProcessHeap
LeaveCriticalSection
GetTickCount
SizeofResource
GlobalAlloc
SetThreadUILanguage
GetModuleHandleW
GlobalLock
LoadResource
FindResourceW
ExitProcess
GetCurrentThreadId
EnterCriticalSection
GetLastError
LCMapStringW
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
WriteFile
ReadFile
InterlockedPopEntrySList
InterlockedPushEntrySList
QueryPerformanceFrequency
CreateWaitableTimerA
VirtualFree
SetWaitableTimer
WaitForMultipleObjects
SystemTimeToFileTime
ResumeThread
VirtualAlloc
FreeLibrary
LoadLibraryW
GetProcAddress
MultiByteToWideChar
CreateDirectoryW
GetFileAttributesW
CreateFileW
DeleteFileW
TlsSetValue
TlsGetValue
SetFileAttributesW
TlsAlloc
GetModuleFileNameW
SetEnvironmentVariableA
GetVersionExW
FindFirstFileW
FindNextFileW
GetModuleHandleA
FindClose
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
CreateProcessW
Sleep
GetCurrentProcessId
LocalAlloc
ResetEvent

user32

UnregisterClassA
MessageBoxW
DialogBoxParamW
GetActiveWindow
EndPaint
ClientToScreen
DestroyWindow
SetWindowPlacement
SetCursor
GetWindowRect
SetCapture
PostMessageW
GetParent
LoadCursorW
GetClientRect
BeginPaint
PtInRect
GetDC
GetCapture
LoadIconW
GetWindowPlacement
GetAsyncKeyState
InvalidateRect
GetWindowLongW
MonitorFromWindow
GetDlgItem
SetWindowLongW
EndDialog
SetWindowPos
CheckDlgButton
ShowWindow
IsDlgButtonChecked
IsWindow
CreateWindowExW
ReleaseCapture
SendMessageW
MapWindowPoints
UpdateWindow
GetDlgCtrlID
SetWindowTextW
GetMonitorInfoW
CallWindowProcW
DefWindowProcW
GetWindow
MoveWindow
ScreenToClient

gdi32

DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
LookupAccountSidW
AllocateAndInitializeSid
EqualSid
FreeSid
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CreateStreamOnHGlobal
CoCreateGuid

comctl32

_TrackMouseEvent

gdiplus

GdipStringFormatGetGenericTypographic
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipCloneStringFormat
GdipDrawString
GdipCreateFont
GdipDisposeImage
GdipAlloc
GdiplusShutdown
GdipDeleteFontFamily
GdipSetSmoothingMode
GdipSetStringFormatAlign
GdipDrawImageRectI
GdipCloneImage
GdipDeleteFont
GdipSetTextRenderingHint
GdipCreateBitmapFromStream
GdipSetStringFormatLineAlign
GdipMeasureString
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetStringFormatFlags
GdipCloneBrush
GdipFree
GdipDeleteBrush
GdipSetStringFormatFlags
GdipGetImageWidth
GdipSetPixelOffsetMode
GdiplusStartup
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateSolidFill

winhttp

WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpReadData
WinHttpQueryHeaders
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpSendRequest
WinHttpOpenRequest

rpcrt4

UuidToStringW
RpcStringFreeW

Sections

.text
Size: 628KB - Virtual size: 628KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32.3MB - Virtual size: 32.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7183126b78cc8cac8a691fb766450fe5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

07:f7:9a:a9:33:5b:79:4d:70:77:9f:71:90:61:af:f2Certificate

Extended Key Usages

Key Usages

38:7a:49:a4:ed:fc:92:3f:6d:e8:9c:4a:31:00:7d:fd:65:3c:e8:8bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

gdiplus

winhttp

rpcrt4

Sections

.text Size: 628KB - Virtual size: 628KB

.rdata Size: 132KB - Virtual size: 131KB

.data Size: 32KB - Virtual size: 42KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 32.3MB - Virtual size: 32.3MB

.reloc Size: 141KB - Virtual size: 141KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

07:f7:9a:a9:33:5b:79:4d:70:77:9f:71:90:61:af:f2
Certificate

38:7a:49:a4:ed:fc:92:3f:6d:e8:9c:4a:31:00:7d:fd:65:3c:e8:8b
Signer

.text
Size: 628KB - Virtual size: 628KB

.rdata
Size: 132KB - Virtual size: 131KB

.data
Size: 32KB - Virtual size: 42KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 32.3MB - Virtual size: 32.3MB

.reloc
Size: 141KB - Virtual size: 141KB