d83e721d669da259fd674329a55209db_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

d83e721d669da259fd674329a55209db_mafia_JC.exe
Size

1.6MB
MD5

d83e721d669da259fd674329a55209db
SHA1

00e867404ae15a8d4c2062f8250b3b46e6755060
SHA256

870cd99f73f025b8f251263cf890dc5bba9b670ca047cb7fe837d4071d9e0b27
SHA512

99e649bff975fab0c6d6ecec27bc3356e9b0537cd5d5e8b19c8e684da627583b733729eb441c8ed27c8a74c0e5de0bab23553e3053b4927e4369651ee13ed48e
SSDEEP

49152:ZtnkT9XorVKYIX8p57pN4E1+sD+j+rokp:ZSqkYlp5NGEn+j+rB

Score

1^/10

Malware Config

Signatures

Files

d83e721d669da259fd674329a55209db_mafia_JC.exe
.exe windows x86

7ad2643afaadf1a8b78ebe05f2b2c279

Code Sign

48:ef:c8:78:89:80:bd:02:6d:c7:19:0e:92:6a:a6:6c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02/05/2013, 00:00

Not After

02/05/2014, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

13:2b:f0:8f:31:c4:46:c7:ec:0e:22:56:58:0e:e0:b9:10:ed:fc:69
Signer

Actual PE Digest

13:2b:f0:8f:31:c4:46:c7:ec:0e:22:56:58:0e:e0:b9:10:ed:fc:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipImageSelectActiveFrame
GdipFree
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipImageGetFrameDimensionsCount
GdiplusShutdown
GdiplusStartup
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeleteGraphics
GdipCreateFromHDC
GdipLoadImageFromFile
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipLoadImageFromStream

kernel32

FindClose
CreateMutexA
DeleteFileA
GetTickCount
TerminateProcess
GetCurrentProcess
CreateThread
DeleteFileW
GlobalUnlock
CreateProcessW
lstrcpynW
lstrlenW
lstrcpynA
lstrlenA
FreeLibrary
LoadLibraryW
GetVersionExW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
FindResourceExW
DeleteCriticalSection
InitializeCriticalSection
TlsFree
InitializeCriticalSectionAndSpinCount
SetLastError
GetCurrentThreadId
GetModuleHandleW
lstrcmpiW
RaiseException
LoadLibraryExW
GetModuleFileNameW
FlushInstructionCache
MulDiv
lstrcmpW
CreateFileW
GetFileSize
SetFilePointer
WriteFile
CreateIoCompletionPort
QueueUserAPC
TerminateThread
WaitForMultipleObjects
GetQueuedCompletionStatus
SetWaitableTimer
InterlockedCompareExchange
TlsSetValue
TlsGetValue
SleepEx
SetEvent
CreateEventW
GetSystemTimeAsFileTime
CreateWaitableTimerW
GetEnvironmentVariableW
GetProcessHeap
ReleaseSemaphore
HeapAlloc
CreateEventA
HeapFree
CreateSemaphoreA
ReadFile
MoveFileW
FindNextFileW
GetCurrentProcessId
WideCharToMultiByte
GetEnvironmentVariableA
GetModuleFileNameA
GetTempPathA
GetVolumeInformationW
GetTempPathW
GetModuleHandleA
GetFileAttributesW
DeviceIoControl
FormatMessageA
LocalFree
CreateWaitableTimerA
SystemTimeToFileTime
ResumeThread
CreateDirectoryW
OpenEventA
SetEnvironmentVariableA
CreateFileA
SetEndOfFile
SetStdHandle
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
FlushFileBuffers
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
HeapCreate
GetStdHandle
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CompareStringW
GetCPInfo
LCMapStringW
RtlUnwind
GetDateFormatA
GetTimeFormatA
FindFirstFileExW
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitThread
GetStartupInfoW
HeapSetInformation
GetCommandLineW
SetConsoleCtrlHandler
DecodePointer
EncodePointer
GetStringTypeW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
GetProcAddress
Sleep
PostQueuedCompletionStatus
WaitForSingleObject
CloseHandle
TlsAlloc
GetLastError
InterlockedExchangeAdd
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
GlobalLock
GlobalAlloc
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceW
AreFileApisANSI
GetLocalTime
GetVolumeInformationA
GlobalFree
ExpandEnvironmentStringsW
GetVersion
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
ResetEvent
FindFirstFileW
ReadConsoleInputA
SetConsoleMode
GetDriveTypeW

user32

GetDesktopWindow
InvalidateRect
UnregisterClassA
GetDC
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
ReleaseDC
LoadStringW
KillTimer
SetWindowTextW
wsprintfW
SendMessageW
ShowWindow
GetWindowLongW
SetWindowLongW
GetClientRect
SetWindowPos
SetTimer
PostQuitMessage
BeginPaint
EndPaint
DrawTextW
FillRect
IsIconic
GetWindowRect
ScreenToClient
PtInRect
PostMessageW
GetWindowTextW
GetWindowTextLengthW
TranslateAcceleratorW
CreateWindowExW
LoadStringA
SetFocus
DefWindowProcW
MessageBeep
MapWindowPoints
IsWindow
PeekMessageW
CreatePopupMenu
DestroyMenu
TrackPopupMenuEx
UnregisterDeviceNotification
wvsprintfW
LoadImageW
LoadAcceleratorsW
LoadMenuW
RegisterWindowMessageW
IsChild
GetFocus
GetClassNameW
GetSysColor
RedrawWindow
GetClassInfoExW
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
MoveWindow
SetCapture
ReleaseCapture
InvalidateRgn
DestroyAcceleratorTable
LoadCursorW
RegisterClassExW
GetMessageW
TranslateMessage
DispatchMessageW
GetWindow
MonitorFromWindow
SetRect
CharNextW
GetParent
CallWindowProcW
GetDlgItem
GetMonitorInfoW
MonitorFromPoint
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
AppendMenuW

gdi32

GetObjectW
GetDeviceCaps
CreateCompatibleBitmap
BitBlt
Rectangle
GetStockObject
TextOutW
SetBkMode
CreatePen
CreateSolidBrush
DeleteObject
SelectObject
CreateFontIndirectW
CreateCompatibleDC
SetTextColor
DeleteDC

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegDeleteKeyW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
OleUninitialize
OleLockRunning
StringFromGUID2
CoGetClassObject
CLSIDFromString
OleInitialize
CoUninitialize
CLSIDFromProgID

oleaut32

VariantInit
SysFreeString
SysAllocString
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
SysAllocStringLen
VarUI4FromStr
VariantClear
LoadTypeLi

shlwapi

SHSetValueW
SHGetValueW
PathFileExistsW

comctl32

InitCommonControlsEx
_TrackMouseEvent

ws2_32

getsockopt
bind
getsockname
inet_addr
listen
accept
select
WSARecv
__WSAFDIsSet
connect
freeaddrinfo
getaddrinfo
WSASocketW
WSASend
setsockopt
ioctlsocket
WSASetLastError
WSAGetLastError
closesocket
WSACleanup
WSAStartup

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ad2643afaadf1a8b78ebe05f2b2c279

Code Sign

48:ef:c8:78:89:80:bd:02:6d:c7:19:0e:92:6a:a6:6cCertificate

Extended Key Usages

Key Usages

13:2b:f0:8f:31:c4:46:c7:ec:0e:22:56:58:0e:e0:b9:10:ed:fc:69Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

iphlpapi

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 251KB - Virtual size: 250KB

.data Size: 40KB - Virtual size: 58KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 235KB - Virtual size: 234KB

.reloc Size: 84KB - Virtual size: 83KB

48:ef:c8:78:89:80:bd:02:6d:c7:19:0e:92:6a:a6:6c
Certificate

13:2b:f0:8f:31:c4:46:c7:ec:0e:22:56:58:0e:e0:b9:10:ed:fc:69
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 251KB - Virtual size: 250KB

.data
Size: 40KB - Virtual size: 58KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 235KB - Virtual size: 234KB

.reloc
Size: 84KB - Virtual size: 83KB