2023-08-26_2352572b95ceb82d39b4e21511ca5eae_mafia_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2023-08-26_2352572b95ceb82d39b4e21511ca5eae_mafia_JC.exe
Size

1.2MB
MD5

2352572b95ceb82d39b4e21511ca5eae
SHA1

93a2d0888a0d5bb37f545dbd9a9b5ac3901f4f18
SHA256

bc9efddb31f12d1844b95afcbfb99058b48e0e14e7e298c5390f901f51a30ca0
SHA512

9260abdbea6cf25430efccc8d60725d1f077cc16843c1b9dd998159d23a7c9b819ed51d591fdceb658fdeec590a1f69de608e882d32cdd6d39a282ca65f6d6ba
SSDEEP

12288:crcM0KC8bWJN9Q5JOisSJe7rPI9ltn6oXN6EDfXKJmLrppTvN0t+QgIjzgBs+wqK:xXUQzXQztaEDa05vTzBs+w9n6op6Y

Score

1^/10

Malware Config

Signatures

Files

2023-08-26_2352572b95ceb82d39b4e21511ca5eae_mafia_JC.exe
.exe windows x86

8418b163cb030313f95f6ed3fcabae84

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1f:b1:c2:47:5f:e9:0b:2b:6f:c6:df:84:00:db:d3:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

30-09-2011 00:00

Not After

29-09-2014 23:59

Subject

CN=Flexera Software LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Flexera Software LLC,L=Schaumburg,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ed:ba:d5:23:e2:a3:39:95:65:3d:4d:98:81:92:dc:d4:ba:c4:78:23
Signer

Actual PE Digest

ed:ba:d5:23:e2:a3:39:95:65:3d:4d:98:81:92:dc:d4:ba:c4:78:23

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetOEMCP
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
HeapAlloc
HeapFree
RaiseException
HeapReAlloc
VirtualAlloc
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
ExitProcess
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoA
GlobalFlags
GetThreadLocale
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
InterlockedIncrement
FreeLibrary
InterlockedDecrement
GetModuleHandleA
TlsFree
GlobalFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
TlsGetValue
LocalAlloc
FindResourceA
LoadResource
LockResource
SizeofResource
MoveFileA
DeleteFileA
RemoveDirectoryA
GetFileAttributesExA
CreateFileW
GetFileAttributesA
FormatMessageA
GetCurrentThreadId
GetTickCount
GetLocalTime
OpenMutexA
Sleep
LocalFree
SetLastError
GetTempPathA
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSection
OpenProcess
WaitForSingleObject
CreateEventA
ConnectNamedPipe
DisconnectNamedPipe
GetOverlappedResult
EnterCriticalSection
LeaveCriticalSection
LoadLibraryA
GetProcAddress
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
CreateNamedPipeA
ResumeThread
SuspendThread
SetEvent
GetModuleFileNameA
ReleaseMutex
CreateMutexA
WaitForSingleObjectEx
CreateThread
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjectsEx
GetDriveTypeA
QueryDosDeviceA
GetSystemDirectoryA
WriteFile
GetVersionExA
SetFilePointer
ReadFile
CreateFileA
DeviceIoControl
CloseHandle
lstrlenA
CompareStringA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
HeapSize
InterlockedExchange

user32

GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetClassLongA
GetCapture
WinHelpA
LoadIconA
GetForegroundWindow
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
wsprintfA
GetWindowTextA
IsWindow
RemovePropA
GetPropA
SetPropA
GetWindowPlacement
GetClassNameA
RegisterWindowMessageA
SetWindowTextA
ClientToScreen
DestroyMenu
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
PostQuitMessage
GetMenu

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
GetNamedSecurityInfoA
GetAce
EqualSid
SetNamedSecurityInfoA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenSCManagerA
CloseServiceHandle
OpenServiceA
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
RegDeleteValueA
SetSecurityDescriptorDacl
CopySid
IsValidSid
GetLengthSid
SetServiceStatus
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeAbsoluteSD
GetSecurityDescriptorControl
GetAclInformation
InitializeAcl
AddAce
QueryServiceConfigA
RegEnumKeyExA
RegDeleteKeyA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

VariantInit
VariantChangeType
VariantClear

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 501KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8418b163cb030313f95f6ed3fcabae84

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1f:b1:c2:47:5f:e9:0b:2b:6f:c6:df:84:00:db:d3:d1Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ed:ba:d5:23:e2:a3:39:95:65:3d:4d:98:81:92:dc:d4:ba:c4:78:23Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

oleaut32

oleacc

Sections

.text Size: 501KB - Virtual size: 501KB

.textidx Size: 70KB - Virtual size: 70KB

.rdata Size: 245KB - Virtual size: 245KB

.data Size: 78KB - Virtual size: 97KB

.rsrc Size: 38KB - Virtual size: 38KB

.reloc Size: 107KB - Virtual size: 107KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1f:b1:c2:47:5f:e9:0b:2b:6f:c6:df:84:00:db:d3:d1
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ed:ba:d5:23:e2:a3:39:95:65:3d:4d:98:81:92:dc:d4:ba:c4:78:23
Signer

.text
Size: 501KB - Virtual size: 501KB

.textidx
Size: 70KB - Virtual size: 70KB

.rdata
Size: 245KB - Virtual size: 245KB

.data
Size: 78KB - Virtual size: 97KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 107KB - Virtual size: 107KB