2023-08-27_4c22cd6b339532c07088fd8cc8818541_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-27_4c22cd6b339532c07088fd8cc8818541_mafia_JC.exe
Size

1.7MB
MD5

4c22cd6b339532c07088fd8cc8818541
SHA1

29e73e5f8ef0d6ed5dd4f69dea8e4eaf58bbd928
SHA256

05a03d8501cee06344f048da17a5392f6ef2e549fd89e3fb8a51b8e677e297be
SHA512

5b95c2d65b540b243f61bcfe9ea53de4515f2f71b68ebf1559254b46d6673d2ba5d8bbc801445a0ec49ca37b7f3f4dabc5016bde6a830442e98b04fd462ae90d
SSDEEP

24576:PT2vGRrGiEv3Ku7JHsIejbIxUGqTiwFYoAxfu0FDI5Rae7o4QSJgCzJXvL1/IHMa:rTrGSmAJG3u2e7o45tXvKsxvFwRerUx

Score

1^/10

Malware Config

Signatures

Files

2023-08-27_4c22cd6b339532c07088fd8cc8818541_mafia_JC.exe
.exe windows:5 windows x86

09d541f9dff235e690cee040dda4338f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

07/06/2012, 00:00

Not After

06/06/2022, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:a0:b9:25:d5:bd:9e:14:2f:9e:9b:39:4e:ce:62:70
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/01/2014, 00:00

Not After

07/01/2016, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=AAM 256,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

00:3a:74:22:15:8b:b7:61:6d:ca:94:8d:1e:da:c7:a0:f8:55:c4:23
Signer

Actual PE Digest

00:3a:74:22:15:8b:b7:61:6d:ca:94:8d:1e:da:c7:a0:f8:55:c4:23

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpReadData
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpSendRequest

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

kernel32

GetModuleFileNameW
Sleep
LoadLibraryA
GlobalFree
GetComputerNameExW
InterlockedIncrement
InterlockedDecrement
CloseHandle
CreateProcessW
SetEnvironmentVariableA
CreateMutexW
SetEvent
WaitForMultipleObjects
CreateEventW
GetTimeZoneInformation
GetVersionExW
UnlockFileEx
FlushFileBuffers
SetEndOfFile
WriteFile
SetFilePointer
LockFileEx
GetFileSize
CreateFileW
OutputDebugStringA
QueryPerformanceCounter
GetEnvironmentVariableA
QueryPerformanceFrequency
GetTempPathW
lstrlenA
LocalFree
GetCurrentProcess
GetCurrentThread
FindClose
FindNextFileW
FindFirstFileW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
IsDBCSLeadByteEx
ReadFile
LocalAlloc
WideCharToMultiByte
WaitForSingleObject
SetLastError
DeleteFileW
GetDateFormatW
GetTimeFormatW
GetLocalTime
GetFullPathNameW
GetFullPathNameA
CreateFileA
UnlockFile
LockFile
GetTickCount
GetSystemTimeAsFileTime
FormatMessageA
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentThreadId
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
ReleaseSemaphore
CreateSemaphoreW
HeapSize
GetStdHandle
ExitProcess
GetProcAddress
GetLastError
FreeLibrary
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
CompareStringW
GetStartupInfoW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
SetStdHandle
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
MultiByteToWideChar
WriteConsoleW
GetProcessHeap
DeleteCriticalSection
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
MoveFileA
FindFirstFileExA
GetDriveTypeA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
FindFirstFileExW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
HeapSetInformation
GetCommandLineW
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
RaiseException
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc

user32

wsprintfW
MessageBoxW

advapi32

OpenThreadToken
GetNamedSecurityInfoW
SetNamedSecurityInfoW
CryptDestroyKey
CryptGenKey
CryptReleaseContext
CryptAcquireContextW
CryptExportKey
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyA
SetSecurityInfo
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoInitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantClear
SysAllocStringByteLen

shlwapi

PathRemoveFileSpecW
PathFileExistsW

Exports

Exports

GetAsnVersion
IAL_ActivateLicense
IAL_CloseSession
IAL_CreateSession
IAL_DeactivateLicense
IAL_GetAULData
IAL_GetEntitledSerialData
IAL_GetEntitlementsForLEIDS
IAL_GetSLConfigData
IAL_GetType2aOfflineException
IAL_GetVersion
IAL_ReloadLocalDispatchTable
IAL_SetLicensingLEID
IAL_SetLoggingMethod
IAL_SetProxyDetails
IAL_ValidateSerial
asnInst_InstallerProductInfo_constructor
asnInst_getAsnProductInfo
asnInst_getAsnProductInfoInMem
asn_exit
asn_info
asn_init
asn_makePrivate
asn_makePrivateEx

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

09d541f9dff235e690cee040dda4338f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate

Extended Key Usages

Key Usages

58:a0:b9:25:d5:bd:9e:14:2f:9e:9b:39:4e:ce:62:70Certificate

Extended Key Usages

Key Usages

00:3a:74:22:15:8b:b7:61:6d:ca:94:8d:1e:da:c7:a0:f8:55:c4:23Signer

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

setupapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 212KB - Virtual size: 211KB

.data Size: 77KB - Virtual size: 104KB

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 92KB - Virtual size: 92KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

58:a0:b9:25:d5:bd:9e:14:2f:9e:9b:39:4e:ce:62:70
Certificate

00:3a:74:22:15:8b:b7:61:6d:ca:94:8d:1e:da:c7:a0:f8:55:c4:23
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 212KB - Virtual size: 211KB

.data
Size: 77KB - Virtual size: 104KB

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 92KB - Virtual size: 92KB