2023-08-26_0011fa6c6787d0fa7b862de4d505e312_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-26_0011fa6c6787d0fa7b862de4d505e312_mafia_JC.exe
Size

1.5MB
MD5

0011fa6c6787d0fa7b862de4d505e312
SHA1

5818f7c163ff6a761d21ff575a16f1ee3570f49e
SHA256

dc35bb09bc21bb51d533372b8cc85b00ccce2f740164220f93b04f35e87e8c5e
SHA512

60226f37c5b4ab6812a69a644627a1da6694af21c1703fe87783feb9f57826c4d4e3d93ca8a99019d73da6abec56b19ca35f4840a4ac76fbc684ebb2d580525c
SSDEEP

24576:8FCD04ngqZF6ED/PmOIwR88z1lNNsXQT52dx8t9PAUbZGD2BUBklDRAsRU/7WRZ:8FCzgqMOIU8SlNNsAM8tPbGAD+sRUS

Score

1^/10

Malware Config

Signatures

Files

2023-08-26_0011fa6c6787d0fa7b862de4d505e312_mafia_JC.exe
.exe windows:5 windows x86

6cfbb06dfbcda4a233663af998c62b7f

Code Sign

48:ef:c8:78:89:80:bd:02:6d:c7:19:0e:92:6a:a6:6c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02/05/2013, 00:00

Not After

02/05/2014, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

80:c6:8b:c5:49:03:f8:cc:a4:ea:d5:4e:5a:69:f8:6f:72:7c:ed:e7
Signer

Actual PE Digest

80:c6:8b:c5:49:03:f8:cc:a4:ea:d5:4e:5a:69:f8:6f:72:7c:ed:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipImageSelectActiveFrame
GdipFree
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeleteGraphics
GdipCreateFromHDC
GdipLoadImageFromFile

kernel32

PostQueuedCompletionStatus
Sleep
GetProcAddress
CreateMutexW
WaitForMultipleObjects
GetTempPathW
FindFirstFileW
CreateDirectoryW
FindClose
CreateMutexA
DeleteFileA
GetTickCount
TerminateProcess
GetCurrentProcess
CreateThread
DeleteFileW
GlobalUnlock
CreateProcessW
lstrcpynW
lstrlenW
lstrcpynA
lstrlenA
FreeLibrary
LoadLibraryW
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
FindResourceExW
DeleteCriticalSection
InitializeCriticalSection
TlsFree
InitializeCriticalSectionAndSpinCount
SetLastError
GetCurrentThreadId
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
LoadLibraryExW
GetModuleFileNameW
FlushInstructionCache
MulDiv
lstrcmpW
CreateFileW
GetFileSize
SetFilePointer
WriteFile
CreateIoCompletionPort
QueueUserAPC
TerminateThread
GetQueuedCompletionStatus
SetWaitableTimer
InterlockedCompareExchange
TlsSetValue
TlsGetValue
SleepEx
SetEvent
GetSystemTimeAsFileTime
CreateWaitableTimerW
GetEnvironmentVariableW
GetProcessHeap
ReleaseSemaphore
HeapAlloc
CreateEventA
CreateEventW
CreateSemaphoreA
ReadFile
MoveFileW
FindNextFileW
GetCurrentProcessId
WideCharToMultiByte
GetVolumeInformationW
GetDriveTypeW
GetModuleHandleA
GetCommandLineW
SetConsoleCtrlHandler
DecodePointer
EncodePointer
GetStringTypeW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
FindFirstFileExW
GetTimeFormatA
GetDateFormatA
RtlUnwind
LCMapStringW
GetCPInfo
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetStdHandle
HeapCreate
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetFullPathNameW
GetFileInformationByHandle
FileTimeToLocalFileTime
PeekNamedPipe
GetCurrentDirectoryW
WaitForSingleObject
CloseHandle
TlsAlloc
FlushFileBuffers
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
SetEndOfFile
CreateFileA
SetEnvironmentVariableA
OpenEventA
ResetEvent
GetLastError
InterlockedExchangeAdd
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
GlobalLock
GlobalAlloc
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceW
ResumeThread
SystemTimeToFileTime
CreateWaitableTimerA
LocalFree
FormatMessageA
GetVersion
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
HeapSetInformation
GetStartupInfoW
ExitThread
FileTimeToSystemTime
ReadConsoleInputA
SetConsoleMode
HeapFree

user32

ClientToScreen
CreateAcceleratorTableW
MoveWindow
SetCapture
ReleaseCapture
DestroyWindow
DestroyAcceleratorTable
LoadCursorW
RegisterClassExW
GetMessageW
TranslateMessage
DispatchMessageW
GetWindow
MonitorFromWindow
SetRect
CharNextW
GetParent
GetClassInfoExW
RedrawWindow
GetSysColor
GetClassNameW
GetFocus
IsChild
RegisterWindowMessageW
LoadMenuW
LoadAcceleratorsW
LoadImageW
wvsprintfW
UnregisterDeviceNotification
InvalidateRgn
CallWindowProcW
GetDlgItem
GetMonitorInfoW
MonitorFromPoint
GetMenuItemInfoW
RemoveMenu
AppendMenuW
TrackPopupMenuEx
DestroyMenu
CreatePopupMenu
PeekMessageW
IsWindow
MapWindowPoints
MessageBeep
DefWindowProcW
SetFocus
LoadStringA
CreateWindowExW
TranslateAcceleratorW
GetWindowTextLengthW
GetWindowTextW
PostMessageW
PtInRect
ScreenToClient
GetWindowRect
IsIconic
FillRect
DrawTextW
EndPaint
BeginPaint
PostQuitMessage
SetTimer
SetWindowPos
GetClientRect
SetWindowLongW
GetWindowLongW
ShowWindow
SendMessageW
SetWindowTextW
KillTimer
LoadStringW
ReleaseDC
GetDC
GetDesktopWindow
InvalidateRect
UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
GetMenuItemCount

gdi32

SetTextColor
CreateCompatibleBitmap
GetDeviceCaps
GetObjectW
CreateCompatibleDC
CreateFontIndirectW
SelectObject
DeleteObject
DeleteDC
CreateSolidBrush
CreatePen
SetBkMode
TextOutW
GetStockObject
BitBlt
Rectangle

advapi32

RegQueryValueExW
RegCloseKey
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

shell32

ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
OleUninitialize
OleLockRunning
CoGetClassObject
CLSIDFromString
OleInitialize
CoUninitialize
CLSIDFromProgID

oleaut32

SysStringLen
SysFreeString
SysAllocString
OleCreateFontIndirect
SysAllocStringLen
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr

shlwapi

PathFileExistsW
SHGetValueW

comctl32

_TrackMouseEvent
InitCommonControlsEx

ws2_32

getsockopt
bind
getsockname
inet_addr
listen
accept
select
WSARecv
__WSAFDIsSet
connect
freeaddrinfo
getaddrinfo
WSASocketW
WSASend
setsockopt
ioctlsocket
WSASetLastError
WSAGetLastError
closesocket
WSACleanup
WSAStartup

Sections

.text
Size: 923KB - Virtual size: 922KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6cfbb06dfbcda4a233663af998c62b7f

Code Sign

48:ef:c8:78:89:80:bd:02:6d:c7:19:0e:92:6a:a6:6cCertificate

Extended Key Usages

Key Usages

80:c6:8b:c5:49:03:f8:cc:a4:ea:d5:4e:5a:69:f8:6f:72:7c:ed:e7Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

Sections

.text Size: 923KB - Virtual size: 922KB

.rdata Size: 229KB - Virtual size: 229KB

.data Size: 38KB - Virtual size: 55KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 235KB - Virtual size: 234KB

.reloc Size: 75KB - Virtual size: 74KB

48:ef:c8:78:89:80:bd:02:6d:c7:19:0e:92:6a:a6:6c
Certificate

80:c6:8b:c5:49:03:f8:cc:a4:ea:d5:4e:5a:69:f8:6f:72:7c:ed:e7
Signer

.text
Size: 923KB - Virtual size: 922KB

.rdata
Size: 229KB - Virtual size: 229KB

.data
Size: 38KB - Virtual size: 55KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 235KB - Virtual size: 234KB

.reloc
Size: 75KB - Virtual size: 74KB