2023-08-25_d82696af8e142c35717c25c1c336ddeb_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-25_d82696af8e142c35717c25c1c336ddeb_mafia_JC.exe
Size

729KB
MD5

d82696af8e142c35717c25c1c336ddeb
SHA1

700e40c90cfb942066f225eb93cdcb75203a8f45
SHA256

d0e5984c64685f3dc7cc8b31533a4f8f969ddb1c915caa13d85c5e411ebdc936
SHA512

ea49a78e49e0ab485f8b8d3705b73e2c3a6f346b4170d09c9f3c1814ec929b07cdb8c228b27156a6ac63cd2b1d82594f5a9b901941e1f0aaec8c4bbd69ad89be
SSDEEP

12288:RDXO++Uv/HjxJKiYExEpKUav1GBXaYRhh2BgTsFkrrXz7K:RDXOhUv/DvKiYEmpKv8xhh22TmwnG

Score

1^/10

Malware Config

Signatures

Files

2023-08-25_d82696af8e142c35717c25c1c336ddeb_mafia_JC.exe
.exe windows:5 windows x86

7952b8eb8cee7585fb503da2c95ef45d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

12:f0:27:7e:0f:23:3b:39:f9:41:9b:06:e8:cd:e3:52
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/04/2015, 00:00

Not After

13/04/2018, 23:59

Subject

CN=Oracle America\, Inc.,OU=Code Signing Bureau,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:a5:e5:b7:66:2c:cd:66:37:12:fa:79:b0:c0:8d:46:aa:31:82:4e
Signer

Actual PE Digest

1e:a5:e5:b7:66:2c:cd:66:37:12:fa:79:b0:c0:8d:46:aa:31:82:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

IIDFromString
CoCreateGuid
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
OleUninitialize
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoTaskMemRealloc
OleLockRunning
CoCreateInstance

shell32

SHGetFolderPathW
SHGetFolderPathA
CommandLineToArgvW

user32

MsgWaitForMultipleObjectsEx
DispatchMessageA
DispatchMessageW
IsWindowUnicode
PostMessageA
PeekMessageA
GetMessageW
SendMessageTimeoutW
GetSystemMenu
MapDialogRect
SetForegroundWindow
LoadStringA
LoadBitmapA
EnumWindows
SetWindowContextHelpId
MessageBoxA
EnableMenuItem
EndDialog
SwitchToThisWindow
EnableWindow
GetDlgCtrlID
GetWindowThreadProcessId
GetMessageA
LoadStringW
TranslateMessage
MoveWindow
GetWindow
LoadCursorA
DialogBoxIndirectParamA
CallWindowProcA
SetWindowTextA
ReleaseCapture
IsWindow
SetWindowPos
GetSysColor
GetDesktopWindow
RedrawWindow
DefWindowProcA
GetDlgItem
ReleaseDC
CreateWindowExA
GetWindowLongA
CreateAcceleratorTableA
UnregisterClassA
EndPaint
ClientToScreen
DestroyWindow
GetClassNameA
DestroyAcceleratorTable
ScreenToClient
RegisterClassExA
FillRect
IsChild
GetClassInfoExA
SetCapture
GetFocus
GetParent
InvalidateRgn
CharNextA
GetClientRect
SetFocus
GetWindowTextLengthA
SendMessageA
RegisterWindowMessageA
BeginPaint
GetDC
GetWindowTextA
SetWindowLongA
InvalidateRect

psapi

GetModuleFileNameExA
EnumProcessModules

kernel32

GetStdHandle
WriteConsoleW
GetConsoleMode
GetConsoleCP
GetFileType
GetStartupInfoW
HeapSetInformation
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualProtect
GetModuleFileNameW
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
CreateDirectoryW
GetFullPathNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileExW
SetStdHandle
HeapReAlloc
RtlUnwind
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
DecodePointer
SetUnhandledExceptionFilter
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoW
SetFilePointer
FlushFileBuffers
GetCommandLineW
FindResourceA
lstrcmpA
SetEndOfFile
FreeLibrary
LoadResource
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GlobalLock
OpenProcess
GlobalAlloc
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
LeaveCriticalSection
MulDiv
IsDBCSLeadByte
MultiByteToWideChar
lstrlenW
GlobalUnlock
FlushInstructionCache
RaiseException
GetLastError
SetLastError
lstrcmpiA
GetProcAddress
RemoveDirectoryA
EnterCriticalSection
GlobalFree
LockResource
GlobalHandle
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
DeleteFileA
FindResourceW
Process32First
lstrcatA
Module32First
GetLongPathNameA
Process32Next
CreateToolhelp32Snapshot
Module32Next
LocalFree
CopyFileA
GetTickCount
ExitProcess
CreateFileA
GetLocaleInfoA
WaitForSingleObject
WriteFile
SetDllDirectoryA
TerminateProcess
GetEnvironmentVariableA
FindFirstFileA
FindClose
LoadLibraryA
GetNativeSystemInfo
GetSystemWow64DirectoryA
GetTempPathA
MoveFileExA
GetFileAttributesA
CreateDirectoryA
DeviceIoControl
FindNextFileA
Sleep
FormatMessageW
GetLocalTime
PeekNamedPipe
SetHandleInformation
GetExitCodeProcess
ReadFile
CreatePipe
GetModuleHandleExA
GetModuleHandleExW
LoadLibraryW
LoadLibraryExW
MapViewOfFile
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingA
OpenFileMappingA
CreateFileW
SetFilePointerEx
InitializeCriticalSection
HeapCreate
SizeofResource
GetCurrentDirectoryW
GetFileInformationByHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
CompareStringW
SetEnvironmentVariableA
lstrlenA
CreateProcessA

comctl32

InitCommonControlsEx
ord17

advapi32

AdjustTokenPrivileges
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
LookupPrivilegeValueA
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyW
RegSetValueExA
OpenProcessToken
SetFileSecurityA
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
RegQueryValueExA
GetTokenInformation
CopySid
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetWindowsAccountDomainSid
CreateWellKnownSid

oleaut32

SysAllocString
SysStringLen
VariantClear
LoadTypeLi
VariantInit
SysAllocStringLen
OleCreateFontIndirect
VarUI4FromStr
SysFreeString
LoadRegTypeLi
GetErrorInfo

shlwapi

SHDeleteKeyA
PathIsURLA

gdi32

CreateSolidBrush
GetObjectA
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
GetDeviceCaps
DeleteDC
BitBlt
GetTextMetricsA
SetBkMode
StretchBlt
GetTextExtentPoint32A
CreateFontIndirectA
GetStockObject

version

VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA

msi

ord31
ord67
ord189
ord91
ord117
ord141
ord168
ord160
ord158
ord115
ord159
ord8
ord44
ord204
ord137

Sections

.text
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7952b8eb8cee7585fb503da2c95ef45d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

12:f0:27:7e:0f:23:3b:39:f9:41:9b:06:e8:cd:e3:52Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

1e:a5:e5:b7:66:2c:cd:66:37:12:fa:79:b0:c0:8d:46:aa:31:82:4eSigner

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shell32

user32

psapi

kernel32

comctl32

advapi32

oleaut32

shlwapi

gdi32

version

msi

Sections

.text Size: 412KB - Virtual size: 412KB

.rdata Size: 127KB - Virtual size: 127KB

.data Size: 15KB - Virtual size: 26KB

.rsrc Size: 129KB - Virtual size: 128KB

.reloc Size: 38KB - Virtual size: 37KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

12:f0:27:7e:0f:23:3b:39:f9:41:9b:06:e8:cd:e3:52
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

1e:a5:e5:b7:66:2c:cd:66:37:12:fa:79:b0:c0:8d:46:aa:31:82:4e
Signer

.text
Size: 412KB - Virtual size: 412KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 15KB - Virtual size: 26KB

.rsrc
Size: 129KB - Virtual size: 128KB

.reloc
Size: 38KB - Virtual size: 37KB