2024-01-01_6f14a2d3a86fa2ecd95a4a6485aa1801_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-01_6f14a2d3a86fa2ecd95a4a6485aa1801_mafia
Size

1.9MB
MD5

6f14a2d3a86fa2ecd95a4a6485aa1801
SHA1

78f480df0d242fcf0c6543e098e0a0814ccac948
SHA256

b5f947d639658ac4e0fc3a735653176b3a79af952ed319483c1e68323049001d
SHA512

fd792cd9485cf827634e84b6bb951b5d1e244a6f973604c08dc00912c743b2a0eb9b40f708af666fa877ecce09ebc56deeeb5012d8b50f832077344247e7c02a
SSDEEP

24576:btJyrmSDRnsMG4jwSbnARNulkzshWamSCNtdZsBEXyvt3kx8oetn00VswfTXiEUj:CrmUsM6Sbnoulkzsgv0vt3Ow9sUTXiVr

Score

1^/10

Malware Config

Signatures

Files

2024-01-01_6f14a2d3a86fa2ecd95a4a6485aa1801_mafia
.exe windows:5 windows x86 arch:x86

852515a436643d3df6d523f92eb2ea07

Code Sign

2f:02:0b:cb:1b:37:e9:e1:d2:92:77:75:12:9a:0b:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/11/2011, 00:00

Not After

22/11/2012, 23:59

Subject

CN=CyberDefender Corporation,OU=Security Software+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CyberDefender Corporation,L=Los Angeles,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a9:39:fd:53:2f:3c:1c:c9:d0:b1:e1:55:e5:bc:3a:58:5e:0c:2d:4e
Signer

Actual PE Digest

a9:39:fd:53:2f:3c:1c:c9:d0:b1:e1:55:e5:bc:3a:58:5e:0c:2d:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation
GetLocaleInfoA
GetVersionExA
GetNativeSystemInfo
SetUnhandledExceptionFilter
GetModuleFileNameA
GetCurrentProcessId
LockResource
SizeofResource
LocalFree
lstrcmpiW
CompareStringW
GetModuleHandleW
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
MulDiv
lstrcmpW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
lstrlenW
CreateMutexA
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
FlushFileBuffers
GetConsoleCP
SetHandleCount
GetExitCodeProcess
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
SetEvent
HeapCreate
GetDateFormatA
GetTimeFormatA
CreateThread
ExitThread
GetCPInfo
LCMapStringW
ReadFile
GetStartupInfoW
HeapSetInformation
GetCommandLineW
VirtualQuery
VirtualProtect
RtlUnwind
GetStdHandle
GetFileType
GetConsoleMode
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
SystemTimeToFileTime
TlsSetValue
ResetEvent
OpenEventA
GetSystemInfo
TlsGetValue
TlsFree
TlsAlloc
FormatMessageA
FindNextFileA
FindFirstFileA
MoveFileA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
GetTickCount
GetVersionExW
HeapAlloc
DuplicateHandle
CreateSemaphoreA
LoadLibraryExW
FreeLibrary
WideCharToMultiByte
WaitForSingleObject
ReleaseSemaphore
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
FormatMessageW
FindResourceExW
FindResourceW
ExitProcess
LoadResource
CloseHandle
CreateEventA
lstrlenA
MultiByteToWideChar
GetLastError
InterlockedExchange
SetLastError
GetCurrentThreadId
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
FindClose
CreateFileW
OutputDebugStringA
ResumeThread
CreateFileA
FindResourceA
WriteFile
GetTempPathA
GetCurrentProcess
GetLocaleInfoW
IsWow64Process
GlobalFree
InterlockedCompareExchange
InterlockedPushEntrySList
GetFileAttributesA
DecodePointer
EncodePointer
InitializeCriticalSection
Sleep
IsProcessorFeaturePresent
GetStringTypeW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
LoadLibraryW

user32

DestroyAcceleratorTable
BeginPaint
IsWindow
GetClassInfoExW
LoadCursorW
RegisterClassExW
CreateWindowExW
CreateAcceleratorTableW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
SystemParametersInfoW
EnableWindow
CheckDlgButton
IsDlgButtonChecked
DrawTextW
OffsetRect
MessageBoxExW
SetRectEmpty
LoadImageW
UpdateWindow
IsWindowEnabled
GetDlgCtrlID
TranslateAcceleratorW
SetWindowLongW
GetWindowLongW
GetMenu
SetWindowPos
GetClientRect
EndPaint
CallWindowProcW
ShowWindow
SetFocus
AdjustWindowRectEx
PtInRect
DrawFocusRect
SetCursor
GetCursorPos
GetCapture
DestroyWindow
LoadMenuW
LoadStringW
CreatePopupMenu
RemoveMenu
MonitorFromPoint
SetMenuItemInfoW
GetMenuItemInfoW
SetMenuDefaultItem
PostQuitMessage
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
GetWindow
GetParent
GetDesktopWindow
CreateDialogParamW
SendMessageW
SetWindowTextW
InvalidateRect
IsChild
GetDlgItem
MessageBoxW
IsDialogMessageW
GetFocus
UnregisterClassA
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DefWindowProcW
GetSysColor
CharNextW
MoveWindow
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRgn
RedrawWindow
SetCapture
GetClassNameW
ReleaseCapture
LoadAcceleratorsW
CheckMenuRadioItem
GetWindowThreadProcessId
PostThreadMessageW
MessageBeep
LoadStringA
TrackPopupMenuEx
GetMenuItemCount
AppendMenuW
DestroyMenu
FillRect

gdi32

CreateFontIndirectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
DeleteObject
CreateDIBSection
GetStockObject
StretchBlt
SetBkMode
GetDIBColorTable
GetObjectW
SetDIBColorTable
SelectObject
DeleteDC
CreateCompatibleDC
SetTextColor

advapi32

OpenProcessToken
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
SetEntriesInAclA
GetKernelObjectSecurity
CreateProcessAsUserW
SetSecurityDescriptorDacl
DuplicateTokenEx
ImpersonateLoggedOnUser
MakeAbsoluteSD
SetKernelObjectSecurity
BuildExplicitAccessWithNameA
GetSecurityDescriptorDacl

shell32

SHGetFolderPathA
SHGetFolderPathW
ShellExecuteW

ole32

CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoCreateInstance
CoTaskMemAlloc
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoCreateGuid
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx
CoGetClassObject
StringFromGUID2

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend
TransparentBlt

gdiplus

GdipCreateBitmapFromStream
GdiplusShutdown
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth

ws2_32

WSAGetLastError
WSACleanup
gethostname
gethostbyname

psapi

GetPerformanceInfo

winhttp

WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpGetProxyForUrl
WinHttpOpenRequest
WinHttpOpen

msi

ord87
ord112
ord91
ord117
ord160
ord158
ord159
ord8
ord32
ord141

Sections

.text
Size: 503KB - Virtual size: 502KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

852515a436643d3df6d523f92eb2ea07

Code Sign

2f:02:0b:cb:1b:37:e9:e1:d2:92:77:75:12:9a:0b:65Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a9:39:fd:53:2f:3c:1c:c9:d0:b1:e1:55:e5:bc:3a:58:5e:0c:2d:4eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

gdiplus

ws2_32

psapi

winhttp

msi

Sections

.text Size: 503KB - Virtual size: 502KB

.rdata Size: 92KB - Virtual size: 92KB

.data Size: 18KB - Virtual size: 29KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 53KB - Virtual size: 52KB

2f:02:0b:cb:1b:37:e9:e1:d2:92:77:75:12:9a:0b:65
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a9:39:fd:53:2f:3c:1c:c9:d0:b1:e1:55:e5:bc:3a:58:5e:0c:2d:4e
Signer

.text
Size: 503KB - Virtual size: 502KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 18KB - Virtual size: 29KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 53KB - Virtual size: 52KB