2024-01-08_63e85221fa6dfdfbd0eafadd69ccf9d2_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-08_63e85221fa6dfdfbd0eafadd69ccf9d2_mafia
Size

2.0MB
MD5

63e85221fa6dfdfbd0eafadd69ccf9d2
SHA1

7d64c4bb2b288e4c1ef1287d6cfca9588ef327c6
SHA256

ef7eda5ffb2219aeec70ea6d6c9c6076ffd497c4443986fb40deb57b1185caac
SHA512

6e63c26bce8f37ca01a502216681782c82d458fc24d33c915cce9621be5d3b561dbea4a8b9803c74be0a10cc2c489a5074abd81179a2cfaa3c1f465e40d3042f
SSDEEP

12288:QTvSFwZVJbKWrNFxg9OX6edJeQFgnKe08VtWdWlorMpS3srZ/GuPXsdjIepYsaSi:Qh4QFgnKetVtW8A3+/pMHpYsapwO

Score

1^/10

Malware Config

Signatures

Files

2024-01-08_63e85221fa6dfdfbd0eafadd69ccf9d2_mafia
.exe windows:5 windows x86 arch:x86

5f2f9c90b8aee392c5fe10dde5d5baec

Code Sign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

02-08-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:6d:34:42:12:06:8e:e6:cc:0e:61:0a:cd:f0:b1:3b:3e
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

09-07-2015 15:35

Not After

09-08-2017 16:49

Subject

CN=WinZip Computing LLC,O=WinZip Computing LLC,L=Storrs Mansfield,ST=Connecticut,C=US,1.2.840.113549.1.9.1=#0c0f68656c704077696e7a69702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5c:69:3c:6f:65:54:80:0b:88:db:d0:49:c7:61:2a:f6:a6:60:15:2d
Signer

Actual PE Digest

5c:69:3c:6f:65:54:80:0b:88:db:d0:49:c7:61:2a:f6:a6:60:15:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FormatMessageA
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
WriteConsoleW
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
CreateProcessW
GetEnvironmentVariableW
SetCurrentDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitProcess
GetLocaleInfoW
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
CreateFileW
GetFileAttributesExW
SystemTimeToFileTime
SetFileTime
LoadLibraryExW
FreeLibrary
SetLastError
GetModuleFileNameW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LCMapStringW
GetCPInfo
CompareStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
GetStringTypeW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
SetEvent
WaitForSingleObject
FindFirstFileW
FindNextFileW
FindClose
CreateEventA
WriteFile
GetModuleHandleExW
lstrlenA
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
LocalAlloc
LocalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
InitializeCriticalSection
RaiseException
Sleep
GetSystemTime
WTSGetActiveConsoleSessionId
CloseHandle
MultiByteToWideChar
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
lstrlenW
GetModuleHandleW
GetProcAddress

user32

SetForegroundWindow
GetMonitorInfoW
DefWindowProcW
MonitorFromPoint
GetDC
GetWindowRect
FindWindowW
FillRect
EnumChildWindows
GetWindowTextLengthW
GetWindowTextW
EndPaint
BeginPaint
GetParent
GetPropW
IsWindowVisible
SendMessageW
CreateWindowExW
LoadImageW
CreateDialogParamW
DestroyWindow
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ShowWindow
SetWindowLongW
ScreenToClient
SetWindowPos
PostQuitMessage
GetWindowLongW
SetWindowTextW
GetClientRect
RedrawWindow
GetDlgItem
GetClassInfoExW
UnregisterClassA
DrawIconEx
GetIconInfo
DestroyIcon
ReleaseDC
SetCursor
GetFocus
ReleaseCapture
DestroyCursor
CallWindowProcW
TrackMouseEvent
IsWindow
IsWindowEnabled
InvalidateRect
LoadBitmapW
LoadCursorW
CopyRect
SetPropW
RegisterClassExW

gdi32

SelectObject
StretchBlt
SetStretchBltMode
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
DeleteObject
BitBlt
GetBitmapBits
GetDeviceCaps
SaveDC
RestoreDC
CreateSolidBrush
GetObjectW

shell32

SHAppBarMessage
DuplicateIcon
SHCreateDirectoryExW

ole32

OleRun
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
VariantClear
VarUI4FromStr
GetErrorInfo

advapi32

OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
StartServiceW
QueryServiceStatus
CloseServiceHandle
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW

comctl32

InitCommonControlsEx

gdiplus

GdipFree
GdipAlloc
GdipCreateBitmapFromFile
GdipCloneImage
GdiplusStartup
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipDeleteBrush
GdipStringFormatGetGenericTypographic
GdipDeleteGraphics
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipGetStringFormatAlign
GdipSetStringFormatLineAlign
GdipGetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetStringFormatTrimming
GdipCreateFromHDC
GdipGetStringFormatFlags
GdipDrawString
GdipCloneBrush
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipGetFamilyName
GdipGetFamily
GdipDisposeImage
GdipGetFontSize
GdipFillRectangleI
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesWrapMode
GdipCloneFont
GdipMeasureString
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipDrawImageRectRectI
GdipCloneBitmapAreaI
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipCreateBitmapFromStream
GdipCreateStringFormat
GdipCreateFromHWND
GdipGetFontStyle

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

wintrust

WinVerifyTrust

crypt32

CertGetNameStringW
CryptMsgClose
CertCloseStore
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertFreeCertificateContext

winhttp

WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetCredentials
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpConnect
WinHttpQueryAuthSchemes

wininet

InternetConnectW
HttpSendRequestW
HttpOpenRequestW
InternetCloseHandle
HttpQueryInfoW
InternetOpenW
InternetReadFile
InternetQueryDataAvailable

Sections

.text
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f2f9c90b8aee392c5fe10dde5d5baec

Code Sign

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

11:21:6d:34:42:12:06:8e:e6:cc:0e:61:0a:cd:f0:b1:3b:3eCertificate

Extended Key Usages

Key Usages

5c:69:3c:6f:65:54:80:0b:88:db:d0:49:c7:61:2a:f6:a6:60:15:2dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

comctl32

gdiplus

wtsapi32

wintrust

crypt32

winhttp

wininet

Sections

.text Size: 302KB - Virtual size: 302KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 15KB - Virtual size: 24KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 30KB - Virtual size: 29KB

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

11:21:6d:34:42:12:06:8e:e6:cc:0e:61:0a:cd:f0:b1:3b:3e
Certificate

5c:69:3c:6f:65:54:80:0b:88:db:d0:49:c7:61:2a:f6:a6:60:15:2d
Signer

.text
Size: 302KB - Virtual size: 302KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 15KB - Virtual size: 24KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 30KB - Virtual size: 29KB