2024-01-11_542a5cad55fd49bc654ff5a8f9fac470_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-11_542a5cad55fd49bc654ff5a8f9fac470_mafia
Size

586KB
MD5

542a5cad55fd49bc654ff5a8f9fac470
SHA1

09d2c6dfaa4079aaa875490889a7d4733d2b2ce5
SHA256

46452d4c473b122fb7f13b05ecdcdba2c60ad91efc1bf7043abe3d879f826210
SHA512

5f9a0d9fa6b331f923595a12552ef28b8158790e1955bb18066ad2586832dee931c35050c962b39c65dd1ba3071ea8efe8adc94b4ae95bbcbf785e31e7b2b950
SSDEEP

6144:t8erPyhiiXiH33URZnRO5ZEoTuZJlzGj/Wh5sOXb0qtqSi:p5DURlA5Z5TuHVGUlXwq

Score

1^/10

Malware Config

Signatures

Files

2024-01-11_542a5cad55fd49bc654ff5a8f9fac470_mafia
.exe windows:5 windows x86 arch:x86

d1a7f9341061c121dca785a0b0545846

Code Sign

2d:52:39:e7:02:a5:ea:d6:cf:85:da:48:53:bd:22:e9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/12/2011, 00:00

Not After

21/03/2015, 23:59

Subject

CN=Lenovo (Beijing) Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Lenovo (Beijing) Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:8d:5f:e2:c6:5b:f1:33:ac:d3:99:ce:82:2e:aa:80:50:0f:44:a0
Signer

Actual PE Digest

59:8d:5f:e2:c6:5b:f1:33:ac:d3:99:ce:82:2e:aa:80:50:0f:44:a0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
InternetReadFileExW
InternetAttemptConnect
HttpOpenRequestA
InternetSetStatusCallbackW
InternetSetOptionW
InternetReadFile
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA

kernel32

IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCommandLineW
CreateFileA
CreateMutexW
FreeResource
FindResourceW
LoadResource
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
WaitForSingleObject
SetEvent
GetModuleHandleW
WideCharToMultiByte
Sleep
SizeofResource
FileTimeToSystemTime
GetModuleFileNameW
GetEnvironmentVariableA
MultiByteToWideChar
CreateDirectoryA
GetLastError
GetLocalTime
GetStringTypeW
LockResource
CreateEventW
GetFileTime
OutputDebugStringA
ReleaseMutex
CloseHandle
DeleteFileA
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
ReadFile
GetLocaleInfoW
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
HeapReAlloc
LoadLibraryW
SetStdHandle
WriteConsoleW
CreateFileW
SetEndOfFile
GetProcessHeap
HeapCreate
GetCurrentThreadId
SetLastError
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapSetInformation
GetStartupInfoW
HeapFree
HeapAlloc
GetFileAttributesA
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
SetUnhandledExceptionFilter
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter

user32

EndPaint
DestroyWindow
PostQuitMessage
DialogBoxParamW
LoadCursorW
BeginPaint
LoadAcceleratorsW
RegisterClassExW
LoadIconW
MessageBoxA
EndDialog
SetWindowPos
LoadStringW
ShowWindow
CreateWindowExW
UpdateWindow
DefWindowProcW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteExA
CommandLineToArgvW

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 353KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1a7f9341061c121dca785a0b0545846

Code Sign

2d:52:39:e7:02:a5:ea:d6:cf:85:da:48:53:bd:22:e9Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

59:8d:5f:e2:c6:5b:f1:33:ac:d3:99:ce:82:2e:aa:80:50:0f:44:a0Signer

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

advapi32

shell32

Sections

.text Size: 180KB - Virtual size: 180KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 6KB - Virtual size: 15KB

.rsrc Size: 353KB - Virtual size: 352KB

.reloc Size: 12KB - Virtual size: 11KB

2d:52:39:e7:02:a5:ea:d6:cf:85:da:48:53:bd:22:e9
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

59:8d:5f:e2:c6:5b:f1:33:ac:d3:99:ce:82:2e:aa:80:50:0f:44:a0
Signer

.text
Size: 180KB - Virtual size: 180KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 6KB - Virtual size: 15KB

.rsrc
Size: 353KB - Virtual size: 352KB

.reloc
Size: 12KB - Virtual size: 11KB