2024-01-23_8491a04bf80fbcae8db82158ce95cb5e_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-23_8491a04bf80fbcae8db82158ce95cb5e_mafia
Size

1.3MB
MD5

8491a04bf80fbcae8db82158ce95cb5e
SHA1

9b457d27904227b300cec27edc8e658ef28dacaa
SHA256

8d534b365573f02df956492fd11495bd7db1b2923bc2ca68508193bd589cb6e0
SHA512

6562a3dfac2f1a06e5a706282fc8e2c4a0840bba82c1673caab746876d10c994504493c99af1234162f16537bf06caed8c2f44dd68109b8f2aa729708c7cbdb5
SSDEEP

24576:f07Ck6hK4hlTgaxRQZU1XVgH+4RuZWXSeFY/VAnH/:Q6hK4h1uZU1X+HWZWC2Y/VAnf

Score

1^/10

Malware Config

Signatures

Files

2024-01-23_8491a04bf80fbcae8db82158ce95cb5e_mafia
.exe windows:5 windows x86 arch:x86

05eaeb1dfe1c050bb5654238b1a3a252

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

34:62:05:4a:5e:fe:75:45:48:7f:4f:15:48:70:8c:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

30/11/2012, 00:00

Not After

29/01/2015, 23:59

Subject

CN=NHN corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NHN corp.,L=Seongnam-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:dc:f4:f5:06:e0:9e:86:6b:a5:36:a7:db:b7:7b:e1:61:ef:6e:67
Signer

Actual PE Digest

49:dc:f4:f5:06:e0:9e:86:6b:a5:36:a7:db:b7:7b:e1:61:ef:6e:67

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalReAlloc
CreateThread
Sleep
GetExitCodeProcess
LoadLibraryA
GetCurrentProcessId
ResetEvent
SetEvent
ResumeThread
CreateEventW
FreeResource
CreateProcessW
FlushFileBuffers
GetCommandLineW
lstrcpynW
lstrcpyW
GetFullPathNameW
GetVersionExW
GetVersionExA
lstrcmpA
LocalAlloc
LocalFree
SetEndOfFile
SetStdHandle
CreateFileA
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FatalAppExitA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetHandleCount
SetConsoleCtrlHandler
LoadLibraryExW
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
GetCPInfo
CompareStringW
GetStartupInfoW
HeapSetInformation
GetStdHandle
GetFileType
WriteConsoleW
VirtualQuery
GetSystemInfo
VirtualProtect
ExitThread
GetSystemTimeAsFileTime
RtlUnwind
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
HeapSize
HeapDestroy
DecodePointer
EncodePointer
InitializeCriticalSection
InterlockedCompareExchange
GetStringTypeW
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameW
MulDiv
lstrcmpW
GetCurrentProcess
FlushInstructionCache
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
RaiseException
FreeLibrary
ReadFile
SetNamedPipeHandleState
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
GetProcAddress
WritePrivateProfileStringW
HeapReAlloc
lstrlenW
MultiByteToWideChar
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileStringW
LoadLibraryW
CreateDirectoryW
SetLastError
lstrlenA
OpenEventW
QueryDosDeviceW
InterlockedExchange
FileTimeToSystemTime
GetCurrentThreadId
WaitNamedPipeW
FileTimeToLocalFileTime
FormatMessageW
LocalLock
FindFirstFileW
GetLocalTime
SystemTimeToFileTime
DeleteFileW
FindNextFileW
FindClose
CreateMutexW
CloseHandle
GetTickCount
WaitForSingleObject
ReleaseMutex
GetSystemTime
CreateFileW
GetLastError
OutputDebugStringW
SetFilePointer
WriteFile
GetLocaleInfoW

user32

DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetWindowLongW
CharNextW
DestroyWindow
GetSysColor
MoveWindow
SetWindowPos
SetCursor
GetCapture
UpdateWindow
SetWindowLongW
KillTimer
SystemParametersInfoW
DrawFocusRect
DrawEdge
PtInRect
InflateRect
DestroyIcon
DialogBoxParamW
CreateDialogParamW
GetDesktopWindow
SendMessageTimeoutW
FindWindowExW
SendMessageW
DefWindowProcW
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetDlgItem
GetClassNameW
ReleaseCapture
FillRect
CallWindowProcW
EndPaint
BeginPaint
DestroyAcceleratorTable
SetTimer
CopyRect
GetActiveWindow
IsWindowEnabled
GetDlgCtrlID
DrawIconEx
GetSystemMetrics
MessageBoxW
PostQuitMessage
ExitWindowsEx
GetWindow
GetFocus
SetFocus
UnregisterClassA
IsWindow
GetClassInfoExW
LoadCursorW
RegisterClassExW
CreateWindowExW
CreateAcceleratorTableW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
GetMenu
ShowWindow
IsWindowVisible
EnableWindow
SetRect
AdjustWindowRectEx
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
EqualRect
LoadImageW
PostMessageW
EndDialog
SetWindowRgn
DrawTextW

gdi32

DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectW
GetStockObject
CombineRgn
ExtCreateRegion
CreateDIBSection
ExtTextOutW
SetBkColor
LineTo
MoveToEx
Rectangle
CreatePen
TextOutW
CreateFontIndirectW
SetTextColor
SetBkMode
SetTextCharacterExtra
SetViewportOrgEx
SetDIBColorTable
GetDIBColorTable
StretchBlt
DeleteDC

comdlg32

ChooseFontW

advapi32

OpenServiceW
CloseServiceHandle
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyW
QueryServiceStatus
OpenSCManagerW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
GetTokenInformation
OpenProcessToken
LookupAccountSidW
GetUserNameW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

SHGetSpecialFolderLocation
SHCreateDirectoryExW
SHGetDataFromIDListW
SHBindToParent
SHParseDisplayName
SHChangeNotify
ord192
ord72
SHGetFileInfoW
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW

ole32

CoCreateGuid
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

OleLoadPicture
DispCallFunc
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
VarUI4FromStr
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString

shlwapi

PathAppendW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW

ws2_32

GetAddrInfoW
WSASetLastError
WSACleanup
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAConnect
WSAGetOverlappedResult
WSASend
WSAResetEvent
FreeAddrInfoW
WSARecv
WSAEventSelect
WSASetEvent
WSACreateEvent
WSAStartup
closesocket
WSASocketW

psapi

GetProcessImageFileNameW

comctl32

InitCommonControlsEx
ImageList_GetIconSize
ImageList_Destroy
ImageList_Draw
_TrackMouseEvent

msimg32

AlphaBlend
TransparentBlt

gdiplus

GdipFree
GdipAlloc
GdipDeleteGraphics
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCloneImage
GdipCreateBitmapFromStream
GdipDisposeImage

wininet

InternetCheckConnectionW
HttpOpenRequestW
InternetSetOptionW
HttpSendRequestW
InternetErrorDlg
InternetQueryDataAvailable
InternetReadFile
HttpQueryInfoW
InternetOpenW
InternetConnectW
InternetCloseHandle

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

crypt32

CertFreeCertificateContext
CryptQueryObject
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptDecodeObject
CertGetNameStringW

wintrust

WinVerifyTrust

Sections

.text
Size: 667KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 487KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05eaeb1dfe1c050bb5654238b1a3a252

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

34:62:05:4a:5e:fe:75:45:48:7f:4f:15:48:70:8c:b4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

49:dc:f4:f5:06:e0:9e:86:6b:a5:36:a7:db:b7:7b:e1:61:ef:6e:67Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

psapi

comctl32

msimg32

gdiplus

wininet

version

crypt32

wintrust

Sections

.text Size: 667KB - Virtual size: 667KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 16KB - Virtual size: 25KB

.rsrc Size: 487KB - Virtual size: 486KB

.reloc Size: 34KB - Virtual size: 33KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

34:62:05:4a:5e:fe:75:45:48:7f:4f:15:48:70:8c:b4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

49:dc:f4:f5:06:e0:9e:86:6b:a5:36:a7:db:b7:7b:e1:61:ef:6e:67
Signer

.text
Size: 667KB - Virtual size: 667KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 16KB - Virtual size: 25KB

.rsrc
Size: 487KB - Virtual size: 486KB

.reloc
Size: 34KB - Virtual size: 33KB