2024-01-25_e58a25ec4c06f9e90d8d4e2edad9f485_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-25_e58a25ec4c06f9e90d8d4e2edad9f485_mafia
Size

197KB
MD5

e58a25ec4c06f9e90d8d4e2edad9f485
SHA1

9450816dfa883f013be66a57b19256767a036e13
SHA256

45bfe11f2e55763da3996a55e33bbab6cdd52a141a000810c23c937dcfdb4268
SHA512

1f9863b6aa182ee7451a05546df31507dc71a0e58458c81385460ed1b2fe08fabcffadb4073da5c8bc745e2f66262711abe36c805c187d940957155308017813
SSDEEP

6144:4uHIY2cPEQAEWWGPEqLkdPKIQG+rsEcUfkKq:1HLPEpRHHkJKI3+rsEcU3q

Score

1^/10

Malware Config

Signatures

Files

2024-01-25_e58a25ec4c06f9e90d8d4e2edad9f485_mafia
.exe windows:5 windows x86 arch:x86

1d7ecec093cceeaf77061412eeeee0f5

Code Sign

15:f5:77:92:09:b1:7b:9a:43:67:f7:6c:42:83:51:03
Certificate

Issuer

CN=Blue Matrix I LLC

Not Before

16/08/2016, 13:03

Not After

16/08/2017, 13:03

Subject

CN=Blue Matrix I LLC

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a8:a7:72:3f:22:08:35:35:77:be:10:5d:78:36:86:0d:02:e1:d6:fe
Signer

Actual PE Digest

a8:a7:72:3f:22:08:35:35:77:be:10:5d:78:36:86:0d:02:e1:d6:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetNamedPipeHandleState
EnterCriticalSection
LeaveCriticalSection
ConnectNamedPipe
CloseHandle
ReadFile
WriteFile
WaitNamedPipeW
MultiByteToWideChar
Sleep
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
CreateFileW
CreateNamedPipeW
GetVersionExW
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LocalFree
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
lstrlenW
WriteConsoleW
SetStdHandle
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
InitializeCriticalSection
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RtlUnwind
LCMapStringW
GetCPInfo
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers

advapi32

RegCreateKeyExW
RegCloseKey
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
ConvertStringSidToSidW
FreeSid
CopySid
GetLengthSid
GetTokenInformation
RegSetValueExW

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d7ecec093cceeaf77061412eeeee0f5

Code Sign

15:f5:77:92:09:b1:7b:9a:43:67:f7:6c:42:83:51:03Certificate

Extended Key Usages

Key Usages

a8:a7:72:3f:22:08:35:35:77:be:10:5d:78:36:86:0d:02:e1:d6:feSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 144KB - Virtual size: 144KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 11KB

15:f5:77:92:09:b1:7b:9a:43:67:f7:6c:42:83:51:03
Certificate

a8:a7:72:3f:22:08:35:35:77:be:10:5d:78:36:86:0d:02:e1:d6:fe
Signer

.text
Size: 144KB - Virtual size: 144KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB