2024-01-25_5d3ba1056ceb9156e22eee2dedc416c1_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-25_5d3ba1056ceb9156e22eee2dedc416c1_mafia
Size

1.7MB
MD5

5d3ba1056ceb9156e22eee2dedc416c1
SHA1

16f24aa353e59e6d8b70d95cb617b6ed166027e3
SHA256

98a182c2721525faec62d6e08a21d7afba374946625656ad12f7bb0a727a9259
SHA512

f41b8291bf2ef93d3451916b827cf86ace439435f561629cc7829f50f488e162364116999f48b486728ba3314cfd9384e716b40c6571ad4d0f08640532e7c4ca
SSDEEP

24576:GpUpQVsvOmuEKKYJkwrsrIZmDnqxc8nX2OD9FLB7DrneLODQayAjnIGTQKIfP872:hf0YcMns5XDs/SDT2fP8mz

Score

1^/10

Malware Config

Signatures

Files

2024-01-25_5d3ba1056ceb9156e22eee2dedc416c1_mafia
.exe windows:5 windows x86 arch:x86

d3310ce6cbcacb3a9f0809bc33e38abe

Code Sign

59:7e:4e:45:cb:c1:15:bb:a6:40:26:02:e8:9c:bf:45
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

26/02/2018, 00:00

Not After

27/02/2020, 23:59

Subject

CN=Oracle America\, Inc.,OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:85:5f:3d:56:73:b6:df:a8:91:c9:eb:88:76:a5:f9:c8:e7:13:09
Signer

Actual PE Digest

71:85:5f:3d:56:73:b6:df:a8:91:c9:eb:88:76:a5:f9:c8:e7:13:09

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

jli

JLI_CmdToArgs
JLI_GetStdArgc
JLI_MemAlloc
JLI_GetStdArgs
JLI_Launch

msvcr100

_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_initterm
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
getenv
printf
__argc
__argv
__set_app_type

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
SetUnhandledExceptionFilter
EncodePointer
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCommandLineA
GetCurrentProcessId

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3310ce6cbcacb3a9f0809bc33e38abe

Code Sign

59:7e:4e:45:cb:c1:15:bb:a6:40:26:02:e8:9c:bf:45Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

71:85:5f:3d:56:73:b6:df:a8:91:c9:eb:88:76:a5:f9:c8:e7:13:09Signer

Headers

DLL Characteristics

File Characteristics

Imports

jli

msvcr100

kernel32

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 956B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 478B

59:7e:4e:45:cb:c1:15:bb:a6:40:26:02:e8:9c:bf:45
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

71:85:5f:3d:56:73:b6:df:a8:91:c9:eb:88:76:a5:f9:c8:e7:13:09
Signer

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 956B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 478B