2024-01-25_19a40c7746ccc8228d55ddbd851c8db6_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-25_19a40c7746ccc8228d55ddbd851c8db6_mafia
Size

1.7MB
MD5

19a40c7746ccc8228d55ddbd851c8db6
SHA1

07ec21e58ed65f6cd23ee4ead37b0e69d99256e4
SHA256

8071cd8fd044e40a453ec11aa072853afd6e704712c3d411af470917b7c6df45
SHA512

83eceecb27545361cbf0c93e851fbd4e4425a2fa9e079d1ac05f62b4939af33391631cd30a9d33bc303119c15efa07b2cad1a8896cba1785d3725046421243f4
SSDEEP

49152:CoWRr+7qX94us9fsfIqqyeh1hWpymIYEW2bWp3goemzKFh0h3+2hxvoRk:6r+7qt4dfqIseh1hWYmIYEW2bWpQhL07

Score

1^/10

Malware Config

Signatures

Files

2024-01-25_19a40c7746ccc8228d55ddbd851c8db6_mafia
.exe windows:5 windows x86 arch:x86

e3089bf9271b915ae6d08de279af73f0

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:75:e4:ea:f3:56:36:c7:8a:86:58:88
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

07/04/2022, 02:07

Not After

28/05/2024, 02:08

Subject

SERIALNUMBER=110111-5216836,CN=Smartcrew Co.\,Ltd,O=Smartcrew Co.\,Ltd,STREET=43\, Digital-ro 34-gil,L=Guro-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b6:9a:22:ce:ef:cc:43:91:56:6e:a6:3c:36:02:72:6d:94:70:31:3b:a8:8c:77:41:fa:de:32:e6:62:2c:d4:2c
Signer

Actual PE Digest

b6:9a:22:ce:ef:cc:43:91:56:6e:a6:3c:36:02:72:6d:94:70:31:3b:a8:8c:77:41:fa:de:32:e6:62:2c:d4:2c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

nat

ord23
ord16
ord15
ord17
ord22
ord18
ord21
ord5

kernel32

SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsValidCodePage
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetSystemInfo
IsProcessorFeaturePresent
LCMapStringW
CompareStringW
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
VirtualAlloc
RaiseException
RtlUnwind
HeapReAlloc
HeapFree
HeapAlloc
GetStartupInfoW
HeapSetInformation
FindFirstFileExA
WideCharToMultiByte
CreateThread
ExitThread
GetFileType
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
FindResourceExW
HeapSize
VirtualProtect
SearchPathA
GetProfileIntA
GetNumberFormatA
GetWindowsDirectoryA
GetTempPathA
GetTempFileNameA
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesA
GetFileAttributesExA
GetACP
GetOEMCP
GetCPInfo
lstrcpyA
GlobalFlags
GetCurrentDirectoryA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
InterlockedIncrement
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
CreateFileA
lstrcmpiA
GetThreadLocale
HeapQueryInformation
ExitProcess
VirtualQuery
LocalAlloc
SizeofResource
LockResource
LoadResource
InitializeCriticalSectionAndSpinCount
FileTimeToLocalFileTime
FileTimeToSystemTime
WaitForSingleObject
ResumeThread
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
FindResourceA
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
LoadLibraryW
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalDeleteAtom
GetCurrentThreadId
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetModuleFileNameA
GetLocaleInfoA
CompareStringA
ActivateActCtx
DeactivateActCtx
InterlockedExchange
lstrcmpA
GetModuleHandleW
GetLastError
SetLastError
CopyFileA
GlobalSize
FormatMessageA
LocalFree
lstrlenW
MulDiv
lstrlenA
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThread
SetThreadPriority
CreateDirectoryA
TerminateProcess
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
GetTickCount
Sleep
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
OpenProcess
GetCommandLineA
GetCurrentProcessId
FindResourceW

user32

MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
UnionRect
GetKeyNameTextA
RegisterClipboardFormatA
CopyImage
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateA
GetSystemMenu
LoadMenuW
SetClassLongA
GetAsyncKeyState
NotifyWinEvent
DestroyAcceleratorTable
SetParent
IsZoomed
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadImageA
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorA
DestroyIcon
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IntersectRect
IsRectEmpty
CopyAcceleratorTableA
OffsetRect
CharNextA
DestroyMenu
GetMenuItemInfoA
InflateRect
UnregisterClassA
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoA
SetRectEmpty
RealChildWindowFromPoint
DeleteMenu
WaitMessage
LoadCursorW
LoadCursorA
CharUpperA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
EndPaint
BeginPaint
UpdateLayeredWindow
ReleaseDC
CharUpperBuffA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetWindowThreadProcessId
ShowOwnedPopups
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetDesktopWindow
CreateDialogIndirectParamA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
IsMenu
CreateMenu
PostThreadMessageA
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowRgn
DestroyCursor
SubtractRect
MapVirtualKeyExA
IsCharLowerA
GetWindowDC
GetDoubleClickTime
GetMenu
SetWindowLongA
SetWindowPos
CopyIcon
LoadImageW
GrayStringA
EmptyClipboard
GetWindow
UnhookWindowsHookEx
PostQuitMessage
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetWindowRect
SetWindowRgn
ReleaseCapture
WindowFromPoint
ClientToScreen
SetCapture
GetCapture
GetActiveWindow
GetParent
PtInRect
SetRect
GetDC
GetWindowLongA
LoadBitmapW
SetCursor
UpdateWindow
InvalidateRect
RedrawWindow
GetSysColor
KillTimer
PostMessageA
EnableWindow
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SetTimer
FindWindowA
SendMessageA
LoadIconW
GetClassInfoA
GetSysColorBrush

gdi32

GetObjectType
CreatePen
SelectClipRgn
CreateHatchBrush
CreateDIBitmap
CreateRectRgnIndirect
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
GetTextExtentPoint32A
GetBkColor
GetTextColor
GetRgnBox
SetRectRgn
PatBlt
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
SelectPalette
SetDIBColorTable
SetPixel
Rectangle
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceA
SetPixelV
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
OffsetRgn
CreateSolidBrush
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetTextColor
CreateDCA
CopyMetaFileA
GetDeviceCaps
CombineRgn
CreateDIBSection
DeleteDC
SetBkColor
BitBlt
GetMapMode
SetMapMode
CreateBitmap
DPtoLP
StretchBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject
CreateFontIndirectA
GetStockObject
GetObjectA

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCloseKey
RegEnumValueA

shell32

ShellExecuteA
SHGetFileInfoA
DragFinish
DragQueryFileA
SHGetDesktopFolder
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderPathA
SHAppBarMessage
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathGetArgsA
StrFormatByteSize64A
PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoTaskMemFree
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitialize
CoUninitialize
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateGuid
CLSIDFromProgID
CLSIDFromString
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocStringByteLen

oledlg

ord8

ws2_32

recv
WSAGetLastError
select
connect
setsockopt
htons
inet_addr
closesocket
socket
WSACleanup
WSAStartup

wininet

InternetOpenUrlA
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetOpenA

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3089bf9271b915ae6d08de279af73f0

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

28:75:e4:ea:f3:56:36:c7:8a:86:58:88Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

b6:9a:22:ce:ef:cc:43:91:56:6e:a6:3c:36:02:72:6d:94:70:31:3b:a8:8c:77:41:fa:de:32:e6:62:2c:d4:2cSigner

Headers

DLL Characteristics

File Characteristics

Imports

nat

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

ws2_32

wininet

psapi

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 273KB - Virtual size: 273KB

.data Size: 25KB - Virtual size: 54KB

.rsrc Size: 48KB - Virtual size: 47KB

.reloc Size: 167KB - Virtual size: 167KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

28:75:e4:ea:f3:56:36:c7:8a:86:58:88
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

b6:9a:22:ce:ef:cc:43:91:56:6e:a6:3c:36:02:72:6d:94:70:31:3b:a8:8c:77:41:fa:de:32:e6:62:2c:d4:2c
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 273KB - Virtual size: 273KB

.data
Size: 25KB - Virtual size: 54KB

.rsrc
Size: 48KB - Virtual size: 47KB

.reloc
Size: 167KB - Virtual size: 167KB