2024-01-27_d5bf2d1f33c460e63de263a74d9c7ab2_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-27_d5bf2d1f33c460e63de263a74d9c7ab2_mafia
Size

1.1MB
MD5

d5bf2d1f33c460e63de263a74d9c7ab2
SHA1

83435069bb774ab1fe94b178e7a3a6cd3386f630
SHA256

b133715f769d5a8aa6092285c0e4845a643467595725874c1d613c355c9c300a
SHA512

14540126067c2ae8615b565fe789974010b41162255310c00d6ac955506372234bf36c935e30da25504ff92eadf396222e619251235f70ccbbd960760ac8d540
SSDEEP

24576:V/vj0SL7o+yk+ku8nNsYeu+U9MubVNtMmldKrhnq0eNFjUGRW+:NvjXokimNsY+U9MubVNtMlro0e3jUGJ

Score

1^/10

Malware Config

Signatures

Files

2024-01-27_d5bf2d1f33c460e63de263a74d9c7ab2_mafia
.exe windows:5 windows x86 arch:x86

c0bd12d75dbaa5be4db491feb385611d

Code Sign

ec:f9:01:c0:b6:7b:4c:6c:7a:42:df:10:90:d0:44:dd
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24/09/2020, 00:00

Not After

04/09/2021, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ec:f9:01:c0:b6:7b:4c:6c:7a:42:df:10:90:d0:44:dd
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24/09/2020, 00:00

Not After

04/09/2021, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3b:2e:fa:8c:3b:87:37:65:54:f5:a0:1f:de:38:f2:74:15:f2:f1:06:c0:d5:e1:94:c3:e7:02:4f:76:6e:2f:e2
Signer

Actual PE Digest

3b:2e:fa:8c:3b:87:37:65:54:f5:a0:1f:de:38:f2:74:15:f2:f1:06:c0:d5:e1:94:c3:e7:02:4f:76:6e:2f:e2

Digest Algorithm

sha256

PE Digest Matches

true

28:1f:23:70:fe:3e:07:e2:a5:cd:14:94:ec:89:87:51:ee:3a:ef:c9
Signer

Actual PE Digest

28:1f:23:70:fe:3e:07:e2:a5:cd:14:94:ec:89:87:51:ee:3a:ef:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\nsmsrc\nsm\1280\1280\Ctl32\Release_unicode\PCIVideoVi.pdb

Imports

comctl32

ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_Create
ImageList_AddMasked
ImageList_Add
ImageList_LoadImageW
ImageList_Destroy
ImageList_DrawEx
ImageList_GetImageCount
ImageList_Draw

kernel32

VirtualQueryEx
IsBadReadPtr
DeleteFileW
ResumeThread
GetThreadContext
SuspendThread
GetExitCodeThread
OpenThread
CreateDirectoryW
GetFileAttributesW
CreateProcessW
GetSystemInfo
SetThreadPriority
LocalAlloc
WaitForMultipleObjects
LoadLibraryExW
SetUnhandledExceptionFilter
GetSystemTime
GlobalGetAtomNameW
ExpandEnvironmentStringsA
LoadLibraryA
SetEndOfFile
WriteConsoleW
FlushFileBuffers
GetConsoleMode
RaiseException
SetStdHandle
InterlockedExchange
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
GetFileType
SetHandleCount
FatalAppExitA
GetTimeZoneInformation
HeapSize
InitializeCriticalSectionAndSpinCount
GetStdHandle
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
GetStringTypeW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetTimeFormatW
DecodePointer
EncodePointer
HeapReAlloc
RtlUnwind
Beep
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
GetSystemDefaultLangID
WinExec
GetCurrentDirectoryW
SetCurrentDirectoryW
GetDateFormatW
LocalFree
GetProfileStringW
FormatMessageW
PulseEvent
CreateThread
GetProcessHeap
HeapAlloc
HeapFree
WriteFile
GlobalReAlloc
GetFileSize
ReadFile
CreateFileW
WideCharToMultiByte
FindResourceExW
GetCurrentProcess
GetProcessTimes
GetSystemTimeAsFileTime
OutputDebugStringW
GetTempPathW
GetLocalTime
GetModuleHandleW
SetLastError
ExitProcess
MultiByteToWideChar
GetCurrentProcessId
OpenProcess
GetUserDefaultUILanguage
GetUserDefaultLangID
GetModuleFileNameW
GetProcAddress
FreeLibrary
LoadLibraryW
GetVersion
GetVersionExW
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateEventW
ResetEvent
SetEvent
WaitForSingleObject
CloseHandle
GetCurrentThreadId
FindResourceW
LoadResource
LockResource
Sleep
CompareStringW
InterlockedDecrement
InterlockedIncrement
GetTickCount
GetLastError
GlobalDeleteAtom
GlobalAddAtomW
ExpandEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetConsoleCP
SetEnvironmentVariableA

user32

SetClipboardData
EmptyClipboard
OpenClipboard
SetMenuInfo
GetMenuInfo
RegisterClassExW
LoadIconW
GetClassInfoExW
FindWindowW
AdjustWindowRect
GetQueueStatus
TranslateAcceleratorW
LoadAcceleratorsW
InflateRect
SendMessageA
ShowCursor
GetDesktopWindow
EnableMenuItem
CheckMenuItem
IsMenu
SetMenu
TrackPopupMenuEx
GetMenuItemID
DeleteMenu
PostThreadMessageW
MoveWindow
SetClassLongW
IsDlgButtonChecked
SetWindowTextW
SetFocus
MapDialogRect
EndDialog
GetWindowTextW
GetWindowTextLengthW
IsDialogMessageW
IsIconic
SetForegroundWindow
DialogBoxIndirectParamW
DialogBoxParamW
CreateDialogIndirectParamW
GetMessageW
TranslateMessage
GetGuiResources
MessageBoxW
GetShellWindow
OpenDesktopW
GetMenuItemCount
CloseDesktop
EnumWindows
GetWindowThreadProcessId
GetSystemMetrics
GetIconInfo
SetCursor
DrawIcon
WinHelpW
GetMenu
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
GetDlgItemTextW
CreateDialogParamW
DispatchMessageW
MessageBoxIndirectW
PeekMessageW
PostQuitMessage
GetLastActivePopup
IntersectRect
DestroyCursor
SetDlgItemTextW
LoadImageW
FillRect
SystemParametersInfoW
CreatePopupMenu
AppendMenuW
SetMenuItemInfoW
CopyIcon
DestroyIcon
ReleaseDC
GetDC
LoadBitmapW
GetParent
LoadMenuW
IsWindowVisible
UpdateWindow
ReleaseCapture
KillTimer
GetCursorPos
SetTimer
GetCapture
IsChild
DestroyMenu
SetCapture
PtInRect
GetDlgCtrlID
GetMenuItemInfoW
InsertMenuItemW
GetKeyState
MessageBeep
EnumDesktopWindows
GetMenuStringW
wsprintfW
LoadStringW
GetSysColor
SendMessageW
SendDlgItemMessageW
PostMessageW
ShowWindow
GetClientRect
DefWindowProcW
CallWindowProcW
IsWindow
DestroyWindow
GetDlgItem
CreateWindowExW
RegisterClassW
CloseClipboard
LoadCursorW
GetWindowRect
SetRectEmpty
MapWindowPoints
SetWindowPos
SetRect
InvalidateRect
wvsprintfW
EnableWindow
GetWindowLongW
GetClassNameW
GetWindow
GetTopWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
EqualRect
DeferWindowPos
ValidateRect
GetSubMenu
RemovePropW
GetPropW
SetPropW
SetWindowLongW
EndPaint
BeginPaint
GetUpdateRect
DrawTextW
WindowFromPoint
ClientToScreen
IsZoomed
GetActiveWindow
OffsetRect
IsWindowEnabled

gdi32

CreateDIBSection
StretchBlt
ExtTextOutW
GetDIBits
SelectPalette
RealizePalette
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
CreateBitmap
SetBrushOrgEx
SetBkColor
GetTextExtentPoint32W
CreatePatternBrush
CreateFontIndirectW
GetTextMetricsW
CreateDCW
GetDeviceCaps
GetTextExtentPointW
CreateSolidBrush
PatBlt
SetPixel
CreatePen
MoveToEx
LineTo
RectVisible
SetTextColor
SetBkMode
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC
GetStockObject
TextOutW
GetObjectW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
ImpersonateLoggedOnUser
OpenProcessToken
RevertToSelf
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
LookupAccountSidW
GetTokenInformation
EqualSid
RegOpenKeyExA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameW
FreeSid
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
RegQueryValueExW
AllocateAndInitializeSid
RegCreateKeyExW

shell32

DragFinish
ExtractIconExW
SHGetFolderPathW
ShellExecuteW
DragQueryFileW

ole32

OleInitialize
OleUninitialize
CreateStreamOnHGlobal
CoCreateInstance

gdiplus

GdipAddPathLine
GdipAddPathCurve
GdipCreateCachedBitmap
GdipDeleteCachedBitmap
GdipDrawCachedBitmap
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromHBITMAP
GdipAddPathCurveI
GdipSetTextRenderingHint
GdipGetTextRenderingHint
GdipCloneBitmapAreaI
GdipFillRectanglesI
GdipCreatePathGradientFromPath
GdipSetPathGradientCenterColor
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipGetGenericFontFamilySansSerif
GdipAddPathArcI
GdipAddPathLineI
GdipClonePath
GdipCreateBitmapFromStreamICM
GdipCreatePath
GdipCreateBitmapFromStream
GdipDrawLineI
GdipCreateBitmapFromHICON
GdipMeasureString
GdipDrawRectangleI
GdipFillPath
GdipDeletePath
GdipResetClip
GdipSetClipPath
GdipDrawImageRectI
GdipDrawPath
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipDeletePen
GdipCreatePen1
GdipCreateLineBrushFromRectI
GdipCreateHICONFromBitmap
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipGetFontHeightGivenDPI
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipReleaseDC
GdipGetDC
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipImageRotateFlip
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipCreateFont
GdipCreateFontFamilyFromName
GdipAlloc
GdiplusStartup
GdipDeleteFont
GdipDeleteFontFamily
GdipFree
GdipDisposeImageAttributes

winmm

timeEndPeriod
timeGetTime
PlaySoundW
timeBeginPeriod

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 656KB - Virtual size: 655KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0bd12d75dbaa5be4db491feb385611d

Code Sign

ec:f9:01:c0:b6:7b:4c:6c:7a:42:df:10:90:d0:44:ddCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

ec:f9:01:c0:b6:7b:4c:6c:7a:42:df:10:90:d0:44:ddCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3b:2e:fa:8c:3b:87:37:65:54:f5:a0:1f:de:38:f2:74:15:f2:f1:06:c0:d5:e1:94:c3:e7:02:4f:76:6e:2f:e2Signer

28:1f:23:70:fe:3e:07:e2:a5:cd:14:94:ec:89:87:51:ee:3a:ef:c9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

gdiplus

winmm

version

Sections

.text Size: 656KB - Virtual size: 655KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 11KB - Virtual size: 27KB

.rsrc Size: 259KB - Virtual size: 259KB

.reloc Size: 27KB - Virtual size: 27KB

ec:f9:01:c0:b6:7b:4c:6c:7a:42:df:10:90:d0:44:dd
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

ec:f9:01:c0:b6:7b:4c:6c:7a:42:df:10:90:d0:44:dd
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3b:2e:fa:8c:3b:87:37:65:54:f5:a0:1f:de:38:f2:74:15:f2:f1:06:c0:d5:e1:94:c3:e7:02:4f:76:6e:2f:e2
Signer

28:1f:23:70:fe:3e:07:e2:a5:cd:14:94:ec:89:87:51:ee:3a:ef:c9
Signer

.text
Size: 656KB - Virtual size: 655KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 11KB - Virtual size: 27KB

.rsrc
Size: 259KB - Virtual size: 259KB

.reloc
Size: 27KB - Virtual size: 27KB