2024-01-28_17ac7ea2d1e6608aa519cc76d1a46de8_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-28_17ac7ea2d1e6608aa519cc76d1a46de8_mafia
Size

11.3MB
MD5

17ac7ea2d1e6608aa519cc76d1a46de8
SHA1

c563d25ac2008747ae1f5322e3b72fa543f06825
SHA256

d71e2f423a9309a0f3cd06ffebae074d74fe6b660171e9d0ee9f64107727bfd3
SHA512

a0eaef38a0501151a98d76fd1de898cfe84a8f3b76693a5572ea9cc1f5fbec6d80a39128a84493893cc35f92e99d90e67edc1ce146afe812488721fe30c4a22a
SSDEEP

196608:vipYe5T4dQ359OYAIsX0bE+dXBD6p1PN9bhD:vipYJ45g0bE6RDs1PbhD

Score

1^/10

Malware Config

Signatures

Files

2024-01-28_17ac7ea2d1e6608aa519cc76d1a46de8_mafia
.exe windows:5 windows x86 arch:x86

a2a304fd41412697744bbfa46c8c90ec

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

73:57:8c:71:6d:b3:95:53:13:7d:f3:09:73:18:ab:fe
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:58:58:69:9c:f5:c0:34:fb:a8:3e:3e:ad:6f:ac:a0
Certificate

Issuer

CN=COMODO Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/06/2011, 00:00

Not After

20/06/2012, 23:59

Subject

CN=3Planesoft,O=3Planesoft,POSTALCODE=160012,STREET=74 Sovetski prospekt,L=Vologda,ST=Vologda region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ab:42:d4:9f:0c:7b:2f:74:ca:f0:95:87:2c:9a:5a:ce:5a:99:bc:88
Signer

Actual PE Digest

ab:42:d4:9f:0c:7b:2f:74:ca:f0:95:87:2c:9a:5a:ce:5a:99:bc:88

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3dx9_43

D3DXOptimizeFaces
D3DXOptimizeVertices
D3DXAssembleShaderFromFileA
D3DXAssembleShaderFromResourceA
D3DXMatrixTransformation
D3DXCreateCubeTexture
D3DXLoadSurfaceFromFileInMemory
D3DXMatrixRotationX
D3DXMatrixScaling
D3DXMatrixLookAtLH
D3DXMatrixReflect
D3DXVec3TransformNormal
D3DXMatrixRotationYawPitchRoll
D3DXMatrixRotationAxis
D3DXSaveSurfaceToFileA
D3DXPlaneFromPoints
D3DXAssembleShader
D3DXGetFVFVertexSize
D3DXVec3Transform
D3DXVec3TransformCoord
D3DXMatrixRotationY
D3DXVec3Normalize
D3DXMatrixInverse
D3DXMatrixTranspose
D3DXCreateTextureFromResourceExA
D3DXCreateTextureFromFileExA
D3DXCreateTextureFromFileInMemoryEx
D3DXMatrixPerspectiveFovLH
D3DXMatrixTranslation
D3DXMatrixMultiply

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetFileSize
UnmapViewOfFile
GetProcAddress
MultiByteToWideChar
LoadLibraryW
FreeLibrary
CreateThread
CloseHandle
CreateMutexA
GetModuleHandleA
GetModuleFileNameA
OpenEventA
LockResource
GetLastError
GetSystemDirectoryA
CreateProcessA
CreateEventA
GetVolumeInformationA
GetCommandLineA
GetDateFormatA
GetWindowsDirectoryA
SetEvent
WaitForSingleObject
SetUnhandledExceptionFilter
LoadResource
SetErrorMode
FindResourceA
MapViewOfFile
CreateFileMappingA
SetEnvironmentVariableA
CompareStringW
CreateFileW
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetProcessHeap
SetEndOfFile
SetStdHandle
GetDriveTypeW
GetStringTypeW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ReadFile
SetFilePointer
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
SetHandleCount
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetCurrentDirectoryW
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
HeapCreate
GetTimeZoneInformation
GetLocaleInfoW
GetModuleFileNameW
GetStdHandle
WriteFile
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetTimeFormatA
LocalAlloc
InterlockedExchangeAdd
InterlockedExchange
Sleep
SizeofResource
FreeResource
GetFileAttributesA
CreateDirectoryA
DeleteFileA
MoveFileA
GetVersionExA
GetSystemInfo
lstrcpyA
LoadLibraryA
lstrcmpA
lstrcatA
GetLocalTime
CreateFileA
SetSystemPowerState
GetDevicePowerState
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcess
GetLocaleInfoA
WideCharToMultiByte
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
lstrlenA
GetCurrentThreadId
GetCurrentProcessId
FindFirstFileA
FindClose
EnumResourceNamesA
EnumResourceTypesA
lstrcpynA
ResumeThread
SuspendThread
TerminateThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetExitCodeProcess
LocalFree
LocalLock
LocalUnlock
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
LCMapStringW
InterlockedCompareExchange
EncodePointer
DecodePointer
HeapFree
FileTimeToSystemTime
GetDriveTypeA
FindFirstFileExA
GetModuleHandleW
ExitProcess
HeapSetInformation
GetStartupInfoW
HeapAlloc
RaiseException
RtlUnwind
HeapReAlloc

user32

AppendMenuA
CreatePopupMenu
ShowWindow
GetCursorPos
GetDesktopWindow
PeekMessageA
CreateWindowExA
GetWindowTextA
GetForegroundWindow
PostMessageA
RegisterWindowMessageA
LoadImageA
GetKeyState
TrackPopupMenu
GetWindowRect
SetCursor
DestroyWindow
MessageBoxA
DispatchMessageA
GetSystemMetrics
TranslateMessage
DestroyMenu
LoadStringA
GetDC
GetIconInfo
DialogBoxParamA
EndDialog
SetWindowPos
wsprintfA
InvalidateRect
SetSysColors
GetSysColor
PrintWindow
SetForegroundWindow
GetWindowLongA
SendMessageA
GetClientRect
ScreenToClient
UpdateWindow
ValidateRect
GetParent
IsWindow
GetClassNameA
SystemParametersInfoA
LoadCursorA
EnumChildWindows
EnumWindows
LoadIconA
RegisterClassA
AdjustWindowRect
FindWindowExA
CloseWindow
EnumDisplayDevicesA
EnumDisplaySettingsA
MonitorFromRect
PostQuitMessage
DefWindowProcA
GetClassLongA
SetRect
FindWindowA
SetCursorPos
ShowCursor
SetTimer
GetWindowDC
ReleaseDC

advapi32

RegOpenKeyExA
RegEnumKeyA
RegEnumValueA
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegFlushKey
RegCreateKeyExA
RegSetValueExA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteValueA
RegQueryInfoKeyA

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteA

msimg32

TransparentBlt

d3d9

Direct3DCreate9

winmm

mmioSetInfo
mmioAdvance
mmioSeek
mmioClose
mmioOpenA
mmioAscend
mmioDescend
mmioGetInfo
mmioRead
timeGetTime

dinput8

DirectInput8Create

powrprof

GetCurrentPowerPolicies
SetSuspendState
CallNtPowerInformation

dsound

ord11
ord2

gdi32

GetDIBits
GetObjectA
SetDIBits
CreateDIBSection
DeleteObject
DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
BitBlt

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysAllocString
SysAllocStringLen

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

j.jhcow0
Size: 496KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

STLPORT_
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

31txxyyi
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

e7b.bcvw
Size: 268KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

a1jnget8
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2a304fd41412697744bbfa46c8c90ec

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

73:57:8c:71:6d:b3:95:53:13:7d:f3:09:73:18:ab:feCertificate

Key Usages

47:58:58:69:9c:f5:c0:34:fb:a8:3e:3e:ad:6f:ac:a0Certificate

Extended Key Usages

Key Usages

ab:42:d4:9f:0c:7b:2f:74:ca:f0:95:87:2c:9a:5a:ce:5a:99:bc:88Signer

Headers

DLL Characteristics

File Characteristics

Imports

d3dx9_43

version

kernel32

user32

advapi32

shell32

msimg32

d3d9

winmm

dinput8

powrprof

dsound

gdi32

ole32

oleaut32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

j.jhcow0 Size: 496KB - Virtual size: 500KB

.data Size: 42KB - Virtual size: 324KB

STLPORT_ Size: 512B - Virtual size: 4KB

.rsrc Size: 8.5MB - Virtual size: 8.5MB

31txxyyi Size: 172KB - Virtual size: 172KB

e7b.bcvw Size: 268KB - Virtual size: 272KB

a1jnget8 Size: 112KB - Virtual size: 112KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

73:57:8c:71:6d:b3:95:53:13:7d:f3:09:73:18:ab:fe
Certificate

47:58:58:69:9c:f5:c0:34:fb:a8:3e:3e:ad:6f:ac:a0
Certificate

ab:42:d4:9f:0c:7b:2f:74:ca:f0:95:87:2c:9a:5a:ce:5a:99:bc:88
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

j.jhcow0
Size: 496KB - Virtual size: 500KB

.data
Size: 42KB - Virtual size: 324KB

STLPORT_
Size: 512B - Virtual size: 4KB

.rsrc
Size: 8.5MB - Virtual size: 8.5MB

31txxyyi
Size: 172KB - Virtual size: 172KB

e7b.bcvw
Size: 268KB - Virtual size: 272KB

a1jnget8
Size: 112KB - Virtual size: 112KB