2024-01-29_541af502f92fbdca5d8b7a07dfd24c83_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-29_541af502f92fbdca5d8b7a07dfd24c83_mafia
Size

316KB
MD5

541af502f92fbdca5d8b7a07dfd24c83
SHA1

f8e8047e918bdd815ed6470823a64e5c6af0830b
SHA256

c5b099096e46c7f4a1329034bdb8842c005f5252739deccd280a06ac756ddd3a
SHA512

73aad3756724cc4d9a826caa9882a42b40c0032c1c6507fd402746fad4a69a329e2b743471df242549e1d737c1d604a259066bc99cfd7e82bb8c953f0babb110
SSDEEP

6144:1AUCfXHdl9t0yZ6tMUFfKCpBKwU9eOS9IszmlLpkIliHMBuTtpntSO:1AUCfXoS9Kf1pU9etGlLiIMsYYO

Score

1^/10

Malware Config

Signatures

Files

2024-01-29_541af502f92fbdca5d8b7a07dfd24c83_mafia
.exe windows:5 windows x86 arch:x86

a4241a67717103e2ce25c111286dfe70

Code Sign

18:49:37:83:26:07:2d:07:1b:90:15:9b:cb:cd:0b:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/02/2014, 00:00

Not After

04/04/2016, 23:59

Subject

CN=Interactive Data Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Interactive Data Corporation,L=Bedford,ST=Maryland,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f9:27:b2:22:72:99:c0:59:a5:0e:b2:94:4b:95:01:f3:81:7a:a0:6d
Signer

Actual PE Digest

f9:27:b2:22:72:99:c0:59:a5:0e:b2:94:4b:95:01:f3:81:7a:a0:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Work\Rtd2.v213\Release\RtdSetupHelperW.pdb

Imports

kernel32

LocalAlloc
FormatMessageA
lstrlenA
CreateFileW
SetStdHandle
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetFilePointer
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
InterlockedDecrement
GetBinaryTypeA
GetCurrentProcess
ExpandEnvironmentStringsA
GetCommandLineA
OpenProcess
GetConsoleWindow
CreateProcessA
CopyFileA
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
IsWow64Process
CreateFileA
GetLocaleInfoA
InterlockedIncrement
GetTickCount
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
LeaveCriticalSection
GetFileAttributesA
ReadFile
GetModuleFileNameW
CreateDirectoryA
InterlockedExchange
FindFirstFileA
GetLastError
SetLastError
lstrcmpiA
EnterCriticalSection
FindClose
GetModuleFileNameA
FindNextFileA
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcessId
GetTempPathA
LocalFree
DeleteFileA
MultiByteToWideChar
EncodePointer
DecodePointer
HeapFree
GetModuleHandleW
ExitProcess
HeapSetInformation
GetStartupInfoW
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
RtlUnwind
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsProcessorFeaturePresent
HeapCreate
GetStdHandle
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount

ole32

CoUninitialize
CoInitialize

shlwapi

PathCanonicalizeA
PathFindFileNameA
PathCombineA

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

user32

EnumWindows
wsprintfA
GetClassNameA
GetWindowTextA
SendMessageA

advapi32

ControlService
RegOpenKeyExA
RegCloseKey
OpenProcessToken
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
OpenSCManagerA
QueryServiceStatus
StartServiceA
CreateServiceA
DeleteService
CloseServiceHandle
OpenServiceA
GetTokenInformation

shell32

ShellExecuteA
SHGetFolderPathA

oleaut32

VariantClear

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4241a67717103e2ce25c111286dfe70

Code Sign

18:49:37:83:26:07:2d:07:1b:90:15:9b:cb:cd:0b:40Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f9:27:b2:22:72:99:c0:59:a5:0e:b2:94:4b:95:01:f3:81:7a:a0:6dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

shlwapi

psapi

user32

advapi32

shell32

oleaut32

Sections

.text Size: 235KB - Virtual size: 234KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 21KB - Virtual size: 20KB

18:49:37:83:26:07:2d:07:1b:90:15:9b:cb:cd:0b:40
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f9:27:b2:22:72:99:c0:59:a5:0e:b2:94:4b:95:01:f3:81:7a:a0:6d
Signer

.text
Size: 235KB - Virtual size: 234KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 21KB - Virtual size: 20KB