2024-02-02_b5f61e04b718863b90ca7f50a5ddf08d_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-02_b5f61e04b718863b90ca7f50a5ddf08d_mafia
Size

1.1MB
MD5

b5f61e04b718863b90ca7f50a5ddf08d
SHA1

f4b688cabbbc3379d3dbd430d250323b7e8febd1
SHA256

6ed875d5e1c9718b497571f0a295b76a949f270353ed4f4bdc7b77d27edadc47
SHA512

7d485392d89794a6657f466a329254c5918815b4b836fc67ac05e95c00fd13243e573a8e877c8b9368dc72ef3773dce62d90e4b8e50e7032c913f379e0f983cc
SSDEEP

24576:Z6oyAIvu8qlvoYw98lNuTqSrP6wu0lhqlT+LGeTmcQm06:Yvu8vYw98lETqSHVqlTTeTmS06

Score

1^/10

Malware Config

Signatures

Files

2024-02-02_b5f61e04b718863b90ca7f50a5ddf08d_mafia
.exe windows:5 windows x86 arch:x86

12d01aa4d132e48ad3906fee993cfdde

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:85:e6:b4:33:5a:a8:51:6e:f8:34:b8:2d:3e:90:cc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/11/2011, 00:00

Not After

05/01/2013, 23:59

Subject

CN=NHN corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NHN corp.,L=Seongnam-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a0:b4:47:29:d6:7c:73:8c:e6:06:ea:d4:46:c0:ac:96:3a:37:32:e5
Signer

Actual PE Digest

a0:b4:47:29:d6:7c:73:8c:e6:06:ea:d4:46:c0:ac:96:3a:37:32:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

N:\export\ndrive\ndrive_client\12121.120409.2.42-real\build\output\pdb\release\NDriveUpgrader.pdb

Imports

kernel32

MulDiv
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
LoadLibraryExW
GlobalFree
GlobalReAlloc
CreateThread
LoadLibraryA
GetCurrentProcessId
ResetEvent
SetEvent
ResumeThread
CreateEventW
FreeResource
Sleep
CreateProcessW
FlushFileBuffers
GetCommandLineW
lstrcpynW
lstrcpyW
GetFullPathNameW
GetVersionExW
GetVersionExA
SetEndOfFile
SetStdHandle
CreateFileA
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FatalAppExitA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetHandleCount
lstrcmpW
GetLocaleInfoW
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
GetCPInfo
CompareStringW
GetStartupInfoW
HeapSetInformation
GetStdHandle
GetFileType
WriteConsoleW
VirtualQuery
GetSystemInfo
VirtualProtect
ExitThread
GetSystemTimeAsFileTime
RtlUnwind
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
HeapSize
HeapDestroy
DecodePointer
EncodePointer
InitializeCriticalSection
InterlockedCompareExchange
GetStringTypeW
GetCurrentProcess
FlushInstructionCache
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetProcAddress
RaiseException
ReadFile
SetNamedPipeHandleState
OpenProcess
WritePrivateProfileStringW
HeapReAlloc
lstrlenW
MultiByteToWideChar
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileStringW
LoadLibraryW
SetLastError
CreateDirectoryW
lstrlenA
OpenEventW
QueryDosDeviceW
GetCurrentThreadId
InterlockedExchange
FileTimeToSystemTime
WaitNamedPipeW
FileTimeToLocalFileTime
FormatMessageW
LocalLock
FindFirstFileW
GetLocalTime
SystemTimeToFileTime
DeleteFileW
FindNextFileW
FindClose
CreateMutexW
GetTickCount
WaitForSingleObject
ReleaseMutex
GetSystemTime
CreateFileW
GetLastError
OutputDebugStringW
CloseHandle
SetFilePointer
WriteFile
SetConsoleCtrlHandler

user32

DrawTextW
SendMessageTimeoutW
SetWindowLongW
GetWindowLongW
DispatchMessageW
TranslateMessage
GetMessageW
MessageBoxW
DefWindowProcW
CharNextW
CopyRect
GetSysColor
MoveWindow
PostQuitMessage
GetClientRect
ClientToScreen
ScreenToClient
GetDlgCtrlID
GetCapture
UpdateWindow
SetTimer
KillTimer
SystemParametersInfoW
DrawFocusRect
DrawEdge
PtInRect
InflateRect
FindWindowExW
DestroyIcon
DialogBoxParamW
GetSystemMetrics
DrawIconEx
IsWindowEnabled
PeekMessageW
GetActiveWindow
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetDlgItem
GetClassNameW
ReleaseCapture
FillRect
CallWindowProcW
EndPaint
BeginPaint
GetDesktopWindow
DestroyAcceleratorTable
GetWindow
GetFocus
DestroyWindow
CreateDialogParamW
SetWindowRgn
EndDialog
PostMessageW
LoadImageW
EqualRect
GetWindowRect
ExitWindowsEx
SetWindowPos
SetFocus
SendMessageW
IsWindow
GetClassInfoExW
LoadCursorW
RegisterClassExW
CreateWindowExW
CreateAcceleratorTableW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
GetMenu
ShowWindow
IsWindowVisible
EnableWindow
SetRect
AdjustWindowRectEx
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
UnregisterClassA

gdi32

DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectW
GetStockObject
CombineRgn
ExtCreateRegion
CreateDIBSection
ExtTextOutW
SelectObject
LineTo
MoveToEx
Rectangle
CreatePen
TextOutW
CreateFontIndirectW
SetTextColor
SetBkMode
SetViewportOrgEx
SetDIBColorTable
GetDIBColorTable
SetBkColor
DeleteObject
StretchBlt

comdlg32

ChooseFontW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
OpenServiceW
CloseServiceHandle
GetUserNameW
LookupAccountSidW
OpenProcessToken
GetTokenInformation
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
RegEnumKeyExW
RegCloseKey

shell32

SHBindToParent
ShellExecuteExW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHCreateDirectoryExW
SHGetDataFromIDListW
ShellExecuteW
SHParseDisplayName
SHChangeNotify
ord192
ord72

ole32

CoCreateGuid
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VariantClear
OleLoadPicture
DispCallFunc
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysFreeString
VariantInit
VarUI4FromStr
SysAllocString
SysStringLen
SysAllocStringLen

shlwapi

PathFindFileNameW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW

ws2_32

GetAddrInfoW
WSASetLastError
WSACleanup
FreeAddrInfoW
WSAEnumNetworkEvents
WSAGetLastError
WSAConnect
WSAGetOverlappedResult
WSASend
WSAResetEvent
WSARecv
WSAEventSelect
WSASetEvent
WSACreateEvent
WSAStartup
closesocket
WSASocketW
WSACloseEvent

psapi

GetProcessImageFileNameW

comctl32

_TrackMouseEvent
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
InitCommonControlsEx

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCloneImage
GdipFree

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetOpenW
HttpQueryInfoW
InternetReadFile
InternetErrorDlg
HttpSendRequestW
InternetSetOptionW
HttpOpenRequestW
InternetCheckConnectionW
InternetConnectW
InternetCloseHandle

Sections

.text
Size: 844KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12d01aa4d132e48ad3906fee993cfdde

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

17:85:e6:b4:33:5a:a8:51:6e:f8:34:b8:2d:3e:90:ccCertificate

Extended Key Usages

Key Usages

a0:b4:47:29:d6:7c:73:8c:e6:06:ea:d4:46:c0:ac:96:3a:37:32:e5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

psapi

comctl32

msimg32

gdiplus

version

wininet

Sections

.text Size: 844KB - Virtual size: 844KB

.rdata Size: 154KB - Virtual size: 153KB

.data Size: 19KB - Virtual size: 29KB

.idata Size: 13KB - Virtual size: 12KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 35KB - Virtual size: 34KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

17:85:e6:b4:33:5a:a8:51:6e:f8:34:b8:2d:3e:90:cc
Certificate

a0:b4:47:29:d6:7c:73:8c:e6:06:ea:d4:46:c0:ac:96:3a:37:32:e5
Signer

.text
Size: 844KB - Virtual size: 844KB

.rdata
Size: 154KB - Virtual size: 153KB

.data
Size: 19KB - Virtual size: 29KB

.idata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 35KB - Virtual size: 34KB