2024-02-02_88e9643eec0d20c99f40efe1ba61009c_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-02_88e9643eec0d20c99f40efe1ba61009c_mafia
Size

2.7MB
MD5

88e9643eec0d20c99f40efe1ba61009c
SHA1

f91d3130f4c9eca4fb08cccb954d18b218f3f9a4
SHA256

c9052ee21520b9d02515be892070a42c2c0022b8635cd39da6f0794a35979433
SHA512

4809e344a2f88fe8778b9824aec911549d694454f6c43aac0e8b5647c4b93229fe33b2cc0a8cd53bcf50da87043730a0986440a6a670d7bb40f37164ce423677
SSDEEP

49152:TVg2s51copOYVdjk2kJOMnxQTpRY/mMLiFjbGrI/MaGzLYDFh7gk50HZjr7bL3MW:SZLVdjnWnmTTY/Pi5bGrI/MaGzLYDFtG

Score

1^/10

Malware Config

Signatures

Files

2024-02-02_88e9643eec0d20c99f40efe1ba61009c_mafia
.exe windows:5 windows x86 arch:x86

4f207635b74799b186ed962bfba2e70e

Code Sign

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

01/01/2021, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:77:2b:ec:1c:e9:c7:89:62:f2:67:d9:37:73:c8:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

15/03/2012, 00:00

Not After

14/05/2014, 23:59

Subject

CN=Dreamsecurity Co.\, Ltd.,O=Dreamsecurity Co.\, Ltd.,L=Songpa,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gpkiapi_v15

GPKI_BASE64_Decode
GPKI_CMS_MakeSignedData
GPKI_BINSTR_SetData
GPKI_BINSTR_Delete
GPKI_CRYPT_Hash
GPKI_CMS_MakeEnvelopedData
GPKI_BINSTR_Create
GPKI_CRYPT_Decrypt
GPKI_CRYPT_GetKeyAndIV
GPKI_CRYPT_GenKeyAndIV
GPKI_CRYPT_Encrypt
GPKI_CRYPT_SetKeyAndIV
GPKI_API_Init
GPKI_API_Finish
GPKI_BASE64_Encode

mkhook

ord5
ord2
ord1
ord3

sensapi

IsNetworkAlive

wininet

InternetOpenA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetErrorDlg
InternetGetConnectedState
InternetConnectA

iphlpapi

GetAdaptersInfo

kernel32

VirtualProtect
FindResourceExW
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
EncodePointer
GetFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapFree
HeapAlloc
HeapReAlloc
RaiseException
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
SetStdHandle
GetFileType
HeapQueryInformation
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetDriveTypeW
CompareStringW
WriteConsoleW
GetCurrentDirectoryW
GetProcessHeap
CreateFileW
SetEnvironmentVariableA
GetFileSizeEx
GetFileAttributesA
GetFileAttributesExA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiA
lstrcpyA
GetCurrentDirectoryA
GetACP
GetOEMCP
GetCPInfo
GlobalFlags
GetThreadLocale
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedIncrement
SearchPathA
FileTimeToSystemTime
FindFirstFileA
FindNextFileA
FindClose
GetPrivateProfileIntA
ResumeThread
SetThreadPriority
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
InterlockedExchange
GetModuleHandleW
GetModuleFileNameA
FindResourceA
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LoadLibraryW
LoadLibraryA
lstrcmpW
lstrcmpA
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
FreeLibrary
GetModuleFileNameW
ActivateActCtx
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
SetLastError
WaitForSingleObject
QueryPerformanceCounter
GetCurrentThread
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
GlobalMemoryStatus
GetFileSize
ReadFile
InterlockedDecrement
GetSystemDirectoryA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetPriorityClass
Process32Next
InitializeCriticalSectionAndSpinCount
FormatMessageA
LocalFree
CreateMutexA
ReleaseMutex
ExitProcess
GetModuleHandleA
GetProcAddress
DeleteFileA
GetTempPathA
CopyFileA
GetLocalTime
CreateDirectoryA
CreateFileA
SetFilePointer
WriteFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetPrivateProfileStringA
WritePrivateProfileStringA
GetLastError
Sleep
lstrlenW
lstrlenA
GetTickCount
GetVersionExA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
GetTempFileNameA
GetProfileIntA
SetErrorMode
GetNumberFormatA
FileTimeToLocalFileTime
GetWindowsDirectoryA
DecodePointer

user32

SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
CopyIcon
CharUpperBuffA
GetDoubleClickTime
SubtractRect
DestroyCursor
GetWindowRgn
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFrameControl
DrawEdge
DrawStateA
SetClassLongA
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
DrawIconEx
CopyImage
GetIconInfo
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
GetAsyncKeyState
GetMenuDefaultItem
RedrawWindow
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
OffsetRect
CharNextA
PostThreadMessageA
CharUpperA
DestroyIcon
WindowFromPoint
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
DeleteMenu
RealChildWindowFromPoint
LoadCursorA
GetSysColorBrush
UnregisterClassA
DestroyMenu
GetMenuItemInfoA
SetWindowContextHelpId
MapDialogRect
WaitMessage
RegisterClipboardFormatA
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
ValidateRect
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
MapVirtualKeyA
GetKeyNameTextA
GetWindowThreadProcessId
IntersectRect
InflateRect
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
CreateMenu
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetWindowTextLengthA
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
CallWindowProcA
GetMenu
GetWindowLongA
SetWindowLongA
GetMenuState
GetMenuStringA
UnhookWindowsHookEx
GetMessageTime
GetForegroundWindow
GetDesktopWindow
GetWindowRect
AdjustWindowRectEx
SetRect
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
SetWindowPos
GetCursorPos
GetWindowTextA
GetClassNameA
PeekMessageA
PostQuitMessage
LoadImageA
GetSystemMetrics
LoadIconW
SetForegroundWindow
FindWindowA
KillTimer
SetTimer
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExA
IsCharLowerA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
IsIconic
GetSystemMenu
LoadMenuW
RemoveMenu
ModifyMenuA
InsertMenuA
GetSubMenu
GetMenuItemID
GetMenuItemCount
AppendMenuA
CreatePopupMenu
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
LockWindowUpdate
DrawIcon
SystemParametersInfoA
MessageBoxA
GetSysColor
ReleaseCapture
GetParent
GetFocus
SetCapture
GetCapture
InvalidateRect
UpdateWindow
GetClientRect
LoadBitmapW
PtInRect
SendMessageA
PostMessageA
GetDlgCtrlID
EnableWindow
GetWindow
SendDlgItemMessageA
BringWindowToTop

gdi32

SetMapMode
GetClipBox
ExcludeClipRect
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
OffsetWindowOrgEx
DPtoLP
GetTextMetricsA
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreatePolygonRgn
SetROP2
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
OffsetRgn
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceA
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
CreateRoundRectRgn
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetPixel
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
CreateDCA
CopyMetaFileA
GetDeviceCaps
GetObjectA
CreateFontIndirectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
CreateSolidBrush
GetTextExtentPoint32A
ScaleWindowExtEx
BitBlt
CreateCompatibleDC
CreateEllipticRgn
CreateBitmap
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
SetWindowExtEx

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueExA
RegEnumValueA
RegQueryValueA

shell32

SHBrowseForFolderA
SHGetSpecialFolderPathA
ShellExecuteA
SHGetFileInfoA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHAppBarMessage
Shell_NotifyIconA
DragQueryFileA
DragFinish

comctl32

ord17
ImageList_GetIconSize

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW

ole32

OleRun
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoDisconnectObject
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateGuid
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
CoInitializeEx
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoGetClassObject
CLSIDFromString

oleaut32

LoadTypeLi
SysStringLen
SysAllocStringLen
VariantChangeType
VariantCopy
VariantInit
SysFreeString
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringByteLen
SysAllocString
VarBstrFromDate
OleCreateFontIndirect
VariantClear
GetErrorInfo

oledlg

ord8

wsock32

htonl
ntohl
gethostname
WSACleanup
inet_addr
gethostbyname
WSAStartup
WSASetLastError

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipDrawImageI

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f207635b74799b186ed962bfba2e70e

Code Sign

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

36:77:2b:ec:1c:e9:c7:89:62:f2:67:d9:37:73:c8:20Certificate

Extended Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

gpkiapi_v15

mkhook

sensapi

wininet

iphlpapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

wsock32

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 373KB - Virtual size: 373KB

.data Size: 157KB - Virtual size: 188KB

.rsrc Size: 131KB - Virtual size: 130KB

.reloc Size: 225KB - Virtual size: 225KB

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

36:77:2b:ec:1c:e9:c7:89:62:f2:67:d9:37:73:c8:20
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 373KB - Virtual size: 373KB

.data
Size: 157KB - Virtual size: 188KB

.rsrc
Size: 131KB - Virtual size: 130KB

.reloc
Size: 225KB - Virtual size: 225KB