2024-02-04_a56c2be54cc59b1b0eae6f4f70d6477c_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-04_a56c2be54cc59b1b0eae6f4f70d6477c_mafia
Size

311KB
MD5

a56c2be54cc59b1b0eae6f4f70d6477c
SHA1

7d5233f25696d666bbb4e1b0224fc3f5c2a6de94
SHA256

abf3de653e1ac75170479adf1e110283a853bb64bbc95cc5c8bd1127997b273b
SHA512

f1f747aabae5bbb05c4c8afa28e8a88f07a750ce56e5d02342241d0f3e5e2005767c76b7902b78d854996b3450b0b363149b47677eeb22c04c7420c4a98a4393
SSDEEP

6144:VnNZE6+UbhFRV71GqM+bUkLd1gvXW+l1aoiyfMGDWQxip:vZE6+UbhFRVcqjbUIgvXW+l1BfZip

Score

1^/10

Malware Config

Signatures

Files

2024-02-04_a56c2be54cc59b1b0eae6f4f70d6477c_mafia
.exe windows:5 windows x86 arch:x86

28dceba580203297db14c48f7922131d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:f7:9a:a9:33:5b:79:4d:70:77:9f:71:90:61:af:f2
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/01/2013, 00:00

Not After

26/01/2015, 12:00

Subject

CN=PSafe Tecnologia S.A.,O=PSafe Tecnologia S.A.,L=Rio de Janeiro,ST=Rio de Janeiro,C=BR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ff:fb:66:98:d5:32:84:8c:01:73:7d:19:cd:da:33:49:af:51:ca:63
Signer

Actual PE Digest

ff:fb:66:98:d5:32:84:8c:01:73:7d:19:cd:da:33:49:af:51:ca:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Builds\23\PSafe\PROD_PsProtege\Binaries\installers\protege\es\0\ProtegeSetup.pdb

Imports

kernel32

GlobalFree
LockResource
CreateMutexA
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
EnterCriticalSection
SetLastError
GetLastError
RaiseException
FlushInstructionCache
GlobalUnlock
LeaveCriticalSection
Sleep
GetCurrentProcess
HeapFree
CreateEventA
HeapAlloc
GetProcessHeap
SizeofResource
GlobalAlloc
InitializeCriticalSection
GetModuleHandleW
GlobalLock
LoadResource
FindResourceW
DeleteFileW
GetCommandLineW
SetEndOfFile
SetStdHandle
WriteConsoleW
CreateFileW
FlushFileBuffers
SetFilePointer
ReadFile
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
LoadLibraryW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
SetEvent
ReleaseSemaphore
TlsAlloc
TlsFree
TlsGetValue
WaitForSingleObject
GetCurrentProcessId
OpenEventA
ResetEvent
TlsSetValue
ResumeThread
GetTickCount
LocalFree
FormatMessageA
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
InitializeCriticalSectionAndSpinCount
TerminateProcess
CreateProcessW
GetExitCodeProcess
GetProcAddress
LocalAlloc
lstrcpyW
lstrcmpA
GetEnvironmentVariableW
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetCPInfo
RtlUnwind
LCMapStringW
ExitThread
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapSize
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
GetConsoleCP
GetConsoleMode

user32

MonitorFromWindow
GetWindowLongW
SetWindowLongW
SetWindowPos
GetActiveWindow
MessageBoxW
GetAsyncKeyState
GetDlgItem
SendMessageW
MapWindowPoints
GetClientRect
GetParent
GetMonitorInfoW
DefWindowProcW
DialogBoxParamW
UnregisterClassA
GetWindowThreadProcessId
EnumWindows
GetWindowRect
GetWindow
EndDialog

advapi32

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal

wininet

InternetOpenW
HttpQueryInfoW
InternetReadFile
InternetSetFilePointer
InternetCloseHandle
InternetOpenUrlW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW

gdiplus

GdiplusShutdown
GdiplusStartup
GdipFree
GdipDeleteFont
GdipDeleteGraphics
GdipDrawImageRectI
GdipDeleteFontFamily
GdipCreateSolidFill
GdipAlloc
GdipDisposeImage
GdipCreateFont
GdipDeleteBrush
GdipCreateBitmapFromStream
GdipDrawString
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipCloneImage

crypt32

CryptQueryObject
CertCloseStore
CryptMsgClose
CryptDecodeObject
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CryptMsgGetParam

wintrust

WinVerifyTrust

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28dceba580203297db14c48f7922131d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

07:f7:9a:a9:33:5b:79:4d:70:77:9f:71:90:61:af:f2Certificate

Extended Key Usages

Key Usages

ff:fb:66:98:d5:32:84:8c:01:73:7d:19:cd:da:33:49:af:51:ca:63Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

wininet

gdiplus

crypt32

wintrust

Sections

.text Size: 204KB - Virtual size: 203KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 16KB - Virtual size: 26KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 28KB - Virtual size: 27KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

07:f7:9a:a9:33:5b:79:4d:70:77:9f:71:90:61:af:f2
Certificate

ff:fb:66:98:d5:32:84:8c:01:73:7d:19:cd:da:33:49:af:51:ca:63
Signer

.text
Size: 204KB - Virtual size: 203KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 16KB - Virtual size: 26KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 28KB - Virtual size: 27KB