2024-02-04_6a23df68d5d7a43058c466b40b5f1ba1_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-04_6a23df68d5d7a43058c466b40b5f1ba1_mafia
Size

321KB
MD5

6a23df68d5d7a43058c466b40b5f1ba1
SHA1

2fe80501f156515f813ffb7dc095c3643a23aa4b
SHA256

8ddb5401d5bd0198914f4620af009fa8cbc25d811a6d94092655f7ce5ffc8f33
SHA512

68deed2b8b56565575be65c689c4d7633368c254cc854d73afeb8dafdd2738fcd5fb130072c56e675e07db49c4f15bd11604fab862469950a7ae7b9c4ee40d16
SSDEEP

6144:06xOq5eANqR9/IJUiePVr0IUOsKZ7XwmmgLwmUkOAbQl8n:06T514R9/7ie9wBOV9Xv0mtQl8n

Score

1^/10

Malware Config

Signatures

Files

2024-02-04_6a23df68d5d7a43058c466b40b5f1ba1_mafia
.exe windows:5 windows x86 arch:x86

3e72d55b5f38c4e1cfe76b355bd0cf25

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:24:2b:e7:cb:d2:ed:33:90:70:20:89:3b:77:b0:29
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05/09/2014, 00:00

Not After

05/09/2015, 23:59

Subject

CN=EXPERT NBS LIMITED,O=EXPERT NBS LIMITED,POSTALCODE=N8 9NX,STREET=72 Chettle Court\,Ridge Road Hornsey,L=London,ST=Greater London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

40:a0:d3:82:5d:ea:d6:66:0d:a6:7a:e7:09:8d:47:f1:b1:d2:6f:1c
Signer

Actual PE Digest

40:a0:d3:82:5d:ea:d6:66:0d:a6:7a:e7:09:8d:47:f1:b1:d2:6f:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFilePointer
ReadFile
WriteFile
CreateDirectoryW
SetCurrentDirectoryW
CopyFileW
DeleteFileW
MoveFileExW
FindFirstFileW
FindClose
FindNextFileW
GetLogicalDriveStringsW
QueryDosDeviceW
GetLastError
GetModuleFileNameW
GetTempPathW
GetTempFileNameW
FindResourceW
SizeofResource
LoadResource
LockResource
GetVersionExW
WaitForSingleObject
CreateEventW
OpenEventW
SetEvent
GetFileSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
OpenMutexW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateThread
OpenProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetCurrentProcessId
WideCharToMultiByte
lstrcmpA
lstrcmpiA
HeapDestroy
HeapReAlloc
HeapSize
CompareStringW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileW
GetFileAttributesW
CompareFileTime
SystemTimeToFileTime
GetSystemTime
HeapFree
MultiByteToWideChar
lstrlenA
GetProcessHeap
HeapAlloc
GetCommandLineW
lstrlenW
LocalFree
ResetEvent
FormatMessageW
LCMapStringW
GetStringTypeW
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetEnvironmentVariableA
LoadLibraryW
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
FatalAppExitA
GetLocaleInfoW
Sleep
GetTimeZoneInformation
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
GetTickCount
QueryPerformanceCounter
HeapCreate
GetCurrentThread
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
ExitProcess
GetModuleHandleW
GetProcAddress
SetUnhandledExceptionFilter
RaiseException
EncodePointer
DecodePointer
GetCurrentThreadId
ExitThread
HeapSetInformation
GetStartupInfoW
GetSystemTimeAsFileTime

user32

CharLowerBuffW
CharLowerBuffA
wsprintfW
wvsprintfW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegOpenCurrentUser
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegSetValueExW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

shell32

SHGetFolderPathW
SHFileOperationW
CommandLineToArgvW
ShellExecuteExW
ShellExecuteW

oleaut32

SysAllocStringByteLen
SysAllocStringLen
SysStringLen
SysFreeString
VariantClear
VariantCopy
VariantInit
SysAllocString
SysStringByteLen

shlwapi

StrToIntExW
StrCmpIW
StrCmpW
StrToIntExA
PathFileExistsW
StrStrIW

winhttp

WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpSendRequest
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpSetOption
WinHttpOpen
WinHttpReadData

rpcrt4

UuidCreate
UuidEqual
UuidToStringW
RpcStringFreeW
UuidCreateSequential

Sections

.text
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e72d55b5f38c4e1cfe76b355bd0cf25

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

2e:24:2b:e7:cb:d2:ed:33:90:70:20:89:3b:77:b0:29Certificate

Extended Key Usages

Key Usages

40:a0:d3:82:5d:ea:d6:66:0d:a6:7a:e7:09:8d:47:f1:b1:d2:6f:1cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

winhttp

rpcrt4

Sections

.text Size: 238KB - Virtual size: 237KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 10KB - Virtual size: 10KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

2e:24:2b:e7:cb:d2:ed:33:90:70:20:89:3b:77:b0:29
Certificate

40:a0:d3:82:5d:ea:d6:66:0d:a6:7a:e7:09:8d:47:f1:b1:d2:6f:1c
Signer

.text
Size: 238KB - Virtual size: 237KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 10KB - Virtual size: 10KB