2024-02-12_a60d8a4bb2e8e49595f4fbab19bbef1a_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-12_a60d8a4bb2e8e49595f4fbab19bbef1a_mafia
Size

200KB
MD5

a60d8a4bb2e8e49595f4fbab19bbef1a
SHA1

ce58ab895a80bc83154b17d511128ce222f5d221
SHA256

ba7dec5a336d3b18b395c8f193f561a2d5932b7a9bfb8fb6822d128266df8238
SHA512

d222a595764a6ca7a4b35fc93390eab375a571c093411a66dcdd807ae26e2dc6b96ab64dc00acead4c3623cd85063243b56888f5d8f5a3f79e9b220ed0e211c0
SSDEEP

3072:YpDlSku38hH0cF7vEIcx4ue5oV6S/ReO6J9AQlidrSVyU9maG01:2Dgk0c+5Le5oQS/cO6kUNV1

Score

1^/10

Malware Config

Signatures

Files

2024-02-12_a60d8a4bb2e8e49595f4fbab19bbef1a_mafia
.exe windows:5 windows x86 arch:x86

e52010460a0f960170e8db5c6d137809

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20-04-2015 00:00

Not After

18-06-2018 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:cf:ca:e0:a5:48:33:22:22:16:7e:1b:38:a5:46:e4:86:24:28:d0
Signer

Actual PE Digest

01:cf:ca:e0:a5:48:33:22:22:16:7e:1b:38:a5:46:e4:86:24:28:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\TeamCity\BuildAgent1\work\b1e8ba0c30aa9de6\Projects\ChromeExtAPI\Build.TT\Release.x86\ApaBar.pdb

Imports

oleacc

AccessibleObjectFromEvent

wininet

InternetOpenA
InternetCrackUrlW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
HttpSendRequestW

kernel32

lstrlenA
lstrlenW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
lstrcpyA
LoadLibraryExA
Sleep
InitializeSListHead
GetThreadTimes
InitializeCriticalSectionAndSpinCount
GetLastError
GetCommandLineW
GetModuleHandleW
SetEvent
RaiseException
DeleteCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
EncodePointer
DecodePointer
OutputDebugStringA
QueryPerformanceCounter
SetLastError
OutputDebugStringW
SwitchToThread
GetFileAttributesW
VerifyVersionInfoW
VerSetConditionMask
CreateDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
CloseHandle
GetCurrentProcessId
HeapFree
HeapSetInformation
GetStartupInfoW
RtlUnwind
HeapAlloc
GetCPInfo
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
GetProcAddress
ExitProcess
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
GetCurrentThread
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetTickCount
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
FreeLibrary
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
CreateFileW
FlushFileBuffers
LoadLibraryExW
FindResourceW
GetModuleHandleExW
GetPrivateProfileSectionW
WaitForSingleObject
TlsFree

user32

CharUpperW
UnhookWinEvent
DispatchMessageW
CharNextW
DestroyWindow
IsWindow
PostThreadMessageW
EnumChildWindows
GetClassNameW
PostQuitMessage
SetWinEventHook
GetWindowThreadProcessId
TranslateMessage
CreateWindowExW
GetMessageW

ole32

CoUninitialize
CoInitialize
CoReleaseServerProcess
CoAddRefServerProcess
CoGetCurrentLogicalThreadId
CoTaskMemFree
CoRevokeClassObject
CoCreateInstance

oleaut32

VariantInit
SysFreeString
SysAllocString
SysStringLen
VariantClear

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

userenv

UnloadUserProfile

advapi32

RegCloseKey
RegQueryValueExW
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
RegOpenKeyExW

shell32

SHGetKnownFolderPath
SHGetFolderPathW

shlwapi

PathAppendW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathIsRootW

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e52010460a0f960170e8db5c6d137809

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

01:cf:ca:e0:a5:48:33:22:22:16:7e:1b:38:a5:46:e4:86:24:28:d0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleacc

wininet

kernel32

user32

ole32

oleaut32

version

userenv

advapi32

shell32

shlwapi

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 21KB - Virtual size: 21KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

01:cf:ca:e0:a5:48:33:22:22:16:7e:1b:38:a5:46:e4:86:24:28:d0
Signer

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 21KB - Virtual size: 21KB