2024-02-13_f8a2864bb53b9960e62a3d7ebf3d1386_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-13_f8a2864bb53b9960e62a3d7ebf3d1386_mafia
Size

982KB
MD5

f8a2864bb53b9960e62a3d7ebf3d1386
SHA1

458aef1d3c1fd4d81c18d5e6d8566443bf9248c1
SHA256

95598ea29189de45150d71fa1e38f504bad8cf6b89667136fe26c795ff7a78c9
SHA512

bfc96b1ab3b8ba77cd9495e9772577e381cc32100d23781367629c1f89a993954848a709c6f6eb3bb84362fb62ff322a0815db2b58d5ad0a3ae85d7923164b1b
SSDEEP

24576:ZbiLst0A3w8YDQZcKLFnvowUiIcjyLN871bjYtrV7:sst0A3wLDQWavowUXh8JbjYtZ7

Score

1^/10

Malware Config

Signatures

Files

2024-02-13_f8a2864bb53b9960e62a3d7ebf3d1386_mafia
.exe windows:5 windows x86 arch:x86

97768650fd408faac575319c2c3bbf99

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

44:bc:63:ea:9d:7f:b6:8c:bc:d9:10:1f:39:1c:a1:45
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/11/2011, 00:00

Not After

15/11/2014, 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Development IT2,O=Hewlett-Packard Company,L=Andover,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

be:14:21:44:df:e0:01:a7:e1:18:a5:33:1a:f2:56:d1:79:57:9f:ee
Signer

Actual PE Digest

be:14:21:44:df:e0:01:a7:e1:18:a5:33:1a:f2:56:d1:79:57:9f:ee

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Prog\HPCASL4.6\Release\hpqwmiex.pdb

Imports

setupapi

SetupDiDestroyDeviceInfoList
CM_Locate_DevNodeW
CM_Get_Device_IDW
CM_Get_Device_ID_Size
CM_Get_Sibling
SetupDiOpenDeviceInfoW
CM_Get_Child
SetupDiOpenClassRegKeyExW
SetupDiEnumDeviceInterfaces
CM_Get_DevNode_Status
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW

kernel32

GetCurrentThreadId
CreateEventW
OpenProcess
GetVersionExW
DeleteTimerQueue
GetCurrentProcessId
CreateTimerQueueTimer
CreateTimerQueue
SetEnvironmentVariableW
GetVolumeInformationW
FlushFileBuffers
QueryDosDeviceW
LoadLibraryW
GlobalAlloc
TerminateProcess
GetExitCodeProcess
CreateProcessW
VerifyVersionInfoW
VerSetConditionMask
FormatMessageW
DeleteFileW
ReleaseMutex
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringW
SetLastError
MoveFileW
GetTempFileNameW
FindClose
FindNextFileW
FindFirstFileW
GetFullPathNameW
GetFileAttributesExW
CreateDirectoryW
CreateMutexW
GetFirmwareEnvironmentVariableW
CompareStringW
HeapFree
HeapAlloc
GetProcessHeap
WriteFile
ExpandEnvironmentStringsW
WideCharToMultiByte
HeapDestroy
HeapReAlloc
HeapSize
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
ReadFile
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentThread
GetCurrentProcess
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
lstrcmpiW
RaiseException
SetEvent
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
GetCommandLineW
GetSystemPowerStatus
DeviceIoControl
ReleaseSemaphore
CreateSemaphoreW
LocalFree
LocalAlloc
CreateThread
WaitForSingleObject
SetProcessShutdownParameters
MultiByteToWideChar
SetThreadPriority
GetLocalTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
WaitForMultipleObjects
TerminateThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GlobalFree
GetModuleHandleW
GetProcAddress
InterlockedCompareExchange
CreateFileW
lstrlenW
InterlockedExchange
InterlockedDecrement
OpenEventW
PulseEvent
CloseHandle
InterlockedIncrement
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
SetStdHandle
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
EncodePointer
DecodePointer
GetTickCount
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetLocaleInfoW
GetStdHandle
HeapCreate
ExitProcess
IsProcessorFeaturePresent
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
LCMapStringW
GetFileAttributesW
GetStartupInfoW
HeapSetInformation
VirtualQuery
RtlUnwind
ExitThread
ResumeThread
GetTimeFormatW
GetDateFormatW
VirtualProtect
VirtualAlloc
GetSystemInfo
GetStringTypeW

user32

LoadStringW
GetSystemMetrics
PostThreadMessageW
CharUpperW
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextW
TranslateMessage
DispatchMessageW
GetMessageW

advapi32

OpenServiceW
CryptAcquireContextW
CryptReleaseContext
CryptVerifySignatureW
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
CryptHashData
CryptImportKey
EqualSid
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
StartServiceW
ControlService
DeleteService
CreateServiceW
QueryServiceStatus
ChangeServiceConfigW
CreateWellKnownSid
OpenThreadToken
OpenProcessToken
InitializeAcl
AddAccessAllowedAce
GetAclInformation
AddAce
GetAce
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSid
GetLengthSid
CopySid
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryInfoKeyW
OpenSCManagerW
GetServiceKeyNameW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
CloseServiceHandle
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoDisconnectObject
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoFreeUnusedLibraries
CoRevokeClassObject
CoRegisterClassObject
CoInitializeSecurity
CoSetProxyBlanket
CoResumeClassObjects
CoInitializeEx
CoAddRefServerProcess
CLSIDFromString
OleRun
CoCreateGuid
CoReleaseServerProcess

shell32

CommandLineToArgvW
SHGetFolderPathW

oleaut32

SystemTimeToVariantTime
SysStringByteLen
VarUdateFromDate
VarCmp
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SafeArrayDestroy
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
GetErrorInfo
VarBstrCmp
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
SysAllocString
VariantCopy
VariantClear
VariantInit
SysFreeString
VariantTimeToSystemTime

shlwapi

StrTrimW
StrCmpNIW
StrCmpW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetProcessImageFileNameW
EnumProcesses

Sections

.text
Size: 644KB - Virtual size: 644KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97768650fd408faac575319c2c3bbf99

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

44:bc:63:ea:9d:7f:b6:8c:bc:d9:10:1f:39:1c:a1:45Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

be:14:21:44:df:e0:01:a7:e1:18:a5:33:1a:f2:56:d1:79:57:9f:eeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

version

psapi

Sections

.text Size: 644KB - Virtual size: 644KB

.rdata Size: 243KB - Virtual size: 242KB

.data Size: 16KB - Virtual size: 34KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 63KB - Virtual size: 62KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

44:bc:63:ea:9d:7f:b6:8c:bc:d9:10:1f:39:1c:a1:45
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

be:14:21:44:df:e0:01:a7:e1:18:a5:33:1a:f2:56:d1:79:57:9f:ee
Signer

.text
Size: 644KB - Virtual size: 644KB

.rdata
Size: 243KB - Virtual size: 242KB

.data
Size: 16KB - Virtual size: 34KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 63KB - Virtual size: 62KB