2024-02-17_34d0d846faca9f750cd0807a43c4783c_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-17_34d0d846faca9f750cd0807a43c4783c_mafia
Size

2.9MB
MD5

34d0d846faca9f750cd0807a43c4783c
SHA1

cde6557697e7d84bc87daa85ea685459d819a6b5
SHA256

a013dc73f7f00c8cd87d1be97d80dca21ee5e7210fe31643608028a8aeb84f73
SHA512

137c43fdfa0d97c342d152a4c3b64ee7018a3e657fa45c06d08945372d54c709da532cd7d5c9b2fdb74edb99548baa3dff2d308447d41225aea1ce5bf91ed07d
SSDEEP

49152:I0EpYQs5nLJlf/BgVxqRizDMr3lV/hdpBeA1kMh+Y2pnPe2ugTNRJVcc49zCSerI:m6VB99M+izDalxeHMoPe2ufb

Score

1^/10

Malware Config

Signatures

Files

2024-02-17_34d0d846faca9f750cd0807a43c4783c_mafia
.exe windows:5 windows x86 arch:x86

e5e96918f6b34364705f9426e2f53ee3

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:0a:7d:1c:4c:0e:f3:83:11:1d:1c:1c:e0:2c:96:08
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18-07-2011 00:00

Not After

17-08-2013 23:59

Subject

CN=Skype Technologies SA,OU=Information Security+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Skype Technologies SA,L=Luxembourg,ST=Luxembourg,C=LU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:7b:ac:f8:ea:62:9c:67:fd:ff:ae:52:2b:a8:ad:16:a5:ee:68:9c
Signer

Actual PE Digest

bb:7b:ac:f8:ea:62:9c:67:fd:ff:ae:52:2b:a8:ad:16:a5:ee:68:9c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

K:\buildagent\workspace\21783\main\dbsyms\win_msvc10_x86_release\raw\c2c_service.exe.pdb

Imports

msi

ord232
ord74
ord45

kernel32

HeapFree
GetFileInformationByHandle
GetFullPathNameA
WaitForSingleObject
ReadConsoleInputA
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
SetConsoleMode
SetEvent
CreatePipe
OpenProcess
CreateProcessW
Sleep
GetExitCodeProcess
GetExitCodeThread
GetProcAddress
GetCurrentProcess
CreateEventA
HeapAlloc
DuplicateHandle
GetProcessHeap
GetTickCount
SwitchToThread
OpenFileMappingA
CreateFileMappingA
MapViewOfFileEx
UnmapViewOfFile
GetSystemInfo
FormatMessageA
GetDriveTypeW
GetSystemTimeAsFileTime
GetVersionExW
GetLastError
GetCurrentThreadId
CloseHandle
LocalFree
InterlockedIncrement
InterlockedDecrement
GetConsoleWindow
GetProcessTimes
GetModuleHandleW
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersion
GetModuleHandleA
LoadLibraryA
CreateDirectoryW
GetTempPathW
GetModuleFileNameW
ExpandEnvironmentStringsW
SetThreadPriority
PeekNamedPipe
LCMapStringA
GetStringTypeExA
SetEnvironmentVariableA
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocaleInfoW
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetFileAttributesW
GetFileType
GetFileAttributesExW
SetFileTime
SetEndOfFile
SetFileAttributesW
CopyFileW
MoveFileW
DeleteFileW
RemoveDirectoryW
GetCurrentDirectoryW
GetLongPathNameW
GetLogicalDriveStringsW
FindFirstFileW
FindClose
FindNextFileW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetVersionExA
GetComputerNameW
CreateEventW
CreateMutexW
ReleaseMutex
ResetEvent
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
TlsAlloc
TlsFree
TlsGetValue
GetCurrentProcessId
OpenEventA
TlsSetValue
ResumeThread
SystemTimeToFileTime
SetWaitableTimer
CreateWaitableTimerA
GetCPInfo
GetCommandLineW
HeapSetInformation
RaiseException
RtlUnwind
LCMapStringW
CompareStringW
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
ExitProcess
GetStdHandle
HeapCreate
SetHandleCount
GetStartupInfoW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetLastError
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
SetConsoleCtrlHandler
GetTimeZoneInformation
FreeLibrary
LoadLibraryW
SetStdHandle
WriteConsoleW
CreateFileA

user32

LoadStringA
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
ShowWindow

advapi32

ReportEventW
RegisterEventSourceW
CryptGenRandom
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptEnumProvidersA
CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptAcquireContextA
CryptGetUserKey
CryptExportKey
CryptDestroyHash
CryptSignHashA
CryptSetHashParam
CryptCreateHash
CryptDecrypt
ControlService
RegisterServiceCtrlHandlerW
SetServiceStatus
QueryServiceStatus
StartServiceW
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance

iphlpapi

GetAdaptersInfo

shlwapi

PathAddBackslashW
PathFileExistsW
PathCombineW

wintrust

WinVerifyTrust

winhttp

WinHttpGetIEProxyConfigForCurrentUser

ws2_32

send
shutdown
getpeername
listen
bind
connect
accept
recv
WSAGetLastError
__WSAFDIsSet
inet_addr
ntohl
getservbyname
htons
ntohs
sendto
recvfrom
select
getsockname
setsockopt
getsockopt
socket
ioctlsocket
gethostbyname
gethostbyaddr
gethostname
WSAStartup
WSACleanup
WSASetLastError
closesocket

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 587KB - Virtual size: 586KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5e96918f6b34364705f9426e2f53ee3

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

20:0a:7d:1c:4c:0e:f3:83:11:1d:1c:1c:e0:2c:96:08Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

bb:7b:ac:f8:ea:62:9c:67:fd:ff:ae:52:2b:a8:ad:16:a5:ee:68:9cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

kernel32

user32

advapi32

shell32

ole32

iphlpapi

shlwapi

wintrust

winhttp

ws2_32

crypt32

version

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 587KB - Virtual size: 586KB

.data Size: 65KB - Virtual size: 93KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1024B - Virtual size: 896B

.reloc Size: 149KB - Virtual size: 149KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

20:0a:7d:1c:4c:0e:f3:83:11:1d:1c:1c:e0:2c:96:08
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

bb:7b:ac:f8:ea:62:9c:67:fd:ff:ae:52:2b:a8:ad:16:a5:ee:68:9c
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 587KB - Virtual size: 586KB

.data
Size: 65KB - Virtual size: 93KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 149KB - Virtual size: 149KB