2024-02-18_13a5d0038110508958b55d148af35643_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-18_13a5d0038110508958b55d148af35643_mafia
Size

822KB
MD5

13a5d0038110508958b55d148af35643
SHA1

b4ebf42de88824d5ee94ea1735b628f163baf48a
SHA256

ae15713ada6221d13798409721d25a0b7865b4e025f2d0813d38400907811beb
SHA512

b71417c7202bc390a18e08b5d3edc348b497ba7e10c9c32124ff1c04f489da9788998971214e3ced08a8c642b3bd2859f2dd78a3dc9a39b071c304c009484fee
SSDEEP

24576:w3JgkP1xx0U1CMe2DzlS2BnMXc7+Agc5sdxq+DbAyw1b:kgkrx0U1CMeuzlSwwhAgVdxpD8ywN

Score

1^/10

Malware Config

Signatures

Files

2024-02-18_13a5d0038110508958b55d148af35643_mafia
.exe windows:5 windows x86 arch:x86

6a62951971a2a5064977bd3a9bf3f911

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:ad:c8:fa:66:a1:41:bf:42:10:99:24:29:ee:ff:3a
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

30-06-2015 00:00

Not After

17-12-2015 23:59

Subject

CN=Yes apps,O=Yes apps,L=Dublin,ST=Dublin,C=IE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

1f:08:9c:86:6a:e6:5c:d8:10:f3:d2:a3:97:be:fa:90:31:fa:16:41
Signer

Actual PE Digest

1f:08:9c:86:6a:e6:5c:d8:10:f3:d2:a3:97:be:fa:90:31:fa:16:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpCloseHandle
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpOpen
WinHttpQueryDataAvailable

psapi

EnumProcesses
GetModuleFileNameExW
EnumProcessModules

kernel32

GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrlenA
LockResource
FlushInstructionCache
GetCurrentProcess
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
SetLastError
ExitProcess
GetCommandLineW
Sleep
GetSystemTimeAsFileTime
LoadLibraryW
GlobalFree
GlobalHandle
CreateThread
CloseHandle
OpenProcess
GetFileAttributesA
WideCharToMultiByte
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetVersion
IsWow64Process
FindClose
FindNextFileW
FindFirstFileW
GetVolumeInformationW
DeleteFileW
CreateEventW
SetEvent
RaiseException
OutputDebugStringW
OutputDebugStringA
WriteFile
UnmapViewOfFile
UnlockFileEx
UnlockFile
SystemTimeToFileTime
SetFilePointer
SetEndOfFile
ReadFile
VirtualAlloc
MapViewOfFile
LockFileEx
LockFile
LocalFree
LoadLibraryA
HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVersionExA
GetTickCount
GetTempPathW
GetTempPathA
GetSystemTime
GetSystemInfo
GetFullPathNameW
GetFullPathNameA
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateFileA
AreFileApisANSI
InterlockedCompareExchange
InitializeCriticalSection
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
GetProcessHeap
lstrlenW
RtlUnwind
GetCPInfo
HeapSetInformation
GetStartupInfoW
LCMapStringW
DecodePointer
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
InterlockedPopEntrySList
GetStringTypeW
InterlockedExchange
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
CompareStringW
SetEnvironmentVariableA
EncodePointer
QueryPerformanceCounter
CreateDirectoryA

user32

GetClassInfoExW
IsWindow
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
LoadCursorW
BeginPaint
EndPaint
CallWindowProcW
DestroyWindow
FillRect
ReleaseCapture
RegisterClassExW
CreateWindowExW
GetDesktopWindow
CreateAcceleratorTableW
GetClassNameW
GetParent
SetWindowTextW
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
GetSysColor
MessageBoxA
DefWindowProcW
MessageBoxW
GetDlgItem
SendDlgItemMessageW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
KillTimer
LoadIconW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CharUpperW
LoadStringW
GetSystemMenu
GetMenuState
CreateDialogIndirectParamW
GetWindowRect
SetWindowContextHelpId
EndDialog
MapDialogRect
SetTimer
SendMessageTimeoutW
ShowWindow
UpdateWindow
SetWindowPos
GetWindowLongW
SetWindowLongW
PostMessageW
CharNextW
FindWindowW
GetSystemMetrics
IsChild
LoadImageW
UnregisterClassA
SendMessageW

gdi32

GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject

advapi32

RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

SHGetFolderPathW
ShellExecuteW
Shell_NotifyIconW

ole32

StringFromGUID2
OleLockRunning
CoTaskMemRealloc
CoTaskMemAlloc
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoInitialize
CoUninitialize
CoAddRefServerProcess
CoReleaseServerProcess
CoTaskMemFree

oleaut32

UnRegisterTypeLi
SysAllocString
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
VariantCopy
RegisterTypeLi
SysFreeString
DispCallFunc
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen

urlmon

URLDownloadToFileW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 620KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a62951971a2a5064977bd3a9bf3f911

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

5b:ad:c8:fa:66:a1:41:bf:42:10:99:24:29:ee:ff:3aCertificate

Extended Key Usages

Key Usages

1f:08:9c:86:6a:e6:5c:d8:10:f3:d2:a3:97:be:fa:90:31:fa:16:41Signer

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

urlmon

iphlpapi

Sections

.text Size: 620KB - Virtual size: 620KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 38KB - Virtual size: 48KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 32KB - Virtual size: 32KB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

5b:ad:c8:fa:66:a1:41:bf:42:10:99:24:29:ee:ff:3a
Certificate

1f:08:9c:86:6a:e6:5c:d8:10:f3:d2:a3:97:be:fa:90:31:fa:16:41
Signer

.text
Size: 620KB - Virtual size: 620KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 38KB - Virtual size: 48KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 32KB - Virtual size: 32KB