2024-02-19_ad7e9b28b702c47b315cd5f87c1ad46e_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-19_ad7e9b28b702c47b315cd5f87c1ad46e_mafia
Size

1.6MB
MD5

ad7e9b28b702c47b315cd5f87c1ad46e
SHA1

45ee46722a57d393d8ab3f72b7237d284f14074e
SHA256

c46bf2f36d1246e7fe6f947a6c98b46447003f31d27590956c54ca5844abeaa3
SHA512

4e2a61038328badfc12cc50d80af66b4c68aff5914f9f2836d30c20593759cabf55013fba21f288eb76768c7bc383bd744f00dc395d79ef685234c09fe8cef43
SSDEEP

49152:e3ezu+oRinHd5fqXrchYMNcz5cbTQdTDyOa29LOGt9rLMTOpt:7nrsrXco7N9

Score

1^/10

Malware Config

Signatures

Files

2024-02-19_ad7e9b28b702c47b315cd5f87c1ad46e_mafia
.exe windows:5 windows x86 arch:x86

491442fb52494064f642460184e41406

Code Sign

66:07:44:a7:fe:ef:16:ac:4d:68:f9:bb:dd:e7:3e:16
Certificate

Issuer

CN=Aeroadmin LLC,1.2.840.113549.1.9.1=#0c15737570706f7274406165726f61646d696e2e636f6d

Not Before

16/10/2013, 10:44

Not After

31/12/2039, 23:59

Subject

CN=Aeroadmin LLC,1.2.840.113549.1.9.1=#0c15737570706f7274406165726f61646d696e2e636f6d

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b8:24:f1:6e:b7:86:b0:93:55:9e:ce:1a:79:73:14:7f:db:ad:b7:4e
Signer

Actual PE Digest

b8:24:f1:6e:b7:86:b0:93:55:9e:ce:1a:79:73:14:7f:db:ad:b7:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\all\proj\RemoteAdmin\aeroadmin\Sandbox\Product\AeroAdmin\AeroAdmin.pdb

Imports

user32

DestroyCaret
CreateCaret
GetScrollRange
GetScrollPos
GetFocus
EndPaint
BeginPaint
RegisterClassW
SetCaretPos
DrawTextW
MessageBeep
ShowCaret
HideCaret
SetScrollRange
ShowScrollBar
SetScrollPos
ToAscii
GetKeyboardState
DrawFrameControl
DrawTextExW
DrawEdge
CloseClipboard
GetClipboardData
OpenClipboard
UnhookWindowsHookEx
SetWindowsHookExW
BroadcastSystemMessageW
SetFocus
CallNextHookEx
GetWindowPlacement
GetClientRect
wsprintfW
SetMenu
PostMessageW
GetAsyncKeyState
DrawMenuBar
InsertMenuItemW
CreateMenu
GetParent
MapWindowPoints
GetMenu
MoveWindow
GetMenuBarInfo
SystemParametersInfoW
ScreenToClient
UpdateWindow
EnableWindow
AdjustWindowRect
LoadCursorW
LoadIconW
GetWindowRect
SetWindowPos
SetWindowLongW
FillRect
GetDCEx
GetWindowDC
GetSystemMetrics
InvalidateRect
ReleaseDC
DestroyIcon
DrawIconEx
GetDC
EmptyClipboard
SetClipboardData
MessageBoxW
LockWorkStation
SendInput
OpenInputDesktop
GetUserObjectInformationW
SetThreadDesktop
CloseDesktop
SetCursor
MapVirtualKeyW
SetWindowTextW
DispatchMessageW
TranslateMessage
PeekMessageW
LoadImageW
CreateWindowExW
RegisterClassExW
SendMessageW
FindWindowW
DestroyMenu
TrackPopupMenu
InsertMenuW
CreatePopupMenu
GetCursorPos
DefWindowProcW
SetForegroundWindow
ShowWindow
PostQuitMessage
SetClassLongW
CreateIconIndirect
GetIconInfo
GetCursorInfo
DestroyCursor
GetDesktopWindow
DestroyWindow

gdi32

Rectangle
CreatePen
GetROP2
SetROP2
GetStockObject
TextOutW
CreateDIBitmap
CreatePatternBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
SetBrushOrgEx
CreateFontIndirectW
GetTextExtentPoint32W
SetTextColor
SetBkColor
GetTextMetricsW
ExtTextOutW
SetBkMode
CreateFontW
CreateSolidBrush
DeleteObject
CreateDIBSection
GetDIBits
GetObjectW
GetBitmapBits
CreateBitmap
BitBlt

comctl32

ord17
InitCommonControlsEx

shell32

ord47
Shell_NotifyIconW
CommandLineToArgvW
ShellExecuteW
SHGetFileInfoW
SHGetFolderPathW
ShellExecuteExW

advapi32

SetSecurityDescriptorDacl
CryptReleaseContext
CryptAcquireContextW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
StartServiceCtrlDispatcherW
StartServiceW
DeleteService
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
RegisterServiceCtrlHandlerW
SetServiceStatus
CreateProcessAsUserW
AdjustTokenPrivileges
SetTokenInformation
DuplicateTokenEx
LookupPrivilegeValueW
OpenProcessToken
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExA
InitializeSecurityDescriptor
CryptGenRandom
RegOpenKeyExA

ole32

CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx

kernel32

HeapFree
SetEvent
SetLastError
FormatMessageA
LocalFree
SwitchToThread
GetProcessTimes
GetCurrentProcessId
FindFirstFileA
FindNextFileA
FindClose
DuplicateHandle
GetCurrentProcess
CreateMutexA
WaitForSingleObject
ReleaseMutex
UnmapViewOfFile
CreateSemaphoreA
ReleaseSemaphore
CreateFileMappingA
MapViewOfFileEx
CreateFileA
DeleteFileA
GetSystemInfo
GetFileSizeEx
CreateDirectoryA
RemoveDirectoryA
SetEndOfFile
GetModuleHandleA
GetProcessHeap
CreateDirectoryW
CreateFileW
WriteFile
CloseHandle
DeleteFileW
GetModuleFileNameW
GetModuleHandleW
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLastError
GetCommandLineW
Sleep
LoadLibraryW
GetProcAddress
CreateEventA
GetUserDefaultUILanguage
ProcessIdToSessionId
OpenProcess
GetFileType
GetStdHandle
OpenThread
CreateEventW
CreateMutexW
SetThreadAffinityMask
GetSystemDirectoryA
LoadLibraryA
SetHandleCount
IsValidCodePage
HeapAlloc
GetFileAttributesA
GetSystemTimeAsFileTime
GetOEMCP
GetACP
InitializeCriticalSectionAndSpinCount
ExitProcess
HeapSize
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapCreate
CreateThread
ExitThread
RaiseException
GetCPInfo
LCMapStringW
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
RemoveDirectoryW
MoveFileW
FindNextFileW
FindFirstFileW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetLogicalDriveStringsW
ReadFile
GetFileSize
LoadResource
LockResource
FindResourceW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CompareFileTime
GlobalUnlock
VirtualQuery
GlobalLock
GetCurrentThread
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
SystemTimeToFileTime
GetTickCount
ResumeThread
TlsSetValue
ResetEvent
OpenEventA
GetCurrentThreadId
TlsGetValue
TlsFree
TlsAlloc
DecodePointer
EncodePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetStringTypeW
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetFileAttributesExW
SetFileTime
SetEnvironmentVariableW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
SetFilePointer
CompareStringW
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
GlobalAlloc
GlobalFree
GetWindowsDirectoryW
DeviceIoControl
GetVersionExW
FreeLibrary

oleaut32

VariantClear

ws2_32

closesocket
htonl
WSASendTo
ntohl
WSARecvFrom
getnameinfo
ntohs
getsockname
WSACleanup
WSAGetLastError
WSAStartup
setsockopt
freeaddrinfo
recvfrom
getaddrinfo
bind
socket
gethostname
ioctlsocket
sendto
gethostbyaddr
getservbyport
inet_ntoa
htons
WSASetLastError
inet_addr
gethostbyname
getservbyname

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

msimg32

AlphaBlend

iphlpapi

GetBestInterface
GetAdaptersAddresses

netapi32

NetWkstaTransportEnum
NetApiBufferFree

winmm

timeBeginPeriod
timeEndPeriod

Sections

.text
Size: 993KB - Virtual size: 993KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 253KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

491442fb52494064f642460184e41406

Code Sign

66:07:44:a7:fe:ef:16:ac:4d:68:f9:bb:dd:e7:3e:16Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

b8:24:f1:6e:b7:86:b0:93:55:9e:ce:1a:79:73:14:7f:db:ad:b7:4eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

gdi32

comctl32

shell32

advapi32

ole32

kernel32

oleaut32

ws2_32

wtsapi32

userenv

msimg32

iphlpapi

netapi32

winmm

Sections

.text Size: 993KB - Virtual size: 993KB

.rdata Size: 237KB - Virtual size: 237KB

.data Size: 253KB - Virtual size: 1.5MB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 100KB - Virtual size: 100KB

66:07:44:a7:fe:ef:16:ac:4d:68:f9:bb:dd:e7:3e:16
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

b8:24:f1:6e:b7:86:b0:93:55:9e:ce:1a:79:73:14:7f:db:ad:b7:4e
Signer

.text
Size: 993KB - Virtual size: 993KB

.rdata
Size: 237KB - Virtual size: 237KB

.data
Size: 253KB - Virtual size: 1.5MB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 100KB - Virtual size: 100KB