2024-02-20_a80d8138697cfb8b604ab818fbb41329_gazer_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-20_a80d8138697cfb8b604ab818fbb41329_gazer_mafia
Size

1.7MB
MD5

a80d8138697cfb8b604ab818fbb41329
SHA1

8f99cf6a1862ed98bb12219b349f640cddeb3cbd
SHA256

0b76dedd9d9ebcd943146d3a2135e515518ec7cf4372d952fcdbd2c902f709cd
SHA512

bd94fbf9047ebda2f8392cc9dab791bf156cc526511351f0bbdcee73eff5002a4b7c9464672aad4c4dc56a268ae487acd14e4492f1a21b470f1f96b5498b6799
SSDEEP

49152:jcHH7rrHJKaMBKpJmiJBUtazQBs3hxWbwZDBNjSqM63kOC:uvr9MATmiJuUzQBuhga4

Score

1^/10

Malware Config

Signatures

Files

2024-02-20_a80d8138697cfb8b604ab818fbb41329_gazer_mafia
.exe windows:5 windows x86 arch:x86

f6ad5a4e7d385ef564082c698fcbc4f2

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:66:58:64:b5:4a:ca:e9:2a:ca:3a:0e:76:1b:1c:f3
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/10/2017, 00:00

Not After

22/10/2018, 12:00

Subject

CN=nCrypted Cloud\, LLC,OU=Engineering,O=nCrypted Cloud\, LLC,L=Belmont,ST=Massachusetts,C=US,1.2.840.113549.1.9.1=#0c1369406e63727970746564636c6f75642e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:aa:c4:6a:0f:4c:3c:ee:75:b1:c6:86:ab:62:69:c2:32:34:1a:05
Signer

Actual PE Digest

f1:aa:c4:6a:0f:4c:3c:ee:75:b1:c6:86:ab:62:69:c2:32:34:1a:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\GitHubRepo\ZipCipherWIN_release_1.1.37\ZipCipher\bin\Release32\ZipCipher.pdb

Imports

kernel32

FindResourceExW
SetConsoleWindowInfo
SetConsoleTextAttribute
WriteConsoleW
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
GetStdHandle
GetFileType
GetLastError
GetModuleHandleW
GetLocalTime
lstrlenW
AttachConsole
AllocConsole
lstrlenA
MultiByteToWideChar
CreateDirectoryW
GetModuleFileNameW
LocalFree
FreeConsole
InterlockedDecrement
InterlockedIncrement
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindClose
FormatMessageW
GetSystemTime
ReadFile
MoveFileExW
FindNextFileW
SetFileAttributesW
GetSystemTimeAsFileTime
Sleep
TzSpecificLocalTimeToSystemTime
GetFileSize
SetFilePointerEx
GetShortPathNameW
ReplaceFileW
DeleteFileW
CopyFileW
MoveFileW
RemoveDirectoryW
GetFullPathNameW
WriteFile
ExpandEnvironmentStringsW
WaitForSingleObject
FindResourceW
CreateEventW
LockFileEx
GetVersion
GetVersionExW
LoadLibraryW
GetProcAddress
FreeLibrary
WinExec
GetEnvironmentVariableW
GetTempPathW
GetTimeZoneInformation
GetTempFileNameW
CreateProcessW
GetModuleHandleExW
GetLongPathNameW
GetFileAttributesW
FindFirstFileW
GetFileAttributesExW
SetEnvironmentVariableA
GetOverlappedResult
WaitNamedPipeW
GetExitCodeProcess
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetTimeFormatA
GetModuleHandleA
GetFileTime
DeviceIoControl
SetEnvironmentVariableW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
FindFirstFileExW
LoadResource
LockResource
SizeofResource
ScrollConsoleScreenBufferW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
SetConsoleMode
ReadConsoleInputA
GetTickCount
CreateFileW
AreFileApisANSI
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateMutexW
DeleteFileA
FormatMessageA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFullPathNameA
GetDateFormatA
GetSystemInfo
GetTempPathA
GetVersionExA
HeapValidate
HeapCompact
LoadLibraryA
LockFile
MapViewOfFile
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
OutputDebugStringA
OutputDebugStringW
GetPrivateProfileStringW
CompareStringW
SetEndOfFile
CreateProcessA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetFileAttributesA
SetFilePointer
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
SetStdHandle
ExitProcess
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RtlUnwind
GetCPInfo
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
IsProcessorFeaturePresent
HeapCreate
GetConsoleCP
GetConsoleMode
GetLocaleInfoW

user32

SendInput
PeekMessageW
TranslateMessage
DispatchMessageW
MessageBoxW
LoadStringA
LoadStringW

advapi32

RegCloseKey
RegOpenKeyExW
GetUserNameW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegEnumKeyW

shell32

SHChangeNotify
CommandLineToArgvW
SHFileOperationW
SHCreateDirectoryExW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoCreateGuid
StringFromGUID2

shlwapi

PathRemoveFileSpecW
SHRegGetValueW
PathCombineW
PathFileExistsW
PathAppendW
PathFindFileNameW
PathIsRelativeW
PathIsDirectoryW
PathRemoveBackslashW
SHGetValueW

xceedzip

ord18
ord13
ord42
ord30
ord221
ord53
ord6
ord5
ord232
ord167
ord115
ord35
ord127
ord168
ord55
ord144
ord124
ord151
ord7
ord9
ord146
ord130
ord208
ord207
ord209
ord211

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6ad5a4e7d385ef564082c698fcbc4f2

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

07:66:58:64:b5:4a:ca:e9:2a:ca:3a:0e:76:1b:1c:f3Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

f1:aa:c4:6a:0f:4c:3c:ee:75:b1:c6:86:ab:62:69:c2:32:34:1a:05Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

xceedzip

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 219KB - Virtual size: 219KB

.data Size: 19KB - Virtual size: 38KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 87KB - Virtual size: 86KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

07:66:58:64:b5:4a:ca:e9:2a:ca:3a:0e:76:1b:1c:f3
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

f1:aa:c4:6a:0f:4c:3c:ee:75:b1:c6:86:ab:62:69:c2:32:34:1a:05
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 219KB - Virtual size: 219KB

.data
Size: 19KB - Virtual size: 38KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 87KB - Virtual size: 86KB