2024-02-21_6983c2e055fd8af7610ac1fbcf5e31a3_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-21_6983c2e055fd8af7610ac1fbcf5e31a3_mafia
Size

2.0MB
MD5

6983c2e055fd8af7610ac1fbcf5e31a3
SHA1

4b4be1121a00ebe26cfcb779f298ac47ff249bbf
SHA256

89808ef2f941edceed8f5b19d6958e7920f4ab666aa89fe946cc342e4dd71462
SHA512

44ac72b0bc8af493de8f090322cb730776f81cac1e586489be8977dcbcb0d45ad761c354f282a8b8cba0abf9f7e5edf9aa97a99eb19de3bf28f9b660cf543734
SSDEEP

49152:MWD8rrJsXeaxPMyZw1qJGO1sWZh20gqVvUjdWq8OoNwvyBHR2Ka5rmlrWCBFc:TXeaxUyZGsGRWZh20gq1UjdWq8myH453

Score

1^/10

Malware Config

Signatures

Files

2024-02-21_6983c2e055fd8af7610ac1fbcf5e31a3_mafia
.exe windows:5 windows x86 arch:x86

f3a56030a0a3a1fc5ac762cf9de69400

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:f1:9f:83:55:9b:11:ab:56:af:64:bd:7d:d8:77:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/01/2011, 00:00

Not After

12/01/2014, 23:59

Subject

CN=Innova Systems,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Innova Systems,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:83:fb:05:80:ec:75:39:51:f5:db:03:c6:7a:df:1c:be:3d:72:e9
Signer

Actual PE Digest

1b:83:fb:05:80:ec:75:39:51:f5:db:03:c6:7a:df:1c:be:3d:72:e9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetFileInformationByHandle
PeekNamedPipe
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
SetHandleCount
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetStringTypeW
GetProcessHeap
WriteConsoleW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableW
SetEnvironmentVariableA
DeleteFileA
InterlockedCompareExchange
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
GetStdHandle
GetFileType
SetStdHandle
VirtualQuery
VirtualAlloc
HeapSize
HeapQueryInformation
HeapReAlloc
RaiseException
RtlUnwind
GetDateFormatA
GetTimeFormatA
FindNextFileW
CreateDirectoryW
ExitThread
HeapAlloc
FindFirstFileExW
GetDriveTypeW
HeapFree
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
SearchPathW
GetProfileIntW
GetNumberFormatW
GetWindowsDirectoryW
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
GetTempPathW
GetTempFileNameW
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToSystemTime
GlobalGetAtomNameW
GetThreadLocale
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GetSystemDirectoryW
GetCurrentDirectoryW
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SetThreadPriority
GlobalSize
FormatMessageW
LocalFree
MulDiv
GlobalUnlock
GlobalAddAtomW
GlobalFindAtomW
GetVersionExW
CompareStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
lstrcpyW
FreeResource
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
ActivateActCtx
LoadLibraryW
DeactivateActCtx
SetLastError
MultiByteToWideChar
WideCharToMultiByte
GlobalLock
lstrcmpW
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
lstrcmpiW
GetVersionExA
lstrlenW
CreateProcessW
WTSGetActiveConsoleSessionId
LockResource
SizeofResource
LoadResource
FindResourceW
OpenMutexA
OpenFileMappingA
SetConsoleCtrlHandler
VirtualProtect
GetFileSize
GetModuleFileNameW
GetModuleHandleW
GetCurrentThreadId
TerminateProcess
OpenEventW
OpenEventA
ExitProcess
CopyFileW
DeleteFileW
SetFileAttributesW
SetEvent
GetProcessId
CreateRemoteThread
CreateEventA
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
WaitForMultipleObjects
CreateMutexA
ReleaseMutex
lstrcpynA
lstrcpyA
lstrlenA
CreateFileA
GetCurrentProcess
Sleep
CreateEventW
DeviceIoControl
GetSystemInfo
GetCurrentProcessId
FreeLibrary
LoadLibraryExA
GlobalFree
GlobalAlloc
GetLastError
GetProcAddress
GetModuleHandleA
CreateFileW
GetExitCodeThread
TerminateThread
GetExitCodeProcess
CreateThread
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreA
CloseHandle
UnmapViewOfFile
MapViewOfFile
GetOEMCP
CreateFileMappingA
GetFileAttributesA

user32

SetRect
IsRectEmpty
CopyAcceleratorTableW
OffsetRect
CharNextW
KillTimer
SetTimer
RealChildWindowFromPoint
GetSysColorBrush
EnumDisplayMonitors
SystemParametersInfoW
SetRectEmpty
DeleteMenu
WaitMessage
ReleaseCapture
LoadCursorW
WindowFromPoint
SetCapture
InvalidateRect
DrawStateW
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetCursorPos
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetMenuState
GetMenuStringW
AppendMenuW
InsertMenuW
RemoveMenu
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
LoadAcceleratorsW
IntersectRect
DispatchMessageW
GetMenuDefaultItem
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
GetSubMenu
GetMenuItemID
ReuseDDElParam
UnpackDDElParam
GetMenuItemCount
CreateWindowExW
FindWindowExW
GetWindowThreadProcessId
SetForegroundWindow
SetActiveWindow
LoadIconW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowLongW
SetWindowLongW
CopyRect
PtInRect
RegisterWindowMessageW
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
MessageBoxW
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
SetDlgItemTextW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
InflateRect
GetMenuItemInfoW
DestroyMenu
CopyImage
LoadMenuW
GetSystemMenu
NotifyWinEvent
GetAsyncKeyState
IsZoomed
CharUpperW
GetDlgItem
EnableWindow
PostMessageW
UpdateWindow
SetLayeredWindowAttributes
DrawIcon
GetClientRect
IsIconic
GetSystemMetrics
SetWindowRgn
LoadImageW
UnionRect
EnableScrollBar
UpdateLayeredWindow
MonitorFromPoint
IsMenu
CreatePopupMenu
GetLastActivePopup
SetMenuDefaultItem
SendMessageW
SetParent
DestroyAcceleratorTable
DestroyIcon
UnregisterClassW
TranslateAcceleratorW
BringWindowToTop
BeginDeferWindowPos
InsertMenuItemW
GetWindowRgn
DestroyCursor
SubtractRect
MapVirtualKeyExW
IsCharLowerW
GetDoubleClickTime
GetUpdateRect
IsClipboardFormatAvailable
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
GetKeyNameTextW
PostThreadMessageW
CharUpperBuffW
CopyIcon
FrameRect
SetClassLongW
CloseClipboard
SetClipboardData
OpenClipboard
GetIconInfo
HideCaret
InvertRect
RegisterClipboardFormatW
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
GetForegroundWindow
DrawIconEx
EmptyClipboard

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateDIBitmap
CreateFontIndirectW
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
GetTextExtentPoint32W
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
CreateDIBSection
SelectObject
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
ExtTextOutW
Escape
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
GetDeviceCaps
SetBkColor
SetTextColor
GetObjectW
CreateRoundRectRgn

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegQueryValueExA
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegFlushKey
RegCreateKeyExW
RegSetValueExW
OpenSCManagerW
CloseServiceHandle
CreateServiceW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegQueryValueExW
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyW
RegSetValueExA
RegOpenKeyExA
DecryptFileW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ControlService
StartServiceW
QueryServiceStatusEx
DeleteService
OpenServiceW

shell32

DragQueryFileW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteW
DragFinish
SHGetFileInfoW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFileExistsW
PathRemoveFileSpecW

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoUninitialize
CoInitialize
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoInitializeEx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
ReleaseStgMedium

oleaut32

SysStringLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
VarBstrFromDate
VariantInit
VariantClear
VariantChangeType
SysAllocStringLen
SysFreeString
SysAllocString

oledlg

OleUIBusyW

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCreateBitmapFromHBITMAP

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW
EnumProcesses

userenv

CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

ws2_32

closesocket
recv
send
connect
socket
htons
WSAStartup
gethostbyname
inet_addr

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3a56030a0a3a1fc5ac762cf9de69400

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1f:f1:9f:83:55:9b:11:ab:56:af:64:bd:7d:d8:77:a3Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1b:83:fb:05:80:ec:75:39:51:f5:db:03:c6:7a:df:1c:be:3d:72:e9Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

dbghelp

version

psapi

userenv

wtsapi32

ws2_32

oleacc

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 348KB - Virtual size: 347KB

.data Size: 29KB - Virtual size: 72KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 182KB - Virtual size: 181KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1f:f1:9f:83:55:9b:11:ab:56:af:64:bd:7d:d8:77:a3
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1b:83:fb:05:80:ec:75:39:51:f5:db:03:c6:7a:df:1c:be:3d:72:e9
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 348KB - Virtual size: 347KB

.data
Size: 29KB - Virtual size: 72KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 182KB - Virtual size: 181KB