2024-02-22_865966252308e2522929c34107f232ac_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-22_865966252308e2522929c34107f232ac_mafia
Size

4.2MB
MD5

865966252308e2522929c34107f232ac
SHA1

3e16dc27eaaee3805ff76c0adfcebdbee6e37550
SHA256

2d3ba9a129235be68486ba7ed1e717cdc936e3d8c585448da633ec1968b45efe
SHA512

5e8e1216270c3b03815b92f971fb863291cc827152282007101bb6de8b48f3e56278d9ce298d8e6d49e26491b67121c553edeee563ba5199a367beec2b5fa64f
SSDEEP

98304:sd23SACnU9IkpTMLne+JG7D/4bVmcrJy470z3X7e2uut:823FCnUiOTMbe7W8++nZ

Score

1^/10

Malware Config

Signatures

Files

2024-02-22_865966252308e2522929c34107f232ac_mafia
.exe windows:5 windows x86 arch:x86

0f314b5516e82c6fbaaaa890cb17044f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:00:a1:d4:b7:c3:95:97:9c:a0:95:ac:ac:93:65:22
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/06/2014, 00:00

Not After

27/06/2015, 23:59

Subject

CN=Atom Security OOO,OU=development,O=Atom Security OOO,POSTALCODE=630090,STREET=Academician Koptyuga Prospect\, 4\,office 158,L=Novosibirsk,ST=nso,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9b:47:ed:61:2d:52:a7:13:03:17:48:62:fc:56:06:04:38:08:ff:6e
Signer

Actual PE Digest

9b:47:ed:61:2d:52:a7:13:03:17:48:62:fc:56:06:04:38:08:ff:6e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageEncoders
GdipDisposeImage
GdipDeleteGraphics
GdipDeleteFont
GdipDeletePen
GdipDeleteBrush
GdipCloneImage
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipFillPieI
GdipDrawEllipseI
GdipDrawArcI
GdipCreateSolidFill
GdipCloneBrush
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipSetPenColor
GdipScaleWorldTransform
GdipGetImageGraphicsContext
GdipCreatePen1
GdipFillRectangleI
GdipSetSolidFillColor
GdipCreateStringFormat
GdipSetStringFormatTrimming
GdipDrawString
GdipDeleteStringFormat

advapi32

InitializeSecurityDescriptor
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
CryptDecrypt
CryptSetHashParam
CryptSignHashA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
ReportEventA
RegisterEventSourceA
CryptEnumProvidersA
RegQueryValueExW
QueryServiceStatusEx
ControlService
CryptDestroyKey
CryptGetProvParam
CryptAcquireContextA
CryptGetUserKey
CryptExportKey
RegCreateKeyExW
RegCloseKey
SetSecurityDescriptorDacl
CryptGenRandom
CryptAcquireContextW
CloseServiceHandle
ChangeServiceConfig2W
OpenServiceW
OpenSCManagerW
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
StartServiceW
CreateServiceW
DeleteService

netapi32

NetUseDel
NetUseAdd

mswsock

TransmitFile

kernel32

MoveFileA
DeleteFileA
RemoveDirectoryA
GetFileSize
CloseHandle
ReadFile
CreateFileW
LocalFree
WriteConsoleA
GetStdHandle
FormatMessageA
GetLastError
DeviceIoControl
GetVolumeInformationA
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrlenW
FindResourceExW
SizeofResource
LockResource
LoadResource
FindResourceW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetFullPathNameW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
FormatMessageW
FileTimeToSystemTime
SystemTimeToFileTime
CopyFileW
InterlockedIncrement
InterlockedDecrement
CreateDirectoryA
SetFileTime
CompareFileTime
HeapFree
GetStringTypeW
WaitForSingleObject
HeapAlloc
GetProcessHeap
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
WriteFile
GetLocalTime
HeapReAlloc
lstrcpynW
MoveFileExW
GetSystemTime
RemoveDirectoryW
LocalAlloc
lstrcmpW
lstrcpyW
CreateEventW
InterlockedExchange
LoadLibraryW
SetErrorMode
SetEvent
FreeLibrary
DeleteFileW
Sleep
SetFileAttributesW
GetTempPathW
GetCurrentThreadId
WaitForMultipleObjects
CreateNamedPipeW
DisconnectNamedPipe
FlushFileBuffers
OutputDebugStringW
ConnectNamedPipe
GetTickCount
CreateMutexW
ResetEvent
GetCurrentProcess
GetCurrentProcessId
GetProcAddress
GetLocaleInfoA
GetSystemDefaultLCID
ReleaseMutex
FileTimeToLocalFileTime
GetVersionExW
lstrcatW
ExitProcess
VirtualFree
VirtualAlloc
SetLastError
MoveFileW
TerminateProcess
OpenProcess
GetModuleHandleW
VerLanguageNameW
GetSystemTimeAsFileTime
GetSystemInfo
GetEnvironmentVariableA
SetEnvironmentVariableA
GetVersionExA
GetComputerNameA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsA
LoadLibraryA
GetFileAttributesExA
GetFileAttributesA
GetTempPathA
GetLongPathNameA
GetCurrentDirectoryA
FlushConsoleInputBuffer
GlobalMemoryStatus
FindFirstFileA
FindNextFileA
GetVersion
GetModuleHandleA
GetFullPathNameA
SetEndOfFile
SetConsoleCtrlHandler
QueryPerformanceCounter
GetExitCodeThread
SetThreadPriority
GetDriveTypeA
FindFirstFileExA
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
LocalFileTimeToFileTime
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
CreateFileA
ReadConsoleInputA
SetConsoleMode
CreateDirectoryW
HeapSize
RaiseException
InterlockedCompareExchange
EncodePointer
DecodePointer
GetLocaleInfoW
RtlUnwind
SetStdHandle
VirtualQuery
HeapCreate
GetStartupInfoW
SetHandleCount
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
CompareStringW
GetDateFormatA
GetTimeFormatA
LCMapStringW
GetFileType
WriteConsoleW
HeapSetInformation
GetCommandLineW
FindFirstFileExW
GetDriveTypeW
GetCPInfo
CreateThread
ExitThread
GetConsoleMode
GetConsoleCP
HeapDestroy

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
wsprintfW
MessageBoxW
EnumDisplaySettingsW
ShowWindow
IsIconic
SetForegroundWindow
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
PostMessageW
InSendMessage
DestroyIcon
GetWindowThreadProcessId
SendMessageTimeoutW
FindWindowW

gdi32

DeleteObject

shell32

SHFileOperationW
ord165
SHGetFolderPathA
SHCreateDirectoryExW
ExtractIconExW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CreateStreamOnHGlobal
CoInitializeSecurity
StringFromGUID2
CLSIDFromString
CoInitializeEx
CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitialize
OleRun

oleaut32

SysStringLen
SysAllocString
VariantInit
VariantChangeType
SysAllocStringByteLen
SysFreeString
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringByteLen
GetErrorInfo
SysAllocStringLen

shlwapi

SHCreateStreamOnFileW
StrStrW

ws2_32

ioctlsocket
connect
select
gethostbyname
inet_addr
gethostbyaddr
closesocket
WSAGetLastError
WSAStartup
setsockopt
socket
htons
WSASetLastError
getsockopt
getpeername
getsockname
recvfrom
sendto
shutdown
listen
bind
accept
send
recv
ntohs
getservbyname
ntohl
WSACleanup
freeaddrinfo
getaddrinfo
getnameinfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

iphlpapi

GetAdaptersInfo

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses

crypt32

CertFreeCertificateContext
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 856KB - Virtual size: 855KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f314b5516e82c6fbaaaa890cb17044f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

82:00:a1:d4:b7:c3:95:97:9c:a0:95:ac:ac:93:65:22Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

9b:47:ed:61:2d:52:a7:13:03:17:48:62:fc:56:06:04:38:08:ff:6eSigner

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

advapi32

netapi32

mswsock

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

ws2_32

version

iphlpapi

psapi

crypt32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 856KB - Virtual size: 855KB

.data Size: 78KB - Virtual size: 183KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 206KB - Virtual size: 206KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

82:00:a1:d4:b7:c3:95:97:9c:a0:95:ac:ac:93:65:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

9b:47:ed:61:2d:52:a7:13:03:17:48:62:fc:56:06:04:38:08:ff:6e
Signer

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 856KB - Virtual size: 855KB

.data
Size: 78KB - Virtual size: 183KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 206KB - Virtual size: 206KB