2024-02-23_ed1bc37d6b92b59500a63ac1ad45eaa6_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-23_ed1bc37d6b92b59500a63ac1ad45eaa6_mafia
Size

1.9MB
MD5

ed1bc37d6b92b59500a63ac1ad45eaa6
SHA1

229705cd983a17df274a2c428372b37d6155da58
SHA256

600e840d513bae3624e8838fdebe01d56e7d5fdd04660f68a53fc2ca86f91c8e
SHA512

ec196f446600ee00ba91d985cb75e2897353d9c747c12255ac46d55fbcb5fdcf4fa6c3df3aecdffd95ceafa50ce769c66f72b4e5b3772a72a7e9cd4019edab8e
SSDEEP

49152:yOUqRMj5Rr9YJou7hIP6G6OLIad5HG8IwtsiDiiu/HMWVHP2fUj8t8L62aoM5Nba:2qRMv9M7hI36OLI4HG8IwtsiDiiu/s/O

Score

1^/10

Malware Config

Signatures

Files

2024-02-23_ed1bc37d6b92b59500a63ac1ad45eaa6_mafia
.exe windows:5 windows x86 arch:x86

c08ad6a70d8b5046b208360fa14cd545

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:0b:8b:4a:78:e2:d3:80:f8:78:3a:2e:ca:75:b8:80
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

11/12/2023, 00:00

Not After

29/12/2026, 23:59

Subject

CN=Inc. chachacommunication,O=Inc. chachacommunication,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a3:5d:ca:dc:81:27:32:e2:4c:73:ac:f8:7b:5a:42:7c:5c:96:1d:88
Signer

Actual PE Digest

a3:5d:ca:dc:81:27:32:e2:4c:73:ac:f8:7b:5a:42:7c:5c:96:1d:88

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files (x86)\Megafile\MegafileLauncher.pdb

Imports

ws2_32

select
WSARecv
WSASend
WSASocketW
setsockopt
WSAGetLastError
getaddrinfo
freeaddrinfo
ioctlsocket
WSASocketA
ntohs
htons
inet_addr
socket
ntohl
inet_ntoa
gethostname
gethostbyname
closesocket
WSACleanup
WSAStartup
connect
WSAIoctl
WSASetLastError
WSARecvFrom
getsockopt
WSASendTo

kernel32

GetStdHandle
GetCPInfo
GetACP
GetOEMCP
FileTimeToSystemTime
GetLocalTime
TerminateProcess
GetExitCodeProcess
RaiseException
GetDriveTypeW
GetLogicalDrives
GetDiskFreeSpaceExA
GetCurrentThread
GetFileAttributesW
CreateDirectoryW
CreateProcessW
GetStartupInfoW
FreeLibrary
lstrcmpiW
lstrlenA
GetSystemTimeAsFileTime
CreateWaitableTimerW
VirtualAlloc
GetTickCount
GetCommandLineW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
MultiByteToWideChar
OpenProcess
Sleep
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
VirtualFree
WideCharToMultiByte
HeapCreate
IsProcessorFeaturePresent
lstrlenW
GetComputerNameA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetStdHandle
VirtualQuery
HeapSize
InitializeCriticalSection
GetVersionExW
TlsFree
TlsSetValue
TlsGetValue
IsDebuggerPresent
VerSetConditionMask
SetLastError
InterlockedCompareExchange
GetQueuedCompletionStatus
SetWaitableTimer
CreateIoCompletionPort
PostQueuedCompletionStatus
SleepEx
SetEvent
CreateEventW
WaitForSingleObject
QueueUserAPC
TerminateThread
WaitForMultipleObjects
CloseHandle
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedExchangeAdd
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
GetLastError
TlsAlloc
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetStringTypeW
SetHandleCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
CreateFileA
WriteConsoleW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapQueryInformation
ExitProcess
HeapReAlloc
RtlUnwind
GetConsoleMode
GetConsoleCP
HeapSetInformation
GetFileType
GetDateFormatA
GetTimeFormatA
CreateThread
ExitThread
SetEnvironmentVariableA
FormatMessageA
ReleaseSemaphore
WaitForSingleObjectEx
OpenEventA
ResetEvent
DecodePointer
EncodePointer
VerifyVersionInfoW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcpyW
GlobalFlags
GetCurrentDirectoryW
LocalReAlloc
GlobalHandle
GlobalReAlloc
LocalAlloc
ReleaseActCtx
CreateActCtxW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GlobalGetAtomNameW
FileTimeToLocalFileTime
FindNextFileW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileW
CreateFileW
GetCurrentProcessId
SetErrorMode
lstrcmpA
GlobalDeleteAtom
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
ActivateActCtx
LoadLibraryW
DeactivateActCtx
lstrcmpW
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
CreateEventA
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetSystemInfo
CreateDirectoryA
GetFileAttributesA
ResumeThread
SetThreadPriority

user32

DrawTextW
DrawTextExW
GrayStringW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
TabbedTextOutW
SetWindowsHookExW
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
SetWindowTextW
RealChildWindowFromPoint
GetDesktopWindow
InvalidateRect
SetTimer
KillTimer
SetRectEmpty
SystemParametersInfoW
EnumDisplayMonitors
SetLayeredWindowAttributes
InflateRect
GetMenuItemInfoW
DestroyMenu
CheckDlgButton
IsDialogMessageW
MoveWindow
ShowWindow
DestroyIcon
IntersectRect
IsRectEmpty
OffsetRect
IsIconic
IsZoomed
SetWindowRgn
RedrawWindow
GetCapture
DestroyAcceleratorTable
CreatePopupMenu
WindowFromPoint
NotifyWinEvent
GetAsyncKeyState
SetClassLongW
LoadMenuW
GetSystemMenu
SetCapture
ReleaseCapture
MessageBeep
DrawStateW
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
CopyAcceleratorTableW
ToUnicodeEx
MapVirtualKeyW
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
SetRect
SetCursorPos
BringWindowToTop
LockWindowUpdate
GetMenuDefaultItem
InvertRect
HideCaret
EnableScrollBar
GetNextDlgTabItem
GetIconInfo
CopyImage
LoadImageW
GetNextDlgGroupItem
TranslateAcceleratorW
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UnionRect
UpdateLayeredWindow
IsMenu
CreateMenu
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
LoadIconW
GetSysColorBrush
ReleaseDC
GetDC
LoadCursorW
ValidateRect
GetCursorPos
GetActiveWindow
TranslateMessage
GetMessageW
CheckMenuItem
EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetCursor
ShowOwnedPopups
DeleteMenu
SetParent
PostThreadMessageW
WaitMessage
SetMenuDefaultItem
IsClipboardFormatAvailable
GetParent
GetWindowThreadProcessId
IsWindowVisible
GetWindow
PostMessageW
RegisterWindowMessageW
FindWindowW
FrameRect
GetUpdateRect
EndDialog
CreateDialogIndirectParamW
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
FillRect
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
PostQuitMessage
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
SendMessageW
GetSystemMetrics
CharUpperW
SetWindowPos
SetWindowLongW
GetMenu
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
GetWindowPlacement
SetWindowPlacement
PtInRect
CopyRect
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
GetWindowRect
AdjustWindowRectEx
GetSysColor
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
GetClientRect
UpdateWindow
ShowScrollBar
SetForegroundWindow
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
GetKeyState
TrackPopupMenu
ScrollWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
PeekMessageW
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageW
SetActiveWindow
GetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
SetFocus
IsWindow
GetFocus

iphlpapi

GetAdaptersInfo

gdi32

SetPixelV
GetTextFaceW
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
EnumFontFamiliesExW
Rectangle
SetPixel
StretchBlt
SetDIBColorTable
GetRgnBox
OffsetRgn
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
Polygon
Ellipse
Polyline
CreateEllipticRgn
GetTextColor
GetBkColor
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
DPtoLP
PatBlt
GetDeviceCaps
CopyMetaFileW
CreateDCW
SetTextColor
SetBkColor
GetObjectW
CreateBitmap
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
DeleteObject
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateDIBitmap
CreateFontIndirectW
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetTextExtentPoint32W
SetRectRgn
CombineRgn

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

StartServiceCtrlDispatcherW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
GetTokenInformation
RegEnumKeyExW
RegEnumValueW
RegEnumKeyW
RegQueryValueW
RegDeleteKeyW
DuplicateTokenEx
DeleteService
ControlService
QueryServiceStatus
StartServiceW
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerW
RevertToSelf
ImpersonateLoggedOnUser
CreateProcessAsUserW
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW
SHGetDesktopFolder
SHGetPathFromIDListW
DragFinish
DragQueryFileW
SHAppBarMessage
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW

comctl32

ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathRemoveFileSpecW
PathStripToRootW
AssocQueryStringW

ole32

CoInitializeEx
DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
StringFromGUID2
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
IsAccelerator

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
VariantChangeType
SysStringLen
VariantClear
VariantInit
SysAllocString
SysFreeString
SysAllocStringLen

mswsock

GetAcceptExSockaddrs
AcceptEx

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

rpcrt4

UuidCreate

wsock32

listen
htonl
bind

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipBitmapUnlockBits
GdipDrawImageI
GdipGetImageGraphicsContext
GdipGetImageHeight

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c08ad6a70d8b5046b208360fa14cd545

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:0b:8b:4a:78:e2:d3:80:f8:78:3a:2e:ca:75:b8:80Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

a3:5d:ca:dc:81:27:32:e2:4c:73:ac:f8:7b:5a:42:7c:5c:96:1d:88Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

iphlpapi

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

mswsock

wtsapi32

userenv

rpcrt4

wsock32

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 322KB - Virtual size: 322KB

.data Size: 33KB - Virtual size: 64KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 190KB - Virtual size: 189KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:0b:8b:4a:78:e2:d3:80:f8:78:3a:2e:ca:75:b8:80
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

a3:5d:ca:dc:81:27:32:e2:4c:73:ac:f8:7b:5a:42:7c:5c:96:1d:88
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 322KB - Virtual size: 322KB

.data
Size: 33KB - Virtual size: 64KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 190KB - Virtual size: 189KB