2024-02-23_6969606971c878f542003ca42b3ee474_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-23_6969606971c878f542003ca42b3ee474_mafia
Size

806KB
MD5

6969606971c878f542003ca42b3ee474
SHA1

fe04f52409f7d02949be14045bb0ef4ff7bc3b4c
SHA256

9d344009e057143f847c2ca34a67528037d800ddd4f82c24ec4725ff274c93a7
SHA512

ede0c17d32bbf5a72cf01feb75f2b99fff2234c5edb3f4ebc4c983a798c80fccd3a45c6e2cfb58acc483fcee54b70fd38f37697dbe9ecf0ca30c90d17628098c
SSDEEP

12288:tpc8wK5T+ycEwm5pwcNaKQWZC3L5Ylb8hwBWAkWJ4u1kMR+hEJRABy9yi:z7eEp5ecNaKQyHlQhiWe4u1RR+hEJR0A

Score

1^/10

Malware Config

Signatures

Files

2024-02-23_6969606971c878f542003ca42b3ee474_mafia
.exe windows:5 windows x86 arch:x86

6e16cfb3196c071475ac3cbc01098f6b

Code Sign

79:90:6f:af:4f:bd:75:ba:a1:0b:32:23:56:a0:7f:6d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/09/2017, 00:00

Not After

22/09/2020, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

79:90:6f:af:4f:bd:75:ba:a1:0b:32:23:56:a0:7f:6d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/09/2017, 00:00

Not After

22/09/2020, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:e0:c6:5b:bc:0a:03:56:4f:0c:47:98:16:de:5f:f4:d1:c0:9a:09:e3:19:57:84:ec:4f:92:40:dc:3f:9f:53
Signer

Actual PE Digest

f7:e0:c6:5b:bc:0a:03:56:4f:0c:47:98:16:de:5f:f4:d1:c0:9a:09:e3:19:57:84:ec:4f:92:40:dc:3f:9f:53

Digest Algorithm

sha256

PE Digest Matches

true

4c:c4:a4:99:02:e5:d3:15:d7:a5:86:34:bf:dd:f0:70:1f:37:ee:17
Signer

Actual PE Digest

4c:c4:a4:99:02:e5:d3:15:d7:a5:86:34:bf:dd:f0:70:1f:37:ee:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\nsmsrc\ncs\1279\1279f\nsmgateway\Release_unicode\NSConnSvrUI.pdb

Imports

shfolder

SHGetFolderPathW

ws2_32

inet_addr
ntohl

winhttp

WinHttpReceiveResponse
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSendRequest

kernel32

GetVersion
ExpandEnvironmentStringsW
InitializeCriticalSection
SystemTimeToFileTime
ExitProcess
CompareStringW
LockResource
ResetEvent
GetVersionExW
GetLocalTime
GetSystemTimeAsFileTime
GetProcessTimes
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
GetFileSize
GlobalReAlloc
WriteFile
CreateFileW
HeapAlloc
GetProcessHeap
HeapFree
CreateThread
PulseEvent
GetVolumeInformationW
GetSystemDirectoryW
GetProfileStringW
FormatMessageW
GetDateFormatW
WinExec
FindResourceExW
EnumResourceLanguagesW
EnumResourceNamesW
Beep
VirtualQueryEx
DeleteFileW
WaitForMultipleObjects
CreateDirectoryW
GetFileAttributesW
GetSystemDefaultLangID
EnumResourceTypesW
GetSystemInfo
SetCurrentDirectoryW
GetCurrentDirectoryW
ResumeThread
GetTempPathW
SuspendThread
GetExitCodeThread
OpenThread
IsBadReadPtr
SetThreadPriority
ExpandEnvironmentStringsA
LoadLibraryA
InterlockedExchange
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStdHandle
HeapDestroy
HeapCreate
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetTimeFormatW
HeapReAlloc
ExitThread
DecodePointer
EncodePointer
RtlUnwind
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
IsProcessorFeaturePresent
GetTimeZoneInformation
GetStringTypeW
GetShortPathNameW
CreateProcessW
TerminateProcess
GetTickCount
SetUnhandledExceptionFilter
GetCommandLineW
OpenMutexW
CreateMutexW
Sleep
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
CreateEventW
WaitForSingleObject
lstrcmpiW
GetModuleHandleW
SetLastError
GetCurrentThreadId
lstrlenA
OutputDebugStringW
HeapSize
GetLocaleInfoW
SetHandleCount
GetFileType
DebugBreak
SetFilePointer
LCMapStringW
GetConsoleCP
GetConsoleMode
FatalAppExitA
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
GetUserDefaultLCID
lstrlenW
GetCurrentProcess
FlushInstructionCache
SetEvent
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetComputerNameW
LocalFree
LocalAlloc
GetProcAddress
FreeLibrary
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileW
FindNextFileW
FindClose
GetUserDefaultUILanguage
GetUserDefaultLangID
GetModuleFileNameW
GetCurrentProcessId
OpenProcess
CloseHandle
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
InterlockedCompareExchange
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
GetThreadContext
TlsAlloc

user32

GetKeyState
GetMenuInfo
SetMenuInfo
SendDlgItemMessageW
SetMenuItemInfoW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetMenuItemInfoW
CreatePopupMenu
InsertMenuItemW
MessageBeep
GetMenuStringW
GetMenuItemCount
GetMenuItemID
DeleteMenu
SetRect
GetDC
ReleaseDC
GetGuiResources
MessageBoxIndirectW
WinHelpW
UnhookWindowsHookEx
SetWindowsHookExW
GetDlgItemTextW
GetLastActivePopup
IsWindow
CallNextHookEx
DefWindowProcW
GetClassInfoW
RegisterClassW
CreateDialogParamW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
LoadImageW
SetPropW
RemoveMenu
GetActiveWindow
DialogBoxParamW
RegisterWindowMessageW
LoadIconW
LoadMenuW
GetSubMenu
EnableMenuItem
GetCursorPos
SetMenuDefaultItem
SetForegroundWindow
TrackPopupMenu
DestroyMenu
GetSysColor
CharNextW
wvsprintfW
LoadStringW
DestroyWindow
IsDialogMessageW
SendMessageW
MessageBoxW
EnableWindow
KillTimer
SetTimer
BringWindowToTop
DrawMenuBar
GetMenu
GetWindowTextW
SetWindowTextW
PostMessageW
LoadBitmapW
SetWindowLongW
ShowWindow
GetWindow
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
GetParent
SetDlgItemTextW
EndDialog
wsprintfW
GetShellWindow
GetSystemMetrics
OpenDesktopW
EnumDesktopWindows
CloseDesktop
EnumWindows
GetWindowRect
GetWindowLongW
GetWindowThreadProcessId
GetClassNameW
PostQuitMessage
UnregisterClassA

gdi32

CreateSolidBrush
SetBkMode
SetTextColor
SetBkColor
RealizePalette
SelectPalette
GetDeviceCaps
DeleteDC
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreatePalette
DeleteObject
CreateDIBitmap
CreateBitmap
ExtTextOutW
CreateDCW
LineTo
MoveToEx
SetPixel
CreatePen
StretchBlt
CreateFontIndirectW
CreateDIBSection
GetTextExtentPoint32W
GetObjectW
GetStockObject
GetSystemPaletteEntries
GetDIBits

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExA
RegQueryValueExA
GetUserNameW
FreeSid
IsTextUnicode
RegDeleteKeyW
ImpersonateLoggedOnUser
OpenProcessToken
RevertToSelf
EqualSid
AllocateAndInitializeSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
LookupAccountSidW
GetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW

shell32

ExtractIconExW
Shell_NotifyIconW
ShellExecuteExW

ole32

CreateBindCtx
MkParseDisplayName
CoTaskMemAlloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoUninitialize
CoResumeClassObjects
CoInitialize
CoInitializeSecurity
GetRunningObjectTable
CoTaskMemRealloc

oleaut32

CreateErrorInfo
SetErrorInfo
VariantInit
SysFreeString
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantClear
VariantCopy
VariantChangeType
SysStringByteLen
GetErrorInfo

comctl32

ImageList_AddMasked
InitCommonControlsEx
ImageList_Create

winmm

PlaySoundW
timeGetTime

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

_GetRawWMIStringW@16
_GetWMIStringW@16
_IsAcerA@8

Sections

.text
Size: 451KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e16cfb3196c071475ac3cbc01098f6b

Code Sign

79:90:6f:af:4f:bd:75:ba:a1:0b:32:23:56:a0:7f:6dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

79:90:6f:af:4f:bd:75:ba:a1:0b:32:23:56:a0:7f:6dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

f7:e0:c6:5b:bc:0a:03:56:4f:0c:47:98:16:de:5f:f4:d1:c0:9a:09:e3:19:57:84:ec:4f:92:40:dc:3f:9f:53Signer

4c:c4:a4:99:02:e5:d3:15:d7:a5:86:34:bf:dd:f0:70:1f:37:ee:17Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shfolder

ws2_32

winhttp

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

winmm

version

Exports

Exports

Sections

.text Size: 451KB - Virtual size: 450KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 14KB - Virtual size: 30KB

.rsrc Size: 221KB - Virtual size: 221KB

.reloc Size: 22KB - Virtual size: 21KB

79:90:6f:af:4f:bd:75:ba:a1:0b:32:23:56:a0:7f:6d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

79:90:6f:af:4f:bd:75:ba:a1:0b:32:23:56:a0:7f:6d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

f7:e0:c6:5b:bc:0a:03:56:4f:0c:47:98:16:de:5f:f4:d1:c0:9a:09:e3:19:57:84:ec:4f:92:40:dc:3f:9f:53
Signer

4c:c4:a4:99:02:e5:d3:15:d7:a5:86:34:bf:dd:f0:70:1f:37:ee:17
Signer

.text
Size: 451KB - Virtual size: 450KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 14KB - Virtual size: 30KB

.rsrc
Size: 221KB - Virtual size: 221KB

.reloc
Size: 22KB - Virtual size: 21KB