2024-03-06_9394deba5cebf98b4fe635abe98640e6_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-06_9394deba5cebf98b4fe635abe98640e6_mafia
Size

15.4MB
MD5

9394deba5cebf98b4fe635abe98640e6
SHA1

87b1f93f0c4eb7bf7000add629f7f0ae1bfb4e3a
SHA256

31700b9620ec6b7761130fa4e952e20e44992501f19538205cd7f81fd6af1a44
SHA512

aaf0a0d7b94c975fe763ad617a725f76092f5998f46e1f366a1d965038ed0001d8b1f2d3dfb13366ea24c335997f2e4f0b75000c14536f1e8ebbc76deb1ab0b6
SSDEEP

196608:cXzX5kQ6DxHxqQw1u3zTniEflrYhjFp/iS4S2ZlndbJsv6tWKFdu9CIJOY2FIo:O2QMMqlNSGTbJsv6tWKFdu9CCOwo

Score

1^/10

Malware Config

Signatures

Files

2024-03-06_9394deba5cebf98b4fe635abe98640e6_mafia
.exe windows:5 windows x86 arch:x86

34230b108d6bbc1c5123fdf14883c2f3

Code Sign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:cc:07:1e:7a:4e:a1:8c:6f:6a:7d:55:ef:19:66:93
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

15/07/2013, 00:00

Not After

20/07/2015, 12:00

Subject

CN=ENC Security Systems B.V.,O=ENC Security Systems B.V.,L=Amsterdam,ST=NH,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a8:13:f0:d8:22:36:0d:76:8c:26:7f:89:1b:50:20:16:3e:21:68:b0
Signer

Actual PE Digest

a8:13:f0:d8:22:36:0d:76:8c:26:7f:89:1b:50:20:16:3e:21:68:b0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
CM_Get_Parent
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCreateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateChain
CertOpenStore
CertGetCertificateChain
CertFindCertificateInStore
CertCloseStore

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
VariantInit
VariantChangeType
SystemTimeToVariantTime
SysAllocString

imm32

ImmNotifyIME
ImmGetContext
ImmGetDefaultIMEWnd
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetCompositionStringW
ImmReleaseContext

winmm

PlaySoundW

opengl32

glIsEnabled
glIsTexture
glLineWidth
glPixelStorei
glPolygonOffset
glReadPixels
glScissor
glStencilFunc
glStencilMask
glStencilOp
glTexImage2D
glTexParameterf
glTexParameterfv
glTexParameteri
glTexParameteriv
glTexSubImage2D
glViewport
glDepthRange
glClearDepth
glGetError
wglGetProcAddress
glHint
glGetString
wglMakeCurrent
wglDeleteContext
glFinish
glEnable
glDrawElements
glDrawArrays
glDisable
glDepthMask
glDepthFunc
glDeleteTextures
glCullFace
glCopyTexSubImage2D
glCopyTexImage2D
glColorMask
glClearStencil
glClearColor
glClear
glBlendFunc
glBindTexture
wglGetCurrentDC
wglGetCurrentContext
wglCreateContext
wglShareLists
glGetTexParameteriv
glGetTexParameterfv
glGetFloatv
glGetBooleanv
glGenTextures
glFrontFace
glFlush
glGetIntegerv

gdi32

GetTextFaceW
SetTextColor
SetBkMode
SetTextAlign
ExtTextOutW
GetCharABCWidthsW
GetCharABCWidthsI
GetCharABCWidthsFloatW
SetGraphicsMode
SetWorldTransform
GetTextExtentPoint32W
GetGlyphOutlineW
GetOutlineTextMetricsW
SwapBuffers
DescribePixelFormat
ChoosePixelFormat
SetPixelFormat
CreateDCW
CreateBitmap
AddFontMemResourceEx
EnumFontFamiliesExW
RemoveFontMemResourceEx
RemoveFontResourceExW
GetTextMetricsW
CreateFontIndirectW
GetFontData
GetStockObject
OffsetRgn
GetDeviceCaps
BitBlt
SelectClipRgn
GetDIBits
GetRegionData
CreateDIBSection
GdiFlush
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
DeleteDC
AddFontResourceExW
SelectObject

kernel32

IsValidCodePage
GetOEMCP
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
SetHandleCount
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetCommandLineA
HeapSetInformation
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
HeapReAlloc
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
ExitThread
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetCPInfo
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
Sleep
GetNativeSystemInfo
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileAttributesW
GetLastError
SystemTimeToTzSpecificLocalTime
IsProcessorFeaturePresent
CloseHandle
SetFileTime
CreateFileW
GetVolumeInformationW
GetVolumePathNameW
GetDiskFreeSpaceExW
DeviceIoControl
QueryDosDeviceW
GetDriveTypeW
GetProcAddress
lstrcmpW
LoadLibraryW
SetHandleInformation
SetLastError
GetCurrentThreadId
GetModuleHandleA
GetVersion
GetFileType
GetStdHandle
MultiByteToWideChar
FindClose
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
LoadLibraryA
GetVersionExA
WideCharToMultiByte
FlushConsoleInputBuffer
LocalFree
IsValidLocale
IsValidLanguageGroup
FormatMessageW
GetModuleHandleW
GetLocaleInfoW
ExpandEnvironmentStringsW
CreateProcessW
GetUserDefaultLangID
CheckRemoteDebuggerPresent
OpenProcess
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
InterlockedIncrement
InterlockedDecrement
ReadFile
WriteFile
SetFilePointer
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
CreateFileA
GetConsoleWindow
ExitProcess
lstrlenA
CompareStringW
GetUserDefaultLCID
TlsFree
TlsSetValue
GetSystemInfo
SetThreadPriority
GetCurrentThread
TlsAlloc
TerminateThread
WaitForSingleObject
TlsGetValue
WaitForMultipleObjects
ResumeThread
GetThreadPriority
SetEvent
CreateThread
CreateEventW
DuplicateHandle
GetCurrentProcess
GetCommandLineW
GetLocalTime
GetSystemTime
ReleaseSemaphore
CreateSemaphoreW
GetStartupInfoW
OutputDebugStringA
OutputDebugStringW
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
FlushFileBuffers
QueryPerformanceFrequency
ResetEvent
GetSystemDirectoryW
GetModuleFileNameW
GetFileInformationByHandle
SetErrorMode
FindFirstFileW
CreateDirectoryW
RemoveDirectoryW
GetFileAttributesW
CopyFileW
MoveFileW
DeleteFileW
GetFullPathNameW
GetTempPathW
GetCurrentDirectoryW
GetLogicalDrives
GetFileAttributesExW
SetFilePointerEx
MoveFileExW
SetEndOfFile
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetUserDefaultUILanguage
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindNextFileW
FindFirstFileExW
DeleteFileA
CreateMutexW
ReleaseMutex
VirtualFree
VirtualAlloc
GetGeoInfoW
GetUserGeoID
GetTimeZoneInformation
HeapCreate
GetLongPathNameW
GetFullPathNameA
PeekNamedPipe
GetFileAttributesA
SetEnvironmentVariableA
WriteConsoleW
GetStringTypeW
GetLocaleInfoA
EnumSystemLocalesA
GetProcessHeap
FileTimeToSystemTime

user32

EnumWindows
MessageBoxW
SetTimer
KillTimer
CallNextHookEx
GetQueueStatus
RegisterClassW
RealGetWindowClassW
SetWindowsHookExW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjectsEx
CharNextExA
GetMessageExtraInfo
GetWindowTextW
CreateCursor
CreateIconIndirect
SetCursorPos
GetCursorInfo
UnhookWindowsHookEx
TrackMouseEvent
EnumDisplayMonitors
GetMonitorInfoW
NotifyWinEvent
RegisterClipboardFormatW
DestroyCursor
SetClipboardViewer
GetWindowThreadProcessId
ChangeClipboardChain
CreateCaret
HideCaret
SetCaretPos
DestroyCaret
RegisterWindowMessageW
LoadIconW
ToAscii
GetMenu
PeekMessageW
GetKeyboardState
GetUserObjectInformationW
SetWindowRgn
DefWindowProcW
DestroyWindow
SystemParametersInfoW
GetSysColor
EnableMenuItem
GetSystemMenu
GetIconInfo
DrawIconEx
DestroyIcon
GetDC
ReleaseDC
GetSystemMetrics
GetAsyncKeyState
MapVirtualKeyW
IsZoomed
SetMenuItemInfoW
TrackPopupMenuEx
GetKeyState
ToUnicode
IsIconic
SetParent
SetCapture
SetForegroundWindow
SetFocus
SetWindowTextW
MoveWindow
AdjustWindowRectEx
ShowWindow
SetWindowPos
SendMessageW
FlashWindowEx
SetCursor
ReleaseCapture
PostMessageW
GetUpdateRect
InvalidateRect
BeginPaint
EndPaint
GetWindowPlacement
SetWindowLongW
GetForegroundWindow
IsChild
IsWindowVisible
GetAncestor
GetWindowRect
GetWindowLongW
GetCapture
UnregisterClassW
GetSysColorBrush
CreateWindowExW
GetClassInfoW
LoadImageW
RegisterClassExW
ClientToScreen
GetCursorPos
GetFocus
ChildWindowFromPointEx
GetParent
GetKeyboardLayoutList
GetClientRect
ScreenToClient
GetCaretBlinkTime
GetDoubleClickTime
MessageBeep
MessageBoxA
GetDesktopWindow
GetClipboardFormatNameW
GetProcessWindowStation

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW
SHGetFileInfoW

ole32

DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
OleGetClipboard
CoCreateGuid
RegisterDragDrop
ReleaseStgMedium
CoGetMalloc
CoTaskMemAlloc
CoLockObjectExternal
RevokeDragDrop
OleUninitialize
OleInitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree

advapi32

LookupAccountNameW
ReportEventA
RegisterEventSourceA
CryptEnumProvidersA
CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptAcquireContextA
CryptGetUserKey
CryptExportKey
CryptDestroyHash
CryptSignHashA
CryptSetHashParam
CryptCreateHash
DeregisterEventSource
CryptDecrypt
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
FreeSid
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
RegCreateKeyExW
RegFlushKey
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW

ws2_32

bind
WSAConnect
getsockname
getpeername
WSAHtons
WSAHtonl
WSANtohs
WSANtohl
WSASend
closesocket
select
__WSAFDIsSet
WSARecv
WSARecvFrom
WSASendTo
listen
setsockopt
WSASocketW
WSAIoctl
WSACleanup
WSAStartup
getsockopt
htonl
inet_addr
gethostbyaddr
ntohl
gethostbyname
WSAGetLastError
gethostname
shutdown
recv
WSASetLastError
send
WSAAsyncSelect
WSAAccept

Exports

Exports

z_adler32
z_adler32_combine
z_adler32_combine64
z_compress
z_compress2
z_compressBound
z_crc32
z_crc32_combine
z_crc32_combine64
z_deflate
z_deflateBound
z_deflateCopy
z_deflateEnd
z_deflateInit2_
z_deflateInit_
z_deflateParams
z_deflatePrime
z_deflateReset
z_deflateSetDictionary
z_deflateSetHeader
z_deflateTune
z_get_crc_table
z_inflate
z_inflateCopy
z_inflateEnd
z_inflateGetHeader
z_inflateInit2_
z_inflateInit_
z_inflateMark
z_inflatePrime
z_inflateReset
z_inflateReset2
z_inflateSetDictionary
z_inflateSync
z_inflateSyncPoint
z_inflateUndermine
z_uncompress
z_zError
z_zlibCompileFlags
z_zlibVersion

Sections

.text
Size: 8.8MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 3B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34230b108d6bbc1c5123fdf14883c2f3

Code Sign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

05:cc:07:1e:7a:4e:a1:8c:6f:6a:7d:55:ef:19:66:93Certificate

Extended Key Usages

Key Usages

a8:13:f0:d8:22:36:0d:76:8c:26:7f:89:1b:50:20:16:3e:21:68:b0Signer

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

crypt32

oleaut32

imm32

winmm

opengl32

gdi32

kernel32

user32

shell32

ole32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 8.8MB - Virtual size: 8.8MB

.rdata Size: 5.7MB - Virtual size: 5.7MB

.data Size: 125KB - Virtual size: 211KB

.qtmetad Size: 5KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 3B

.rsrc Size: 234KB - Virtual size: 233KB

.reloc Size: 404KB - Virtual size: 403KB

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

05:cc:07:1e:7a:4e:a1:8c:6f:6a:7d:55:ef:19:66:93
Certificate

a8:13:f0:d8:22:36:0d:76:8c:26:7f:89:1b:50:20:16:3e:21:68:b0
Signer

.text
Size: 8.8MB - Virtual size: 8.8MB

.rdata
Size: 5.7MB - Virtual size: 5.7MB

.data
Size: 125KB - Virtual size: 211KB

.qtmetad
Size: 5KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 3B

.rsrc
Size: 234KB - Virtual size: 233KB

.reloc
Size: 404KB - Virtual size: 403KB