2024-03-08_edc3d3c4d714d07615591ad4b055fe9f_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-08_edc3d3c4d714d07615591ad4b055fe9f_mafia
Size

1.9MB
MD5

edc3d3c4d714d07615591ad4b055fe9f
SHA1

5c39eece6ae8163f6a9966e282064136869c41e4
SHA256

a99fddfcdaf5f99b879d7629ded1238d5fbabe6050b40330035368d70ced0758
SHA512

897aae4083cf36c6b92459ab613059bfa82e652b9a4a38223e7c0c0caa9902feb69c7d0402b97db07f1dfa7c64017d626d36653444c0f626395df0337a468f5b
SSDEEP

49152:QIVXuFRJh2SAfP786bhD+djeDOEmUk1tDgimJbQc6LDEi2csafySXC6LzSQmeTBi:QwFZDWeaBUk1tsimxQV52csaBH2Qm6dC

Score

1^/10

Malware Config

Signatures

Files

2024-03-08_edc3d3c4d714d07615591ad4b055fe9f_mafia
.exe windows:5 windows x86 arch:x86

edde8cbabbe843b0e15f7a7d2887a77d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:88:5c:6d:d3:86:7c:0f:1c:76:6c:67:81:28:83:1f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20/06/2022, 00:00

Not After

19/06/2025, 23:59

Subject

CN=KIMBAY GROUP LIABILITY LIMITED COMPANY,O=KIMBAY GROUP LIABILITY LIMITED COMPANY,L=District 7,ST=Ho Chi Minh City,C=VN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2c:0c:63:f2:5c:48:e6:b8:9f:c8:c7:22:9a:31:44:7b:cf:61:e8:38
Signer

Actual PE Digest

2c:0c:63:f2:5c:48:e6:b8:9f:c8:c7:22:9a:31:44:7b:cf:61:e8:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files (x86)\boadiskEx\BoaDiskLauncher.pdb

Imports

ws2_32

WSARecv
WSASend
setsockopt
WSAGetLastError
WSASocketA
ntohs
htons
inet_addr
socket
ntohl
inet_ntoa
gethostname
gethostbyname
closesocket
WSACleanup
WSAStartup
connect
WSAIoctl
WSARecvFrom
WSASendTo

kernel32

GetStdHandle
GetCPInfo
GetACP
GetOEMCP
FileTimeToSystemTime
GetLocalTime
TerminateProcess
GetExitCodeProcess
RaiseException
GetDriveTypeW
GetLogicalDrives
GetDiskFreeSpaceExA
GetCurrentThread
GetFileAttributesW
CreateDirectoryW
CreateProcessW
GetStartupInfoW
FreeLibrary
lstrcmpiW
lstrlenA
GetSystemTimeAsFileTime
CreateWaitableTimerW
VirtualAlloc
GetTickCount
GetCommandLineW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
OpenProcess
Sleep
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
VirtualFree
WideCharToMultiByte
lstrlenW
GetComputerNameA
InitializeCriticalSection
GetVersionExW
HeapCreate
IsProcessorFeaturePresent
UnmapViewOfFile
LocalFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetStdHandle
VirtualQuery
HeapSize
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
IsDebuggerPresent
TlsSetValue
TlsGetValue
VerifyVersionInfoW
VerSetConditionMask
SetLastError
InterlockedCompareExchange
GetQueuedCompletionStatus
SetWaitableTimer
CreateIoCompletionPort
PostQueuedCompletionStatus
SleepEx
SetEvent
CreateEventW
WaitForSingleObject
QueueUserAPC
TerminateThread
WaitForMultipleObjects
CloseHandle
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedExchangeAdd
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
GetLastError
TlsAlloc
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetStringTypeW
SetHandleCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
CreateFileA
WriteConsoleW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapQueryInformation
ExitProcess
HeapReAlloc
RtlUnwind
GetConsoleMode
GetConsoleCP
HeapSetInformation
GetFileType
GetDateFormatA
GetTimeFormatA
CreateThread
ExitThread
SetEnvironmentVariableA
FormatMessageA
ReleaseSemaphore
WaitForSingleObjectEx
OpenEventA
ResetEvent
DecodePointer
EncodePointer
TlsFree
FindResourceExW
GetUserDefaultLCID
VirtualProtect
GetNumberFormatW
GetWindowsDirectoryW
SearchPathW
GetProfileIntW
GetTempPathW
GetTempFileNameW
FreeResource
GlobalFindAtomW
GlobalAddAtomW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalFlags
lstrcpyW
GetSystemDirectoryW
GetCurrentDirectoryW
LocalReAlloc
GlobalHandle
GlobalReAlloc
LocalAlloc
CompareStringW
ReleaseActCtx
CreateActCtxW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GlobalGetAtomNameW
FileTimeToLocalFileTime
FindNextFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileW
CreateFileW
GetCurrentProcessId
SetErrorMode
lstrcmpA
GlobalDeleteAtom
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
ActivateActCtx
LoadLibraryW
DeactivateActCtx
lstrcmpW
GetLocaleInfoW
LoadLibraryExW
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
CreateEventA
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetSystemInfo
CreateDirectoryA
GetFileAttributesA
ResumeThread
SetThreadPriority

user32

AdjustWindowRectEx
DestroyIcon
KillTimer
SetTimer
InvalidateRect
UpdateWindow
RegisterClassW
GetClassInfoExW
EqualRect
DeferWindowPos
CreateWindowExW
RedrawWindow
ShowScrollBar
SetForegroundWindow
GetScrollRange
SetScrollRange
SetMenu
TrackPopupMenu
ScrollWindow
MonitorFromWindow
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetForegroundWindow
RemovePropW
GetPropW
SetPropW
GetClassLongW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
LoadIconW
InflateRect
GetMenuItemInfoW
DestroyMenu
IsRectEmpty
OffsetRect
IsIconic
IsZoomed
SetWindowRgn
SetParent
GetScrollInfo
CreatePopupMenu
WindowFromPoint
NotifyWinEvent
GetAsyncKeyState
SetClassLongW
IntersectRect
LoadMenuW
GetSystemMenu
SetCapture
ReleaseCapture
MessageBeep
DrawStateW
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
CopyAcceleratorTableW
ToUnicodeEx
MapVirtualKeyW
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
SetRect
SetCursorPos
BringWindowToTop
LockWindowUpdate
CopyImage
TranslateAcceleratorW
InsertMenuItemW
LoadImageW
ReuseDDElParam
UnpackDDElParam
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UnionRect
EnableScrollBar
UpdateLayeredWindow
IsMenu
CreateMenu
PostThreadMessageW
WaitMessage
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
CallWindowProcW
SetFocus
SetScrollPos
GetScrollPos
CheckDlgButton
GetDlgItem
SendDlgItemMessageW
IsDialogMessageW
IsWindow
SetWindowLongW
MoveWindow
ShowWindow
SetWindowPos
DestroyAcceleratorTable
GetUpdateRect
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetMenuDefaultItem
GetParent
GetWindowThreadProcessId
IsWindowVisible
GetWindow
PostMessageW
RegisterWindowMessageW
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
GetIconInfo
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
InvertRect
HideCaret
GetNextDlgGroupItem
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
GetMenu
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
PostQuitMessage
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
SendMessageW
GetSystemMetrics
CharUpperW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
LoadCursorW
UnhookWindowsHookEx
GetWindowTextW
GetWindowTextLengthW
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetCursor
ShowOwnedPopups
DeleteMenu
CopyRect
SetRectEmpty
GetMonitorInfoW
SystemParametersInfoW
EnumDisplayMonitors
SetLayeredWindowAttributes
GetClientRect
MapWindowPoints
DefWindowProcW
GetClassInfoW
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ScreenToClient
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
SetWindowTextW
PtInRect
GetClassNameW
GetWindowRect
GetDlgCtrlID
RealChildWindowFromPoint
GetDesktopWindow

iphlpapi

GetAdaptersInfo

gdi32

SetPixelV
GetTextFaceW
EnumFontFamiliesExW
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
GetSystemPaletteEntries
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
Rectangle
SetPixel
StretchBlt
RealizePalette
SetDIBColorTable
GetRgnBox
OffsetRgn
DPtoLP
SetRectRgn
Polygon
Ellipse
Polyline
CreateEllipticRgn
PatBlt
GetTextColor
GetBkColor
CombineRgn
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
GetTextExtentPoint32W
GetDeviceCaps
CopyMetaFileW
CreateDCW
CreateBitmap
CreateDIBitmap
GetStockObject
CreatePen
CreateSolidBrush
CreatePatternBrush
CreateFontIndirectW
GetObjectW
CreateCompatibleBitmap
CreateRectRgnIndirect
CreateCompatibleDC
BitBlt
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
DeleteObject
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
SelectPalette
GetObjectType
CreateHatchBrush

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

StartServiceCtrlDispatcherW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
GetTokenInformation
RegEnumKeyExW
RegEnumValueW
RegEnumKeyW
RegQueryValueW
RegDeleteKeyW
DeleteService
ControlService
QueryServiceStatus
StartServiceW
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerW
RevertToSelf
ImpersonateLoggedOnUser
CreateProcessAsUserW
DuplicateTokenEx
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetFileInfoW
ShellExecuteW
DragFinish
DragQueryFileW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHAppBarMessage
SHGetSpecialFolderPathW

comctl32

ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathFindFileNameW
AssocQueryStringW

ole32

CoInitializeEx
DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
StringFromGUID2
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
IsAccelerator

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
SysStringLen
VariantClear
VariantInit
SysAllocString
SysFreeString
SysAllocStringLen
VariantChangeType

mswsock

GetAcceptExSockaddrs
AcceptEx

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

rpcrt4

UuidCreate

wsock32

listen
htonl
bind

gdiplus

GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipBitmapUnlockBits
GdipDrawImageI
GdipGetImageGraphicsContext
GdipGetImageHeight

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edde8cbabbe843b0e15f7a7d2887a77d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:88:5c:6d:d3:86:7c:0f:1c:76:6c:67:81:28:83:1fCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

2c:0c:63:f2:5c:48:e6:b8:9f:c8:c7:22:9a:31:44:7b:cf:61:e8:38Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

iphlpapi

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

mswsock

wtsapi32

userenv

rpcrt4

wsock32

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 317KB - Virtual size: 316KB

.data Size: 31KB - Virtual size: 63KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 190KB - Virtual size: 189KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:88:5c:6d:d3:86:7c:0f:1c:76:6c:67:81:28:83:1f
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

2c:0c:63:f2:5c:48:e6:b8:9f:c8:c7:22:9a:31:44:7b:cf:61:e8:38
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 317KB - Virtual size: 316KB

.data
Size: 31KB - Virtual size: 63KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 190KB - Virtual size: 189KB