2024-03-09_81fede5327d11865e66cfe8a306e429c_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-09_81fede5327d11865e66cfe8a306e429c_mafia
Size

4.6MB
MD5

81fede5327d11865e66cfe8a306e429c
SHA1

a28164d4392a1900459a0e14b370142fcea4c141
SHA256

038512733c70ea2cdc14177fb3fe45a65f3e73351d1b402c6326a6f112d2302e
SHA512

71926a44bc71a2557d5f853dd30d2b8e3fd6e9a308744f8b9561601e9fdbd166e9930c19da92a6ebf31425785eac1975311370aa73e31976c8b6d1bf04b03e33
SSDEEP

98304:oB4uYGgn9HPCFVAlY4V0Bkne9v/oXjdOn/k:oth6pCFVuPaIeoXjS/k

Score

1^/10

Malware Config

Signatures

Files

2024-03-09_81fede5327d11865e66cfe8a306e429c_mafia
.exe windows:5 windows x86 arch:x86

c4a1d927af90764e916cf99596910814

Code Sign

0f:b2:83:cb:6e:ea:8d:02:04:bf:a5:1c:4b:ce:92:5c
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-09-2012 00:00

Not After

25-09-2013 23:59

Subject

CN=Escolade Solutions LTD.,O=Escolade Solutions LTD.,POSTALCODE=03451,STREET=Akademica Vernadskogo blvd. 36-507,L=Kiev,ST=Kiev,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a0:db:9e:a1:c9:06:b8:4a:1d:c9:58:30:57:ee:6a:01:54:d3:b3:d9
Signer

Actual PE Digest

a0:db:9e:a1:c9:06:b8:4a:1d:c9:58:30:57:ee:6a:01:54:d3:b3:d9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\iPumper\iPumper\Installer\Build\Release\TinyInstaller.pdb

Imports

netapi32

NetApiBufferFree
NetUserGetLocalGroups
NetUserGetGroups

dbghelp

SymInitialize
SymFromAddr

kernel32

SetFilePointer
QueryDosDeviceW
GetLogicalDriveStringsW
FindNextFileW
GetLastError
GetModuleFileNameW
GetTempPathW
GetTempFileNameW
LockResource
LoadResource
SizeofResource
FindResourceW
GetVersionExW
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
OpenEventW
SetEvent
ResetEvent
CreateMutexW
OpenMutexW
CreateThread
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetCurrentProcessId
lstrcmpiA
lstrcmpA
WideCharToMultiByte
FlushFileBuffers
FindResourceExW
FlushInstructionCache
GetCurrentProcess
InterlockedDecrement
FreeLibrary
LoadLibraryExW
lstrcpynW
GetCurrentThreadId
SetLastError
GetModuleHandleW
InterlockedIncrement
LoadLibraryW
RemoveDirectoryW
GetProcAddress
OutputDebugStringW
Sleep
GetTickCount
ReadFile
InitializeCriticalSectionAndSpinCount
TerminateThread
lstrcmpiW
GetNativeSystemInfo
RtlCaptureStackBackTrace
GetConsoleMode
GetConsoleCP
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LCMapStringW
FatalAppExitA
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetTimeZoneInformation
GetLocaleInfoW
GetStdHandle
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapCreate
GetStartupInfoW
HeapSetInformation
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
ExitThread
RtlUnwind
InterlockedPopEntrySList
VirtualAlloc
FindFirstFileW
FindClose
MoveFileExW
CopyFileW
LoadLibraryA
SetCurrentDirectoryW
CreateDirectoryW
CreateFileW
GetFileSize
GetFileAttributesW
WriteFile
CloseHandle
CompareFileTime
SystemTimeToFileTime
GetSystemTime
GetProcessHeap
HeapAlloc
lstrlenA
HeapFree
GetCommandLineW
LocalAlloc
FormatMessageW
LocalFree
lstrlenW
DeleteFileW
MultiByteToWideChar
RaiseException
SetConsoleCtrlHandler
InterlockedExchange
WriteConsoleW
SetEndOfFile
CompareStringW
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
SetEnvironmentVariableA
GetSystemDirectoryW

user32

PostMessageW
MoveWindow
GetWindowRect
GetWindowLongW
ScreenToClient
GetParent
SendMessageW
UnregisterClassA
wsprintfW
CharLowerBuffA
SetWindowLongW
DestroyWindow
PostQuitMessage
wvsprintfW
GetClientRect
DefWindowProcW
GetSystemMetrics
MessageBoxW
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ShowWindow
GetDesktopWindow
LoadIconW
RegisterClassExW
IsWindow
SetCursorPos
CreateWindowExW
CallWindowProcW
SystemParametersInfoW
LoadStringW
LoadCursorW
GetClassInfoExW
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SetWindowPos
CharLowerBuffW

advapi32

AllocateAndInitializeSid
SetSecurityDescriptorDacl
GetCurrentHwProfileW
GetUserNameW
RegQueryInfoKeyW
RegDeleteValueW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
QueryServiceStatusEx
StartServiceW
CloseServiceHandle
RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegOpenCurrentUser
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
SetEntriesInAclW
InitializeSecurityDescriptor
FreeSid

shell32

ShellExecuteExW
ShellExecuteW
SHFileOperationW
CommandLineToArgvW
SHGetFolderPathW

ole32

CoTaskMemRealloc
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysFreeString
VarBstrCat
SysStringLen
SysAllocStringLen
SysAllocString
VariantClear
VariantCopy
VariantInit
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr

shlwapi

StrStrIW
StrCmpW
StrToIntExW
StrToIntExA
StrCmpIW

comctl32

InitCommonControlsEx

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpSetOption

secur32

GetUserNameExW

rpcrt4

UuidCreate
UuidCreateSequential
UuidEqual
UuidToStringW
RpcStringFreeW

psapi

GetProcessImageFileNameW

Sections

.text
Size: 395KB - Virtual size: 395KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4a1d927af90764e916cf99596910814

Code Sign

0f:b2:83:cb:6e:ea:8d:02:04:bf:a5:1c:4b:ce:92:5cCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

01Certificate

Key Usages

a0:db:9e:a1:c9:06:b8:4a:1d:c9:58:30:57:ee:6a:01:54:d3:b3:d9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

dbghelp

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

winhttp

secur32

rpcrt4

psapi

Sections

.text Size: 395KB - Virtual size: 395KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 9KB - Virtual size: 35KB

.rsrc Size: 4.1MB - Virtual size: 4.1MB

.reloc Size: 26KB - Virtual size: 26KB

0f:b2:83:cb:6e:ea:8d:02:04:bf:a5:1c:4b:ce:92:5c
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

01
Certificate

a0:db:9e:a1:c9:06:b8:4a:1d:c9:58:30:57:ee:6a:01:54:d3:b3:d9
Signer

.text
Size: 395KB - Virtual size: 395KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 9KB - Virtual size: 35KB

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

.reloc
Size: 26KB - Virtual size: 26KB