2024-03-11_74e65a1251a4af7812ffbc38c702f5c5_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-11_74e65a1251a4af7812ffbc38c702f5c5_mafia
Size

275KB
MD5

74e65a1251a4af7812ffbc38c702f5c5
SHA1

3792bc3f278336b2ac3d0711dfcee736bde1cda2
SHA256

23437f4814b95ba1f7ee4f7a49e3c72e776f9086b6ed698931032be66007d9e9
SHA512

5b580d37b6707d42bdbfb52f0adc7f684c3a3f71f6a6b71a6d825d6ed412e73788b15e869b56e4bab30f7fa97ff35c5f58ad6e44bcfb83d1eb13490cc90ab7b8
SSDEEP

6144:Mo/qh3V4znRDFERZKJDDDOvBPWnO2+S0S:3qh3VExkZwj+BPWnO2+K

Score

1^/10

Malware Config

Signatures

Files

2024-03-11_74e65a1251a4af7812ffbc38c702f5c5_mafia
.exe windows:5 windows x86 arch:x86

4f3b7a2c55aeb0036e1c576b41dbfbf4

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:f4:de:44:37:39:3e:71:ce:e1:42:b0:84:49:b9:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/05/2012, 00:00

Not After

23/05/2013, 23:59

Subject

CN=Happy Cloud\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Happy Cloud\, Inc.,L=Newton,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:1a:13:04:c9:83:e5:a8:b5:a1:b9:8c:4b:b9:8c:e7:7f:5d:8c:30
Signer

Actual PE Digest

0d:1a:13:04:c9:83:e5:a8:b5:a1:b9:8c:4b:b9:8c:e7:7f:5d:8c:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\svn\branches\sonic3\HappyCloudService\Release\hcfwexcp.pdb

Imports

user32

AllowSetForegroundWindow
MessageBoxW

ole32

CoInitializeSecurity
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
SysAllocString

advapi32

GetTokenInformation
RegQueryValueExW
RegCloseKey
ConvertSidToStringSidW
RegOpenKeyExW
OpenProcessToken

shell32

CommandLineToArgvW

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetLocaleInfoW
GetModuleFileNameW
GetTickCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
SetStdHandle
WriteConsoleW
GetConsoleMode
GetConsoleCP
SetEnvironmentVariableA
TlsGetValue
CreateProcessW
WaitForSingleObject
Sleep
GetExitCodeProcess
GetLastError
CloseHandle
TlsAlloc
TlsFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetEnvironmentVariableW
SetEnvironmentVariableW
GetModuleHandleW
CreateRemoteThread
GetProcAddress
VirtualAllocEx
GetExitCodeThread
WriteProcessMemory
ResumeThread
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeSListHead
WriteFile
WideCharToMultiByte
InterlockedPopEntrySList
CreateFileW
SetThreadPriority
FlushFileBuffers
InterlockedFlushSList
GetCurrentThreadId
InterlockedPushEntrySList
MapViewOfFile
UnmapViewOfFile
WaitNamedPipeW
ReadFile
SetNamedPipeHandleState
OpenFileMappingW
OpenEventW
SetFilePointer
GetCurrentProcess
FormatMessageW
MultiByteToWideChar
lstrlenW
GetLocalTime
LocalAlloc
LocalFree
GetCommandLineW
OpenMutexW
GetCurrentProcessId
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
HeapFree
ExitThread
CreateThread
GetTimeZoneInformation
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
CompareStringW
IsProcessorFeaturePresent
HeapCreate
TlsSetValue
SetLastError
HeapSize
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType

Sections

.text
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f3b7a2c55aeb0036e1c576b41dbfbf4

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

3c:f4:de:44:37:39:3e:71:ce:e1:42:b0:84:49:b9:f8Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0d:1a:13:04:c9:83:e5:a8:b5:a1:b9:8c:4b:b9:8c:e7:7f:5d:8c:30Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

ole32

oleaut32

advapi32

shell32

kernel32

Sections

.text Size: 203KB - Virtual size: 202KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 584B

.reloc Size: 17KB - Virtual size: 16KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

3c:f4:de:44:37:39:3e:71:ce:e1:42:b0:84:49:b9:f8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0d:1a:13:04:c9:83:e5:a8:b5:a1:b9:8c:4b:b9:8c:e7:7f:5d:8c:30
Signer

.text
Size: 203KB - Virtual size: 202KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 584B

.reloc
Size: 17KB - Virtual size: 16KB