2024-03-13_c5e4c2cde157441e099a4a1c9e177698_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-13_c5e4c2cde157441e099a4a1c9e177698_mafia
Size

2.7MB
MD5

c5e4c2cde157441e099a4a1c9e177698
SHA1

afab1679ad5d5ac3d46a3cc51b7ac235ad0cd0c4
SHA256

701b86346837d44a30832f9a44bfb9adc5861cfd28d7cc07ae49d09d2a8e2a49
SHA512

422e22ba127f5f7364c264192384faac411d4a9c9fa4daee877d4952faf8c871cb801d53dc6d86c105a9a98e07be6fff68ce92af2b6da2215b6a20fc232685fe
SSDEEP

49152:EnFA3NQnmTeZ6sinY3w9qbn+91PGELexU856JRrsMyU/+LQ53hhl4YgLyJlUv+UU:7dQseZ6syb9qbn+91PGELUU8gwRU/+L2

Score

1^/10

Malware Config

Signatures

Files

2024-03-13_c5e4c2cde157441e099a4a1c9e177698_mafia
.exe windows:5 windows x86 arch:x86

6b133595f5c2073ea82e3a19933c854e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:4f:46:6c:ec:cb:e9:d6:be:e8:1f:54:35:e6:4d:47
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-10-2018 00:00

Not After

07-10-2021 12:00

Subject

CN=Valve,O=Valve,L=Bellevue,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:cd:ed:6c:9e:91:c2:9b:e4:4b:91:0e:fd:7b:50:2a:94:2c:cf:a6
Signer

Actual PE Digest

fe:cd:ed:6c:9e:91:c2:9b:e4:4b:91:0e:fd:7b:50:2a:94:2c:cf:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\buildslave\l4d2_rel_win32\build\src\utils\qc_eyes\Release\QC_Eyes.pdb

Imports

user32

FillRect
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
RemoveMenu
InsertMenuA
AppendMenuA
GetMenuStringA
DeleteMenu
SetRectEmpty
SystemParametersInfoA
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadCursorW
LoadCursorA
GetSysColorBrush
RealChildWindowFromPoint
SetTimer
KillTimer
SetCapture
WindowFromPoint
ReleaseCapture
WaitMessage
DestroyIcon
CharUpperA
CharNextA
OffsetRect
CopyAcceleratorTableA
IsRectEmpty
SetRect
IntersectRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
UnregisterClassA
InflateRect
GetMenuItemInfoA
DestroyMenu
CopyImage
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
CreatePopupMenu
NotifyWinEvent
GetAsyncKeyState
SetClassLongA
LoadMenuW
GetSystemMenu
DrawStateA
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
ToAsciiEx
MapVirtualKeyA
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
SetCursorPos
BringWindowToTop
LockWindowUpdate
TranslateAcceleratorA
InsertMenuItemA
LoadAcceleratorsA
LoadImageA
LoadMenuA
RegisterWindowMessageA
UnpackDDElParam
GetMenuDefaultItem
InvertRect
HideCaret
EnableScrollBar
GetIconInfo
RegisterClipboardFormatA
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UnionRect
UpdateLayeredWindow
IsMenu
CreateMenu
PostThreadMessageA
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
EmptyClipboard
LoadImageW
CopyIcon
CharUpperBuffA
GetDoubleClickTime
IsCharLowerA
GetKeyNameTextA
MapVirtualKeyExA
SubtractRect
DestroyCursor
GetWindowRgn
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
ShowOwnedPopups
SetCursor
SetWindowsHookExA
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
LoadIconA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
BeginDeferWindowPos
CheckDlgButton
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
CallWindowProcA
GetMenu
CopyRect
PtInRect
UnhookWindowsHookEx
GetWindowTextLengthA
GetWindowTextA
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
GetDlgItemTextA
SendDlgItemMessageA
ReuseDDElParam
EndDeferWindowPos
SetClipboardData
CloseClipboard
GetSystemMetrics
LoadBitmapA
LoadIconW
EnableWindow
OpenClipboard
InvalidateRect
GetClientRect
IsIconic
DrawIcon
GetDlgItem
CallNextHookEx
SendMessageA

kernel32

HeapCreate
QueryPerformanceCounter
GetStringTypeW
CompareStringW
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
GlobalLock
GlobalAlloc
InterlockedExchange
IsValidCodePage
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
HeapQueryInformation
VirtualQuery
GetSystemInfo
VirtualAlloc
SizeofResource
LockResource
LoadResource
FindResourceW
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpA
SetLastError
DeactivateActCtx
GetLastError
LoadLibraryA
ActivateActCtx
CompareStringA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExA
GetLocaleInfoA
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetModuleFileNameA
SetHandleCount
GetCurrentThread
GlobalDeleteAtom
CloseHandle
SetThreadPriority
ResumeThread
WaitForSingleObject
lstrlenA
GetModuleHandleA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GlobalAddAtomA
GetCurrentProcessId
FreeResource
FindResourceA
GlobalFree
CreateActCtxW
ReleaseActCtx
GetModuleFileNameW
InterlockedDecrement
lstrcmpW
LoadLibraryW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RaiseException
CreateThread
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
GlobalFindAtomA
ExitThread
ExitProcess
HeapFree
HeapAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
RtlUnwind
FindResourceExW
VirtualProtect
SearchPathA
Sleep
GetProfileIntA
GetTickCount
GetNumberFormatA
GetWindowsDirectoryA
GetFileTime
GetFileSizeEx
GetFileAttributesA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentThreadId
GetStdHandle
GlobalGetAtomNameA
MulDiv
lstrlenW
LocalFree
FormatMessageA
GlobalSize
CopyFileA
GetCurrentDirectoryA
GetSystemDirectoryW
lstrcpyA
GlobalFlags
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
DeleteFileA
GetThreadLocale
lstrcmpiA
CreateFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
FileTimeToLocalFileTime
GetFileSize
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetACP
GetCPInfo
GetOEMCP
SetErrorMode
GetTempFileNameA
GetTempPathA
FileTimeToSystemTime
GetFileAttributesExA
GlobalUnlock

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ImageList_GetIconSize

shlwapi

PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA

oleaut32

VarBstrFromDate
SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy

oledlg

ord8

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipBitmapLockBits
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipCloneImage

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

shell32

SHAppBarMessage
SHBrowseForFolderA
ShellExecuteA
SHGetFileInfoA
DragFinish
DragQueryFileA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

gdi32

EnumFontFamiliesA
GetTextMetricsA
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateFontIndirectA
CreateDIBitmap
CreateDCA
CopyMetaFileA
CreateHatchBrush
CreateSolidBrush
CreatePen
GetDeviceCaps
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
GetTextCharsetInfo
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
CreateBitmap
GetTextExtentPoint32A
GetBkColor
GetTextColor
GetRgnBox
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceA
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetPixelV

comdlg32

GetFileTitleA

ole32

CoCreateGuid
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateInstance
CoInitialize
CoUninitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoInitializeEx
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b133595f5c2073ea82e3a19933c854e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

05:4f:46:6c:ec:cb:e9:d6:be:e8:1f:54:35:e6:4d:47Certificate

Extended Key Usages

Key Usages

fe:cd:ed:6c:9e:91:c2:9b:e4:4b:91:0e:fd:7b:50:2a:94:2c:cf:a6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

msimg32

winspool.drv

comctl32

shlwapi

oleaut32

oledlg

oleacc

gdiplus

imm32

winmm

shell32

advapi32

gdi32

comdlg32

ole32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 294KB - Virtual size: 293KB

.data Size: 24KB - Virtual size: 53KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 167KB - Virtual size: 166KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

05:4f:46:6c:ec:cb:e9:d6:be:e8:1f:54:35:e6:4d:47
Certificate

fe:cd:ed:6c:9e:91:c2:9b:e4:4b:91:0e:fd:7b:50:2a:94:2c:cf:a6
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 294KB - Virtual size: 293KB

.data
Size: 24KB - Virtual size: 53KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 167KB - Virtual size: 166KB