2024-03-27_3c5cb516df7dbad7620ab86185efc5fe_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-27_3c5cb516df7dbad7620ab86185efc5fe_mafia
Size

1.1MB
MD5

3c5cb516df7dbad7620ab86185efc5fe
SHA1

b26cc40384165813e2dc1b4dbc7d1f9894e9789f
SHA256

eccf168d0c1c91146dc129d31a2fd875d5fb750a632870ea04909f73b0c91d95
SHA512

580d9b7bdf8a0952b9c0318aceab7c862b3daca470279bb4be1f1d16442fb834032772750c7df230b8a46f6d294d09c6d7febb9453f8a91086dc882e3c9cc7ce
SSDEEP

24576:MgoAjoIt1qOvAqDHe45e9eQ7WTdQgcv4PSpb+WWrDK1KYD5dKd:qx8AKI9eQ7WTdQpgPSoW8K1KwdKd

Score

1^/10

Malware Config

Signatures

Files

2024-03-27_3c5cb516df7dbad7620ab86185efc5fe_mafia
.exe windows:5 windows x86 arch:x86

8c0b61c035447c97ed2a4cf181e2eae1

Code Sign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:65:f2:ac:72:36:c7:e1:bd:ca:44:ed:13:9b:27:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/06/2011, 00:00

Not After

18/06/2014, 23:59

Subject

CN=Ask.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Distribution,O=Ask.com,L=Oakland,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b0:5b:e7:8b:5b:9e:d7:ea:17:0d:c5:9b:1b:fc:1a:30:54:cf:1f:ff
Signer

Actual PE Digest

b0:5b:e7:8b:5b:9e:d7:ea:17:0d:c5:9b:1b:fc:1a:30:54:cf:1f:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\hudson\jobs\PIP2.0_Installer\workspace\release\AskInstaller_1_.pdb

Imports

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

kernel32

Sleep
FormatMessageW
LocalAlloc
CloseHandle
LocalFree
lstrlenA
CreateProcessW
SetWaitableTimer
CreateDirectoryW
WaitForSingleObject
CancelWaitableTimer
GetSystemDefaultLCID
OpenProcess
WideCharToMultiByte
GetExitCodeProcess
GetFileAttributesW
TerminateProcess
CompareStringW
InterlockedExchange
MoveFileW
Process32FirstW
WritePrivateProfileStringA
RemoveDirectoryW
GetPrivateProfileSectionNamesA
Process32NextW
CreateWaitableTimerW
GetPrivateProfileSectionA
CreateToolhelp32Snapshot
WinExec
GetWindowsDirectoryW
lstrcpyW
DeleteFileA
SuspendThread
ResumeThread
GetCurrentProcessId
GetTickCount
CreateMutexW
SetEvent
TerminateThread
GetExitCodeThread
CreateEventW
WaitForMultipleObjects
ReleaseMutex
FindFirstFileW
FindClose
FindNextFileW
lstrcmpA
GetSystemTimeAsFileTime
WriteFile
CreateFileW
SetEnvironmentVariableA
SetEndOfFile
CreateFileA
OutputDebugStringW
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
ReadFile
IsValidCodePage
GetOEMCP
GetACP
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStdHandle
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetDateFormatA
GetTimeFormatA
LCMapStringW
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetCPInfo
ExitProcess
VirtualQuery
VirtualProtect
InitializeCriticalSection
DecodePointer
EncodePointer
GetStringTypeW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
FindResourceExW
DeleteFileW
GetVersion
GetDiskFreeSpaceExW
GetUserDefaultUILanguage
GetSystemInfo
SetCurrentDirectoryW
GetLocalTime
GetCurrentDirectoryW
GetTempPathW
GetTimeZoneInformation
GetVersionExW
CopyFileW
GetLocaleInfoW
LoadLibraryW
GetPrivateProfileStringW
GetLogicalDriveStringsW
GetDriveTypeW
lstrcpynW
CreateThread
GetCurrentThreadId
DeleteCriticalSection
lstrcmpiW
GlobalHandle
LockResource
CreateFileMappingW
GlobalFree
EnterCriticalSection
GetProcAddress
SetLastError
GetLastError
FlushInstructionCache
GlobalUnlock
lstrlenW
MultiByteToWideChar
lstrcmpW
GetModuleFileNameW
MulDiv
LeaveCriticalSection
SizeofResource
InitializeCriticalSectionAndSpinCount
GlobalAlloc
GetModuleHandleW
GlobalLock
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
RaiseException
WriteConsoleW

user32

ReleaseCapture
MessageBoxW
CreateWindowExW
IsWindow
GetActiveWindow
LoadStringW
SetWindowPos
GetSysColor
GetDesktopWindow
RedrawWindow
SetWindowLongW
GetDlgItem
DefWindowProcW
GetWindow
SendMessageW
CharLowerBuffW
TranslateMessage
PeekMessageW
DispatchMessageW
LoadBitmapW
GetScrollInfo
SetScrollPos
SetScrollInfo
SetCursor
SetTimer
MapDialogRect
SetWindowTextW
MoveWindow
CallWindowProcW
LoadImageW
PostMessageW
KillTimer
SetForegroundWindow
IsWindowEnabled
FindWindowW
SetRectEmpty
PtInRect
ReleaseDC
GetClassNameW
GetWindowTextW
GetWindowLongW
InvalidateRect
RegisterClassExW
GetDC
GetClassInfoExW
BeginPaint
SetFocus
CreateAcceleratorTableW
GetClientRect
LoadCursorW
InvalidateRgn
GetParent
GetFocus
DialogBoxIndirectParamW
SetCapture
IsChild
FillRect
RegisterWindowMessageW
CharNextW
ScreenToClient
DestroyAcceleratorTable
GetWindowTextLengthW
DestroyWindow
ClientToScreen
EndPaint
GetMonitorInfoW
MapWindowPoints
EndDialog
MonitorFromWindow
GetWindowRect
EnableWindow
SystemParametersInfoW
DrawTextW
ShowWindow
GetSystemMetrics
UnregisterClassA
GetWindowThreadProcessId
GetDlgCtrlID
UpdateWindow
AllowSetForegroundWindow
AdjustWindowRectEx
SetLayeredWindowAttributes
GetCursorPos
SendDlgItemMessageW
OffsetRect
GetMenu
SetWindowContextHelpId
DrawFocusRect
GetCapture
wsprintfW

gdi32

SetWindowOrgEx
GetClipBox
LPtoDP
CreateDIBSection
CreateSolidBrush
GetStockObject
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
GetDeviceCaps
DeleteDC
BitBlt
StretchBlt
DPtoLP
SetBkMode
SetBkColor
CreateFontIndirectW
SetTextColor
GetTextColor
GetBkColor
SetStretchBltMode
GetDIBColorTable
SetViewportOrgEx
CreateFontW
SetDIBColorTable

advapi32

RegCreateKeyExW
RegNotifyChangeKeyValue
ConvertSidToStringSidW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
GetTokenInformation
OpenProcessToken
RegEnumValueW
RegQueryValueExW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
Shell_NotifyIconW
ShellExecuteW

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
ProgIDFromCLSID
CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
CoInitialize
OleUninitialize
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoTaskMemRealloc
CoUninitialize
OleLockRunning

oleaut32

VariantInit
SysAllocStringLen
OleCreateFontIndirect
VarUI4FromStr
LoadRegTypeLi
SetErrorInfo
LoadTypeLi
VariantCopy
SysAllocStringByteLen
SysFreeString
SysStringByteLen
DispCallFunc
VariantClear
CreateErrorInfo
VarBstrCmp
SysAllocString
SysStringLen

shlwapi

StrCmpW
PathFileExistsW

comctl32

ImageList_GetIconSize
_TrackMouseEvent
ImageList_Destroy

msimg32

AlphaBlend
TransparentBlt

wininet

DeleteUrlCacheEntryW
InternetReadFile
InternetCrackUrlW
InternetGetCookieW
InternetSetCookieW
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
InternetSetOptionW
HttpSendRequestW
InternetOpenW
InternetConnectW

urlmon

URLDownloadToFileW

gdiplus

GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImageHeight
GdipFree
GdiplusShutdown
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipDrawImageI
GdipAlloc
GdipDisposeImage
GdipGetImagePaletteSize
GdipBitmapLockBits
GdipCloneImage
GdipGetImageWidth
GdiplusStartup
GdipCreateBitmapFromFile

ws2_32

getprotobyname
WSAGetLastError
gethostbyname
recvfrom
gethostbyaddr
sendto
inet_addr
socket
WSAStartup
inet_ntoa
setsockopt

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msi

ord70

crypt32

CryptMsgClose
CryptDecodeObject
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam

wintrust

WinVerifyTrust

Sections

.text
Size: 565KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c0b61c035447c97ed2a4cf181e2eae1

Code Sign

02:3a:64Certificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

09:65:f2:ac:72:36:c7:e1:bd:ca:44:ed:13:9b:27:3aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b0:5b:e7:8b:5b:9e:d7:ea:17:0d:c5:9b:1b:fc:1a:30:54:cf:1f:ffSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

wininet

urlmon

gdiplus

ws2_32

version

msi

crypt32

wintrust

Sections

.text Size: 565KB - Virtual size: 565KB

.rdata Size: 127KB - Virtual size: 126KB

.data Size: 22KB - Virtual size: 32KB

.rsrc Size: 369KB - Virtual size: 369KB

.reloc Size: 44KB - Virtual size: 44KB

02:3a:64
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

09:65:f2:ac:72:36:c7:e1:bd:ca:44:ed:13:9b:27:3a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b0:5b:e7:8b:5b:9e:d7:ea:17:0d:c5:9b:1b:fc:1a:30:54:cf:1f:ff
Signer

.text
Size: 565KB - Virtual size: 565KB

.rdata
Size: 127KB - Virtual size: 126KB

.data
Size: 22KB - Virtual size: 32KB

.rsrc
Size: 369KB - Virtual size: 369KB

.reloc
Size: 44KB - Virtual size: 44KB