2024-03-28_3c03d07a7f73d5e72bd36c4302e986f8_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-28_3c03d07a7f73d5e72bd36c4302e986f8_mafia
Size

2.2MB
MD5

3c03d07a7f73d5e72bd36c4302e986f8
SHA1

b08e006d69bf810de2faf58bbdcdcb5c59365f49
SHA256

29c0b2ff33b127ac8cfb881b7d060658f2e0f4119b8da1231a5613c1f36df56e
SHA512

6ebbd34dfd5b62d24a66c3bf050c761ad609031a55af77ff7c0f775cdac41119b6c05ceaa78434fef1fa2bf0fa0053009ba12d9134e4357e1555c2940934a8ab
SSDEEP

49152:4ZIIjmcQPXxxcdPCkSYQswQUeuBweOl5alfv1FULeZMaqqSW+5T1c5cSthU4hxTR:oJQP4dPCkkTQUzOek5alfv1FULQ1SWVp

Score

1^/10

Malware Config

Signatures

Files

2024-03-28_3c03d07a7f73d5e72bd36c4302e986f8_mafia
.exe windows:5 windows x86 arch:x86

78158cbaf11a0db2c5c2e80dfedac8f9

Code Sign

82:64:05:63:98:20:6a:cd:d5:70:72:45:9b:8f:1b:92
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26/10/2018, 00:00

Not After

25/10/2021, 23:59

Subject

CN=Amebis\, d. o. o.\, Kamnik,OU=IT,O=Amebis\, d. o. o.\, Kamnik,POSTALCODE=1241,STREET=Bakovnik 3,L=Kamnik,ST=osrednjeslovenska statistična regija,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

95:a7:53:88:0f:8a:7b:f4:f3:36:2a:27:34:e6:1f:67:3b:7f:7b:99:67:49:dc:25:12:8f:f4:86:4c:68:19:d8
Signer

Actual PE Digest

95:a7:53:88:0f:8a:7b:f4:f3:36:2a:27:34:e6:1f:67:3b:7f:7b:99:67:49:dc:25:12:8f:f4:86:4c:68:19:d8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Simon\Projekti\eBralec\output\Release.Win32\ALicCVL.pdb

Imports

kernel32

GetCommandLineW
HeapSetInformation
GetStartupInfoW
RtlUnwind
EncodePointer
DecodePointer
GetTimeFormatW
GetDateFormatW
ExitThread
CreateThread
RaiseException
ExitProcess
HeapQueryInformation
VirtualAlloc
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetUserDefaultLCID
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
GetConsoleCP
GetDriveTypeW
SetEnvironmentVariableA
SearchPathW
LoadLibraryA
ExpandEnvironmentStringsA
UnhandledExceptionFilter
GetProfileIntW
GetFileSizeEx
GetNumberFormatW
GetWindowsDirectoryW
GetTempFileNameW
GetFullPathNameW
GetVolumeInformationW
lstrcmpiW
GetStringTypeExW
GetThreadLocale
lstrcpyW
InterlockedIncrement
GlobalFlags
GlobalGetAtomNameW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTickCount
LocalReAlloc
InitializeCriticalSection
GlobalReAlloc
lstrlenA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetUserDefaultUILanguage
ConvertDefaultLocale
InterlockedExchange
SetErrorMode
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
FormatMessageW
lstrlenW
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
lstrcmpW
VirtualProtect
FindNextFileW
GetCurrentProcessId
GetCurrentThread
IsBadCodePtr
GetSystemTimeAsFileTime
DeviceIoControl
SetFileAttributesW
SetFileTime
CreateFileW
FlushFileBuffers
ReadFile
GetFileTime
SetEndOfFile
GetFileSize
UnlockFile
LockFile
SetFilePointer
GetFileAttributesExW
GetFileInformationByHandle
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetExitCodeThread
SetThreadPriority
TerminateThread
ResumeThread
SuspendThread
GetThreadPriority
WaitForMultipleObjects
ReleaseSemaphore
SetWaitableTimer
FindNextChangeNotification
FindCloseChangeNotification
SetEvent
PulseEvent
ResetEvent
CancelWaitableTimer
CreateWaitableTimerW
FindFirstChangeNotificationW
CreateSemaphoreW
CreateEventW
CreateMutexW
GetVersionExW
TlsAlloc
VirtualQuery
GetStdHandle
GetFileType
GetConsoleMode
DeleteFileW
DeleteFileA
FindFirstFileExW
FindFirstFileExA
FindClose
GetFileAttributesW
GetFileAttributesA
GetEnvironmentVariableW
GetEnvironmentVariableA
GetCurrentDirectoryW
GetCurrentDirectoryA
GetModuleFileNameA
CreateDirectoryExW
CreateDirectoryW
CopyFileW
CopyFileA
MoveFileW
MoveFileA
SetCurrentDirectoryW
SetCurrentDirectoryA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
WriteFile
TlsGetValue
TlsSetValue
SetUnhandledExceptionFilter
TlsFree
WaitForSingleObject
ReleaseMutex
DuplicateHandle
CloseHandle
HeapCreate
HeapDestroy
InterlockedCompareExchange
IsDBCSLeadByteEx
GetSystemInfo
GlobalMemoryStatus
GetComputerNameW
CompareStringW
Sleep
WaitNamedPipeW
GetTempPathW
CompareStringA
MultiByteToWideChar
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemDirectoryW
GetSystemDefaultUILanguage
LocalAlloc
VerLanguageNameW
LocalFree
GetLocaleInfoW
GetCurrentProcess
GetModuleFileNameW
GlobalAlloc
FindFirstFileW
ExpandEnvironmentStringsW
FreeLibrary
LoadLibraryExW
MulDiv
WideCharToMultiByte
GlobalFree
GetVersion
GlobalLock
GlobalUnlock
GlobalHandle
GlobalSize
ActivateActCtx
DeactivateActCtx
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
HeapSize
HeapReAlloc
HeapAlloc
TerminateProcess
HeapFree

user32

SetWindowContextHelpId
IntersectRect
ShowOwnedPopups
UnregisterClassW
PostQuitMessage
TranslateMessage
GetCursorPos
DestroyMenu
GetMenuItemInfoW
MapVirtualKeyW
GetKeyNameTextW
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMenuStringW
InsertMenuW
RemoveMenu
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
ValidateRect
UpdateWindow
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DestroyAcceleratorTable
EqualRect
DeferWindowPos
GetNextDlgGroupItem
SetScrollInfo
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
PtInRect
GetWindow
LoadMenuW
GetSubMenu
SetPropW
GetCapture
GetActiveWindow
SetActiveWindow
SetWindowPos
ShowWindow
GetPropW
RemovePropW
GetAsyncKeyState
GetFocus
SetFocus
GetWindowLongW
GetDlgItem
IsWindowEnabled
LoadStringW
MessageBoxIndirectW
PeekMessageW
GetMessageW
LoadIconW
UnionRect
CreatePopupMenu
SetRect
IsRectEmpty
EnableWindow
PostMessageW
GetParent
SendMessageW
GetSystemMetrics
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetSysColorBrush
GetSysColor
GetKeyState
MonitorFromPoint
SetWindowPlacement
MonitorFromRect
GetWindowPlacement
MonitorFromWindow
GetMonitorInfoW
IsWindow
MapDialogRect
GetCaretPos
IsWindowVisible
ClientToScreen
GetClientRect
GetWindowRect
CheckMenuItem
DrawFrameControl
FillRect
OffsetRect
InflateRect
GetDC
DrawIconEx
MessageBeep
WindowFromPoint
RegisterClipboardFormatW
RealChildWindowFromPoint
CopyImage
SetRectEmpty
EnumDisplayMonitors
SetLayeredWindowAttributes
DeleteMenu
SetTimer
KillTimer
IsIconic
CharUpperW
CharNextW
CreateIconIndirect
ReleaseDC
SystemParametersInfoW
SetCursor
DestroyCursor
LoadCursorW
InvalidateRect
DrawFocusRect
CopyRect
GetIconInfo
DestroyIcon
AppendMenuW
EnableMenuItem
CopyAcceleratorTableW
InvalidateRgn
SetCapture
ReleaseCapture
PostThreadMessageW
WaitMessage
IsZoomed
LoadImageW
GetSystemMenu
GetWindowRgn
SetWindowRgn
GetScrollInfo
SetParent
DrawIcon
SubtractRect
MapVirtualKeyExW
IsCharLowerW
GetDoubleClickTime
CharUpperBuffW
CopyIcon
EmptyClipboard
CloseClipboard
SetClipboardData
NotifyWinEvent
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
CreateMenu
IsMenu
UpdateLayeredWindow
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawEdge
DrawStateW
ScreenToClient
SetClassLongW
OpenClipboard

gdi32

SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CopyMetaFileW
CreateDCW
CreateRectRgnIndirect
GetTextExtentPoint32W
SetRectRgn
CombineRgn
GetTextMetricsW
EnumFontFamiliesExW
MoveToEx
EnumFontFamiliesW
GetTextCharsetInfo
GetTextColor
GetRgnBox
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceW
SetPixelV
SaveDC
LineTo
SetBkColor
SetTextColor
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetCurrentObject
LPtoDP
GetWindowExtEx
GetViewportExtEx
GetMapMode
CreateCompatibleBitmap
SetDIBits
GetDIBits
GetDeviceCaps
DPtoLP
CreateCompatibleDC
CreateDIBSection
CreateBitmap
SelectObject
PatBlt
BitBlt
DeleteDC
GetBkColor
DeleteObject
CreateFontIndirectW
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
CreatePalette
RestoreDC
CreateDIBitmap
GetObjectW

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyExA
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegFlushKey
RegCreateKeyExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
AllocateAndInitializeSid
EqualSid
FreeSid
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExA

shell32

SHBrowseForFolderW
SHAddToRecentDocs
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
DragFinish
DragQueryFileW
ShellExecuteW
SHAppBarMessage

comctl32

ImageList_GetIconSize
ord17
_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW

ole32

OleLockRunning
DoDragDrop
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CreateStreamOnHGlobal
CoInitializeEx
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateGuid
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoCreateInstance
CoInitialize
CoUninitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
ProgIDFromCLSID
CoTaskMemFree

oleaut32

VariantTimeToSystemTime
SetErrorInfo
CreateErrorInfo
VariantClear
VariantChangeType
VariantInit
SysAllocString
SysStringLen
VariantCopy
SafeArrayGetUBound
SystemTimeToVariantTime
VarBstrFromDate
OleCreateFontIndirect
SafeArrayGetLBound
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayDestroy
SysFreeString
SysAllocStringLen

oledlg

OleUIBusyW

wsock32

ntohs
WSAGetLastError
setsockopt
getsockopt
getpeername
getsockname
send
recv
shutdown
connect
accept
listen
bind
closesocket
socket
WSAStartup
WSACleanup

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW

msi

ord111
ord155
ord173

winhttp

WinHttpSendRequest
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpWriteData
WinHttpSetCredentials
WinHttpOpen
WinHttpReadData
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryHeaders

secur32

GetUserNameExA
GetUserNameExW

ws2_32

GetAddrInfoW

dbghelp

ImageNtHeader
SymFunctionTableAccess64
SymGetModuleBase64
SymCleanup
SymInitialize
SymSetOptions
SymGetOptions
StackWalk64

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdipDrawImageI

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 386KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78158cbaf11a0db2c5c2e80dfedac8f9

Code Sign

82:64:05:63:98:20:6a:cd:d5:70:72:45:9b:8f:1b:92Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

95:a7:53:88:0f:8a:7b:f4:f3:36:2a:27:34:e6:1f:67:3b:7f:7b:99:67:49:dc:25:12:8f:f4:86:4c:68:19:d8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

wsock32

version

msi

winhttp

secur32

ws2_32

dbghelp

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 386KB - Virtual size: 385KB

.data Size: 30KB - Virtual size: 62KB

.rsrc Size: 163KB - Virtual size: 162KB

.reloc Size: 187KB - Virtual size: 187KB

82:64:05:63:98:20:6a:cd:d5:70:72:45:9b:8f:1b:92
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

95:a7:53:88:0f:8a:7b:f4:f3:36:2a:27:34:e6:1f:67:3b:7f:7b:99:67:49:dc:25:12:8f:f4:86:4c:68:19:d8
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 386KB - Virtual size: 385KB

.data
Size: 30KB - Virtual size: 62KB

.rsrc
Size: 163KB - Virtual size: 162KB

.reloc
Size: 187KB - Virtual size: 187KB