Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-05_50b72f34dc06b7227428a7db9e47ffdc_mafia.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-04-05_50b72f34dc06b7227428a7db9e47ffdc_mafia.exe
Resource
win10v2004-20240226-en
Target
2024-04-05_50b72f34dc06b7227428a7db9e47ffdc_mafia
Size
1.2MB
MD5
50b72f34dc06b7227428a7db9e47ffdc
SHA1
9719b2478c64f3559c1671e0e337f05610939f3a
SHA256
a6186bf6296191b9c0f9b8e49d297b277bfdf94ae12c5692f9c8f4c3556cbc4c
SHA512
ee64042e186f7ab3b564e0f849d21afa4f03b7bb3586f929f9d73a3bddaf6a9e17cd454132558ab329ae5f5ff3a8dad593d0d4b3c322c4eccddc6764cf052f8e
SSDEEP
24576:C4pxv5m8OYB+nY0R3iHNlnHRkAk5P+OkPuuvUczVDG3qvqJhwLFAtfTdDCTf:C4pZc++nOlKuvUczVDG3qwhEMTlCTf
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
d:\Webhost\22-02-2024\WindowsBuilds\DC_NATIVE\7851025\desktopcentral\ONPREMISE\SA_SRC\native\agent\Release\dcswmeter.pdb
WTSEnumerateSessionsA
WTSFreeMemory
WTSQuerySessionInformationA
xmlCleanupParser
xmlFreeDoc
xmlDocGetRootElement
xmlParseFile
xmlFree
xmlNodeListGetString
xmlParseMemory
xmlTextReaderGetAttribute
xmlTextReaderAttributeCount
xmlTextReaderValue
xmlTextReaderDepth
xmlTextReaderName
xmlTextReaderRead
xmlFreeTextReader
xmlStrcmp
xmlNewTextReaderFilename
GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameW
EnumProcesses
WSAStartup
WSAGetLastError
WSACleanup
WinHttpWriteData
WinHttpOpen
WinHttpConnect
WinHttpSendRequest
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpReceiveResponse
WinHttpSetOption
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetStatusCallback
WinHttpQueryOption
AgentSendRequestEx
UnloadUserProfile
LoadUserProfileA
CreateEnvironmentBlock
DestroyEnvironmentBlock
GetAdaptersInfo
CertEnumCertificatesInStore
CertOpenStore
CryptStringToBinaryA
CertCreateCertificateContext
PFXImportCertStore
PFXVerifyPassword
CertDeleteCertificateFromStore
CertVerifyTimeValidity
CertAddCertificateContextToStore
CertCloseStore
CertNameToStrW
CertFindCertificateInStore
CertGetNameStringA
CertFreeCertificateContext
DsGetDcNameA
NetApiBufferFree
NetGetJoinInformation
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
HeapFree
HeapDestroy
RaiseException
DecodePointer
EncodePointer
InterlockedExchange
HeapAlloc
InitializeCriticalSectionAndSpinCount
HeapReAlloc
HeapSize
GetProcessHeap
FindResourceExW
FindResourceW
LoadResource
SetUnhandledExceptionFilter
GetCurrentProcess
SetEvent
GetModuleHandleW
WideCharToMultiByte
LoadLibraryW
Sleep
SizeofResource
GetLastError
GetProcAddress
ResetEvent
LockResource
WaitForMultipleObjects
SetProcessShutdownParameters
CloseHandle
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
ReleaseMutex
SystemTimeToFileTime
GetLogicalDriveStringsW
GetProcessTimes
OpenProcess
GetLocalTime
ProcessIdToSessionId
CreateEventW
QueryDosDeviceW
GetSystemTime
MultiByteToWideChar
CreateMutexW
SetThreadPriority
FindFirstFileW
CreateDirectoryW
WriteFile
CreateFileW
CreateDirectoryA
FindClose
FindNextFileW
DeleteFileW
InitializeCriticalSection
ExitThread
ReadFile
GetFileSizeEx
EnterCriticalSection
DeleteCriticalSection
CreateFileA
FormatMessageA
GetUserDefaultLangID
ReadProcessMemory
FormatMessageW
GetVersionExW
FileTimeToSystemTime
lstrlenW
BackupRead
BackupWrite
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
LocalFree
lstrcpyW
CreateTimerQueue
SetConsoleMode
CreateTimerQueueTimer
DeleteTimerQueue
SetConsoleCtrlHandler
DeleteTimerQueueTimer
GetCurrentThreadId
CreateMutexA
SuspendThread
ResumeThread
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
DeleteFileA
GetEnvironmentVariableA
GetLocaleInfoA
FreeLibrary
LoadLibraryA
GetFileSize
GetVersionExA
GetExitCodeProcess
TerminateProcess
CreateProcessA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateThread
FindNextFileA
FindFirstFileA
CopyFileA
GetSystemInfo
Process32Next
Process32First
GetTickCount
lstrlenA
FlushFileBuffers
GetCurrentProcessId
CopyFileW
SetFilePointer
GetModuleFileNameA
ConnectNamedPipe
CreateNamedPipeA
SetCurrentDirectoryW
SetLastError
GetCurrentDirectoryW
FileTimeToLocalFileTime
GetSystemDirectoryA
DisconnectNamedPipe
lstrcmpW
GetFileAttributesExA
GetFullPathNameA
GetComputerNameExW
GlobalFree
GlobalAlloc
GetCommandLineW
QueryPerformanceCounter
HeapSetInformation
InterlockedCompareExchange
GetDriveTypeA
FindFirstFileExA
GetSystemTimeAsFileTime
ExitProcess
RtlUnwind
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetCPInfo
LCMapStringW
CompareStringW
UnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapCreate
IsProcessorFeaturePresent
GetStringTypeW
MoveFileExA
LocalLock
LocalUnlock
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoW
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleW
GetDriveTypeW
SetEndOfFile
VirtualQuery
SetEnvironmentVariableA
LeaveCriticalSection
LocalAlloc
wsprintfW
MessageBoxA
RegDeleteValueA
RegCreateKeyExA
ControlService
CryptGetUserKey
CryptGenKey
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
ImpersonateLoggedOnUser
RevertToSelf
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
IsValidSid
AllocateAndInitializeSid
QueryServiceStatus
LookupAccountSidW
LookupPrivilegeValueW
RegQueryValueExW
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenServiceW
OpenSCManagerW
GetSidSubAuthority
CloseServiceHandle
GetSidIdentifierAuthority
OpenProcessToken
RegDeleteKeyA
CreateProcessAsUserA
LogonUserA
CreateProcessAsUserW
RegDeleteValueW
LookupPrivilegeValueA
RegEnumKeyA
RegOpenKeyA
LookupAccountSidA
LookupPrivilegeNameA
CryptGetHashParam
SHCreateDirectoryExA
SHCreateDirectoryExW
CoCreateInstance
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
SysStringLen
SysAllocStringByteLen
SysFreeString
VariantChangeType
SystemTimeToVariantTime
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
VariantInit
VariantClear
SysAllocString
VariantTimeToSystemTime
ord11
ord39
ord29
ord36
ord43
ord18
ord8
ord4
ord13
ord26
ord72
ord48
ord49
ord3
ord19
ord12
ord16
ord20
ord2
ord41
ord9
ord1
ord31
StrTrimA
PathFindExtensionA
StrStrIA
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ