Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-05_a91205aee7554ba91b24d925a05aab44_mafia_revil.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2024-04-05_a91205aee7554ba91b24d925a05aab44_mafia_revil.exe
Resource
win10v2004-20240226-en
Target
2024-04-05_a91205aee7554ba91b24d925a05aab44_mafia_revil
Size
2.9MB
MD5
a91205aee7554ba91b24d925a05aab44
SHA1
a9b3e59f8e98e1d04f970d35f4ed0eb5bf2b4d7d
SHA256
a8bcb641cb40af9b4872a38c2ee477384ecd84b005bf23ab3f4c47058ae8ba78
SHA512
24ec1e067882257f0a0780518c7807ca3dbecb1e5a8c5be7abe0386b8198e486f976102de5b32eb07ffafdc824f52607afe5ccb525f3cbe852c823b4a8452245
SSDEEP
49152:tzzk+V+TQfFo7dfOUZ38C0B7+DaZG+LmS8fEbs1TZSciIz8rbzT1PZbGph9Y7m/u:tzzk+V+TQaOU70+R+LPdeTZwIz8rBZ4s
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
d:\Webhost\20-03-2024\WindowsBuilds\DC_NATIVE\8013009\desktopcentral\ONPREMISE\SA_SRC\native\agent\Release\dcondemand.pdb
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptDestroyKey
CryptReleaseContext
CryptGenKey
CryptGetUserKey
CryptAcquireContextA
ControlService
CloseServiceHandle
RegSetValueExA
RegCreateKeyExA
RevertToSelf
ImpersonateLoggedOnUser
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptSetHashParam
CryptExportKey
CryptAcquireContextW
CryptSignHashW
CryptEnumProvidersW
CryptGetProvParam
CryptDecrypt
CryptGenRandom
DeregisterEventSource
ReportEventA
RegisterEventSourceA
ReportEventW
RegisterEventSourceW
RegSetValueExW
RegDeleteValueA
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
LookupAccountSidA
GetTokenInformation
CreateProcessAsUserW
OpenProcessToken
LookupPrivilegeNameA
LookupPrivilegeValueA
CreateProcessAsUserA
LogonUserA
QueryServiceStatus
OpenServiceW
OpenSCManagerW
getservbyport
WSAGetLastError
send
gethostbyname
gethostbyaddr
closesocket
WSASetLastError
getservbyname
socket
WSACleanup
connect
ntohs
htons
htonl
ioctlsocket
WSAStartup
inet_addr
CertVerifyTimeValidity
CertDeleteCertificateFromStore
PFXVerifyPassword
PFXImportCertStore
CertCreateCertificateContext
CryptStringToBinaryA
CertOpenStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertNameToStrW
CryptMsgGetParam
CertGetNameStringA
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptQueryObject
CertGetCertificateContextProperty
CertDuplicateCertificateContext
NotifyAddrChange
GetAdaptersInfo
WTSQuerySessionInformationA
WTSEnumerateSessionsA
WTSFreeMemory
DsGetDcNameA
NetApiBufferFree
NetGetJoinInformation
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpWriteData
WinHttpQueryOption
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpSetStatusCallback
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpSetOption
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpSetCredentials
AgentSendRequestEx
DestroyEnvironmentBlock
LoadUserProfileA
CreateEnvironmentBlock
UnloadUserProfile
xmlTextReaderAttributeCount
xmlTextReaderDepth
xmlParseMemory
xmlDocGetRootElement
xmlTextReaderRead
xmlTextReaderGetAttribute
xmlTextReaderName
xmlFreeTextReader
xmlTextReaderValue
xmlFreeDoc
xmlFree
xmlNodeListGetString
xmlNewTextReaderFilename
xmlStrcmp
xmlParseFile
xmlCleanupParser
WSACloseEvent
WSAResetEvent
WSAWaitForMultipleEvents
WSAGetOverlappedResult
WSASend
WSARecv
recv
WSACreateEvent
?setProxyHostName@SocketAdapter@ClientSocket@SocketUtils@@UAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setProxyDetails@SocketAdapter@ClientSocket@SocketUtils@@UAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H00@Z
?setProxyPort@SocketAdapter@ClientSocket@SocketUtils@@UAEXH@Z
?setProxyUserName@SocketAdapter@ClientSocket@SocketUtils@@UAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setProxyPassword@SocketAdapter@ClientSocket@SocketUtils@@UAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setCustomheaders@SocketAdapter@ClientSocket@SocketUtils@@UAEXV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@@Z
??1SocketAdapter@ClientSocket@SocketUtils@@UAE@XZ
??1AsyncSocket@ClientSocket@SocketUtils@@UAE@XZ
?setServerHostName@SocketAdapter@ClientSocket@SocketUtils@@UAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setServerPort@SocketAdapter@ClientSocket@SocketUtils@@UAEXH@Z
?setConnectionMode@SocketAdapter@ClientSocket@SocketUtils@@UAEX_N@Z
?setConnectionDetails@SocketAdapter@ClientSocket@SocketUtils@@UAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H_N0H00@Z
?setProxySwitch@SocketAdapter@ClientSocket@SocketUtils@@UAEX_N@Z
GetStringTypeW
EncodePointer
InterlockedExchange
MoveFileExA
DecodePointer
InitializeCriticalSection
GetLocaleInfoW
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalLock
GetCommandLineA
HeapSetInformation
RtlUnwind
GetFileInformationByHandle
PeekNamedPipe
GetDriveTypeA
FindFirstFileExA
ExitThread
GetCPInfo
CompareStringW
LCMapStringW
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
LocalUnlock
GetModuleFileNameW
IsProcessorFeaturePresent
CreateFileA
GetFileSize
FindResourceExW
FindResourceW
SetHandleCount
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
WriteFile
WideCharToMultiByte
SizeofResource
ReadFile
GetTimeZoneInformation
GetEnvironmentVariableA
MultiByteToWideChar
FindFirstFileA
GetLastError
FindClose
LockResource
GetModuleFileNameA
GetVersionExA
CloseHandle
GetSystemTime
DeleteFileA
InterlockedIncrement
InterlockedDecrement
SetUnhandledExceptionFilter
GetCurrentProcess
SetEvent
SetConsoleMode
GetProcAddress
LoadLibraryA
SetConsoleCtrlHandler
SetProcessShutdownParameters
WaitForSingleObject
CreateEventA
CreateThread
GetEnvironmentVariableW
FreeLibrary
TerminateThread
GetSystemDirectoryA
CopyFileA
GetExitCodeThread
GetCurrentThreadId
Sleep
GetLocalTime
FindNextFileA
DeleteTimerQueue
CreateTimerQueue
ReleaseMutex
GetFileSizeEx
CreateTimerQueueTimer
CreateDirectoryA
GetModuleHandleA
Process32Next
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetTickCount
SetDllDirectoryA
CreateMutexA
FileTimeToSystemTime
GetLocaleInfoA
CreateProcessA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetSystemInfo
FindNextFileW
FindFirstFileW
GetComputerNameExW
LocalFree
FormatMessageA
FormatMessageW
GlobalFree
GlobalAlloc
GetCurrentProcessId
GetFileAttributesExA
GetFullPathNameA
lstrlenW
lstrlenA
DeleteFileW
FlushFileBuffers
CreateDirectoryW
CopyFileW
CreateFileW
LoadLibraryW
ProcessIdToSessionId
SetCurrentDirectoryW
SetFilePointer
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
lstrcmpW
QueryPerformanceCounter
SuspendThread
ResumeThread
SetLastError
GetCurrentDirectoryW
FileTimeToLocalFileTime
LocalAlloc
GetVersion
GetModuleHandleExW
TlsGetValue
InterlockedCompareExchange
TlsSetValue
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InterlockedExchangeAdd
DeleteCriticalSection
TlsAlloc
TlsFree
CreateFiber
SwitchToFiber
DeleteFiber
GetModuleHandleW
GetStdHandle
GetFileType
GetSystemTimeAsFileTime
ConvertThreadToFiber
ConvertFiberToThread
ReadConsoleA
ReadConsoleW
GetConsoleMode
GetStartupInfoW
SetStdHandle
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEndOfFile
GetDriveTypeW
VirtualQuery
SetEnvironmentVariableA
LoadResource
wsprintfW
GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation
MessageBoxA
SHCreateDirectoryExW
SHCreateDirectoryExA
ord49
ord48
ord72
ord26
ord13
ord4
ord8
ord18
ord11
ord43
ord39
ord29
ord36
ord9
ord41
ord31
ord2
ord20
ord16
ord12
ord19
ord3
ord1
StrTrimA
PathFindExtensionA
StrStrIA
CoInitializeEx
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
VariantInit
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocString
VariantClear
SafeArrayAccessData
??0AsyncSocket@ClientSocket@SocketUtils@@QAE@ABV012@@Z
??0SocketAdapter@ClientSocket@SocketUtils@@QAE@ABV012@@Z
??4AsyncSocket@ClientSocket@SocketUtils@@QAEAAV012@ABV012@@Z
??4SocketAdapter@ClientSocket@SocketUtils@@QAEAAV012@ABV012@@Z
??_7AsyncSocket@ClientSocket@SocketUtils@@6B@
??_7SocketAdapter@ClientSocket@SocketUtils@@6B@
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ