2024-04-09_0586d9a5880f024fddbaf244e25ba530_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-09_0586d9a5880f024fddbaf244e25ba530_mafia
Size

2.1MB
MD5

0586d9a5880f024fddbaf244e25ba530
SHA1

398a0f34a05a965e5253edfe84259a6325f74de5
SHA256

9d78badcd6feeff51adff301287c6f40d3f79309d9efe25acff336b4db395d08
SHA512

9dac45d580450a13ad9b14676aadb2fb97ce1a1c20c0e717ee7c6f7e6210528570a4273543045be8eea88657eb9519c12c1162ff49a9110fe1a360f58087f0e3
SSDEEP

49152:cNsc5zaWU1Skl6UiTUalrT6fFUFGCur3KIo1w3qf/OkEMnSwfvq3ddAwzori:cWi7U1Skl6UiBlreUFGCuGIo1w3m2kE7

Score

1^/10

Malware Config

Signatures

Files

2024-04-09_0586d9a5880f024fddbaf244e25ba530_mafia
.exe windows:5 windows x86 arch:x86

9c47cb6f9f62d233cca0cc4a696c8ee1

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:c7:86:e0:92:19:df:82:da:83:0e:46:1d:4f:c3:9f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/01/2013, 00:00

Not After

26/03/2015, 23:59

Subject

CN=Air Software,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Air Software,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:48:78:8d:21:19:4d:66:2c:c2:2f:db:76:ee:73:11:e2:14:12:d2
Signer

Actual PE Digest

14:48:78:8d:21:19:4d:66:2c:c2:2f:db:76:ee:73:11:e2:14:12:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\jon\Documents\GitHub\Air-APP\Release\AirInstallerDistributed.pdb

Imports

kernel32

WriteConsoleW
SetEnvironmentVariableA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
LCMapStringW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapDestroy
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
HeapSize
HeapQueryInformation
GetFileType
SetStdHandle
CreateThread
ExitThread
ExitProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapFree
HeapAlloc
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalGetAtomNameW
GlobalFlags
GetFileTime
GetFileSizeEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
CreateEventW
SuspendThread
SetEvent
SetThreadPriority
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetUserDefaultUILanguage
ConvertDefaultLocale
GetLocaleInfoW
InterlockedExchange
RaiseException
GetCurrentProcessId
GlobalSize
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
ReleaseActCtx
CreateActCtxW
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GlobalFree
GlobalAlloc
LocalFileTimeToFileTime
GetCurrentDirectoryW
WideCharToMultiByte
WriteFile
SetFileTime
SystemTimeToFileTime
SetFilePointer
InterlockedIncrement
lstrlenA
LocalFree
LocalAlloc
lstrlenW
GetCurrentThread
GetComputerNameW
GetCurrentProcess
GetFullPathNameW
GetExitCodeProcess
CreateProcessW
GetModuleFileNameW
GetCommandLineW
FindResourceExW
GetSystemDefaultUILanguage
OutputDebugStringW
CloseHandle
GetFileAttributesExW
FindNextFileW
FindNextFileA
FindClose
FindFirstFileA
CreateFileW
ReadFile
CreateDirectoryW
FindFirstFileW
GetFullPathNameA
ExpandEnvironmentStringsW
RemoveDirectoryW
GetSystemTimeAsFileTime
GetModuleHandleW
GetTempPathW
GetTempFileNameW
ResumeThread
DeleteFileW
GetExitCodeThread
ResetEvent
GetFileAttributesW
CopyFileW
Sleep
WaitForSingleObject
InterlockedDecrement
lstrcpyW
GetProcAddress
GetVersionExW
LoadLibraryW
GetSystemDirectoryW
FreeLibrary
LockResource
SetLastError
GetLastError
DeactivateActCtx
MultiByteToWideChar
SizeofResource
ActivateActCtx
LoadResource
GetProcessHeap
FindResourceW

user32

MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
DestroyMenu
GetMenuItemInfoW
InflateRect
LoadMenuW
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMessageW
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
SetCursor
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
IsWindowEnabled
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetMenuState
GetMenuStringW
InsertMenuW
RemoveMenu
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
ShowScrollBar
UpdateWindow
MessageBoxW
GetClassInfoExW
RegisterClassW
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
PtInRect
SetWindowPlacement
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
GetWindowPlacement
GetDlgCtrlID
SetMenuDefaultItem
GetMenuDefaultItem
GetWindow
DefWindowProcW
SendMessageW
CallWindowProcW
TranslateAcceleratorW
GetMenuItemID
GetSubMenu
GetMenu
DefMDIChildProcW
DrawMenuBar
GetActiveWindow
GetMenuItemCount
CreateWindowExW
AdjustWindowRectEx
TranslateMDISysAccel
DefFrameProcW
wsprintfW
GetCursorPos
IsWindow
GetSystemMenu
GetWindowRect
IsIconic
PostMessageW
SetForegroundWindow
DrawIcon
LoadIconW
InvalidateRect
BringWindowToTop
GetWindowLongW
AppendMenuW
SetWindowLongW
RedrawWindow
SetWindowPos
ShowWindow
IsWindowVisible
EnableWindow
EnumDisplayMonitors
GetParent
LoadCursorW
ReleaseCapture
DestroyIcon
LoadImageW
ReuseDDElParam
UnpackDDElParam
UnregisterClassW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRgn
SetCapture
CharNextW
DeleteMenu
SetTimer
KillTimer
WindowFromPoint
WaitMessage
GetNextDlgGroupItem
MessageBeep
GetClientRect
SetRectEmpty
SystemParametersInfoW
GetSysColor
SetLayeredWindowAttributes
GetSysColorBrush
GetSystemMetrics
MapWindowPoints
GetMonitorInfoW
CopyRect
GetClassInfoW
CharUpperW
DrawStateW
GetKeyNameTextW
MapVirtualKeyW
RealChildWindowFromPoint
OffsetRect
GetScrollPos
IntersectRect
GetClassNameW
SetParent
RegisterClipboardFormatW
OpenClipboard
CopyImage
SetClipboardData
CloseClipboard
IsMenu
EmptyClipboard
DrawEdge
DrawFrameControl
DrawFocusRect
DrawIconEx
DestroyAcceleratorTable
SetClassLongW
SetCursorPos
FrameRect
CopyIcon
LockWindowUpdate
CharUpperBuffW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
PostThreadMessageW
GetIconInfo
GetDoubleClickTime
IsClipboardFormatAvailable
DestroyCursor
CreateMenu
GetUpdateRect
IsCharLowerW
MapVirtualKeyExW
SubtractRect
GetWindowRgn
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsZoomed
GetAsyncKeyState
NotifyWinEvent
SetWindowRgn

gdi32

GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateBitmap
SelectPalette
GetObjectType
CreateHatchBrush
GetTextExtentPoint32W
PatBlt
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetRgnBox
GetBkColor
GetTextColor
CreateRoundRectRgn
CreateDIBSection
OffsetRgn
SetDIBColorTable
RealizePalette
StretchBlt
SetPixel
CreateEllipticRgn
CreatePolygonRgn
Polyline
Ellipse
Polygon
ExtFloodFill
CreatePalette
GetPaletteEntries
SetPaletteEntries
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetNearestPaletteIndex
GetSystemPaletteEntries
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
EnumFontFamiliesExW
SetPixelV
GetTextFaceW
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
SetBkColor
SetTextColor
Rectangle
CreateRectRgn
PaintRgn
EnumFontFamiliesW
BitBlt
GetTextMetricsW
CreateFontIndirectW
GetDeviceCaps
GetTextCharsetInfo
DeleteObject
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
GetObjectW
CreatePatternBrush
CreatePen
CreateDIBitmap
CreateSolidBrush
GetStockObject

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

FreeSid
RegOpenKeyExW
RegCloseKey
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
OpenProcessToken
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
GetLengthSid
IsValidSecurityDescriptor
RegQueryValueExW
AddAccessAllowedAce
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DuplicateToken
RegCreateKeyExW
AccessCheck
SetSecurityDescriptorGroup
GetUserNameW
OpenThreadToken

shell32

DragQueryFileW
DragFinish
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
Shell_NotifyIconW
ShellExecuteW
SHGetSpecialFolderPathW
ord155
SHOpenFolderAndSelectItems
ord190
SHAppBarMessage

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

UrlUnescapeW
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW

ole32

OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateGuid
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoTaskMemFree
CoInitialize
CoUninitialize
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleLockRunning
RegisterDragDrop
CoLockObjectExternal
CoCreateInstance
CoInitializeEx

oleaut32

OleCreateFontIndirect
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
VariantCopy
VariantInit
VariantChangeType
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringByteLen
SysAllocStringLen
VariantClear
SysStringLen
SysAllocString
SysFreeString

oledlg

OleUIBusyW

urlmon

IsValidURL
URLDownloadToFileW

gdiplus

GdipCreateFromHDC
GdipDrawImageRectI
GdipSetInterpolationMode
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipFree

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

wininet

DeleteUrlCacheEntryW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetOpenUrlW
InternetQueryDataAvailable
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetCloseHandle
HttpQueryInfoW
InternetReadFile
InternetOpenW

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c47cb6f9f62d233cca0cc4a696c8ee1

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

3a:c7:86:e0:92:19:df:82:da:83:0e:46:1d:4f:c3:9fCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

14:48:78:8d:21:19:4d:66:2c:c2:2f:db:76:ee:73:11:e2:14:12:d2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

urlmon

gdiplus

oleacc

wininet

imm32

winmm

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 376KB - Virtual size: 376KB

.data Size: 27KB - Virtual size: 57KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 176KB - Virtual size: 176KB

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

3a:c7:86:e0:92:19:df:82:da:83:0e:46:1d:4f:c3:9f
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

14:48:78:8d:21:19:4d:66:2c:c2:2f:db:76:ee:73:11:e2:14:12:d2
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 376KB - Virtual size: 376KB

.data
Size: 27KB - Virtual size: 57KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 176KB - Virtual size: 176KB