2024-04-08_38435c008df3daa3d900e3fe710296d9_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-08_38435c008df3daa3d900e3fe710296d9_mafia
Size

3.7MB
MD5

38435c008df3daa3d900e3fe710296d9
SHA1

f179ec7b44376d4df797f3f2b4a5bfb0b5320115
SHA256

bb9bccd1c904c78826c5bb7a692b273638a8e2c03a60e5c80d9d46d89977f197
SHA512

9d03bed3a233065572b25360f0bb29c83bf200e228c327f0300c98797a1e91e641ae859755d166407202e8254dfea30d0b974aeb2c26e6dde4324013025f0ee2
SSDEEP

49152:rPeEmY2AcRobC9iD30/89WM4yLR6ltO6pEbC7BdpUKNQwqtlCXyhjhiarwfJ9tc:rn2AcRobCL89WM916ltfEC7BdCV

Score

1^/10

Malware Config

Signatures

Files

2024-04-08_38435c008df3daa3d900e3fe710296d9_mafia
.exe windows:5 windows x86 arch:x86

eefa567f3dca0f88d16c4dfc7af3881b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:23:9c:21:87:ef:ae:7b:a9:f3:cd:89:c4:fe:9d:84
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27-08-2012 00:00

Not After

03-09-2015 23:59

Subject

CN=Hewlett Packard,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop Consumer Solutions,O=Hewlett Packard,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:8f:ba:08:ff:0d:4c:78:ae:34:48:61:c3:f6:35:39:ee:c7:2d:1b
Signer

Actual PE Digest

59:8f:ba:08:ff:0d:4c:78:ae:34:48:61:c3:f6:35:39:ee:c7:2d:1b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\jnks\workspace\Karnak12_P1_Prod_Active_Build\build1180\SxS\src\Release\HPCustPartic.pdb

Imports

kernel32

FormatMessageW
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
GetVersionExW
CreateProcessW
GetTempPathW
GetDiskFreeSpaceExW
CreateThread
GetExitCodeThread
GetExitCodeProcess
GetCurrentProcess
TerminateThread
CreateEventW
OpenEventW
ResetEvent
SetEvent
GetLocalTime
GetSystemTime
GetFileAttributesW
CreateDirectoryW
GetShortPathNameW
GetFileSizeEx
PeekNamedPipe
GetEnvironmentVariableW
TryEnterCriticalSection
WaitForMultipleObjects
CreatePipe
GetStartupInfoW
GlobalMemoryStatusEx
FlushViewOfFile
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetUserDefaultLCID
GetLocaleInfoW
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
GetComputerNameExW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetUserDefaultLangID
LocalAlloc
GlobalAlloc
ProcessIdToSessionId
GlobalLock
GlobalUnlock
GlobalFree
GetFileTime
DeviceIoControl
GetSystemDirectoryW
MoveFileExW
CopyFileW
SetFileAttributesW
FindResourceExW
GetPrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStringA
FileTimeToSystemTime
SystemTimeToFileTime
GetFullPathNameW
RemoveDirectoryW
MoveFileW
GetUserGeoID
GetGeoInfoW
InterlockedDecrement
LeaveCriticalSection
GetSystemInfo
SearchPathW
GetFileSize
ReadFile
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
HeapSetInformation
ExitThread
GetCPInfo
RtlUnwind
LCMapStringW
GetTimeFormatA
GetDateFormatA
CompareStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
lstrlenA
lstrlenW
FindResourceW
GetLongPathNameW
GetTempFileNameW
GetCommandLineW
GetFileAttributesExW
LoadResource
LockResource
SizeofResource
UnmapViewOfFile
CloseHandle
OpenMutexW
OpenFileMappingW
ReleaseMutex
CreateMutexW
MapViewOfFile
OpenProcess
GetCurrentThreadId
OutputDebugStringW
WriteFile
SetFilePointer
Sleep
CreateFileW
GetTimeZoneInformation
DeleteCriticalSection
EnterCriticalSection
MultiByteToWideChar
GetCurrentProcessId
InitializeCriticalSection
ExpandEnvironmentStringsW
GetModuleFileNameW
QueryPerformanceCounter
SetLastError
WideCharToMultiByte
GetTickCount
GetModuleHandleW
FreeResource
GetLastError
CreateFileMappingW
WaitForSingleObject
GetPrivateProfileStringW
FileTimeToDosDateTime
GetFileInformationByHandle
CancelIo
GetOverlappedResult
lstrcmpiW

user32

WaitForInputIdle
OpenWindowStationW
CloseWindowStation
GetProcessWindowStation
SetProcessWindowStation
GetThreadDesktop
SetThreadDesktop
EnumWindows
IsWindow
GetWindowThreadProcessId
MsgWaitForMultipleObjectsEx
GetAsyncKeyState
PeekMessageW
MsgWaitForMultipleObjects
GetKeyState
SendMessageCallbackW
GetMessageW
IsWindowVisible
ShowWindow
SetForegroundWindow
SetTimer
GetSystemMetrics
SystemParametersInfoW
OpenDesktopW
GetRawInputDeviceList
ExitWindowsEx
CloseDesktop
AllowSetForegroundWindow
LoadIconW
DestroyIcon
RegisterWindowMessageW

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

shlwapi

PathIsFileSpecW
PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW
GetModuleFileNameExW

advapi32

RevertToSelf
RegDeleteValueW
RegEnumValueW
GetUserNameW
RegQueryInfoKeyW
RegDeleteKeyW
CheckTokenMembership
OpenProcessToken
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
AllocateAndInitializeSid
RegSetValueExW
SetEntriesInAclW
InitializeSecurityDescriptor
DuplicateToken
ImpersonateLoggedOnUser
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
SetSecurityDescriptorDacl
FreeSid

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW
ExtractIconW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
CoCreateGuid
CreateStreamOnHGlobal
CoSetProxyBlanket
CLSIDFromString
CoInitialize
CoUninitialize
CoInitializeSecurity
GetHGlobalFromStream
CLSIDFromProgID
OleRun
PropVariantClear
CoInitializeEx

oleaut32

VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantCopy
SysAllocString
SysFreeString
VariantClear
GetErrorInfo
VariantChangeType
SafeArrayLock
SafeArrayCreate
SafeArrayRedim
SafeArrayUnlock
SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCopy
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetVartype
DispCallFunc
SysStringLen

wininet

InternetWriteFile
InternetCrackUrlW
HttpEndRequestW
InternetGetConnectedState
HttpAddRequestHeadersW
InternetOpenW
InternetQueryOptionW
InternetCloseHandle
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
InternetReadFileExA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

secur32

GetUserNameExW

setupapi

SetupDiCreateDeviceInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetClassDevsW
SetupDiSetClassInstallParamsW
CMP_WaitNoPendingInstallEvents
SetupCloseInfFile
SetupGetLineTextW
SetupFindFirstLineW
SetupOpenInfFileW
CM_Disable_DevNode
CM_Set_DevNode_Registry_PropertyW
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_IDW
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiRemoveDevice
SetupDiDestroyDriverInfoList
SetupDiBuildDriverInfoList
SetupDiOpenDevRegKey
SetupDiCreateDevRegKeyW
SetupDiOpenClassRegKey
SetupDiCallClassInstaller
CM_Get_DevNode_Status
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiCreateDeviceInfoW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
CM_Locate_DevNodeW
SetupDiDestroyDeviceInfoList

ws2_32

getaddrinfo
freeaddrinfo
WSAAddressToStringW
send
WSAGetLastError
WSAStartup
recv
accept
listen
bind
WSADuplicateSocketW
WSACloseEvent
closesocket
shutdown
WSAResetEvent
WSAEnumNetworkEvents
WSAConnect
WSAEventSelect
WSAStringToAddressW
WSACreateEvent
setsockopt
WSASocketW
WSACleanup

gdi32

EndDoc
EndPage
DeleteEnhMetaFile
PlayEnhMetaFile
SetEnhMetaFileBits
GetDeviceCaps
StartPage
StartDocW
CreateDCW
DeleteDC

winspool.drv

StartDocPrinterW
StartPagePrinter
WritePrinter
EndPagePrinter
EndDocPrinter
FindFirstPrinterChangeNotification
FindNextPrinterChangeNotification
FindClosePrinterChangeNotification
DocumentPropertiesW
OpenPrinterW
ClosePrinter
AddPrinterW
DeletePrinter
EnumPortsW
EnumPrintersW
SetPrinterDataExW
AddPrinterDriverW
GetPrinterDriverW
XcvDataW
GetPrinterW
DeletePrinterDriverExW
GetPrinterDriverDirectoryW
EnumPrinterDriversW
SetPrinterW
SetJobW
GetJobW
EnumJobsW
ord204
ord203
AddMonitorW
DeleteMonitorW
EnumMonitorsW
GetPrinterDataExW

iphlpapi

GetAdaptersInfo
GetIfEntry
GetInterfaceInfo
IpReleaseAddress
IpRenewAddress
AddIPAddress
DeleteIPAddress
IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle
NotifyAddrChange
GetAdaptersAddresses

crypt32

CertAddEncodedCertificateToStore
CertOpenStore
CryptUnprotectData
CertCloseStore
CertDeleteCertificateFromStore

Exports

Exports

Create_Config_JobFactory

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eefa567f3dca0f88d16c4dfc7af3881b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

44:23:9c:21:87:ef:ae:7b:a9:f3:cd:89:c4:fe:9d:84Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

59:8f:ba:08:ff:0d:4c:78:ae:34:48:61:c3:f6:35:39:ee:c7:2d:1bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

rpcrt4

shlwapi

psapi

advapi32

shell32

ole32

oleaut32

wininet

version

secur32

setupapi

ws2_32

gdi32

winspool.drv

iphlpapi

crypt32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 33KB - Virtual size: 71KB

.rsrc Size: 196KB - Virtual size: 196KB

.reloc Size: 394KB - Virtual size: 394KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

44:23:9c:21:87:ef:ae:7b:a9:f3:cd:89:c4:fe:9d:84
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

59:8f:ba:08:ff:0d:4c:78:ae:34:48:61:c3:f6:35:39:ee:c7:2d:1b
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 33KB - Virtual size: 71KB

.rsrc
Size: 196KB - Virtual size: 196KB

.reloc
Size: 394KB - Virtual size: 394KB