2024-04-15_9158ee62adb7797d7a6605d9e7f08d04_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-15_9158ee62adb7797d7a6605d9e7f08d04_mafia
Size

1.2MB
MD5

9158ee62adb7797d7a6605d9e7f08d04
SHA1

dad0742b300d48ea770dee294baf9a58c58c9d27
SHA256

c78d6194ab3ebd9ae934798492a75d73ec076d9b0331afec19f81008bf41b4bb
SHA512

f9891f5960691f0d2a2ec0e13ccc83b625ac26b69e9daadb7ae50868a5c1e5f251ec78395c95571d78b72ffa2af840aad94f5d5e698c4c9542680a58a2f35831
SSDEEP

24576:jfKRh3XOprmBUDOTSIFlLrXtvDp9fuKCfTIX+bOgmHSR1b6K3T4cGLLLO275:jfUlX8aUDOTSIFRtv99sb6KEzC275

Score

1^/10

Malware Config

Signatures

Files

2024-04-15_9158ee62adb7797d7a6605d9e7f08d04_mafia
.exe windows:5 windows x86 arch:x86

708e5ac28839fb49727f6e1788a390b7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

66:c3:13:66:a4:7f:f1:6d:4b:8e:91:35:40:ac:36:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

30/05/2011, 00:00

Not After

29/05/2014, 23:59

Subject

CN=Beijing Beijiashidai Technology Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Beijiashidai Technology Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:10:e5:2c:4e:32:be:09:c7:12:a1:b4:f9:6d:3d:64:9b:15:db:f6
Signer

Actual PE Digest

1f:10:e5:2c:4e:32:be:09:c7:12:a1:b4:f9:6d:3d:64:9b:15:db:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\buildbot\209\chromeplus\src\build\static_library_Release\chrome.exe.pdb

Imports

shlwapi

PathRemoveFileSpecW
PathFindFileNameW

kernel32

SetLastError
VirtualAlloc
SuspendThread
VirtualFree
GetThreadContext
SetThreadContext
FlushInstructionCache
ResumeThread
VirtualProtect
GetCurrentThreadId
SetCurrentDirectoryW
GetSystemInfo
VirtualQuery
GetTempPathW
GetEnvironmentVariableW
GetModuleFileNameW
CreateProcessW
CloseHandle
GetLastError
DuplicateHandle
GetModuleHandleW
GetExitCodeProcess
WaitForSingleObject
SizeofResource
LockResource
LoadResource
FindResourceW
SetFilePointer
ReadFile
FreeLibrary
CreateFileW
GetCurrentProcessId
GetTickCount
ReleaseMutex
CreateMutexW
WriteFile
OutputDebugStringA
SetEnvironmentVariableW
GetFileAttributesW
GetLongPathNameW
GetCurrentDirectoryW
MapViewOfFile
CreateFileMappingW
QueryDosDeviceW
GetUserDefaultLangID
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
ExpandEnvironmentStringsW
CreateEventW
InterlockedExchange
lstrlenW
IsDebuggerPresent
GetNativeSystemInfo
GetVersionExW
OpenProcess
SetInformationJobObject
SetUnhandledExceptionFilter
VirtualQueryEx
HeapSetInformation
GetProcessId
GetStdHandle
SetHandleInformation
AssignProcessToJobObject
LocalAlloc
GetLocaleInfoW
GetUserDefaultUILanguage
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
CreateThread
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryW
GetWindowsDirectoryW
RtlCaptureStackBackTrace
InterlockedExchangeAdd
LoadLibraryA
TlsGetValue
TlsFree
TlsSetValue
ResetEvent
SetEvent
WaitForMultipleObjects
SetEndOfFile
FlushFileBuffers
UnregisterWaitEx
RegisterWaitForSingleObject
GetModuleHandleExW
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
InterlockedIncrement
ReleaseSemaphore
InterlockedDecrement
RtlCaptureContext
CreateSemaphoreW
InitializeCriticalSection
VirtualAllocEx
WriteProcessMemory
VirtualProtectEx
TerminateJobObject
SignalObjectAndWait
GetProcessHandleCount
GetFileType
VirtualFreeEx
CreateJobObjectW
CreateNamedPipeW
OpenEventW
SearchPathW
DebugBreak
ReadProcessMemory
GetStringTypeW
EncodePointer
DecodePointer
UnhandledExceptionFilter
HeapFree
ExitProcess
GetStartupInfoW
GetConsoleCP
GetConsoleMode
GetFullPathNameW
HeapReAlloc
HeapAlloc
GetProcessHeap
SetStdHandle
LCMapStringW
GetCPInfo
RtlUnwind
IsProcessorFeaturePresent
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapSize
GetTimeZoneInformation
WriteConsoleW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeW
CompareStringW
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
CreateRemoteThread
LoadLibraryExW
GetCurrentThread
GetModuleHandleA
FormatMessageW
LocalFree
GetEnvironmentVariableA
GetCommandLineW
SetEnvironmentVariableA
LoadLibraryW
GetProcAddress
TlsAlloc

user32

GetUserObjectInformationW
GetThreadDesktop
SetProcessWindowStation
CreateDesktopW
GetProcessWindowStation
CreateWindowStationW
CloseDesktop
wsprintfW
MessageBoxW
CloseWindowStation
CharUpperW

userenv

GetProfileType

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

timeGetTime

advapi32

GetTraceEnableLevel
SetEntriesInAclW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegSetValueExW
CreateProcessAsUserW
GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
RegDisablePredefinedCache
RevertToSelf
SetTokenInformation
GetLengthSid
ConvertStringSidToSidW
SetThreadToken
CreateRestrictedToken
DuplicateTokenEx
DuplicateToken
EqualSid
LookupPrivilegeValueW
CopySid
GetSecurityInfo
CreateWellKnownSid

Exports

Exports

CrashForException
DumpProcess
DumpProcessWithoutCrash
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
SetActiveURL
SetClientId
SetCommandLine2
SetExperimentList3
SetExtensionID
SetGpuInfo
SetNumberOfExtensions
SetNumberOfViews
SetPrinterInfo

Sections

.text
Size: 382KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 673KB - Virtual size: 672KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

708e5ac28839fb49727f6e1788a390b7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

66:c3:13:66:a4:7f:f1:6d:4b:8e:91:35:40:ac:36:1bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1f:10:e5:2c:4e:32:be:09:c7:12:a1:b4:f9:6d:3d:64:9b:15:db:f6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

userenv

version

winmm

advapi32

Exports

Exports

Sections

.text Size: 382KB - Virtual size: 381KB

.rdata Size: 164KB - Virtual size: 164KB

.data Size: 7KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 673KB - Virtual size: 672KB

.reloc Size: 29KB - Virtual size: 29KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

66:c3:13:66:a4:7f:f1:6d:4b:8e:91:35:40:ac:36:1b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1f:10:e5:2c:4e:32:be:09:c7:12:a1:b4:f9:6d:3d:64:9b:15:db:f6
Signer

.text
Size: 382KB - Virtual size: 381KB

.rdata
Size: 164KB - Virtual size: 164KB

.data
Size: 7KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 673KB - Virtual size: 672KB

.reloc
Size: 29KB - Virtual size: 29KB