2024-04-16_bd5a868d97f97abac7c9c8c2c506ec00_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-16_bd5a868d97f97abac7c9c8c2c506ec00_mafia
Size

4.6MB
MD5

bd5a868d97f97abac7c9c8c2c506ec00
SHA1

38d2cf44565d2ba30da4e196c561ecf1f131e7ed
SHA256

736391114b0d5ee45d9997b175fee2d50aebef9fc3ae96e5d601d3fa8f4e693c
SHA512

7bb3c950152dc7520019db73ac5e2f99feadebc5f4d29543af077eb18a586896bb53e7bf46d387fa7cc2552a3c1e3929032fe5b6aa4b2d4de08580a2aae4636b
SSDEEP

98304:huyAqrURYj12ZKF6ODe59eukoDe4WtU/8knPdm124ShlVJYbEt:wYURqTVDcAToDeeRPX4Shpht

Score

1^/10

Malware Config

Signatures

Files

2024-04-16_bd5a868d97f97abac7c9c8c2c506ec00_mafia
.exe windows:5 windows x86 arch:x86

3394a8541c27e86bd63748b1aaa1cf29

Code Sign

02:04:62:e0:04:8a:cb:18:91:fb:97:0c:0b:66:07:e5
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2015, 00:00

Not After

20/01/2016, 12:00

Subject

CN=Romualdas Cukuras,O=Romualdas Cukuras,L=Radikiai,ST=Kaunas Apskritis,C=LT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:62:03:69:2f:90:95:4e:bc:dd:55:c5:1a:7a:d0:60:d0:05:85:17
Signer

Actual PE Digest

10:62:03:69:2f:90:95:4e:bc:dd:55:c5:1a:7a:d0:60:d0:05:85:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\wiper\Release\wiper.pdb

Imports

kernel32

CreateFileW
MoveFileExW
lstrcmpA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFileAttributesW
GetComputerNameW
GetSystemInfo
FreeResource
GlobalLock
GlobalAlloc
GlobalUnlock
LockResource
CreateDirectoryW
RemoveDirectoryW
QueryDosDeviceW
SearchPathW
GetSystemTime
GetFileSize
LocalAlloc
SleepEx
FormatMessageA
ExpandEnvironmentStringsA
GetModuleFileNameA
LoadLibraryExA
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
HeapCompact
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageW
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
GetTempPathA
AreFileApisANSI
DeleteFileA
SetFilePointer
CreateFileA
GetModuleHandleA
ReadFile
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
ResumeThread
OpenEventA
ReleaseSemaphore
lstrlenA
lstrcmpiA
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
GetExitCodeProcess
CreatePipe
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CompareStringW
LCMapStringW
CreateThread
ExitThread
ExitProcess
GetDateFormatA
GetTimeFormatA
MoveFileA
DuplicateHandle
CreateProcessA
RtlUnwind
FindFirstFileExA
GetDriveTypeA
GetDriveTypeW
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetCPInfo
GetLocaleInfoW
DecodePointer
EncodePointer
GetStringTypeW
WideCharToMultiByte
WriteFile
LocalFree
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
OpenProcess
GetFileTime
ExpandEnvironmentStringsW
FindNextFileW
FindClose
FindFirstFileW
GetFileAttributesW
InterlockedExchangeAdd
MulDiv
VirtualAlloc
VirtualFree
LoadLibraryA
CreateMutexW
SystemTimeToFileTime
MoveFileW
Sleep
HeapFree
HeapAlloc
GetProcessHeap
lstrcpyW
CreateEventW
ResetEvent
GetVersionExW
WaitForSingleObject
GetCurrentThreadId
DeleteCriticalSection
OpenEventW
lstrcmpiW
EnterCriticalSection
InterlockedExchange
SetLastError
GetLastError
RaiseException
FlushInstructionCache
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
GetCurrentProcess
SizeofResource
InitializeCriticalSection
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
SetErrorMode
CloseHandle
SetEvent
CreateEventA
GlobalFree
GetProcAddress
LoadLibraryW
DeleteFileW
GetTickCount
SwitchToThread

user32

wsprintfA
IsCharAlphaNumericW
UnregisterClassA
SetWindowLongW
SystemParametersInfoW
GetWindowLongW
GetClientRect
GetParent
PostMessageW
GetWindowRect
DestroyWindow
InvalidateRect
SetWindowTextW
ShowWindow
EndDialog
DispatchMessageW
DefWindowProcW
MessageBoxW
CreateWindowExW
LoadStringW
PeekMessageW
BringWindowToTop
LoadMenuW
GetWindow
LoadAcceleratorsW
TranslateMessage
GetClassInfoExW
MapWindowPoints
SetForegroundWindow
LoadImageW
CharNextW
GetMessageW
MoveWindow
CallWindowProcW
GetMonitorInfoW
SetMenuItemInfoW
DestroyMenu
SendMessageW
SetDlgItemTextW
GetSystemMetrics
UnhookWindowsHookEx
SetWindowsHookExW
SetMenuDefaultItem
RemoveMenu
IsWindow
GetMenuItemCount
CreateDialogParamW
CreatePopupMenu
GetDlgItem
AppendMenuW
CheckMenuRadioItem
TrackPopupMenuEx
IsDialogMessageW
PtInRect
GetMenuItemInfoW
SetFocus
MessageBeep
SetWindowPos
RegisterClassExW
EnableWindow
FillRect
DrawTextW
InflateRect
SetCapture
TrackMouseEvent
RedrawWindow
ReleaseCapture
GetWindowTextLengthW
GetWindowTextW
EndPaint
ClientToScreen
CallNextHookEx
LoadStringA
KillTimer
PostQuitMessage
MonitorFromPoint
SetTimer
TranslateAcceleratorW
LoadCursorW
wsprintfW
DrawFrameControl
UpdateWindow
GetSysColor
ReleaseDC
GetDC
GetActiveWindow
DialogBoxParamW
ExitWindowsEx
GetMenu
GetFocus
GetCursorPos
RegisterWindowMessageW
GetDCEx
SetRect
OffsetRect
GetCapture
BeginPaint
SetWindowRgn
SetCursor

gdi32

DeleteDC
SetBkColor
SelectObject
ExtTextOutW
SetTextColor
CreatePen
RestoreDC
CreateFontIndirectW
DeleteObject
GetStockObject
LineTo
MoveToEx
CreateRectRgn
CreateCompatibleBitmap
CreateCompatibleDC
ExcludeClipRect
SetBkMode
BitBlt
GetTextExtentPoint32W
GetDeviceCaps
SaveDC
CreateSolidBrush
Rectangle
SetViewportOrgEx

advapi32

FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetKeySecurity
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegEnumValueW
RegQueryValueExW
GetUserNameW
QueryServiceConfigW
EnumServicesStatusW
QueryServiceConfig2W
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegCreateKeyExW
DeleteService
ChangeServiceConfigW

shell32

ShellExecuteW
CommandLineToArgvW
Shell_NotifyIconW
ShellExecuteExW

ole32

CreateStreamOnHGlobal
CoUninitialize
CoTaskMemRealloc
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr
VariantInit
VariantClear
SysAllocString
SysFreeString

shlwapi

PathUnExpandEnvStringsW

comctl32

InitCommonControlsEx

gdiplus

GdipDrawImageRectRectI
GdipFree
GdipCreateBitmapFromStream
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdipGetImageWidth
GdipGetImageHeight
GdipClearPathMarkers
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipCreateStringFormat
GdipFillRectangleI
GdipStringFormatGetGenericTypographic
GdipCreateFontFamilyFromName
GdipFillRectangle
GdipDrawString
GdipGetGenericFontFamilySansSerif
GdiplusStartup
GdipAddPathArcI
GdipDeleteFontFamily
GdipGetPathGradientPointCount
GdipAddPathLineI
GdipSetSmoothingMode
GdipSetPathGradientFocusScales
GdipSetStringFormatAlign
GdipDrawImageRectI
GdipCreatePathGradientFromPath
GdipDeleteFont
GdipSetPathGradientSurroundColorsWithCount
GdipSetStringFormatLineAlign
GdipMeasureString
GdipCreateFont
GdipClosePathFigures
GdipAddPathRectangleI
GdipCreateLineBrushFromRectWithAngle
GdipSetPathGradientCenterColor
GdipCreateLineBrushFromRectWithAngleI
GdipSetStringFormatFlags
GdipCreatePen1
GdipCreatePath
GdipFillPath
GdipCreateFromHDC
GdipDeletePath
GdipCreateSolidFill
GdipAddPathCurveI
GdipDeleteGraphics
GdipDrawPath
GdipCloneBrush
GdipDeletePen
GdipDeleteBrush

uxtheme

DrawThemeBackground
CloseThemeData
OpenThemeData

secur32

GetUserNameExW

crypt32

CertFreeCertificateContext
CertGetNameStringW
CertCloseStore
CryptDecodeObject
CryptMsgClose
CryptUnprotectData
CryptQueryObject
CertFindCertificateInStore
CryptMsgGetParam

iphlpapi

GetAdaptersInfo

pdh

PdhGetFormattedCounterValue
PdhCloseQuery
PdhCollectQueryData
PdhOpenQueryW
PdhAddCounterW

psapi

GetProcessImageFileNameW

ws2_32

select
__WSAFDIsSet
ioctlsocket
WSAIoctl
connect
WSAGetLastError
getpeername
send
ntohs
getsockname
setsockopt
recv
socket
WSASetLastError
closesocket
getsockopt
WSAStartup
WSACleanup
gethostbyname
bind
htons

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ATL
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3394a8541c27e86bd63748b1aaa1cf29

Code Sign

02:04:62:e0:04:8a:cb:18:91:fb:97:0c:0b:66:07:e5Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

10:62:03:69:2f:90:95:4e:bc:dd:55:c5:1a:7a:d0:60:d0:05:85:17Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

uxtheme

secur32

crypt32

iphlpapi

pdh

psapi

ws2_32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 385KB - Virtual size: 385KB

.data Size: 89KB - Virtual size: 103KB

.tls Size: 512B - Virtual size: 2B

ATL Size: 512B - Virtual size: 8B

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 125KB - Virtual size: 125KB

02:04:62:e0:04:8a:cb:18:91:fb:97:0c:0b:66:07:e5
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

10:62:03:69:2f:90:95:4e:bc:dd:55:c5:1a:7a:d0:60:d0:05:85:17
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 385KB - Virtual size: 385KB

.data
Size: 89KB - Virtual size: 103KB

.tls
Size: 512B - Virtual size: 2B

ATL
Size: 512B - Virtual size: 8B

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 125KB - Virtual size: 125KB