2024-04-16_4921c455d20e80b38b4a04e2bae47e6e_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-16_4921c455d20e80b38b4a04e2bae47e6e_mafia
Size

272KB
MD5

4921c455d20e80b38b4a04e2bae47e6e
SHA1

4bcc83196b91ec6917e8a1ea6861fde80c93d1df
SHA256

f3ddacc51a1050c2fe64e41fb2e800c004e5ec3cb690cf43cea2053c6799244d
SHA512

9863ef65d9705b76ead4962947f39eaec111fc1d81f8a5361b2a2f5ab5397e0ad082e959c93c8679fb4dba677e776e94cd88b2a181f18ad3609612f69567be40
SSDEEP

3072:1CrHVynSYONlQQi6ghUVg0X1NFl2dVBxOUXJbsrnvBATrpfQ7bOd6yrcUpLCyn2h:cr1IMhrgUVgi0vXinJAvpft6Qc3yYkgv

Score

1^/10

Malware Config

Signatures

Files

2024-04-16_4921c455d20e80b38b4a04e2bae47e6e_mafia
.exe windows:5 windows x86 arch:x86

7a72bed5a93d8930821d9f7c4e801a44

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:ab:23:85:dd:94:2a:55:03:51:28:ee:9e:a2:b6:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/04/2014, 00:00

Not After

26/05/2015, 23:59

Subject

CN=AnchorFree Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AnchorFree Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:c0:6e:e7:11:80:03:b9:b5:6f:ed:f2:e2:58:26:75:3e:85:b5:be
Signer

Actual PE Digest

9f:c0:6e:e7:11:80:03:b9:b5:6f:ed:f2:e2:58:26:75:3e:85:b5:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\dev\tags\rev-3.53\apps\win\Release\Win32\hydra.pdb

Imports

afvpn

_afvpn_info
afvpn_info
afvpn_free
afvpn_get_status
afvpn_fini
afvpn_main_loop
afvpn_init
afvpn_stop

kernel32

LocalFree
CreateFileW
ReadFile
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
TlsAlloc
GetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TerminateThread
QueueUserAPC
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
SetLastError
CreateEventA
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
SetEvent
WaitForSingleObject
WaitForMultipleObjects
TlsGetValue
TlsSetValue
TlsFree
CreateEventW
SleepEx
CreateWaitableTimerW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
GetStartupInfoW
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
Sleep
InitializeCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
FlushFileBuffers
FormatMessageA
ReleaseSemaphore
GetCurrentThreadId
GetCurrentProcessId
OpenEventA
ResetEvent
ResumeThread
GetTickCount
SystemTimeToFileTime
CreateWaitableTimerA
SetConsoleCtrlHandler
ExitThread
CreateThread
GetCommandLineA
HeapSetInformation
RaiseException
RtlUnwind
GetCPInfo
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
HeapCreate
GetModuleFileNameA

ws2_32

getsockopt
connect
freeaddrinfo
getaddrinfo
select
WSASocketW
WSARecv
WSAGetLastError
setsockopt
WSASend
ioctlsocket
closesocket
WSACleanup
WSAStartup
WSASetLastError

Sections

.text
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a72bed5a93d8930821d9f7c4e801a44

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

33:ab:23:85:dd:94:2a:55:03:51:28:ee:9e:a2:b6:3eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

9f:c0:6e:e7:11:80:03:b9:b5:6f:ed:f2:e2:58:26:75:3e:85:b5:beSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

afvpn

kernel32

ws2_32

Sections

.text Size: 189KB - Virtual size: 188KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 11KB - Virtual size: 19KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 22KB - Virtual size: 22KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

33:ab:23:85:dd:94:2a:55:03:51:28:ee:9e:a2:b6:3e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

9f:c0:6e:e7:11:80:03:b9:b5:6f:ed:f2:e2:58:26:75:3e:85:b5:be
Signer

.text
Size: 189KB - Virtual size: 188KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 11KB - Virtual size: 19KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 22KB - Virtual size: 22KB