2024-04-17_69c50f725e576eb3752cd055b918ba6e_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-17_69c50f725e576eb3752cd055b918ba6e_mafia
Size

6.4MB
MD5

69c50f725e576eb3752cd055b918ba6e
SHA1

83267b6e34f60ab1a0f75e90e625f99d75a2748a
SHA256

0aa4685af23e18299f91c5a8947b19cfef7f9633a049de122b7a88c3c7062c35
SHA512

bb3bb3de183c15ec302fde5a20946ca93983a42f2efea752f7906797f30356597f81abf99dfe79c04df948d3179d23fdab2aa278d7da52360e8683c0c808da4b
SSDEEP

196608:9PuXBgfG/uPuxG///////ejG///////ectEu:wXBgfG/uP+G///////ejG///////e7u

Score

1^/10

Malware Config

Signatures

Files

2024-04-17_69c50f725e576eb3752cd055b918ba6e_mafia
.exe windows:5 windows x86 arch:x86

7617739ef039e39e5f5722afa1d3f690

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:3d:2c:bd:47:4f:58:96:b5:0a:27:6b:46:ea:71:27
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

30/08/2021, 00:00

Not After

03/10/2022, 23:59

Subject

CN=SEIKO EPSON CORPORATION,OU=Information Service & Support Department,O=SEIKO EPSON CORPORATION,L=Suwa-Shi,ST=Nagano,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

78:dd:89:5b:3d:bc:21:32:4f:18:74:da:61:13:8e:ef:8f:c3:27:07
Signer

Actual PE Digest

78:dd:89:5b:3d:bc:21:32:4f:18:74:da:61:13:8e:ef:8f:c3:27:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Git_WorkSpace\Lithium3\ENConfig\Release_unicode\ENConfig.pdb

Imports

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

kernel32

SetCommMask
PurgeComm
SetCommState
GetCommState
SetCommTimeouts
SetupComm
ClearCommError
QueryDosDeviceW
DefineDosDeviceW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocaleInfoW
GetFileAttributesW
DeleteFileW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
GetFullPathNameW
GetModuleHandleW
GetTempPathW
GetDiskFreeSpaceExW
SetFilePointer
FlushFileBuffers
GetFileSize
CreateMutexW
OpenMutexW
GetSystemDirectoryA
CreateSemaphoreW
ReleaseSemaphore
GetACP
MultiByteToWideChar
WideCharToMultiByte
ResumeThread
GetCurrentThreadId
SystemTimeToTzSpecificLocalTime
GetSystemTime
GetTimeZoneInformation
GetCurrentProcessId
CreateMailslotW
GetMailslotInfo
GlobalMemoryStatus
HeapCreate
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EscapeCommFunction
CreateFileW
DeviceIoControl
GetTickCount
InterlockedDecrement
InterlockedIncrement
LoadLibraryW
GetProcAddress
SetLastError
GetModuleHandleA
InterlockedExchange
CompareStringA
QueryPerformanceFrequency
SetFileTime
CreatePipe
GetVersionExA
GetSystemInfo
TryEnterCriticalSection
SetThreadPriority
GetExitCodeThread
GetExitCodeProcess
DuplicateHandle
GetProcessTimes
ReleaseMutex
SetEnvironmentVariableA
GetProcessHeap
SetEndOfFile
LoadLibraryA
FreeLibrary
OpenProcess
ConnectNamedPipe
SetStdHandle
CreateFileA
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
FatalAppExitA
GetConsoleMode
GetConsoleCP
GetOEMCP
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
WaitForMultipleObjects
ReadFile
WaitForSingleObject
WriteFile
DisconnectNamedPipe
CloseHandle
SetEvent
ResetEvent
GetLastError
CreateThread
Sleep
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetModuleFileNameA
MulDiv
GetCommandLineW
FindClose
LocalFree
LocalLock
LocalAlloc
InterlockedCompareExchange
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
ExitThread
SetUnhandledExceptionFilter
ExitProcess
GetStdHandle
HeapDestroy

user32

TrackPopupMenu
GetCursorPos
ScreenToClient
GetSystemMetrics
GetCursor
SetCursor
BeginPaint
GetDesktopWindow
EnumDisplayMonitors
GetMenuItemRect
GetMenuItemCount
SetFocus
GetSubMenu
EndPaint
GetClientRect
EndDialog
ReleaseDC
GetDC
GetDlgItem
SetForegroundWindow
MessageBeep
MapWindowPoints
DestroyMenu
GetSystemMenu
DeleteMenu
SetWindowPos
ClientToScreen
GetWindowRect
TrackPopupMenuEx
GetAsyncKeyState
HideCaret
GetWindow
DestroyWindow
IsWindow
AttachThreadInput
GetParent
GetWindowThreadProcessId
GetFocus
ShowWindow
IsWindowVisible
IsWindowEnabled
IsZoomed
IsIconic
GetActiveWindow
SetActiveWindow
MoveWindow
SetTimer
KillTimer
TranslateMessage
WaitMessage
GetKeyState
PostQuitMessage
AdjustWindowRectEx
RedrawWindow
DestroyAcceleratorTable
GetNextDlgTabItem
CreateMenu
CreatePopupMenu
CheckMenuRadioItem
GetMenuItemID
InvalidateRect

winspool.drv

OpenPrinterW
EnumPortsW
SetPrinterW
ClosePrinter
XcvDataW
EnumPrintersW

advapi32

OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
OpenSCManagerW

shell32

SHGetSpecialFolderPathW
FindExecutableW

ole32

CoCreateInstance
StringFromGUID2
CoInitialize
CoTaskMemFree
CoUninitialize
CoCreateGuid
CoInitializeEx

winmm

timeGetTime

ws2_32

WSAStartup
gethostname
ntohs
htons
inet_addr
WSAGetLastError
gethostbyname
inet_ntoa
WSACleanup
ioctlsocket
socket
getsockopt
setsockopt
getpeername
htonl
getservbyname
gethostbyaddr
getservbyport
WSASetLastError
ntohl
closesocket
connect
accept
bind
listen
shutdown
send
recv
sendto
recvfrom
select
getsockname
__WSAFDIsSet

iphlpapi

GetIpAddrTable
GetIfTable
GetAdaptersInfo

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
InitCommonControlsEx
CreateStatusWindowW
ImageList_SetBkColor
ImageList_Add
ImageList_Draw
ImageList_GetIcon
ImageList_GetIconSize

gdi32

DeleteDC
SelectObject
GetStockObject
DeleteObject
GetDeviceCaps

comdlg32

CommDlgExtendedError

oleaut32

SysAllocString
SysStringLen
SysFreeString
VariantInit
SysAllocStringByteLen

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 555KB - Virtual size: 555KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7617739ef039e39e5f5722afa1d3f690

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:3d:2c:bd:47:4f:58:96:b5:0a:27:6b:46:ea:71:27Certificate

Extended Key Usages

Key Usages

78:dd:89:5b:3d:bc:21:32:4f:18:74:da:61:13:8e:ef:8f:c3:27:07Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

winspool.drv

advapi32

shell32

ole32

winmm

ws2_32

iphlpapi

comctl32

gdi32

comdlg32

oleaut32

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 65KB - Virtual size: 79KB

.rsrc Size: 555KB - Virtual size: 555KB

.reloc Size: 370KB - Virtual size: 370KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:3d:2c:bd:47:4f:58:96:b5:0a:27:6b:46:ea:71:27
Certificate

78:dd:89:5b:3d:bc:21:32:4f:18:74:da:61:13:8e:ef:8f:c3:27:07
Signer

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 65KB - Virtual size: 79KB

.rsrc
Size: 555KB - Virtual size: 555KB

.reloc
Size: 370KB - Virtual size: 370KB