2024-04-17_a7bd4fe00df46086fb5aab0891d00c29_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-17_a7bd4fe00df46086fb5aab0891d00c29_mafia
Size

13.6MB
MD5

a7bd4fe00df46086fb5aab0891d00c29
SHA1

c700cca4c0a258f187de3170bca78c4876ce3f3d
SHA256

13d700930fc09cea337be979dcbf43d65653cb6750eb393d00c05a855b53e560
SHA512

2aca1bb2f0d5719975f6869104760a59813427f9e80fa741c6b533221b02333796167d7fc254285b9dfa00371d4bc5acdbb42f5eea3e8f530a64512ca2d3854c
SSDEEP

196608:+tTjY2/bUc4V7sIqkD/3ja1rLqrbceiZJS89JtHyzlTf:+tTjY2DN4+A+1nqrWZJ9HEF

Score

1^/10

Malware Config

Signatures

Files

2024-04-17_a7bd4fe00df46086fb5aab0891d00c29_mafia
.exe windows:5 windows x86 arch:x86

37ae8dae2b28da2b88bcdc406d2d5bd1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:8e:83:36:b7:1d:04:9d:3c:30:29:06:22:af:dc:b9
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04-02-2013 00:00

Not After

04-02-2014 23:59

Subject

CN=QLOC S.A.,O=QLOC S.A.,L=Warszawa,ST=mazowieckie,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17-11-2006 00:00

Not After

30-12-2020 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

88:79:15:28:79:35:78:cf:5c:cf:91:a7:cc:77:4e:3d:fc:c0:23:b2
Signer

Actual PE Digest

88:79:15:28:79:35:78:cf:5c:cf:91:a7:cc:77:4e:3d:fc:c0:23:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Builds\SFxT\SFTK\Bin\win32\SFTK.pdb

Imports

winmm

timeGetTime
timeSetEvent
timeEndPeriod
timeBeginPeriod
timeKillEvent

xlive

ord5305
ord5311
ord51
ord5331
ord62
ord5309
ord52
ord1
ord71
ord5377
ord5003
ord5030
ord5297
ord5270
ord5002
ord5007
ord5038
ord5037
ord5035
ord5036
ord5034
ord5252
ord651
ord5376
ord5365
ord5372
ord5367
ord5260
ord5265
ord5360
ord5349
ord5350
ord5355
ord5216
ord5275
ord5206
ord5315
ord5278
ord5280
ord5345
ord5317
ord5281
ord2
ord5256
ord5286
ord5312
ord5276
ord5346
ord5330
ord5326
ord5251
ord1083
ord5318
ord5325
ord5336
ord5332
ord5322
ord5333
ord5323
ord5300
ord5327
ord69
ord5263
ord5314
ord5264
ord5320
ord5254
ord1082
ord70
ord72
ord5319
ord5261
ord75
ord63
ord66
ord73
ord57
ord65
ord60
ord7
ord3
ord14
ord4
ord10
ord11
ord6
ord22
ord27
ord13
ord20
ord18
ord15
ord24
ord12
ord34
ord38
ord40
ord5020
ord5021
ord5019
ord5018
ord5017
ord5294
ord5295
ord5016
ord5008
ord5310
ord5267
ord5277
ord5262
ord5215
ord5266
ord5284

kernel32

SetErrorMode
ReleaseMutex
CreateMutexA
CreateSemaphoreA
CreateEventA
GetProcessAffinityMask
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
SetStdHandle
CreateFileW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetExitCodeProcess
CreatePipe
CompareStringW
HeapReAlloc
HeapQueryInformation
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetFileType
SetHandleCount
IsBadWritePtr
GetOEMCP
GetACP
SetLastError
GetFileInformationByHandle
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
HeapSize
GetStdHandle
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCPInfo
GetDateFormatA
GetTimeFormatA
CreateProcessA
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitThread
ExitProcess
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetStringTypeW
GetDriveTypeW
FindFirstFileExW
IsValidCodePage
GetFullPathNameW
FindNextFileW
FindFirstFileW
FormatMessageA
SetEndOfFile
MoveFileA
DeleteFileA
PeekNamedPipe
GetCurrentDirectoryW
TlsFree
FindFirstFileA
FindClose
FindNextFileA
LeaveCriticalSection
EnterCriticalSection
GetUserDefaultLangID
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
WideCharToMultiByte
GetModuleFileNameW
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalMemoryStatusEx
OutputDebugStringA
GetModuleHandleW
GetVersionExW
GetProcAddress
GetSystemInfo
GetTickCount
CloseHandle
MultiByteToWideChar
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetLocalTime
FileTimeToLocalFileTime
InterlockedCompareExchange
Sleep
RaiseException
InterlockedExchange
CreateMutexW
SetThreadExecutionState
GetLastError
SetCurrentDirectoryW
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
SetEvent
ResetEvent
CreateEventW
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
FreeLibrary
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
GetModuleHandleA
CreateFileA
GetFileSize
SetFilePointer
WriteFile
ReadFile
CreateDirectoryA
GetCurrentThread
SetThreadPriority
GetExitCodeThread
SetThreadIdealProcessor
GetThreadPriority
ResumeThread
InterlockedExchangeAdd
GetFileSizeEx
PulseEvent
InitializeCriticalSection
ReleaseSemaphore
GetCurrentThreadId
lstrcmpW
MulDiv
WaitForMultipleObjects
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
GetFileTime
CreateThread
GetFileAttributesA

user32

GetSystemMetrics
DispatchMessageW
DefWindowProcW
AdjustWindowRect
UpdateWindow
IsWindowVisible
ReleaseCapture
MessageBoxW
EqualRect
CreateWindowExW
ShowWindow
GetCursorPos
SetWindowPos
GetDesktopWindow
SetWindowLongW
PeekMessageW
GetWindowLongW
SetRect
OffsetRect
GetWindowPlacement
GetKeyboardLayoutNameA
RegisterClassExW
GetForegroundWindow
TranslateMessage
SetFocus
GetClientRect
FindWindowW
SetForegroundWindow
GetKeyState
PostMessageW
SetCapture
LoadImageW
IsIconic
PostQuitMessage
GetMessageW
GetWindowRect
SetCursor
SetWindowPlacement
DestroyWindow
GetAsyncKeyState
SystemParametersInfoW
GetKeyboardState
PostThreadMessageW
GetQueueStatus
MsgWaitForMultipleObjects
RegisterWindowMessageW
MessageBoxA
wsprintfW
LoadIconW

gdi32

GetStockObject

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

shell32

SHCreateDirectoryExA
SHGetFolderPathA
SHGetDiskFreeSpaceExA
SHGetFolderPathW

ole32

CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CoFreeUnusedLibraries
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit

d3d9

Direct3DCreate9

d3dx9_43

D3DXGetShaderInputSemantics
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateFontA
D3DXLoadSurfaceFromMemory
D3DXCompileShader

dinput8

DirectInput8Create

xinput1_3

ord2
ord3
ord4

Sections

.text
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 511KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 693KB - Virtual size: 693KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37ae8dae2b28da2b88bcdc406d2d5bd1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

5b:8e:83:36:b7:1d:04:9d:3c:30:29:06:22:af:dc:b9Certificate

Extended Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

88:79:15:28:79:35:78:cf:5c:cf:91:a7:cc:77:4e:3d:fc:c0:23:b2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

xlive

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

d3d9

d3dx9_43

dinput8

xinput1_3

Sections

.text Size: 9.0MB - Virtual size: 9.0MB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 511KB - Virtual size: 4.1MB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 693KB - Virtual size: 693KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

5b:8e:83:36:b7:1d:04:9d:3c:30:29:06:22:af:dc:b9
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

88:79:15:28:79:35:78:cf:5c:cf:91:a7:cc:77:4e:3d:fc:c0:23:b2
Signer

.text
Size: 9.0MB - Virtual size: 9.0MB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 511KB - Virtual size: 4.1MB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 693KB - Virtual size: 693KB