2024-04-18_fd07383fad0a570202073860709d7fd3_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-18_fd07383fad0a570202073860709d7fd3_mafia
Size

302KB
MD5

fd07383fad0a570202073860709d7fd3
SHA1

eeac11c619a4236f27d687f378a315580be7cae3
SHA256

1fe48d40d20d616298ec4035b3f3dc27d826df2800ebe13331e16c7c758ee8c6
SHA512

22c59d6c34310479b496f926cb7ae5d7d2c0277da4998b8c9e09a92f2b0f3b70c0982f27b26f8a5caf079771289951e9fb375394ad3dcf8177dc1544ae425bf5
SSDEEP

6144:sKVGlYNySWn3pFZBP4cO0rmiJNemxPW/lE/KNFSPfbE6gbS:sOGlYNEFZBQcOlijeWPW/q/KDSPfCO

Score

1^/10

Malware Config

Signatures

Files

2024-04-18_fd07383fad0a570202073860709d7fd3_mafia
.exe windows:5 windows x86 arch:x86

635b8f1a44e5e4fc49b6c7178dd0d405

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:74:8b:e1:2f:68:ab:26:38:01:3d:4f:6c:36:3a:50
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

10/01/2012, 00:00

Not After

09/01/2015, 23:59

Subject

CN=Nitro PDF Software,O=Nitro PDF Software,POSTALCODE=3000,STREET=Level 3\, 370 Little Bourke Street,L=Melbourne,ST=Victoria,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e4:79:88:0d:e6:ee:cb:54:cf:72:b5:86:ca:62:ef:1c:b9:af:40:0d
Signer

Actual PE Digest

e4:79:88:0d:e6:ee:cb:54:cf:72:b5:86:ca:62:ef:1c:b9:af:40:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

v:\Nitro5_reader\BsSndRpt.pdb

Imports

shlwapi

PathUnquoteSpacesW
PathFileExistsW
PathAppendW

rpcrt4

RpcStringFreeW
UuidToStringW

wininet

InternetOpenA
InternetConnectA
InternetAttemptConnect
InternetCloseHandle
HttpOpenRequestA
HttpAddRequestHeadersA
InternetSetCookieA
HttpSendRequestW
HttpSendRequestA
HttpSendRequestExW
InternetWriteFile
HttpEndRequestA
HttpEndRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetReadFile
HttpQueryInfoW

ws2_32

gethostname
gethostbyname
inet_ntoa
WSACleanup
WSAStartup

kernel32

GetConsoleCP
HeapCreate
GetStdHandle
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsGetValue
CreateFileA
GetFileSize
CloseHandle
ReadFile
HeapAlloc
GetProcessHeap
GetLastError
HeapFree
WriteFile
SetEvent
WaitForSingleObject
GetFileAttributesW
GetFullPathNameW
GetModuleFileNameW
MultiByteToWideChar
GetACP
CreateFileW
GetFileInformationByHandle
CreateFileMappingW
MapViewOfFile
GetCurrentDirectoryW
SetCurrentDirectoryW
UnmapViewOfFile
LoadLibraryW
InterlockedExchange
FreeLibrary
lstrlenW
GetProcAddress
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
RaiseException
EnterCriticalSection
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetPrivateProfileStringW
GetCurrentThreadId
GetConsoleMode
GetLocaleInfoW
DebugBreak
OutputDebugStringW
lstrlenA
ResetEvent
LocalFree
FormatMessageW
MoveFileW
DeleteFileW
WideCharToMultiByte
CopyFileW
GetTempPathW
GetCurrentProcess
FlushInstructionCache
SetLastError
CompareStringW
lstrcpyW
LocalAlloc
MulDiv
CreateEventW
CreateThread
SetThreadPriority
ResumeThread
FileTimeToSystemTime
GetFileType
SetFilePointer
FileTimeToDosDateTime
GetLocalTime
SystemTimeToFileTime
GetCPInfo
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetTimeZoneInformation
HeapReAlloc
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InitializeCriticalSection
Sleep
DecodePointer
EncodePointer
GetStringTypeW
InterlockedCompareExchange
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetOEMCP
IsValidCodePage
TlsAlloc
GetCurrentProcessId
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
SetEndOfFile
SetEnvironmentVariableA
GetCommandLineW
LCMapStringW

user32

KillTimer
ShowWindow
SetTimer
EnableWindow
MessageBeep
SetDlgItemTextW
GetDlgItemTextW
BringWindowToTop
SetForegroundWindow
PostMessageW
GetDlgItem
GetWindow
SystemParametersInfoW
GetWindowRect
MapWindowPoints
DestroyWindow
BeginPaint
EndPaint
FillRect
IsWindowEnabled
GetSysColor
GetFocus
DrawFocusRect
SetCursor
SetCapture
GetCapture
ReleaseCapture
GetDlgCtrlID
GetCursorPos
ScreenToClient
PtInRect
InvalidateRect
UpdateWindow
GetClassNameW
SetWindowPos
CreateCursor
CreateWindowExW
SetWindowTextW
GetDC
ReleaseDC
GetClientRect
DrawTextW
OffsetRect
IsWindow
GetParent
SendMessageW
CallWindowProcW
GetWindowLongW
SetWindowLongW
SetFocus
DefWindowProcW
EndDialog
GetWindowTextW
GetWindowTextLengthW
DialogBoxParamW
DestroyCursor
GetActiveWindow
LoadStringW
wvsprintfW
CharUpperW
CharNextW
MessageBoxW
SetRectEmpty
UnregisterClassA

gdi32

GetObjectW
SelectObject
GetStockObject
CreateFontIndirectW
SetTextColor
SetBkMode
DeleteObject

advapi32

RegSetValueExW
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegCreateKeyW

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoCreateGuid

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx
_TrackMouseEvent

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

635b8f1a44e5e4fc49b6c7178dd0d405

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

f1:74:8b:e1:2f:68:ab:26:38:01:3d:4f:6c:36:3a:50Certificate

Extended Key Usages

Key Usages

e4:79:88:0d:e6:ee:cb:54:cf:72:b5:86:ca:62:ef:1c:b9:af:40:0dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

rpcrt4

wininet

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 214KB - Virtual size: 213KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 9KB - Virtual size: 20KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 16KB - Virtual size: 15KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

f1:74:8b:e1:2f:68:ab:26:38:01:3d:4f:6c:36:3a:50
Certificate

e4:79:88:0d:e6:ee:cb:54:cf:72:b5:86:ca:62:ef:1c:b9:af:40:0d
Signer

.text
Size: 214KB - Virtual size: 213KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 9KB - Virtual size: 20KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 16KB - Virtual size: 15KB