2024-04-20_1935a4ecbfd1eac996d4335ecd59de24_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-20_1935a4ecbfd1eac996d4335ecd59de24_mafia
Size

487KB
MD5

1935a4ecbfd1eac996d4335ecd59de24
SHA1

3cfbcb407a6b7e6f46ba92db2e2383a23a052787
SHA256

0499b6586c8d14b5c213be9d1434dc56fe63524895d3494ddb487363dbdefd2f
SHA512

e626edf602f2e740327bb4db7f77210e1d3a2f674bb03fbc6101e15087687cf557dfcf8201cc9dd674eb2927e43672f68c721069a6a58a9431b5db801f76999c
SSDEEP

12288:EvGephQaf9p8Z2rGCBPtbH5Z/GP4hbQ2f5+lVGb5:EvGepLpn1b//1Kur

Score

1^/10

Malware Config

Signatures

Files

2024-04-20_1935a4ecbfd1eac996d4335ecd59de24_mafia
.exe windows:5 windows x86 arch:x86

801583edf04c83dca6d5a7c2aafb6f9f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:a5:c8:47:24:52:e9:8d:42:54:88:c3:98:1c:28:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

06/10/2011, 00:00

Not After

31/12/2013, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:8e:1b:7d:2d:73:c3:e8:dc:fb:58:cf:91:86:c6:3d:cd:7d:2f:84
Signer

Actual PE Digest

48:8e:1b:7d:2d:73:c3:e8:dc:fb:58:cf:91:86:c6:3d:cd:7d:2f:84

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\BuildEngineSpace\Temp\a4c70369-1335-4a70-a3de-04f49464df14\build\Win32\Release\McUICnt.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust

kernel32

IsValidLocale
SetEnvironmentVariableA
FlushFileBuffers
WriteConsoleW
CreateFileW
GetFileSize
CloseHandle
GetVersionExW
ReadFile
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetModuleHandleW
GetLastError
EnterCriticalSection
Sleep
InterlockedCompareExchange
GetCurrentProcessId
WritePrivateProfileStructA
WideCharToMultiByte
GetPrivateProfileStructA
MultiByteToWideChar
GetPrivateProfileStringA
GetFileAttributesW
GetModuleFileNameW
CreateMutexW
CreateDirectoryW
FindClose
FindNextFileW
WriteFile
SetFilePointer
CreateFileA
GetWindowsDirectoryA
GetACP
GetLocaleInfoA
GetThreadLocale
GetShortPathNameW
MoveFileExW
SetFileAttributesW
FindFirstFileW
DeleteFileW
RemoveDirectoryW
GetCurrentDirectoryW
InterlockedDecrement
InterlockedIncrement
ReleaseMutex
OutputDebugStringW
GetLocalTime
GetCurrentThreadId
WaitForSingleObject
VirtualQuery
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
IsBadWritePtr
SetEvent
GlobalDeleteAtom
GetCommandLineW
LocalFree
CreateEventW
OpenEventW
SetLastError
CreateThread
LocalAlloc
GlobalAddAtomW
EnumSystemLocalesA
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetEnvironmentVariableW
InterlockedExchange
SwitchToThread
LoadLibraryExW
IsBadReadPtr
SystemTimeToFileTime
GetVersionExA
LoadLibraryA
GetSystemDirectoryA
lstrlenA
GetShortPathNameA
Module32Next
Module32First
CreateToolhelp32Snapshot
OpenProcess
FindFirstFileA
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
HeapCreate
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CompareStringW
GetDateFormatA
GetTimeFormatA
LCMapStringW
GetCPInfo
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetSystemInfo
VirtualAlloc
VirtualProtect
GetLocaleInfoW
DecodePointer
EncodePointer
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
GlobalGetAtomNameW
GetTickCount
GetUserDefaultLCID

user32

UnregisterClassW
LoadStringW
LoadBitmapW
LoadIconW
LoadCursorW
GetClassInfoW
CreateWindowExW
RegisterClassW
UpdateWindow
EnableWindow
DefWindowProcW
SetWindowTextW
IsWindowVisible
KillTimer
SetTimer
PostMessageW
GetParent
SendMessageW
LoadImageW
PostQuitMessage
GetWindowRect
DestroyIcon
GetDesktopWindow
GetClientRect
SetWindowPos
ReleaseDC
GetDC
GetSystemMetrics
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
IsIconic
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetForegroundWindow
FindWindowExW
SetPropW
wsprintfW
BringWindowToTop
GetWindowPlacement
ShowWindow
DestroyWindow
CreateDialogParamW
SetWindowLongW
GetWindowLongW
IsDialogMessageW
IsWindow
EndDialog
GetPropW

gdi32

GetDeviceCaps

ole32

CLSIDFromString
CoUninitialize
CreateStreamOnHGlobal
CoInitialize
CoInitializeEx
CoGetClassObject
CoCreateInstance

oleaut32

SysAllocStringByteLen
CreateDispTypeInfo
CreateStdDispatch
SysAllocStringLen
SysStringByteLen
VariantInit
VariantClear
VariantChangeType
VariantCopy
SysAllocString
SysFreeString

shlwapi

PathRemoveFileSpecW
PathFileExistsW
SHGetValueW
PathStripPathW
PathAppendW

wininet

InternetCrackUrlW

Sections

.text
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

801583edf04c83dca6d5a7c2aafb6f9f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

68:a5:c8:47:24:52:e9:8d:42:54:88:c3:98:1c:28:f8Certificate

Extended Key Usages

Key Usages

48:8e:1b:7d:2d:73:c3:e8:dc:fb:58:cf:91:86:c6:3d:cd:7d:2f:84Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

wintrust

kernel32

user32

gdi32

ole32

oleaut32

shlwapi

wininet

Sections

.text Size: 326KB - Virtual size: 326KB

.rdata Size: 69KB - Virtual size: 69KB

.data Size: 13KB - Virtual size: 23KB

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 23KB - Virtual size: 22KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

68:a5:c8:47:24:52:e9:8d:42:54:88:c3:98:1c:28:f8
Certificate

48:8e:1b:7d:2d:73:c3:e8:dc:fb:58:cf:91:86:c6:3d:cd:7d:2f:84
Signer

.text
Size: 326KB - Virtual size: 326KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 13KB - Virtual size: 23KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 23KB - Virtual size: 22KB