2024-04-22_4488cb56c193b2c64b27458c001e2fd9_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-22_4488cb56c193b2c64b27458c001e2fd9_mafia
Size

149KB
MD5

4488cb56c193b2c64b27458c001e2fd9
SHA1

dadc8158149c12410ae4a1fe7da882faf5b8227d
SHA256

b9798a4027709e0edefc76dffd7c12ae3dd4c3ecbc9e079f1466b1b0d5406b36
SHA512

b1a3a75f7ceafce20ff62390b3b48666fcc2548039dd62e201b5972358143dba5a773e5eb33ad7597a1e463913b6e5f5ff301379f6049f8a84f50632493d4fd2
SSDEEP

3072:DivHMi3Lg/c1iYEqtFP3OTmVBzLI862tHr6I4e0M1mwq:OvHMi7g/7eDzLI86uHr6I50bwq

Score

1^/10

Malware Config

Signatures

Files

2024-04-22_4488cb56c193b2c64b27458c001e2fd9_mafia
.exe windows:5 windows x86 arch:x86

32bde520950a32dea045142ae0abf0c0

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:3c:40:8f:5b:d2:4f:32:aa:b1:db:87:52:d7:de:2c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/12/2012, 00:00

Not After

05/01/2015, 23:59

Subject

CN=UtilTool Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=UtilTool Limited,L=Gibraltar,ST=Gibraltar,C=GI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8e:8c:6b:fb:70:28:16:f4:f2:40:cd:6d:e4:b2:ec:6d:fb:cd:d4:2b
Signer

Actual PE Digest

8e:8c:6b:fb:70:28:16:f4:f2:40:cd:6d:e4:b2:ec:6d:fb:cd:d4:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32FirstW
CreateEventW
WaitForMultipleObjects
Process32NextW
FindNextFileW
FindClose
OpenEventW
CloseHandle
DeleteFileW
LocalFree
GetCurrentDirectoryW
GetStartupInfoW
MultiByteToWideChar
CreateFileW
Sleep
WaitForSingleObject
CreateDirectoryW
MoveFileExW
CreateProcessW
CreateToolhelp32Snapshot
FindFirstFileW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetProcAddress
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryW
SetStdHandle
WriteConsoleW
FlushFileBuffers

advapi32

RegDeleteValueW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW

crypt32

CryptProtectData

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32bde520950a32dea045142ae0abf0c0

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

3d:3c:40:8f:5b:d2:4f:32:aa:b1:db:87:52:d7:de:2cCertificate

Extended Key Usages

Key Usages

8e:8c:6b:fb:70:28:16:f4:f2:40:cd:6d:e4:b2:ec:6d:fb:cd:d4:2bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

crypt32

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

3d:3c:40:8f:5b:d2:4f:32:aa:b1:db:87:52:d7:de:2c
Certificate

8e:8c:6b:fb:70:28:16:f4:f2:40:cd:6d:e4:b2:ec:6d:fb:cd:d4:2b
Signer

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB