2024-04-23_284c8c6fb8040d620f46539a8e124d2c_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-23_284c8c6fb8040d620f46539a8e124d2c_mafia
Size

1.1MB
MD5

284c8c6fb8040d620f46539a8e124d2c
SHA1

bbe908f5f527a6ce36588695339e2bf52ac8e731
SHA256

6c18ed9b82fe5f5d0cb3c175635047ce51eff75a0b7332a5ec6f76de8d455f38
SHA512

598ec6c805d44a113639a84f8fae7b2728c9d8fc17fccdf81c5420d518b6e72899a518b34f9d5d59a2a78f6b2f9cd448d771c09eeb1113c3912978032b8c6e52
SSDEEP

24576:YnC4f1vxQc2FfNxmdV9qnEWAtYrSwbGd8IOXiZzk2h//BSVrZA:YnCkzQhfTsbqnEWIYrSwbg8+kE//BSV2

Score

1^/10

Malware Config

Signatures

Files

2024-04-23_284c8c6fb8040d620f46539a8e124d2c_mafia
.exe windows:5 windows x86 arch:x86

1b90b86757a5378c98cfc21a8f9ab2a6

Code Sign

b9:96:6e:a3:1a:f5:75:0f:30:96:8d:04:1d:15:66:9b
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24/09/2012, 00:00

Not After

24/09/2015, 23:59

Subject

CN=Crossrider Advanced Technologies,O=Crossrider Advanced Technologies,POSTALCODE=65133,STREET=40 Lilienblum St,L=Tel-Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cb:eb:a2:2e:2b:ca:47:cf:ad:4a:6e:2c:f1:23:6b:61:13:ca:14:9f
Signer

Actual PE Digest

cb:eb:a2:2e:2b:ca:47:cf:ad:4a:6e:2c:f1:23:6b:61:13:ca:14:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\container\desktop-app-exe\DesktopApplication\Release\DTABrowser.pdb

Imports

awesomium

??0WebConfig@Awesomium@@QAE@XZ
?Shutdown@WebCore@Awesomium@@SAXXZ
??1WebPreferences@Awesomium@@QAE@XZ
??4WebString@Awesomium@@QAEAAV01@ABV01@@Z
?WriteDataPak@Awesomium@@YA_NABVWebString@1@00AAG@Z
?instance@WebCore@Awesomium@@SAPAV12@XZ
?Initialize@WebCore@Awesomium@@SAPAV12@ABUWebConfig@2@@Z
??0WebURL@Awesomium@@QAE@ABVWebString@1@@Z
?IsNull@JSValue@Awesomium@@QBE_NXZ
?IsDouble@JSValue@Awesomium@@QBE_NXZ
?IsArray@JSValue@Awesomium@@QBE_NXZ
?HasProperty@JSObject@Awesomium@@QBE_NABVWebString@2@@Z
??1WebConfig@Awesomium@@QAE@XZ
??0WebPreferences@Awesomium@@QAE@XZ
?set_is_dirty@BitmapSurface@Awesomium@@QAEX_N@Z
?CopyTo@BitmapSurface@Awesomium@@QBEXPAEHH_N1@Z
??0WebKeyboardEvent@Awesomium@@QAE@IIJ@Z
??1JSValue@Awesomium@@QAE@XZ
?CreateFromUTF8@WebString@Awesomium@@SA?AV12@PBDI@Z
??1WebString@Awesomium@@QAE@XZ
?size@JSArray@Awesomium@@QBEIXZ
?IsString@JSValue@Awesomium@@QBE_NXZ
??AJSArray@Awesomium@@QBEABVJSValue@1@I@Z
?data@WebString@Awesomium@@QBEPBGXZ
?ToString@JSValue@Awesomium@@QBE?AVWebString@2@XZ
?IsObject@JSValue@Awesomium@@QBE_NXZ
?GetPropertyNames@JSObject@Awesomium@@QBE?AVJSArray@2@XZ
?ToObject@JSValue@Awesomium@@QBEABVJSObject@2@XZ
??1JSArray@Awesomium@@QAE@XZ
?GetProperty@JSObject@Awesomium@@QBE?AVJSValue@2@ABVWebString@2@@Z
??AJSArray@Awesomium@@QAEAAVJSValue@1@I@Z
?IsInteger@JSValue@Awesomium@@QBE_NXZ
?ToInteger@JSValue@Awesomium@@QBEHXZ
??0JSArray@Awesomium@@QAE@XZ
?Push@JSArray@Awesomium@@QAEXABVJSValue@2@@Z
??0JSValue@Awesomium@@QAE@ABVWebString@1@@Z
??0JSValue@Awesomium@@QAE@ABV01@@Z
??0JSValue@Awesomium@@QAE@_N@Z
??4JSValue@Awesomium@@QAEAAV01@ABV01@@Z
?IsNumber@JSValue@Awesomium@@QBE_NXZ
?IsBoolean@JSValue@Awesomium@@QBE_NXZ
?ToBoolean@JSValue@Awesomium@@QBE_NXZ
??0JSObject@Awesomium@@QAE@ABV01@@Z
??1View@WebViewListener@Awesomium@@MAE@XZ
??1Load@WebViewListener@Awesomium@@MAE@XZ
??1Process@WebViewListener@Awesomium@@MAE@XZ
??1Menu@WebViewListener@Awesomium@@MAE@XZ
??1Dialog@WebViewListener@Awesomium@@MAE@XZ
??1Download@WebViewListener@Awesomium@@MAE@XZ
?OnFilterNavigation@ResourceInterceptor@Awesomium@@UAE_NHHABVWebString@2@ABVWebURL@2@_N@Z
??1ResourceInterceptor@Awesomium@@UAE@XZ
??0WebURL@Awesomium@@QAE@ABV01@@Z
??8WebURL@Awesomium@@QBE_NABV01@@Z
?At@WebMenuItemArray@Awesomium@@QBEABUWebMenuItem@2@I@Z
?size@WebMenuItemArray@Awesomium@@QBEIXZ
?ToObject@JSValue@Awesomium@@QAEAAVJSObject@2@XZ
??1JSObject@Awesomium@@QAE@XZ
??0WebString@Awesomium@@QAE@PBG@Z
??0JSValue@Awesomium@@QAE@XZ
??0JSValue@Awesomium@@QAE@ABVJSObject@1@@Z
?Invoke@JSObject@Awesomium@@QAE?AVJSValue@2@ABVWebString@2@ABVJSArray@2@@Z
??0WebString@Awesomium@@QAE@XZ
?IsUndefined@JSValue@Awesomium@@QBE_NXZ
?type@JSObject@Awesomium@@QBE?AW4JSObjectType@2@XZ
?SetCustomMethod@JSObject@Awesomium@@QAEXABVWebString@2@_N@Z
?remote_id@JSObject@Awesomium@@QBEIXZ
?Compare@WebString@Awesomium@@QBEHABV12@@Z
?Undefined@JSValue@Awesomium@@SAABV12@XZ
??0JSValue@Awesomium@@QAE@H@Z
??0WebString@Awesomium@@QAE@ABV01@@Z
??MWebString@Awesomium@@QBE_NABV01@@Z
??_7View@WebViewListener@Awesomium@@6B@
??_7Load@WebViewListener@Awesomium@@6B@
??_7Process@WebViewListener@Awesomium@@6B@
??_7Menu@WebViewListener@Awesomium@@6B@
??_7Dialog@WebViewListener@Awesomium@@6B@
??_7Download@WebViewListener@Awesomium@@6B@
??_7ResourceInterceptor@Awesomium@@6B@
??4WebURL@Awesomium@@QAEAAV01@ABV01@@Z
?path@WebURL@Awesomium@@QBE?AVWebString@2@XZ
?anchor@WebURL@Awesomium@@QBE?AVWebString@2@XZ
?filename@WebURL@Awesomium@@QBE?AVWebString@2@XZ
?host@WebURL@Awesomium@@QBE?AVWebString@2@XZ
?password@WebURL@Awesomium@@QBE?AVWebString@2@XZ
?port@WebURL@Awesomium@@QBE?AVWebString@2@XZ
?query@WebURL@Awesomium@@QBE?AVWebString@2@XZ
?scheme@WebURL@Awesomium@@QBE?AVWebString@2@XZ
?username@WebURL@Awesomium@@QBE?AVWebString@2@XZ
?spec@WebURL@Awesomium@@QBE?AVWebString@2@XZ
??1WebURL@Awesomium@@QAE@XZ
??0WebURL@Awesomium@@QAE@XZ

wininet

InternetGetLastResponseInfoW
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCloseHandle
InternetCrackUrlW
InternetSetOptionW
InternetOpenW
InternetGetConnectedStateExW

glew32

__GLEW_EXT_texture_filter_anisotropic
glewInit

opengl32

glTexCoordPointer
glColorPointer
glColor3f
glRasterPos3f
glPushMatrix
glEnableClientState
glDrawArrays
glPopMatrix
glGetString
glTexParameterf
glVertexPointer
glClearColor
glViewport
glColor4f
glScalef
glLoadIdentity
glMatrixMode
glClear
glGetError
wglDeleteContext
wglMakeCurrent
wglCreateContext
glTexSubImage2D
glMultMatrixf
glDrawPixels
glPushClientAttrib
glPixelStorei
glDisable
glPopClientAttrib
glPopAttrib
glGenTextures
glBindTexture
glTexParameteri
glPushAttrib
glDeleteTextures
glEnable
glBlendFunc
glTexImage2D
glBegin
glTexCoord2f
glEnd
glGetFloatv
glPixelTransferf
glGetIntegerv
glBitmap
glVertex3f
glTranslatef

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdipLoadImageFromFile
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipDrawImageRectI
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFillEllipseI
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipMeasureString
GdipDrawString
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth

glu32

gluOrtho2D

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCPInfo
LCMapStringW
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
VirtualQuery
GetSystemInfo
GetProcAddress
VirtualAlloc
VirtualProtect
ExitThread
GetSystemTimeAsFileTime
GetLocalTime
DecodePointer
EncodePointer
InterlockedIncrement
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
RaiseException
HeapCreate
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
FreeEnvironmentStringsW
InterlockedExchange
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
LocalFree
FormatMessageW
SetLastError
FreeLibrary
LoadLibraryW
GetExitCodeThread
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
CopyFileW
UnmapViewOfFile
ReadFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
FlushFileBuffers
SetEndOfFile
WriteFile
SetFilePointer
CreateFileW
GetEnvironmentVariableW
CreateDirectoryW
GetFileAttributesW
Sleep
lstrlenA
GetVersionExW
CloseHandle
CreateThread
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
WaitForSingleObject
GetModuleFileNameW
ReleaseMutex
OpenMutexW
CreateMutexW
GetLastError
lstrlenW
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
InterlockedDecrement
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
WriteConsoleW
IsProcessorFeaturePresent
SetStdHandle

user32

SetWindowTextW
DestroyIcon
LoadIconW
RegisterClassExW
GetDC
ReleaseDC
DefWindowProcW
KillTimer
IsWindow
SetTimer
BeginPaint
SetWindowRgn
SetLayeredWindowAttributes
EndPaint
BringWindowToTop
SetFocus
UpdateLayeredWindow
DispatchMessageW
UpdateWindow
TranslateMessage
SetForegroundWindow
GetMessageW
GetClientRect
SystemParametersInfoW
InvalidateRect
GetSystemMetrics
SetWindowPos
SetWindowLongW
GetWindowLongW
ShowWindow
CreateWindowExW
DestroyWindow
PostQuitMessage
MessageBoxW
GetWindowRect
LoadCursorW
SetCursor
LoadStringW
GetClassNameW
FindWindowExW
GetDesktopWindow
PostMessageW
SendMessageW

gdi32

CreateDIBSection
GetDIBColorTable
StretchBlt
CreateCompatibleBitmap
GetObjectW
SetDIBColorTable
DeleteDC
CombineRgn
CreateRectRgn
GetDIBits
BitBlt
GetStockObject
SwapBuffers
ChoosePixelFormat
SetPixelFormat
DeleteObject
CreateCompatibleDC
SelectObject

shell32

ShellExecuteExW
ExtractIconW

ole32

CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocStringLen

msimg32

AlphaBlend
TransparentBlt

Sections

.text
Size: 870KB - Virtual size: 870KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b90b86757a5378c98cfc21a8f9ab2a6

Code Sign

b9:96:6e:a3:1a:f5:75:0f:30:96:8d:04:1d:15:66:9bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

01Certificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

cb:eb:a2:2e:2b:ca:47:cf:ad:4a:6e:2c:f1:23:6b:61:13:ca:14:9fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

awesomium

wininet

glew32

opengl32

gdiplus

glu32

kernel32

user32

gdi32

shell32

ole32

oleaut32

msimg32

Sections

.text Size: 870KB - Virtual size: 870KB

.rdata Size: 214KB - Virtual size: 213KB

.data Size: 9KB - Virtual size: 18KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 48KB - Virtual size: 48KB

b9:96:6e:a3:1a:f5:75:0f:30:96:8d:04:1d:15:66:9b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

01
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

cb:eb:a2:2e:2b:ca:47:cf:ad:4a:6e:2c:f1:23:6b:61:13:ca:14:9f
Signer

.text
Size: 870KB - Virtual size: 870KB

.rdata
Size: 214KB - Virtual size: 213KB

.data
Size: 9KB - Virtual size: 18KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 48KB - Virtual size: 48KB