2024-04-27_98ce0f6e9e39ef1e9938176d5ef17f3f_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-27_98ce0f6e9e39ef1e9938176d5ef17f3f_mafia
Size

309KB
MD5

98ce0f6e9e39ef1e9938176d5ef17f3f
SHA1

a977c36974af6dbeebe64d6b6e9dea1c7f6ffa46
SHA256

03b5d8c19e02a24f606b757d4201b01df4179dea90a6dc90133ea5226b14c25c
SHA512

c70450b36fb236f13ed6d55ed5bbe2fa8abe6cb6f4c8eec46e60c480cd3dc9a3467301cd9f4736c15710f08097a400458d2b4b6f0d5807837a029eeeeea3cd4e
SSDEEP

6144:/J7aBi/ZwbIevcIingp42R+phgvakfear9vXglx:/lLwUbIQgp42R+phjkh4lx

Score

1^/10

Malware Config

Signatures

Files

2024-04-27_98ce0f6e9e39ef1e9938176d5ef17f3f_mafia
.exe windows:5 windows x86 arch:x86

af5722d283dd785d62f0c681ad9e2302

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:68:49:df:7b:ac:b6:3e:4e:a7:21:08:69:b5:71:77
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/10/2012, 00:00

Not After

08/10/2014, 23:59

Subject

CN=Techinline Limited,O=Techinline Limited,POSTALCODE=RG7 8NN,STREET=Calleva Park+STREET=5 Jupiter House,L=Aldermaston Reading,ST=Berkshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

18:a8:27:20:99:69:9a:74:80:f4:c0:5e:bc:13:6b:85:75:73:65:1e
Signer

Actual PE Digest

18:a8:27:20:99:69:9a:74:80:f4:c0:5e:bc:13:6b:85:75:73:65:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\CCNET\2.6.5.0\TIRD_Client\CoreLauncher\Client\Release\TIClientCoreLauncher.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameA
EnumProcesses

shlwapi

PathFileExistsW
SHGetValueA
SHSetValueA
SHDeleteValueA

kernel32

GetCurrentProcessId
ExitProcess
SetEvent
CreateEventA
ResetEvent
SetProcessShutdownParameters
CreateDirectoryW
WaitForSingleObject
OpenProcess
Sleep
CopyFileW
GetTempPathW
OpenEventA
GetProcessShutdownParameters
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
ProcessIdToSessionId
OpenFileMappingA
InterlockedIncrement
GetEnvironmentVariableW
Process32First
GetPrivateProfileStringW
WaitNamedPipeW
CloseHandle
GetVersionExW
GetFileAttributesW
ReadFile
WritePrivateProfileStringW
Process32Next
CreateToolhelp32Snapshot
GetWindowsDirectoryW
DeleteFileW
SetFileAttributesW
CreateFileA
SetNamedPipeHandleState
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
GetStdHandle
LCMapStringW
TlsFree
IsValidCodePage
MultiByteToWideChar
CreateFileW
WriteFile
SetFilePointer
GetFileSize
GetVersionExA
lstrcpyW
WriteConsoleW
LocalFree
LocalAlloc
GetCurrentProcess
GetModuleFileNameW
GetModuleHandleW
GetCurrentThreadId
DeleteCriticalSection
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetLocalTime
EnterCriticalSection
GetProcAddress
SetLastError
GetLastError
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
FreeLibrary
GetConsoleCP
GetConsoleMode
LoadLibraryW
GetStringTypeW
SetStdHandle
FlushFileBuffers
GetOEMCP
GetACP
InterlockedDecrement
GetCPInfo
RtlUnwind
IsBadWritePtr
IsBadReadPtr
IsBadStringPtrW
IsBadStringPtrA
ResumeThread
TlsGetValue
TlsAlloc
TlsSetValue
RaiseException
WideCharToMultiByte
FormatMessageA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
InitializeCriticalSectionAndSpinCount

user32

SendMessageA
SetThreadDesktop
PostMessageA
GetSystemMetrics
GetThreadDesktop
OpenDesktopA
IsWindow
OpenWindowStationA
SetProcessWindowStation
GetUserObjectInformationA
GetForegroundWindow
ExitWindowsEx
CloseDesktop

advapi32

RegCreateKeyExW
RegOpenKeyExA
LsaFreeMemory
LsaRetrievePrivateData
LsaNtStatusToWinError
LsaStorePrivateData
LsaClose
LsaOpenPolicy
AdjustTokenPrivileges
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
RegCreateKeyExA
LookupPrivilegeValueA
RegDeleteKeyA
LogonUserW
OpenProcessToken
SetKernelObjectSecurity
SetServiceStatus
RegisterServiceCtrlHandlerExA
StartServiceCtrlDispatcherA
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueA
RegQueryValueExW
RegQueryValueExA
RegSetValueExA
FreeSid
AllocateAndInitializeSid
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA

shell32

ShellExecuteExW

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af5722d283dd785d62f0c681ad9e2302

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

6f:68:49:df:7b:ac:b6:3e:4e:a7:21:08:69:b5:71:77Certificate

Extended Key Usages

Key Usages

18:a8:27:20:99:69:9a:74:80:f4:c0:5e:bc:13:6b:85:75:73:65:1eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

psapi

shlwapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 216KB - Virtual size: 216KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 6KB - Virtual size: 1.0MB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 21KB - Virtual size: 21KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

6f:68:49:df:7b:ac:b6:3e:4e:a7:21:08:69:b5:71:77
Certificate

18:a8:27:20:99:69:9a:74:80:f4:c0:5e:bc:13:6b:85:75:73:65:1e
Signer

.text
Size: 216KB - Virtual size: 216KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 6KB - Virtual size: 1.0MB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 21KB - Virtual size: 21KB