2024-04-29_c97a7b81bc5adba76ffa05e3ec254f3c_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-29_c97a7b81bc5adba76ffa05e3ec254f3c_mafia
Size

9.3MB
MD5

c97a7b81bc5adba76ffa05e3ec254f3c
SHA1

d5e628994b6acec55f4d10959d5eeb04a98029fa
SHA256

c453073a9ce5096d3b68a6694264b4e6014bd8cc9c16c54af20c86ba094f5124
SHA512

ef8d16f3a68bbbb28f1a61f05462c5bd59a3cde8ef94afe7922eb9d286ce2a00566161a2e753d070df62f2e196370d9a2faff9af72f2e3e0691da2a9be3d7b39
SSDEEP

196608:mmlwPIK/3t92JrQlBxTAUxrFB7Y7RzmH9BT768g:9aLxTJfB7Y7Rzmdc8g

Score

1^/10

Malware Config

Signatures

Files

2024-04-29_c97a7b81bc5adba76ffa05e3ec254f3c_mafia
.exe windows:5 windows x86 arch:x86

9582c4e0e4986f804fa1c8a5f94b3b01

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5e:48:42:ac:96:91:63:0b:45:f8:26:6c:0a:db:12:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/03/2012, 00:00

Not After

13/04/2014, 23:59

Subject

CN=WinZip Computing,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=WinZip Computing,L=Mansfield,ST=Connecticut,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a6:6b:7b:86:3a:73:e6:49:b8:3a:d9:b5:80:77:9f:4b:f2:70:2d:9a
Signer

Actual PE Digest

a6:6b:7b:86:3a:73:e6:49:b8:3a:d9:b5:80:77:9f:4b:f2:70:2d:9a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

winzip32.pdb

Imports

kernel32

SetFilePointer
SetEndOfFile
GetVolumeInformationW
GlobalFindAtomW
GlobalAddAtomW
MoveFileExW
GetVersion
InterlockedDecrement
GetCommandLineW
GetModuleFileNameW
GetLastError
GetFullPathNameW
GlobalSize
RemoveDirectoryW
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
GetProfileStringW
IsBadReadPtr
IsBadWritePtr
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryExW
CreateDirectoryW
GetFileSize
ReadFile
GlobalReAlloc
GlobalLock
GlobalUnlock
GlobalFree
GlobalAlloc
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
DuplicateHandle
CreateSemaphoreA
CreateSemaphoreW
GetProcessAffinityMask
CreateHardLinkW
WriteFile
IsDBCSLeadByte
AreFileApisANSI
IsDBCSLeadByteEx
GetFileAttributesExW
CompareStringA
LoadLibraryA
GetVersionExA
GetDriveTypeW
GetFileAttributesA
SetFileAttributesA
DeleteFileA
GetTempPathA
GetCurrentDirectoryA
CompareFileTime
FormatMessageA
GetComputerNameA
lstrcmpiW
OpenProcess
GlobalHandle
SetThreadPriority
lstrcmpW
FlushInstructionCache
GetSystemInfo
InitializeCriticalSection
InterlockedCompareExchange
GetTimeFormatA
GetDateFormatA
FileTimeToDosDateTime
DosDateTimeToFileTime
SystemTimeToFileTime
UnlockFile
LockFile
GetTempFileNameW
QueryPerformanceFrequency
GetShortPathNameW
SetVolumeLabelW
DeviceIoControl
ReleaseSemaphore
ExpandEnvironmentStringsW
GetPrivateProfileIntW
GetEnvironmentVariableW
GetTempPathW
GetWindowsDirectoryW
GetSystemDirectoryW
GetPrivateProfileStringW
SetEnvironmentVariableA
CreateFileA
HeapReAlloc
SetStdHandle
WriteConsoleW
GetTimeZoneInformation
GetFullPathNameA
InterlockedExchange
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
HeapSize
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
FindFirstFileExW
ExitThread
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
GetLogicalDrives
GlobalMemoryStatus
WaitForSingleObject
CreateEventW
GetModuleHandleW
GetVersionExW
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetComputerNameW
SetLastError
FormatMessageW
Sleep
GetBinaryTypeW
ExitProcess
HeapFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FindResourceA
SearchPathW
CopyFileExW
FreeResource
SetErrorMode
FileTimeToSystemTime
GetFileType
LocalFileTimeToFileTime
SetFileTime
GetSystemTime
OutputDebugStringW
CreateProcessW
MoveFileW
LoadLibraryW
EnumResourceNamesW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WritePrivateProfileStringW
MulDiv
WriteProfileStringA
GetPrivateProfileStringA
GetUserDefaultUILanguage
SetThreadUILanguage
FlushFileBuffers
CompareStringW
SuspendThread
ResumeThread
GetDiskFreeSpaceW
GetLocaleInfoW
OpenEventW
ResetEvent
GetProcessHeap
IsProcessorFeaturePresent
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
GetCurrentThread
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetCurrentProcess
HeapAlloc
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentDirectoryW
SetEnvironmentVariableW
InterlockedIncrement
VirtualQuery
RaiseException
RtlUnwind
EncodePointer
DecodePointer
GetStartupInfoW
HeapSetInformation
MultiByteToWideChar
FindResourceExW
GetSystemDefaultUILanguage
lstrlenW
LocalFree
CreateFileW
CreateThread
GetFileAttributesW
SetFileAttributesW
SetCurrentDirectoryW
SetEvent
CloseHandle
CreateEventA
GlobalMemoryStatusEx
GetACP
GetProcAddress
FreeLibrary
GetLongPathNameW
GetTickCount

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyW
StartServiceW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegDeleteKeyW
RegEnumKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegQueryValueW
RegOpenKeyW
RegSetValueW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegEnumKeyExW
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
CryptAcquireContextA
GetUserNameW
RegSetValueExA
RegQueryValueExA
CryptGenRandom
CryptEnumProvidersA
CryptGetProvParam
CryptExportKey
CryptDestroyKey
CryptGetUserKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
CryptVerifySignatureW

user32

GetDlgItem
ShowWindow
DestroyWindow
UnregisterClassA
SetTimer
PtInRect
SetDlgItemInt
EnableWindow
KillTimer
PostMessageW
CallWindowProcW
DrawFocusRect
DrawTextW
SendMessageW
GetSysColorBrush
GetSysColor
CharToOemA
OemToCharA
OemToCharBuffA
UpdateWindow
InvalidateRect
GetWindowRect
GetCursorPos
GetClientRect
GetParent
EndPaint
BeginPaint
LoadBitmapW
IsWindow
ScreenToClient
GetActiveWindow
GetWindow
SetWindowPos
SystemParametersInfoW
SetWindowLongW
SetFocus
SendDlgItemMessageW
LoadIconW
GetLastActivePopup
MoveWindow
IsWindowVisible
IsWindowEnabled
EndDialog
GetClassNameW
GetSystemMetrics
ReleaseDC
GetDC
IsIconic
DispatchMessageW
UnregisterClassW
LoadMenuW
RemoveMenu
CreateMenu
MapDialogRect
IntersectRect
LoadStringW
PostQuitMessage
SetWindowPlacement
GetMessageW
LoadStringA
SetScrollInfo
IsDialogMessageW
DefWindowProcW
SetParent
SetMenuDefaultItem
AppendMenuW
GetMenuState
GetIconInfo
DrawIconEx
CheckMenuRadioItem
GetMenuItemCount
GetMenuStringW
GetDlgCtrlID
GetCapture
TrackPopupMenu
DestroyIcon
LoadImageW
InvalidateRgn
GetScrollInfo
InflateRect
UnhookWindowsHook
SetWindowsHookW
GetSubMenu
GetMenu
RegisterClassW
BringWindowToTop
FindWindowW
EnumChildWindows
SetCapture
ReleaseCapture
WindowFromPoint
DestroyCursor
GetAsyncKeyState
FlashWindow
GetSystemMenu
EnableMenuItem
GetDlgItemTextW
CheckRadioButton
SetWindowTextW
RegisterClipboardFormatW
GetClipboardFormatNameW
ClientToScreen
CreatePopupMenu
IsClipboardFormatAvailable
TrackPopupMenuEx
DestroyMenu
GetClassInfoW
GetWindowTextLengthW
CheckMenuItem
SetMenu
TranslateAcceleratorW
TranslateMessage
MessageBoxW
SetPropW
RemovePropW
GetPropW
SetActiveWindow
GetDlgItemInt
GetMessagePos
IsRectEmpty
LoadCursorW
DeferWindowPos
DrawFrameControl
RedrawWindow
BeginDeferWindowPos
PeekMessageW
SetCursor
CharToOemBuffW
CharUpperW
CharLowerW
MessageBoxIndirectW
GetClipboardData
SendDlgItemMessageA
CreateDialogIndirectParamW
DialogBoxParamW
DialogBoxIndirectParamW
GetMenuItemInfoW
MonitorFromRect
MonitorFromPoint
GetMonitorInfoW
CreateAcceleratorTableW
DestroyAcceleratorTable
CharNextW
RegisterClassExW
GetClassInfoExW
IsCharAlphaNumericA
EndDeferWindowPos
IsZoomed
GetWindowPlacement
SetRectEmpty
ValidateRect
SetRect
FillRect
GetForegroundWindow
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
GetWindowLongW
GetDlgItemTextA
CloseClipboard
EnumWindows
OpenClipboard
GetDesktopWindow
DeleteMenu
DrawMenuBar
ModifyMenuW
InsertMenuW
IsMenu
SetForegroundWindow
MsgWaitForMultipleObjects
GetWindowDC
GetKeyState
CreateWindowExW
ChildWindowFromPoint
GetFocus
IsChild
MessageBeep
RegisterWindowMessageW
CheckDlgButton
SetDlgItemTextW
FindWindowExW
IsDlgButtonChecked
GetWindowTextW
IsCharAlphaNumericW

gdi32

UpdateColors
SelectPalette
RealizePalette
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetBkColor
PolyPolygon
GetTextExtentExPointW
GetDeviceCaps
CreateFontIndirectW
SetPolyFillMode
GetTextExtentPoint32W
GetObjectW
CreatePen
SelectObject
GetStockObject
Rectangle
MoveToEx
LineTo
SetBkColor
SetTextColor
DeleteObject
CreateDIBitmap
GetDIBits
CreateDCW
GetPixel
CreateDIBSection
GetCurrentObject
ExtTextOutW
GetTextExtentPointW
SetTextAlign
DPtoLP
TextOutW
SetAbortProc
StartDocW
SetViewportOrgEx
StartPage
EndPage
EndDoc
GetTextMetricsW
Escape
SetMapMode
SaveDC
CreatePatternBrush
PatBlt
RestoreDC
CreateBitmap
GetCharWidth32W
GetMapMode
CreatePalette
CreateSolidBrush
DeleteDC

comdlg32

PrintDlgW
ChooseFontW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

wininet

InternetAutodial
InternetCrackUrlA
InternetTimeFromSystemTimeW
InternetWriteFile
FtpCommandW
FtpDeleteFileW
FtpOpenFileW
InternetGetConnectedState
InternetOpenW
InternetConnectW
InternetGetLastResponseInfoW
FtpCreateDirectoryW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpFindFirstFileW
InternetFindNextFileW
InternetCloseHandle
HttpSendRequestA
InternetSetOptionW
InternetCrackUrlW
InternetQueryOptionW
HttpQueryInfoW
InternetReadFile
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW

iphlpapi

GetAdaptersInfo

msimg32

AlphaBlend

wzeay32

ord484
ord492
ord943
ord1882
ord501
ord67

psapi

EnumProcessModules
GetModuleFileNameExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shell32

SHChangeNotify
SHGetDesktopFolder
DragAcceptFiles
SHGetFileInfoW
DragFinish
DragQueryPoint
SHBindToParent
SHGetMalloc
SHGetFolderPathW
SHGetPathFromIDListW
ShellExecuteExW
ord18
ord21
ord155
FindExecutableW
ShellExecuteW
SHAddToRecentDocs
DragQueryFileW
SHFileOperationW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
PropVariantCopy
PropVariantClear
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromProgID
OleRun
OleLockRunning
CoCreateGuid
CoGetClassObject
CLSIDFromString
OleUninitialize
OleInitialize
StringFromGUID2
CoGetMalloc
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
DoDragDrop
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CreateStreamOnHGlobal
CoInitialize
CoUninitialize

oleaut32

VarDecFromR8
VarR8FromDec
SafeArrayGetElement
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayDestroy
SafeArrayCopy
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
DispCallFunc
SysAllocStringLen
SysStringLen
VariantInit
SysAllocString
SysFreeString
VariantClear

comctl32

ImageList_Create
ImageList_Add
ImageList_Draw
ImageList_Replace
ImageList_Destroy
ImageList_Remove
ImageList_GetImageCount
PropertySheetW
ImageList_SetBkColor
ord17
ImageList_GetIconSize
ImageList_AddMasked
ImageList_ReplaceIcon

shlwapi

SHStrDupW
PathIsUNCW
ord176
StrRetToStrW
SHGetValueW

ws2_32

ioctlsocket
ntohs
inet_ntoa
inet_addr
WSAStartup
htons
select
__WSAFDIsSet
closesocket
shutdown
WSAGetLastError
send
recv
getsockname
bind
gethostbyname
socket
connect
gethostname
setsockopt

crypt32

CryptProtectData
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
CertSetCertificateContextProperty
CertGetSubjectCertificateFromStore
CertNameToStrW
CryptDecodeObject
CertGetCertificateContextProperty
CertCreateCertificateContext
CryptMsgControl
CryptMsgGetParam
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptDecryptMessage
CryptSignMessage
CryptEncodeObject
CryptVerifyMessageSignature
CryptVerifyDetachedMessageSignature
CryptEncryptMessage
CryptImportPublicKeyInfo
CryptUnprotectData

rpcrt4

UuidCreate

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9582c4e0e4986f804fa1c8a5f94b3b01

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5e:48:42:ac:96:91:63:0b:45:f8:26:6c:0a:db:12:06Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a6:6b:7b:86:3a:73:e6:49:b8:3a:d9:b5:80:77:9f:4b:f2:70:2d:9aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

comdlg32

wininet

iphlpapi

msimg32

wzeay32

psapi

version

shell32

ole32

oleaut32

comctl32

shlwapi

ws2_32

crypt32

rpcrt4

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 164KB - Virtual size: 367KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 3.1MB - Virtual size: 3.1MB

.reloc Size: 419KB - Virtual size: 418KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5e:48:42:ac:96:91:63:0b:45:f8:26:6c:0a:db:12:06
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a6:6b:7b:86:3a:73:e6:49:b8:3a:d9:b5:80:77:9f:4b:f2:70:2d:9a
Signer

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 164KB - Virtual size: 367KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 419KB - Virtual size: 418KB