2024-04-29_92ff0dd39c8057d0876a7f429fbe14be_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-29_92ff0dd39c8057d0876a7f429fbe14be_mafia
Size

3.6MB
MD5

92ff0dd39c8057d0876a7f429fbe14be
SHA1

e1d71398c83bacea280d3df9b36fdb6e7d77e192
SHA256

c99c1deb044a7b263e150caa00900123acbbf0899659bc547e20914dea8c6845
SHA512

3dda9db158a1add9433d924f9a84f9e0c3e3999904c4ceef9358999a377c40daed60522cf52adb8f99eb4dc99260d4d06ca97cd65f1f15eb7fa89128b6d922f8
SSDEEP

98304:sL0+czJQ2bWrRRG8RqWUyI7+/MwLP5bv95OW28k:rJQ2qs+VP5bviW28k

Score

1^/10

Malware Config

Signatures

Files

2024-04-29_92ff0dd39c8057d0876a7f429fbe14be_mafia
.exe windows:5 windows x86 arch:x86

4720e63abf6f9ae21764407283406078

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:b8:79:8e:10:a4:87:10:1d:39:b5:62:2b:da:a3:3c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15/07/2014, 00:00

Not After

12/09/2016, 23:59

Subject

CN=Monster Co.\, Ltd.,OU=Dev. Team,O=Monster Co.\, Ltd.,L=Sungnam-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9e:7a:23:ed:c5:f0:32:fd:20:05:8c:52:0c:a0:12:c0:20:17:e5:68
Signer

Actual PE Digest

9e:7a:23:ed:c5:f0:32:fd:20:05:8c:52:0c:a0:12:c0:20:17:e5:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
closesocket
WSAGetLastError
send
socket
htons
inet_addr
connect
recv
WSACleanup

winmm

PlaySoundA

kernel32

GetStringTypeW
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
IsProcessorFeaturePresent
LCMapStringW
HeapCreate
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTimeZoneInformation
GetDriveTypeW
GetConsoleCP
GetConsoleMode
CompareStringW
GetProcessHeap
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
SizeofResource
LockResource
LoadResource
FindResourceW
IsValidCodePage
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
GetTickCount
FreeLibrary
LocalFree
FormatMessageA
GetLastError
GetProcAddress
LoadLibraryA
ResumeThread
lstrcpyA
WriteProfileStringA
GetDriveTypeA
GetSystemDirectoryA
SetFilePointer
Sleep
GetVersionExA
WritePrivateProfileStringA
GetWindowsDirectoryA
GetPrivateProfileStringA
CloseHandle
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
HeapQueryInformation
HeapSize
GetFileType
SetStdHandle
ExitProcess
CreateThread
ExitThread
HeapReAlloc
VirtualQuery
VirtualAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
RaiseException
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
FindFirstFileExA
RtlUnwind
FindResourceExW
VirtualProtect
SearchPathA
GetProfileIntA
GetNumberFormatA
GetTempPathA
DisconnectNamedPipe
LocalAlloc
lstrlenA
FlushFileBuffers
WriteFile
GetCurrentDirectoryA
GetFileSizeEx
ReadFile
ConnectNamedPipe
CreateNamedPipeA
GetFileAttributesExA
GetTempFileNameA
GetFileTime
GetFileAttributesA
GetACP
GetSystemDirectoryW
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
TlsGetValue
GetPrivateProfileIntA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
GetModuleHandleW
InterlockedExchange
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
DeleteFileA
lstrcmpiA
lstrcmpA
CreateEventA
SetEvent
WaitForSingleObject
SetThreadPriority
GetThreadLocale
InterlockedIncrement
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileA
FindNextFileA
FindClose
FindResourceA
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
LoadLibraryW
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
CopyFileA
GlobalSize
lstrlenW
MultiByteToWideChar
MulDiv
GetSystemInfo
GetModuleFileNameA
CreateToolhelp32Snapshot
Process32First
Process32Next
SuspendThread
SetErrorMode
SetUnhandledExceptionFilter
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
ActivateActCtx
DeactivateActCtx
SetLastError

user32

MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
UnionRect
RegisterClipboardFormatA
GetIconInfo
HideCaret
InvertRect
GetMenuDefaultItem
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFrameControl
DrawIconEx
DrawStateA
SetClassLongA
GetAsyncKeyState
NotifyWinEvent
DestroyAcceleratorTable
SetParent
IsZoomed
MessageBeep
WaitMessage
DeleteMenu
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyIcon
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
TranslateAcceleratorA
SetCapture
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
CopyImage
RealChildWindowFromPoint
UnregisterClassA
GetSysColorBrush
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
DestroyMenu
GetMenuItemInfoA
CharUpperA
MapVirtualKeyA
GetKeyNameTextA
IntersectRect
InflateRect
GetMessageA
TranslateMessage
CharNextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageA
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
ValidateRect
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
GetWindow
EndPaint
BeginPaint
GetWindowDC
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
RemoveMenu
ExitWindowsEx
GetSystemMetrics
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SystemParametersInfoA
DrawAnimatedRects
ShowWindow
EnableScrollBar
ScreenToClient
BringWindowToTop
IsIconic
GetSystemMenu
AppendMenuA
DrawIcon
OffsetRect
GetNextDlgGroupItem
ReleaseCapture
GetCapture
WindowFromPoint
GetWindowLongA
LoadIconW
LoadMenuW
GetSubMenu
IsWindow
SetCursor
DrawEdge
SetRectEmpty
CopyRect
GrayStringA
GetWindowRgn
DestroyCursor
SubtractRect
MapVirtualKeyExA
IsCharLowerA
GetDoubleClickTime
CharUpperBuffA
CopyIcon
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
DrawTextExA
TabbedTextOutA
wsprintfA
PostThreadMessageA
LockWindowUpdate
UpdateWindow
SetWindowsHookExA
PostMessageA
UnhookWindowsHookEx
OpenClipboard
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
CreateMenu
GetWindowTextA
GetKeyState
GetClassInfoA
DefWindowProcA
LoadCursorA
GetCursorPos
GetFocus
RedrawWindow
IsWindowVisible
ClientToScreen
GetWindowRect
PtInRect
FillRect
DrawTextA
GetSysColor
DrawFocusRect
GetParent
GetDC
SendMessageA
LoadImageA
MessageBoxA
EnableWindow
LoadBitmapA
SetWindowRgn
SetRect
SetForegroundWindow
KillTimer
SetTimer
InvalidateRect
ReleaseDC
GetClientRect
LoadBitmapW
IsMenu
MonitorFromWindow
UpdateLayeredWindow

gdi32

CreatePen
RoundRect
SelectClipRgn
GetDeviceCaps
CopyMetaFileA
CreateDCA
SetPolyFillMode
SetROP2
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
Escape
SetPixel
GetBkColor
GetTextColor
CreateRectRgnIndirect
SetRectRgn
GetMapMode
PatBlt
DPtoLP
CreateDIBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
GetRgnBox
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
Rectangle
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceA
SetPixelV
CreateHatchBrush
CreateFontIndirectA
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateFontA
CreateBitmap
CreateCompatibleBitmap
SetBkColor
SaveDC
SetBkMode
SetTextColor
RestoreDC
GetTextExtentPoint32A
CreateRoundRectRgn
CreateSolidBrush
GetStockObject
CreateRectRgn
GetPixel
StretchBlt
CreateDIBSection
SelectObject
CombineRgn
DeleteObject
DeleteDC
BitBlt
CreateCompatibleDC
GetObjectA

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegEnumValueA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA
Shell_NotifyIconA
DragFinish
DragQueryFileA
SHGetDesktopFolder
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHAppBarMessage
SHGetSpecialFolderLocation

comctl32

_TrackMouseEvent
ImageList_GetIconSize

shlwapi

PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW

ole32

StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
CoRevokeClassObject
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CreateStreamOnHGlobal
CoInitializeEx
OleCreateMenuDescriptor
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
OleDuplicateData
OleDestroyMenuDescriptor

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysStringLen
OleCreateFontIndirect
SysAllocStringByteLen
SysFreeString
SysAllocStringLen
VariantInit
VariantChangeType
VarBstrFromDate
SysAllocString
VariantClear

oledlg

ord8

wininet

HttpOpenRequestA
HttpSendRequestA
HttpAddRequestHeadersA
InternetConnectA
InternetOpenA
InternetCheckConnectionA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA

sensapi

IsNetworkAlive

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4720e63abf6f9ae21764407283406078

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6b:b8:79:8e:10:a4:87:10:1d:39:b5:62:2b:da:a3:3cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

9e:7a:23:ed:c5:f0:32:fd:20:05:8c:52:0c:a0:12:c0:20:17:e5:68Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

winmm

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

wininet

sensapi

oleacc

gdiplus

imm32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 299KB - Virtual size: 299KB

.data Size: 25KB - Virtual size: 55KB

.rsrc Size: 1.9MB - Virtual size: 1.8MB

.reloc Size: 184KB - Virtual size: 183KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6b:b8:79:8e:10:a4:87:10:1d:39:b5:62:2b:da:a3:3c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

9e:7a:23:ed:c5:f0:32:fd:20:05:8c:52:0c:a0:12:c0:20:17:e5:68
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 299KB - Virtual size: 299KB

.data
Size: 25KB - Virtual size: 55KB

.rsrc
Size: 1.9MB - Virtual size: 1.8MB

.reloc
Size: 184KB - Virtual size: 183KB