2024-05-02_47478293a95911a9593ea31f579907bf_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-02_47478293a95911a9593ea31f579907bf_mafia
Size

616KB
MD5

47478293a95911a9593ea31f579907bf
SHA1

f405916a4ee4bbdf3476a5230c0c58b6b87d9a1c
SHA256

c61be42904b8177e68677bb1c01197dbab238ef5b69aea4715cd5261fb1e13b4
SHA512

73b217e0f31a919eeb15f9c9c55b6341a9c389d06e6551678e218b8ac1616ce68fbac7449040a6e13c0492c9187b99383998c0e6c88e4fa9abded4280826f650
SSDEEP

12288:P7Ap2n3S5poYUcHu6KvyLdeISEu+U4kM9+:gkS5poYUcdKqwISEJE

Score

1^/10

Malware Config

Signatures

Files

2024-05-02_47478293a95911a9593ea31f579907bf_mafia
.exe windows:5 windows x86 arch:x86

84bc73994adec4b8318467040e7bf94b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:1c:43:a4:1d:4d:dc:80:5a:85:61:c6:9c:ed:a1:82
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/06/2011, 00:00

Not After

15/06/2014, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:27:b7:33:f0:25:76:aa:04:69:e0:e9:68:07:fe:d8:99:59:33:29
Signer

Actual PE Digest

08:27:b7:33:f0:25:76:aa:04:69:e0:e9:68:07:fe:d8:99:59:33:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipDeletePen
GdipDeleteGraphics
GdipCreateFromHDC
GdipReleaseDC
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawImageRectI
GdipCreateHBITMAPFromBitmap
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteFont
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipMeasureString
GdipDrawString
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipLoadImageFromStream
GdipCreatePen1

kernel32

GetCurrentProcess
GetProcAddress
GetModuleHandleW
RaiseException
EnterCriticalSection
LeaveCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
InterlockedIncrement
GetVersionExW
FlushInstructionCache
lstrcpyW
lstrlenW
InterlockedDecrement
FreeLibrary
LoadLibraryW
GetModuleFileNameW
GetFullPathNameW
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
GetLocalTime
MultiByteToWideChar
WideCharToMultiByte
FreeResource
CloseHandle
WriteFile
CreateFileW
GetCurrentThreadId
SetLastError
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetPrivateProfileStringW
GetUserDefaultLCID
GetFileSize
GlobalFree
CreateMutexW
lstrcmpiW
LoadLibraryExW
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetDateFormatW
ExitThread
ResumeThread
CreateThread
GetCommandLineW
HeapSetInformation
GetLocaleInfoW
GetLocaleInfoA
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCPInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetACP
GetOEMCP
IsValidCodePage
Sleep
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapCreate
ExitProcess
GetStdHandle
LCMapStringW
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetFilePointer
GetConsoleCP
GetConsoleMode
InterlockedExchange
GetTimeFormatW
SetStdHandle
WriteConsoleW
FlushFileBuffers
CompareStringW
SetEnvironmentVariableA
RtlUnwind
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
LocalAlloc
ReadFile
LoadLibraryA

user32

keybd_event
WindowFromPoint
FindWindowW
GetClassInfoExW
GetDC
UpdateLayeredWindow
PostMessageW
LoadCursorW
SetCursor
IsDialogMessageW
ClientToScreen
GetKeyState
GetCursorPos
IsWindowEnabled
DrawTextW
CallWindowProcW
GetFocus
SetRectEmpty
GetSystemMetrics
InflateRect
OffsetRect
GetClassLongW
IsRectEmpty
GetSysColor
ReleaseDC
GetWindowDC
EndPaint
BeginPaint
FillRect
InvalidateRect
GetWindowTextLengthW
GetWindowPlacement
GetWindowTextW
DispatchMessageW
SystemParametersInfoW
MessageBeep
LoadImageW
LoadStringW
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
IsWindow
MessageBoxW
GetDlgItem
GetParent
RegisterWindowMessageW
CreateAcceleratorTableW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseCapture
GetClassNameW
IsChild
SetCapture
InvalidateRgn
CharNextW
CreateDialogParamW
RegisterClassExW
GetSubMenu
FindWindowExW
PostQuitMessage
TrackPopupMenu
DestroyMenu
MonitorFromPoint
LoadMenuW
SetForegroundWindow
PeekMessageW
GetMessageW
MapVirtualKeyW
TranslateMessage
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
SetFocus
EnableWindow
KillTimer
SetTimer
RedrawWindow
IsWindowVisible
ShowWindow
ScreenToClient
GetWindowRect
SendMessageW
SetWindowTextW
GetWindowLongW
DestroyWindow
CreateWindowExW
SetWindowLongW
EqualRect
PtInRect
CopyRect
UnregisterClassA
SetMenuItemBitmaps
DefWindowProcW
CheckMenuItem
MoveWindow

gdi32

CreateSolidBrush
GetDeviceCaps
GetObjectW
GetObjectA
BitBlt
DeleteDC
CreateCompatibleBitmap
SetViewportOrgEx
SelectObject
CreateCompatibleDC
SetBkColor
ExtTextOutW
CombineRgn
CreateRectRgnIndirect
ExcludeClipRect
CreateFontIndirectW
GetStockObject
DeleteObject

advapi32

RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
GetUserNameW
RegDeleteValueW
RegFlushKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteW

ole32

CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoInitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CoTaskMemAlloc
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemRealloc
CoTaskMemFree
OleRun

oleaut32

GetErrorInfo
VarUI4FromStr
DispCallFunc
VarUdateFromDate
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear
VariantChangeType
VariantInit
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString

shlwapi

PathFileExistsW
PathAppendW

comctl32

InitCommonControlsEx

wininet

InternetOpenUrlW
InternetOpenW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84bc73994adec4b8318467040e7bf94b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

6e:1c:43:a4:1d:4d:dc:80:5a:85:61:c6:9c:ed:a1:82Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

08:27:b7:33:f0:25:76:aa:04:69:e0:e9:68:07:fe:d8:99:59:33:29Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

Sections

.text Size: 234KB - Virtual size: 234KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 17KB - Virtual size: 27KB

.rsrc Size: 289KB - Virtual size: 288KB

.reloc Size: 21KB - Virtual size: 21KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

6e:1c:43:a4:1d:4d:dc:80:5a:85:61:c6:9c:ed:a1:82
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

08:27:b7:33:f0:25:76:aa:04:69:e0:e9:68:07:fe:d8:99:59:33:29
Signer

.text
Size: 234KB - Virtual size: 234KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 17KB - Virtual size: 27KB

.rsrc
Size: 289KB - Virtual size: 288KB

.reloc
Size: 21KB - Virtual size: 21KB