2024-05-05_88daa0b83cc7c6a0e407ebc666d723ec_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-05_88daa0b83cc7c6a0e407ebc666d723ec_mafia
Size

20.0MB
MD5

88daa0b83cc7c6a0e407ebc666d723ec
SHA1

36d014c84267e20eb8d9da442235e1a6b117543d
SHA256

180fa7fb82acfdc15856a5e18c588c7fc8c47b9e3cf296eac22b798dbaea23ac
SHA512

0f78e7b3aea064cd6f59ac018a2a9387643aa2dab31f3898d0a54a151094c32ce5236c5095642e842985b17b4a758e8b20a9662749a08b3498ca4715a17c9803
SSDEEP

393216:Ue2ZMkfWccpXeD9a2JW4BfWFDfEUjUNeDvVBy74wQo:Ue2ZMkOccJe5a25BsTPOeho74m

Score

1^/10

Malware Config

Signatures

Files

2024-05-05_88daa0b83cc7c6a0e407ebc666d723ec_mafia
.exe windows:5 windows x86 arch:x86

43cc10f4e651ecdb673fe962f8752edb

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c9:c1:4e:27:09:bd:cb:98:b1:5e:08:e4:af:94:31:d7
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/06/2012, 00:00

Not After

25/06/2013, 23:59

Subject

CN=3Planesoft,O=3Planesoft,POSTALCODE=160012,STREET=74 Sovetski prospekt,L=Vologda,ST=Vologda region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fb:fc:ab:22:5b:66:cc:98:f3:d6:45:89:18:74:70:95:b0:54:34:a7
Signer

Actual PE Digest

fb:fc:ab:22:5b:66:cc:98:f3:d6:45:89:18:74:70:95:b0:54:34:a7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeEndPeriod
mmioDescend
mmioRead
mmioAscend
timeBeginPeriod
mmioClose
mmioSeek
timeGetDevCaps
timeGetTime
mmioGetInfo
mmioOpenA
mmioSetInfo
mmioAdvance

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

CreateFileW
UnmapViewOfFile
SizeofResource
FindResourceW
HeapFree
InterlockedIncrement
GetProcAddress
MultiByteToWideChar
LoadLibraryW
FreeLibrary
FreeResource
CreateFileMappingA
CreateMutexA
GetModuleHandleA
GetModuleFileNameA
LockResource
GetLastError
GetSystemDirectoryA
MapViewOfFile
GetFileSize
LoadLibraryA
GetVersionExA
IsProcessorFeaturePresent
WideCharToMultiByte
WriteFile
HeapValidate
CreateFileA
ReadFile
DeleteFileA
InterlockedDecrement
CreateProcessA
GetVolumeInformationA
GetCommandLineA
GetDateFormatA
GetWindowsDirectoryA
WaitForSingleObject
SetUnhandledExceptionFilter
GetProcessHeap
CloseHandle
GetModuleHandleExA
FormatMessageA
VirtualProtect
LoadResource
SetErrorMode
VirtualQuery
VirtualFree
VirtualAlloc
GetThreadTimes
SetEnvironmentVariableA
WriteConsoleW
GetTimeZoneInformation
GetDriveTypeW
FlushFileBuffers
IsValidLocale
GetCurrentProcessId
GetTickCount
GetEnvironmentStringsW
FindResourceA
MoveFileA
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetTimeFormatA
lstrcpyA
InterlockedExchangeAdd
InterlockedExchange
Sleep
GetFileInformationByHandle
GetSystemInfo
SetFilePointer
SetEndOfFile
GetFileType
GetLocaleInfoA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnumSystemLocalesA
EnterCriticalSection
GetStringTypeW
LCMapStringW
CompareStringW
GetLocaleInfoW
LCMapStringA
GetCPInfo
GetUserDefaultLCID
GetStringTypeExA
InterlockedCompareExchange
CreateDirectoryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocalTime
GetCurrentProcess
GetFileAttributesA
FindFirstFileA
FindClose
EnumResourceNamesA
EnumResourceTypesA
SetEvent
GetExitCodeProcess
lstrcatA
OpenEventA
SetSystemPowerState
GetDevicePowerState
lstrlenA
CreateThread
ResumeThread
SuspendThread
TerminateThread
LocalAlloc
LocalFree
LocalLock
LocalUnlock
EncodePointer
DecodePointer
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetSystemTimeAsFileTime
GetModuleHandleW
ExitProcess
HeapAlloc
HeapSetInformation
GetStartupInfoW
RtlUnwind
RaiseException
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
SetStdHandle
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapSize
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
GetModuleFileNameW
HeapCreate
GetFullPathNameA
PeekNamedPipe
GetCurrentDirectoryW
GetACP
GetOEMCP
IsValidCodePage

user32

GetCursorPos
GetDesktopWindow
RegisterWindowMessageA
SetForegroundWindow
GetKeyState
TrackPopupMenu
CreatePopupMenu
AppendMenuA
PostMessageA
LoadStringA
SetCursorPos
ShowCursor
SetTimer
DispatchMessageA
PeekMessageA
TranslateMessage
CreateWindowExA
DestroyWindow
GetWindowLongA
SendMessageA
GetClientRect
ScreenToClient
LoadImageA
ShowWindow
MessageBoxA
SystemParametersInfoA
LoadCursorA
GetSystemMetrics
LoadIconA
RegisterClassA
AdjustWindowRect
CloseWindow
EnumDisplayDevicesA
EnumDisplaySettingsA
MonitorFromRect
PostQuitMessage
DefWindowProcA
GetClassLongA
FindWindowA
FindWindowExA
GetWindowDC
ReleaseDC
PrintWindow
GetSysColor
SetSysColors
InvalidateRect
wsprintfA
SetWindowPos
EndDialog
DialogBoxParamA
GetIconInfo
GetDC
DestroyMenu
UpdateWindow
SetCursor
GetWindowRect

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
DeleteDC
DeleteObject
GetObjectA
SetDIBits
BitBlt
GetDIBits
GetStockObject

advapi32

RegEnumKeyA
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegFlushKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
ShellExecuteA

msimg32

TransparentBlt

ddraw

DirectDrawCreateEx

d3d8

Direct3DCreate8

dinput8

DirectInput8Create

powrprof

CallNtPowerInformation
GetCurrentPowerPolicies
SetSuspendState

dsound

ord11
ord2

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocStringLen

Exports

Exports

luaJIT_setmode
luaJIT_version_2_0_0
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_execresult
luaL_fileresult
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadbufferx
luaL_loadfile
luaL_loadfilex
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_traceback
luaL_typerror
luaL_unref
luaL_where
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_loadx
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_upvalueid
lua_upvaluejoin
lua_xmove
lua_yield
luaopen_base
luaopen_ffi
luaopen_math
luaopen_os
luaopen_string
luaopen_table

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 458KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

STLPORT_
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17.1MB - Virtual size: 17.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43cc10f4e651ecdb673fe962f8752edb

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

c9:c1:4e:27:09:bd:cb:98:b1:5e:08:e4:af:94:31:d7Certificate

Extended Key Usages

Key Usages

fb:fc:ab:22:5b:66:cc:98:f3:d6:45:89:18:74:70:95:b0:54:34:a7Signer

Headers

DLL Characteristics

File Characteristics

Imports

winmm

version

kernel32

user32

gdi32

advapi32

shell32

msimg32

ddraw

d3d8

dinput8

powrprof

dsound

ole32

oleaut32

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 458KB - Virtual size: 458KB

.data Size: 67KB - Virtual size: 358KB

.data1 Size: 2KB - Virtual size: 2KB

STLPORT_ Size: 512B - Virtual size: 32B

.rsrc Size: 17.1MB - Virtual size: 17.1MB

.reloc Size: 224KB - Virtual size: 223KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

c9:c1:4e:27:09:bd:cb:98:b1:5e:08:e4:af:94:31:d7
Certificate

fb:fc:ab:22:5b:66:cc:98:f3:d6:45:89:18:74:70:95:b0:54:34:a7
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 458KB - Virtual size: 458KB

.data
Size: 67KB - Virtual size: 358KB

.data1
Size: 2KB - Virtual size: 2KB

STLPORT_
Size: 512B - Virtual size: 32B

.rsrc
Size: 17.1MB - Virtual size: 17.1MB

.reloc
Size: 224KB - Virtual size: 223KB