2024-05-08_08230827f1c75015717f178229d7a625_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-08_08230827f1c75015717f178229d7a625_mafia
Size

964KB
MD5

08230827f1c75015717f178229d7a625
SHA1

49cd159f28d768b31873e9d2067a0385645bb395
SHA256

67cb5766422ee01737d129751893eda268a14a200ac40b56106143c47894a0a8
SHA512

8009c7a224e7faff18b7838ea4a21b71095b4bb706f6c4745122a689e298ed98047f26be5b0a2ab2e8ee3e5545a5012bef2e0db8918d55fe5e4e7bbaa070b910
SSDEEP

24576:rp0Gqy9TMAm5X8e1zGhhGXE5/OJO6n9lf:eGqyNMAmfYP/ORnz

Score

1^/10

Malware Config

Signatures

Files

2024-05-08_08230827f1c75015717f178229d7a625_mafia
.exe windows:5 windows x86 arch:x86

002ae3c1189a69f63df79f752226c5a2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1b:0d:80:05:32:fd:79:5d:f7:0b:4d:24:06:fe:bd
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

30/11/2011, 00:00

Not After

29/11/2013, 23:59

Subject

CN=Searchbloc\, LLC,O=Searchbloc\, LLC,L=Charleston,ST=South Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cb:a8:ae:3f:55:78:07:aa:94:25:0d:1b:e4:db:49:a0:55:a8:9a:81
Signer

Actual PE Digest

cb:a8:ae:3f:55:78:07:aa:94:25:0d:1b:e4:db:49:a0:55:a8:9a:81

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

N:\installers\_pagestylez\sBundlePgHstUpd\live_EN_light\bundlePgsHstUpd_LightEN_live.pdb

Imports

wininet

InternetOpenUrlW
InternetCloseHandle
HttpQueryInfoW
InternetReadFile
InternetOpenW

user32

GetMessageW
TranslateMessage
IsDialogMessageW
DispatchMessageW
EndPaint
PostQuitMessage
FillRect
LoadImageW
BeginPaint
ShowWindow
EnableWindow
SetDlgItemTextW
ClientToScreen
SetCursor
GetWindowRect
LoadCursorW
PtInRect
GetDC
InvalidateRect
ReleaseDC
GetSysColorBrush
CreateWindowExW
GetDialogBaseUnits
MoveWindow
ScreenToClient
SetWindowLongW
SendDlgItemMessageW
GetCursorPos
LoadBitmapW
MessageBoxW
CreateDialogParamW
PostMessageW
GetDlgItem
EndDialog
SendMessageW
GetDlgCtrlID
SetWindowTextW
GetDesktopWindow
wsprintfW

advapi32

RegOpenKeyExW
RegEnumKeyW
RegSetValueW
RegSetValueExW
RegCloseKey
RegCreateKeyW
RegEnumValueW
RegQueryValueW
RegOpenKeyW
RegQueryValueExW

gdi32

CreateSolidBrush
GetTextExtentPoint32W
SetBkMode
DeleteObject
BitBlt
DeleteDC
SelectObject
CreateCompatibleDC
GetObjectW
SetTextColor
CreateFontW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW

comctl32

ImageList_Create
ImageList_Add
InitCommonControlsEx

psapi

GetProcessImageFileNameW
EnumProcesses

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
SetUnhandledExceptionFilter
LCMapStringW
RtlUnwind
GetCPInfo
RaiseException
ExitProcess
GetOEMCP
HeapAlloc
SetLastError
GetStartupInfoW
HeapSetInformation
GetCommandLineW
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedDecrement
IsValidCodePage
GetLocaleInfoW
GetTimeZoneInformation
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CompareStringW
GetCurrentThreadId
HeapCreate
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
SetStdHandle
HeapFree
GetACP
InterlockedIncrement
TerminateProcess
OpenProcess
SetErrorMode
CreateMutexW
CreateThread
SetEnvironmentVariableA
GetProcessHeap
HeapReAlloc
InterlockedCompareExchange
LockResource
SizeofResource
GetModuleHandleW
GetTickCount
Sleep
GetLastError
CreateFileW
CloseHandle
ReadFile
FreeLibrary
GetCurrentProcess
LoadLibraryW
GetProcAddress
GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
QueryPerformanceCounter
UnlockFile
LockFile
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
FormatMessageW
GetVersionExW
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
SystemTimeToFileTime
CreateDirectoryW
SetFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetEnvironmentVariableW
WaitForSingleObject
GetExitCodeProcess
FindResourceW
LoadResource

Sections

.text
Size: 605KB - Virtual size: 604KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

002ae3c1189a69f63df79f752226c5a2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:1b:0d:80:05:32:fd:79:5d:f7:0b:4d:24:06:fe:bdCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

cb:a8:ae:3f:55:78:07:aa:94:25:0d:1b:e4:db:49:a0:55:a8:9a:81Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

user32

advapi32

gdi32

shell32

comctl32

psapi

kernel32

Sections

.text Size: 605KB - Virtual size: 604KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 12KB - Virtual size: 21KB

.rsrc Size: 240KB - Virtual size: 240KB

.reloc Size: 25KB - Virtual size: 25KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:1b:0d:80:05:32:fd:79:5d:f7:0b:4d:24:06:fe:bd
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

cb:a8:ae:3f:55:78:07:aa:94:25:0d:1b:e4:db:49:a0:55:a8:9a:81
Signer

.text
Size: 605KB - Virtual size: 604KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 240KB - Virtual size: 240KB

.reloc
Size: 25KB - Virtual size: 25KB