2024-05-17_fe18d043126b4dff8e53556d05ee231d_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-17_fe18d043126b4dff8e53556d05ee231d_mafia
Size

310KB
MD5

fe18d043126b4dff8e53556d05ee231d
SHA1

fea42de234f278c6975fbbdf74269c7a7ff62161
SHA256

a9b3e25e0986ec12fd476dd4a16609df0f1b13b706d2217ffede80164cf72781
SHA512

e463d01ea42ba24d2e1ff85d5cabf21839ae3efd01a176016b7a90f63c765f3ad63d7bd3e60bb79a2219233388651592dfbef9aab3fce39eeb09851bab2c265a
SSDEEP

6144:RPKCNy00w/SM6qkB4LTTsTpsimvR6KzfemuA:RP2wqUkGLTTsTps56KzqA

Score

1^/10

Malware Config

Signatures

Files

2024-05-17_fe18d043126b4dff8e53556d05ee231d_mafia
.exe windows:5 windows x86 arch:x86

af5722d283dd785d62f0c681ad9e2302

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:68:49:df:7b:ac:b6:3e:4e:a7:21:08:69:b5:71:77
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/10/2012, 00:00

Not After

08/10/2014, 23:59

Subject

CN=Techinline Limited,O=Techinline Limited,POSTALCODE=RG7 8NN,STREET=Calleva Park+STREET=5 Jupiter House,L=Aldermaston Reading,ST=Berkshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

45:18:52:c5:b7:ea:a8:f3:39:dd:f0:8e:5f:8b:df:66:e5:87:a2:08
Signer

Actual PE Digest

45:18:52:c5:b7:ea:a8:f3:39:dd:f0:8e:5f:8b:df:66:e5:87:a2:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\CCNET\2.6.3.0\TIRD_Client\CoreLauncher\Client\Release\TIClientCoreLauncher.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameA
EnumProcesses

shlwapi

PathFileExistsW
SHGetValueA
SHSetValueA
SHDeleteValueA

kernel32

GetCurrentProcessId
ExitProcess
SetEvent
CreateEventA
ResetEvent
SetProcessShutdownParameters
CreateDirectoryW
WaitForSingleObject
OpenProcess
Sleep
CopyFileW
GetTempPathW
OpenEventA
GetProcessShutdownParameters
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
ProcessIdToSessionId
OpenFileMappingA
InterlockedIncrement
GetEnvironmentVariableW
Process32First
GetPrivateProfileStringW
WaitNamedPipeW
CloseHandle
GetVersionExW
GetFileAttributesW
ReadFile
WritePrivateProfileStringW
Process32Next
CreateToolhelp32Snapshot
GetWindowsDirectoryW
DeleteFileW
SetFileAttributesW
CreateFileA
SetNamedPipeHandleState
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
GetStdHandle
LCMapStringW
TlsFree
IsValidCodePage
MultiByteToWideChar
CreateFileW
WriteFile
SetFilePointer
GetFileSize
GetVersionExA
lstrcpyW
WriteConsoleW
LocalFree
LocalAlloc
GetCurrentProcess
GetModuleFileNameW
GetModuleHandleW
GetCurrentThreadId
DeleteCriticalSection
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetLocalTime
EnterCriticalSection
GetProcAddress
SetLastError
GetLastError
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
FreeLibrary
GetConsoleCP
GetConsoleMode
LoadLibraryW
GetStringTypeW
SetStdHandle
FlushFileBuffers
GetOEMCP
GetACP
InterlockedDecrement
GetCPInfo
RtlUnwind
IsBadWritePtr
IsBadReadPtr
IsBadStringPtrW
IsBadStringPtrA
ResumeThread
TlsGetValue
TlsAlloc
TlsSetValue
RaiseException
WideCharToMultiByte
FormatMessageA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
InitializeCriticalSectionAndSpinCount

user32

SendMessageA
SetThreadDesktop
PostMessageA
GetSystemMetrics
GetThreadDesktop
OpenDesktopA
IsWindow
OpenWindowStationA
SetProcessWindowStation
GetUserObjectInformationA
GetForegroundWindow
ExitWindowsEx
CloseDesktop

advapi32

RegCreateKeyExW
RegOpenKeyExA
LsaFreeMemory
LsaRetrievePrivateData
LsaNtStatusToWinError
LsaStorePrivateData
LsaClose
LsaOpenPolicy
AdjustTokenPrivileges
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
RegCreateKeyExA
LookupPrivilegeValueA
RegDeleteKeyA
LogonUserW
OpenProcessToken
SetKernelObjectSecurity
SetServiceStatus
RegisterServiceCtrlHandlerExA
StartServiceCtrlDispatcherA
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueA
RegQueryValueExW
RegQueryValueExA
RegSetValueExA
FreeSid
AllocateAndInitializeSid
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA

shell32

ShellExecuteExW

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af5722d283dd785d62f0c681ad9e2302

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

6f:68:49:df:7b:ac:b6:3e:4e:a7:21:08:69:b5:71:77Certificate

Extended Key Usages

Key Usages

45:18:52:c5:b7:ea:a8:f3:39:dd:f0:8e:5f:8b:df:66:e5:87:a2:08Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

psapi

shlwapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 216KB - Virtual size: 216KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 6KB - Virtual size: 1.0MB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 22KB - Virtual size: 21KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

6f:68:49:df:7b:ac:b6:3e:4e:a7:21:08:69:b5:71:77
Certificate

45:18:52:c5:b7:ea:a8:f3:39:dd:f0:8e:5f:8b:df:66:e5:87:a2:08
Signer

.text
Size: 216KB - Virtual size: 216KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 6KB - Virtual size: 1.0MB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 22KB - Virtual size: 21KB