2024-05-17_e299e961277732f7468e4712d9f1aba9_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-17_e299e961277732f7468e4712d9f1aba9_mafia
Size

2.2MB
MD5

e299e961277732f7468e4712d9f1aba9
SHA1

88f0a4c63fc260fac0e01fbbc516e34f1cc1341c
SHA256

953f443e567ae53ebd9c3430808e2c1d33797b33b0e49df2e4ed1aa4aed3f4bf
SHA512

a0e55b1d145268fc5a3f352e644cac8af525d76178bbb0540e652ebcd166542e883d9432435d92a9422082e57fbb0a63f5ed5a7d71192288a068d48e198acc57
SSDEEP

49152:e6VNfzQgQgQEC4Burpv4A0L8XPuWsXxAmzIvk0jZSTa7SXM:ewNrQnjELurpvEAXPhsX6mzIv174M

Score

1^/10

Malware Config

Signatures

Files

2024-05-17_e299e961277732f7468e4712d9f1aba9_mafia
.exe windows:5 windows x86 arch:x86

b69489cd5f67db8ed9f50aea0ac5a20c

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:0f:63:2d:f0:9c:0a:79:d1:0c:fb:c3:66:04:cd:2b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/09/2012, 00:00

Not After

19/09/2013, 23:59

Subject

CN=Adobe Systems Incorporated,OU=CS Production+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a2:41:05:4c:de:c4:0e:76:b9:10:10:74:f3:af:89:ff:d2:4d:57:9b
Signer

Actual PE Digest

a2:41:05:4c:de:c4:0e:76:b9:10:10:74:f3:af:89:ff:d2:4d:57:9b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Source\r2d2-32\r2d2\client\public\prtk\binaries\Win32\release\prtk.pdb

Imports

winhttp

WinHttpOpen
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpReadData
WinHttpSendRequest
WinHttpCloseHandle
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSetCredentials

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status
SetupDiGetClassDevsW

kernel32

GetLastError
GetCurrentThread
FindClose
FindNextFileW
FindFirstFileW
Sleep
LocalFree
SystemTimeToFileTime
GetFileAttributesW
SetFileAttributesW
FlushFileBuffers
CreateFileW
lstrlenW
GetACP
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
AreFileApisANSI
ReadFile
SetFilePointer
WriteFile
SetEndOfFile
GetFileSize
UnlockFile
LockFile
GetFileAttributesA
DeleteFileA
DeleteFileW
LoadLibraryA
LoadLibraryW
GetProcAddress
FreeLibrary
GetTickCount
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
DeleteCriticalSection
LockFileEx
InterlockedIncrement
InitializeCriticalSection
GetTempPathA
QueryPerformanceFrequency
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetCurrentProcess
CreateFileA
OutputDebugStringA
CreateDirectoryW
GlobalFree
SetEvent
WaitForMultipleObjects
CreateEventW
GetTimeZoneInformation
UnlockFileEx
LocalAlloc
InterlockedDecrement
lstrlenA
CreateSemaphoreW
SetEnvironmentVariableA
GetModuleFileNameA
CreateProcessW
ReleaseSemaphore
WaitForSingleObject
GetVersionExW
CreateThread
GetComputerNameExW
OpenEventW
GetExitCodeThread
TerminateThread
SwitchToThread
ResumeThread
GetLocalTime
SetLastError
GetDateFormatW
GetTimeFormatW
HeapCreate
LCMapStringW
QueryPerformanceCounter
GetEnvironmentVariableA
WideCharToMultiByte
GetModuleFileNameW
InterlockedCompareExchange
GetTempPathW
MultiByteToWideChar
GetDiskFreeSpaceW
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
SetStdHandle
GetConsoleCP
CloseHandle
GetConsoleMode
ExitProcess
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetProcessHeap
WriteConsoleW
CompareStringW
FormatMessageA
IsValidCodePage
GetOEMCP
GetCPInfo
GetStartupInfoW
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
MoveFileA
InterlockedExchange
GetDateFormatA
GetTimeFormatA
FindFirstFileExA
GetDriveTypeA
HeapReAlloc
HeapSetInformation
GetCommandLineW
HeapAlloc
LocalFileTimeToFileTime
SetFileTime
FindFirstFileExW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapFree
RaiseException
RtlUnwind
DecodePointer
EncodePointer

user32

wsprintfW

advapi32

OpenProcessToken
CryptDestroyKey
CryptGenKey
CryptReleaseContext
CryptAcquireContextW
CryptExportKey
GetUserNameW
LookupAccountNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyA
SetSecurityInfo
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetFolderPathW
SHGetFolderLocation

ole32

CoInitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoTaskMemFree

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantClear
SysAllocStringByteLen

shlwapi

PathStripPathW
PathRemoveBackslashW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW

Exports

Exports

Adobe_OOBELib_Activate
Adobe_OOBELib_BackDoorUpgradeCheck
Adobe_OOBELib_CalculateVC
Adobe_OOBELib_CheckForUpgradeOnline
Adobe_OOBELib_CheckSubscriptionMode
Adobe_OOBELib_CheckSubscriptionValidity
Adobe_OOBELib_CheckSubscriptionValidityOnline
Adobe_OOBELib_CheckWFType
Adobe_OOBELib_CheckforUpgrade
Adobe_OOBELib_CleanUpCachePCD
Adobe_OOBELib_CreateRef
Adobe_OOBELib_Deactivate
Adobe_OOBELib_DeactivateLicense
Adobe_OOBELib_DeactivateLicenseForSerial
Adobe_OOBELib_DisAssociateAll
Adobe_OOBELib_EnumerateKeys
Adobe_OOBELib_Generate_OffLineExcpType1_ReqCode
Adobe_OOBELib_GetAdobeId
Adobe_OOBELib_GetChallengeString_UpgradeCheck
Adobe_OOBELib_GetCredentialsForProxy
Adobe_OOBELib_GetCurrentLicenseState
Adobe_OOBELib_GetEntitlement
Adobe_OOBELib_GetLicenseStatus
Adobe_OOBELib_GetLicenseStatusEx
Adobe_OOBELib_GetRefID
Adobe_OOBELib_GetSerialInfo
Adobe_OOBELib_GetServiceClaimData
Adobe_OOBELib_GetValueforKeyInSubDomain
Adobe_OOBELib_Get_OffLineExcpType1_ReqCode
Adobe_OOBELib_Get_SeatID
Adobe_OOBELib_Getversion
Adobe_OOBELib_ISOTaggingAtInstall
Adobe_OOBELib_LaunchPurchaseWorkFlow
Adobe_OOBELib_LoadActivationGraceLicense
Adobe_OOBELib_LoadOfflineGraceLicense
Adobe_OOBELib_LoadOnlineTrial
Adobe_OOBELib_LoadTrial
Adobe_OOBELib_ProcessExceptionFile
Adobe_OOBELib_Process_file
Adobe_OOBELib_ProtectedContentCheck
Adobe_OOBELib_QueryLicenses
Adobe_OOBELib_ReleaseRef
Adobe_OOBELib_RememberAdobeID
Adobe_OOBELib_RemoveKeyInSubDomainInCache
Adobe_OOBELib_Remove_payload
Adobe_OOBELib_Retrieve_SerialNumber
Adobe_OOBELib_Retrieve_SerialNumberEx
Adobe_OOBELib_Retryactivation
Adobe_OOBELib_SaveAdobeId
Adobe_OOBELib_SetAdobeId
Adobe_OOBELib_SetAdobeIdExtProfile
Adobe_OOBELib_SetAppXMLData
Adobe_OOBELib_SetClaimStatus
Adobe_OOBELib_SetClaimStatusEx
Adobe_OOBELib_SetCredentialsForProxy
Adobe_OOBELib_SetLEID
Adobe_OOBELib_SetUniversalCookie
Adobe_OOBELib_SetValueforKeyInSubDomainInCache
Adobe_OOBELib_Set_Eula
Adobe_OOBELib_Set_InstallLocale
Adobe_OOBELib_Set_serialnumber
Adobe_OOBELib_SuppressRegSerialNag
Adobe_OOBELib_SuppressRegistrationNag
Adobe_OOBELib_Suppress_Eula
Adobe_OOBELib_Suppress_Registration
Adobe_OOBELib_UpgradeCheck
Adobe_OOBELib_UpgradeDoneAtInstallTime
Adobe_OOBELib_ValidateSerialOnline
Adobe_OOBELib_Validate_SerialNumber
Adobe_OOBELib_Verify_OffLineExcpType1_ServerResponseCode
GetAsnVersion
IAL_ActivateLicense
IAL_CloseSession
IAL_CreateSession
IAL_DeactivateLicense
IAL_GetAULData
IAL_GetEntitledSerialData
IAL_GetType2aOfflineException
IAL_GetVersion
IAL_ReloadLocalDispatchTable
IAL_SetLicensingLEID
IAL_SetLoggingMethod
IAL_SetProxyDetails
IAL_ValidateSerial
asnInst_InstallerProductInfo_constructor
asnInst_getAsnProductInfo
asnInst_getAsnProductInfoInMem
asn_exit
asn_info
asn_init
asn_makePrivate
asn_makePrivateEx

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b69489cd5f67db8ed9f50aea0ac5a20c

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

68:0f:63:2d:f0:9c:0a:79:d1:0c:fb:c3:66:04:cd:2bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a2:41:05:4c:de:c4:0e:76:b9:10:10:74:f3:af:89:ff:d2:4d:57:9bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

setupapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 320KB - Virtual size: 319KB

.data Size: 77KB - Virtual size: 105KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 101KB - Virtual size: 100KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

68:0f:63:2d:f0:9c:0a:79:d1:0c:fb:c3:66:04:cd:2b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a2:41:05:4c:de:c4:0e:76:b9:10:10:74:f3:af:89:ff:d2:4d:57:9b
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 320KB - Virtual size: 319KB

.data
Size: 77KB - Virtual size: 105KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 101KB - Virtual size: 100KB