2024-05-22_30466d8f1a4d33a93dd30e70cce0aade_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-22_30466d8f1a4d33a93dd30e70cce0aade_mafia
Size

2.0MB
MD5

30466d8f1a4d33a93dd30e70cce0aade
SHA1

3ea24ad2e6d3744e29ccb2ecad6dc41973e9a3cd
SHA256

687e6903d5536fdb48aab76e22ab3cac26b8c44c34f4f9b4c09122adbe1a676a
SHA512

2c1238771c532b2e6b800d11fd3f9ecba5506ca1bcc65a70770f4531f2b772302f98df9d6e465ad546ebe766603cce630cfff3867d9468af3640c9673230a64c
SSDEEP

49152:frjroQMVVVLGTvK+aoeeq0apj0oiV0W9lNe/eo7ExakGlwX:nroQMhLGTvK4eesF0oiV0Se/D7Exau

Score

1^/10

Malware Config

Signatures

Files

2024-05-22_30466d8f1a4d33a93dd30e70cce0aade_mafia
.exe windows:5 windows x86 arch:x86

a4c6ed066963367fb1a002d36c02ae17

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:60:ef:1b:2d:62:99:8e:c1:7a:21:f4:06:69:ed:22
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/09/2013, 00:00

Not After

06/10/2014, 23:59

Subject

CN=CANON INC.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Office Imaging Products,O=CANON INC.,L=Kawasaki,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:61:86:99:e5:a7:18:e1:fd:3b:80:0d:83:ac:50:ef:c1:3f:68:1d
Signer

Actual PE Digest

8d:61:86:99:e5:a7:18:e1:fd:3b:80:0d:83:ac:50:ef:c1:3f:68:1d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\S71\Perforce\aea.nishimura.tatsuro_C70835800_1164\div4400\映事DS\CartridgeUtility\branches\Rev195581\CartridgeUtility\Release\CnTnrStsApp.pdb

Imports

kernel32

IsValidLocale
GetDriveTypeW
EnumSystemLocalesA
SetEnvironmentVariableA
GetConsoleCP
IsProcessorFeaturePresent
GetLocaleInfoA
LCMapStringW
GetConsoleMode
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetUserDefaultUILanguage
SetUnhandledExceptionFilter
HeapSize
HeapQueryInformation
ExitProcess
GetFileType
SetStdHandle
HeapReAlloc
RaiseException
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
CreateThread
ExitThread
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
GetTempFileNameW
GetNumberFormatW
GetWindowsDirectoryW
GetCurrentDirectoryW
lstrcpyW
GetSystemDirectoryW
GlobalFlags
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesW
GetFileAttributesExW
lstrlenA
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedIncrement
GetCurrentProcessId
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SetThreadPriority
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
lstrcmpA
GetCurrentThread
ConvertDefaultLocale
GetSystemDefaultUILanguage
CompareStringA
GetLocaleInfoW
LoadLibraryExW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
InitializeCriticalSectionAndSpinCount
FreeLibrary
lstrcmpW
FreeResource
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
ActivateActCtx
DeactivateActCtx
DeleteFileW
CreateFileW
lstrcmpiW
GetThreadLocale
CopyFileW
GlobalSize
FormatMessageW
MulDiv
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcAddress
FindFirstFileW
FindNextFileW
FindClose
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedExchange
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetEvent
Sleep
WaitForSingleObject
CreateEventW
WideCharToMultiByte
lstrlenW
CreateDirectoryW
MultiByteToWideChar
SetCurrentDirectoryW
LocalFree
GetCommandLineW
VerifyVersionInfoW
VerSetConditionMask
CloseHandle
GetLastError
CreateMutexW
FindResourceW
LoadResource
LockResource
SizeofResource
GetTempPathW
GetModuleFileNameW
LoadLibraryW
WriteConsoleW

user32

InsertMenuItemW
TranslateAcceleratorW
FrameRect
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
RegisterClipboardFormatW
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFrameControl
DrawEdge
SetClassLongW
DestroyAcceleratorTable
SetParent
DrawIconEx
LoadImageW
GetIconInfo
HideCaret
DrawFocusRect
InvertRect
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsZoomed
GetAsyncKeyState
NotifyWinEvent
SetWindowRgn
GetSystemMenu
DestroyIcon
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
OffsetRect
CharNextW
DeleteMenu
IntersectRect
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
RealChildWindowFromPoint
LoadCursorW
GetSysColorBrush
WindowFromPoint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
DrawStateW
GetWindowThreadProcessId
ShowOwnedPopups
SetCursor
GetMessageW
GetCursorPos
SetWindowContextHelpId
PostQuitMessage
MapVirtualKeyW
GetKeyNameTextW
ReleaseDC
GetDC
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MonitorFromWindow
MessageBoxW
EnableWindow
GetWindowLongW
SetWindowLongW
PostMessageW
GetParent
SendMessageW
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
UnpackDDElParam
CopyIcon
CharUpperBuffW
PostThreadMessageW
WaitMessage
IsCharLowerW
MapVirtualKeyExW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
SubtractRect
UpdateWindow
GetClassInfoExW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetUpdateRect
GetDoubleClickTime
GetWindowRgn
DestroyCursor
MapDialogRect
SetForegroundWindow
SetTimer
PeekMessageW
TranslateMessage
DispatchMessageW
KillTimer
GetComboBoxInfo
GetClientRect
PtInRect
CallWindowProcW
CreateWindowExW
GetClassInfoW
FindWindowW
RegisterWindowMessageW
LoadIconW
IsIconic
GetSystemMetrics
DrawIcon
BeginPaint
SetRect
EndPaint
InvalidateRect
GetDlgCtrlID
GetLastActivePopup
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
CharUpperW
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
GetDesktopWindow
LoadMenuW
GetWindowRect
GetWindow
CopyRect
SetWindowPos
GetMenu
DefWindowProcW
GetWindowPlacement
ReuseDDElParam

gdi32

GetTextCharsetInfo
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
CreateRoundRectRgn
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
OffsetRgn
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
SetPixelV
EnumFontFamiliesW
GetTextFaceW
RectVisible
PtVisible
CreateCompatibleBitmap
CreateDIBitmap
CreateFontIndirectW
GetTextMetricsW
GetTextExtentPoint32W
CreateHatchBrush
CreatePen
GetObjectType
SelectPalette
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetStockObject
CreateSolidBrush
PatBlt
CreateRectRgnIndirect
CreateBitmap
SetBkColor
SetTextColor
CreateDCW
CopyMetaFileW
GetDeviceCaps
SetViewportOrgEx
Escape
ExtTextOutW
DeleteObject
CreateDIBSection
GetObjectW
SetDIBColorTable
CreateCompatibleDC
SelectObject
DeleteDC
TextOutW

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

GetPrinterDataExW
DocumentPropertiesW
OpenPrinterW
EnumPrintersW
ClosePrinter

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW
RegCloseKey

shell32

ShellExecuteW
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHAppBarMessage
DragFinish
DragQueryFileW
SHBrowseForFolderW
CommandLineToArgvW

comctl32

ImageList_GetIconSize
InitCommonControlsEx

shlwapi

PathIsDirectoryW
PathCombineW
PathFindFileNameW
PathFileExistsW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW
PathAppendW

ole32

OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
IsAccelerator
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
OleLockRunning
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
RevokeDragDrop

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantInit
VariantClear
SysAllocStringLen
VariantChangeType
SysFreeString
SafeArrayDestroy
VarBstrFromDate
OleCreateFontIndirect
SysAllocString
VariantTimeToSystemTime
VarDateFromStr
VariantCopy
SystemTimeToVariantTime

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown

crgcollector

ord110
ord120
ord100
ord130

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4c6ed066963367fb1a002d36c02ae17

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

32:60:ef:1b:2d:62:99:8e:c1:7a:21:f4:06:69:ed:22Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

8d:61:86:99:e5:a7:18:e1:fd:3b:80:0d:83:ac:50:ef:c1:3f:68:1dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

crgcollector

oleacc

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 297KB - Virtual size: 296KB

.data Size: 29KB - Virtual size: 58KB

.rsrc Size: 244KB - Virtual size: 243KB

.reloc Size: 173KB - Virtual size: 173KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

32:60:ef:1b:2d:62:99:8e:c1:7a:21:f4:06:69:ed:22
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

8d:61:86:99:e5:a7:18:e1:fd:3b:80:0d:83:ac:50:ef:c1:3f:68:1d
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 297KB - Virtual size: 296KB

.data
Size: 29KB - Virtual size: 58KB

.rsrc
Size: 244KB - Virtual size: 243KB

.reloc
Size: 173KB - Virtual size: 173KB