General

Malware Config

Signatures

Files

• 2024-05-23_88ae57b87b9553ad09012e234d02ceac_mafia

  .exe windows:5 windows x86 arch:x86

  2b943d0b492a2ca3c8e825e43a37abc3

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0a:4f:98:7a:76:9e:4a:35:3b:26:87:8a:3b:d3:d3:de

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  08-06-2013 00:00

  Not After

  06-08-2016 23:59

  Subject

  CN=Oracle America\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  c6:f2:be:33:d5:2a:a7:8a:8a:b6:96:03:44:7b:2c:36:b7:8a:3c:57

  Signer

  Actual PE Digest

  c6:f2:be:33:d5:2a:a7:8a:8a:b6:96:03:44:7b:2c:36:b7:8a:3c:57

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ole32

  CoInitializeEx

  OleUninitialize

  OleInitialize

  CreateStreamOnHGlobal

  CLSIDFromString

  CLSIDFromProgID

  CoGetClassObject

  OleLockRunning

  StringFromGUID2

  CoInitialize

  CoUninitialize

  CoTaskMemFree

  CoCreateInstance

  CoTaskMemRealloc

  CoTaskMemAlloc

  shell32

  Shell_NotifyIconA

  SHGetFolderPathA

  FindExecutableA

  ShellExecuteExA

  wininet

  InternetTimeToSystemTime

  InternetCrackUrlA

  InternetGetConnectedState

  InternetTimeFromSystemTime

  InternetQueryDataAvailable

  InternetErrorDlg

  HttpQueryInfoA

  InternetCloseHandle

  InternetReadFile

  HttpSendRequestA

  HttpOpenRequestA

  InternetConnectA

  InternetOpenA

  crypt32

  CryptBinaryToStringA

  CryptUnprotectData

  CryptProtectData

  CryptQueryObject

  CryptStringToBinaryA

  CertFindCertificateInStore

  CertGetNameStringW

  CertCloseStore

  CryptMsgClose

  CryptMsgGetParam

  comctl32

  InitCommonControlsEx

  version

  GetFileVersionInfoSizeA

  VerQueryValueW

  GetFileVersionInfoA

  VerQueryValueA

  kernel32

  TlsGetValue

  TlsSetValue

  TlsFree

  TlsAlloc

  CompareStringW

  GetDateFormatA

  GetTimeFormatA

  LCMapStringW

  lstrcmpA

  RaiseException

  GetLastError

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  MultiByteToWideChar

  WideCharToMultiByte

  lstrlenW

  GetProcAddress

  GetModuleHandleA

  InterlockedIncrement

  InterlockedDecrement

  lstrlenA

  lstrcmpiA

  IsDBCSLeadByte

  FreeLibrary

  SizeofResource

  LoadResource

  FindResourceA

  LoadLibraryExA

  GetModuleFileNameA

  CloseHandle

  CreateMutexA

  GetCommandLineA

  EnterCriticalSection

  LeaveCriticalSection

  FlushInstructionCache

  GetCurrentProcess

  MulDiv

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  GetCurrentThreadId

  SetLastError

  LockResource

  FindResourceW

  Sleep

  GetExitCodeProcess

  WaitForSingleObject

  DeleteFileA

  lstrcatA

  FormatMessageA

  GlobalFree

  GlobalHandle

  lstrcpyA

  SetEvent

  ResetEvent

  CreateThread

  CreateEventA

  lstrcpynA

  OpenEventA

  GetSystemTime

  WriteFile

  CreateFileA

  ReadFile

  GetVersionExA

  LocalFree

  GetTempPathA

  GetTickCount

  GetCurrentProcessId

  SetFilePointer

  ReleaseMutex

  SystemTimeToFileTime

  FileTimeToSystemTime

  SetDllDirectoryA

  TerminateProcess

  GetLocaleInfoA

  LoadLibraryA

  GetSystemDirectoryA

  GetLocalTime

  FormatMessageW

  GetNativeSystemInfo

  SetHandleInformation

  CreatePipe

  PeekNamedPipe

  CreateProcessA

  RemoveDirectoryA

  CreateDirectoryA

  GetSystemDefaultUILanguage

  GetUserDefaultUILanguage

  GetThreadLocale

  LoadLibraryW

  InterlockedCompareExchange

  InterlockedExchange

  InitializeCriticalSection

  EncodePointer

  DecodePointer

  GetLocaleInfoW

  GetStringTypeW

  InterlockedPushEntrySList

  HeapFree

  GetProcessHeap

  HeapAlloc

  IsProcessorFeaturePresent

  VirtualFree

  VirtualAlloc

  InterlockedPopEntrySList

  GetSystemTimeAsFileTime

  VirtualQuery

  GetSystemInfo

  GetModuleHandleW

  VirtualProtect

  RtlUnwind

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  ExitProcess

  GetStdHandle

  GetModuleFileNameW

  HeapCreate

  HeapReAlloc

  HeapSize

  GetTimeZoneInformation

  SetHandleCount

  GetStartupInfoW

  HeapSetInformation

  GetConsoleCP

  GetConsoleMode

  GetFileType

  FlushFileBuffers

  GetACP

  GetOEMCP

  IsValidCodePage

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  QueryPerformanceCounter

  SetStdHandle

  WriteConsoleW

  SetEndOfFile

  GetUserDefaultLCID

  EnumSystemLocalesA

  IsValidLocale

  CreateFileW

  WaitForMultipleObjects

  SetEnvironmentVariableA

  GetCPInfo

  user32

  MsgWaitForMultipleObjectsEx

  LoadImageA

  GetSystemMetrics

  PostMessageA

  TrackPopupMenu

  GetCursorPos

  AppendMenuA

  CreatePopupMenu

  PostQuitMessage

  ShowWindow

  RegisterClassA

  wsprintfA

  MapWindowPoints

  DrawTextW

  SetWindowTextW

  GetWindowTextW

  UnregisterClassA

  SetFocus

  GetFocus

  DestroyAcceleratorTable

  BeginPaint

  EndPaint

  PeekMessageA

  DestroyWindow

  FillRect

  ReleaseCapture

  GetClassNameA

  GetMessageW

  IsChild

  SetCapture

  RedrawWindow

  InvalidateRgn

  InvalidateRect

  ReleaseDC

  GetDC

  ScreenToClient

  ClientToScreen

  MoveWindow

  GetMessageA

  TranslateMessage

  DispatchMessageW

  DispatchMessageA

  DialogBoxIndirectParamA

  RegisterWindowMessageA

  GetWindowTextLengthA

  GetWindowTextA

  SetWindowTextA

  SetForegroundWindow

  CreateAcceleratorTableA

  CallWindowProcA

  IsWindowUnicode

  GetSysColor

  DefWindowProcA

  MapDialogRect

  SetWindowContextHelpId

  CreateWindowExA

  GetWindowLongA

  SetWindowLongA

  EndDialog

  GetTopWindow

  GetWindow

  GetDlgCtrlID

  LoadBitmapA

  GetClientRect

  GetDlgItem

  EnableWindow

  SetWindowPos

  SendMessageA

  CharNextA

  LoadStringA

  MessageBoxA

  RegisterClassExA

  LoadCursorA

  GetClassInfoExA

  IsWindow

  GetParent

  GetDesktopWindow

  advapi32

  RegOpenKeyExA

  RegDeleteKeyA

  RegDeleteValueA

  RegCloseKey

  RegSetValueExA

  RegQueryInfoKeyW

  RegEnumKeyExA

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  RegQueryInfoKeyA

  RegQueryValueExA

  CryptDestroyHash

  CryptGetHashParam

  CryptHashData

  CryptReleaseContext

  CryptCreateHash

  CryptAcquireContextA

  RegEnumKeyA

  RegCreateKeyExA

  oleaut32

  VarUI4FromStr

  SysStringLen

  SysAllocStringLen

  SysAllocString

  LoadTypeLi

  LoadRegTypeLi

  OleCreateFontIndirect

  VariantClear

  VariantInit

  SysFreeString

  gdi32

  CreateFontIndirectA

  CreateSolidBrush

  GetDeviceCaps

  BitBlt

  CreateCompatibleBitmap

  DeleteObject

  DeleteDC

  SetBkMode

  GetObjectA

  CreateCompatibleDC

  SelectObject

  StretchBlt

  GetStockObject

  Sections

  .text

  Size: 426KB - Virtual size: 426KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 108KB - Virtual size: 107KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 15KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 621KB - Virtual size: 621KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 34KB - Virtual size: 33KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ