2024-05-23_0d54847d58880ccdf4079d834bb72a26_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-23_0d54847d58880ccdf4079d834bb72a26_mafia
Size

2.8MB
MD5

0d54847d58880ccdf4079d834bb72a26
SHA1

a3a97eec7f28ac04f84fb8718e9ff1eae9b9cd00
SHA256

fc74acad4b3cdf0c954a9ae6331f03b1df1135aff4e284bcd880566069b0d349
SHA512

5377b194d1970690d39d12eb4ba22e7edf1a631fb607f8c1a2874137b55a2f5677b957f5fa30f17883a955dd8436ef3ad610df58a1c38f46cae4185d88565c16
SSDEEP

49152:tLXmYfHcxsOr/mwnVAxDf3MQIvfmYABohReZEB4sAA:FJcfnV6cQhHqCA

Score

1^/10

Malware Config

Signatures

Files

2024-05-23_0d54847d58880ccdf4079d834bb72a26_mafia
.exe windows:5 windows x86 arch:x86

ab2bef1799e951a147e55d45a422e51f

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:6d:12:c5:e0:81:64:c6:1c:ca:17:f4:ef:1d:b0:78
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/07/2021, 00:00

Not After

08/09/2023, 23:59

Subject

CN=Source Dynamics Inc,O=Source Dynamics Inc,L=Issaquah,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b8:0d:0f:b9:28:80:ab:33:0c:25:20:00:6a:73:a4:1f:57:fb:f4:5c
Signer

Actual PE Digest

b8:0d:0f:b9:28:80:ab:33:0c:25:20:00:6a:73:a4:1f:57:fb:f4:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\si\ship\sourceinsight4.pdb

Imports

shell32

SHGetFileInfoW
DragAcceptFiles
DragQueryFileW
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
ShellExecuteW
SHGetMalloc

comctl32

PropertySheetW
ImageList_Destroy
ord17
ImageList_GetIconSize
InitCommonControlsEx
ImageList_SetBkColor
ImageList_GetImageInfo
ImageList_Create
ImageList_AddMasked
ImageList_Draw
ImageList_Remove

ws2_32

WSAStartup
closesocket
ioctlsocket
WSAGetLastError
recv
__WSAFDIsSet
htonl
bind
getsockname
listen
inet_addr
gethostbyname
htons
socket
setsockopt
send
connect
getsockopt
accept
select

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptProtectData
CryptUnprotectData
CryptImportPublicKeyInfo

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
HttpSendRequestW
InternetGetConnectedState

psapi

EmptyWorkingSet

advapi32

RegOpenKeyExA
RegFlushKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
RegQueryValueExA
RegOpenKeyA
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
GetUserNameW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyW
CryptReleaseContext
CryptDestroyHash
RegCloseKey
CryptVerifySignatureW

gdiplus

GdipCreateSolidFill
GdiplusShutdown
GdipDeleteGraphics
GdipDeletePen
GdipCreatePen1
GdipAlloc
GdipDeleteBrush
GdipCreateFromHDC
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawBezierI
GdipDrawEllipseI
GdipFillEllipseI
GdiplusStartup
GdipCloneBrush
GdipFree

ole32

OleInitialize
CoInitializeSecurity
CoCreateGuid

kernel32

FindClose
GetTickCount
Sleep
GetProcAddress
LoadLibraryW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentProcessId
GetLastError
CloseHandle
MapViewOfFile
UnmapViewOfFile
CompareFileTime
FlushViewOfFile
SetLastError
UnlockFile
LockFile
SetEndOfFile
SetFilePointer
GetDiskFreeSpaceW
GetModuleHandleW
GetSystemTime
GetFileInformationByHandle
FlushFileBuffers
WriteFile
LocalFree
GetFileSize
SystemTimeToFileTime
SetFileTime
GetUserDefaultLCID
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GlobalMemoryStatusEx
GetVersionExA
MultiByteToWideChar
GetExitCodeProcess
WaitForSingleObject
CreatePipe
GetStdHandle
HeapFree
GetProcessHeap
HeapAlloc
lstrlenW
WideCharToMultiByte
FreeLibrary
QueryPerformanceCounter
lstrlenA
lstrcmpA
LocalAlloc
VerifyVersionInfoW
VerSetConditionMask
GetComputerNameW
GetSystemPowerStatus
GetLocalTime
GetModuleHandleA
GetVersion
GetVolumeNameForVolumeMountPointW
GetCurrentProcess
GetVolumeInformationW
GlobalSize
GetSystemInfo
GlobalMemoryStatus
GetVersionExW
GetCurrentDirectoryW
GetWindowsDirectoryW
GlobalGetAtomNameW
GetModuleFileNameW
GetTempPathW
FindResourceW
DeleteFileW
GetTempFileNameW
SetCurrentDirectoryW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
GetDateFormatW
GetTimeFormatW
LockResource
FindNextFileW
FindFirstFileExW
GetDriveTypeW
CreateFileW
GetProfileStringW
CreateProcessW
GetEnvironmentVariableW
GlobalAddAtomW
CreateFileMappingW
SearchPathW
CopyFileW
MoveFileW
OpenFileMappingW
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
TryEnterCriticalSection
SetHandleCount
GetCommandLineW
WinExec
SetEvent
CreateEventW
FreeResource
LoadResource
ExpandEnvironmentStringsA
LoadLibraryA
RtlUnwind
EncodePointer
DecodePointer
MoveFileA
HeapSize
HeapReAlloc
ExitThread
ResumeThread
CreateThread
RaiseException
GetSystemTimeAsFileTime
CreateDirectoryW
ExitProcess
GetConsoleCP
GetConsoleMode
GetCommandLineA
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetACP
GetOEMCP
SetEnvironmentVariableW
LCMapStringW
SetStdHandle
GetFileType
GetFileAttributesA
HeapCreate
GetTimeZoneInformation
WriteConsoleW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeW
CompareStringW
SetEnvironmentVariableA
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileW
GlobalFree
ReadFile
IsValidCodePage

user32

TranslateMessage
KillTimer
PeekMessageW
SetTimer
IsChild
CheckRadioButton
CheckDlgButton
DefDlgProcW
SystemParametersInfoW
CreateDialogIndirectParamW
MoveWindow
GetComboBoxInfo
GetWindowDC
ReleaseCapture
GetCursorPos
ScreenToClient
IsIconic
WindowFromPoint
GetAsyncKeyState
SetCapture
SetCursor
ClientToScreen
DestroyCursor
FillRect
InvertRect
DefWindowProcW
SubtractRect
UpdateWindow
ScrollWindowEx
RedrawWindow
WindowFromDC
DestroyIcon
SetWindowPos
GetKeyState
GetMessageW
IsWindowVisible
SetScrollPos
GetDlgCtrlID
DrawFocusRect
CloseClipboard
EmptyClipboard
OpenClipboard
SetParent
DestroyMenu
DefFrameProcW
DefMDIChildProcW
IsZoomed
GetSubMenu
GetMenu
CreateMenu
DrawMenuBar
DeleteMenu
CreatePopupMenu
TrackPopupMenu
CheckMenuItem
SetMenuItemBitmaps
AppendMenuW
SetMenuDefaultItem
EnableMenuItem
GetMenuItemCount
GetSystemMetrics
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
FrameRect
BeginPaint
HideCaret
AdjustWindowRect
SetCaretPos
GetForegroundWindow
GetActiveWindow
CreateCaret
DestroyCaret
DispatchMessageW
TrackMouseEvent
GetWindowThreadProcessId
GetCursor
GetScrollInfo
SetScrollInfo
SetScrollRange
RegisterWindowMessageW
FindWindowW
SetClipboardData
GetClipboardData
ValidateRect
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
GetWindowTextW
RegisterClassW
GetClassNameW
SetWindowTextW
LoadBitmapW
LoadImageW
CreateWindowExW
SetDlgItemTextW
GetDlgItemTextW
DrawTextW
MessageBoxW
LoadCursorW
LoadIconW
GetTabbedTextExtentW
InsertMenuW
TabbedTextOutW
WinHelpW
SetActiveWindow
GetClipboardOwner
RemoveClipboardFormatListener
PostQuitMessage
PackDDElParam
ExitWindowsEx
SetForegroundWindow
AddClipboardFormatListener
SetWindowRgn
DrawIcon
GetScrollPos
GetScrollRange
GetClipboardSequenceNumber
MapWindowPoints
ShowWindow
IsDialogMessageW
GetLastActivePopup
GetDC
ReleaseDC
CallWindowProcW
SendMessageW
GetSysColor
EndPaint
PostMessageW
GetNextDlgTabItem
GetWindow
IsWindowEnabled
EnableWindow
DestroyWindow
EndDialog
SetFocus
SetWindowLongW
GetFocus
GetWindowLongW
SendDlgItemMessageW
GetDlgItem
WaitMessage
InvalidateRect
MessageBeep
GetClientRect
GetWindowRect
ShowCaret
GetParent

gdi32

GetCharABCWidthsW
SetBkColor
PolyBezier
GetCharWidthW
SetViewportOrgEx
GetDeviceCaps
PtInRegion
FillRgn
LineDDA
GdiFlush
CombineRgn
GetRgnBox
CreateRectRgn
CreateRectRgnIndirect
CreatePolygonRgn
SetROP2
StretchBlt
Polyline
GetDCOrgEx
GetClipBox
EndPage
StartPage
StartDocW
SetAbortProc
EndDoc
GetCurrentObject
ExtTextOutW
CreateDCW
CreateICW
TextOutW
GetRegionData
OffsetRgn
GetCharacterPlacementW
ExtSelectClipRgn
SelectObject
CreateBitmap
BitBlt
GetPixel
SetPixel
DeleteObject
CreateSolidBrush
CreatePen
Ellipse
GetTextExtentPoint32W
ExcludeClipRect
SelectClipRgn
CreateFontIndirectW
SetTextColor
SetBkMode
SetTextAlign
GetCurrentPositionEx
GetTextMetricsW
MoveToEx
LineTo
GetStockObject
SelectPalette
RealizePalette
CreateDIBitmap
GetPaletteEntries
CreatePalette
CreateCompatibleBitmap
GetObjectW
CreateCompatibleDC
DeleteDC

comdlg32

ChooseColorW
PageSetupDlgW
CommDlgExtendedError
PrintDlgW
GetOpenFileNameW
GetSaveFileNameW
ChooseFontW

msimg32

AlphaBlend

imm32

ImmSetCompositionFontW
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

Exports

Exports

pcre_callout
pcre_compile
pcre_compile2
pcre_exec
pcre_free
pcre_malloc
pcre_stack_free
pcre_stack_guard
pcre_stack_malloc

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 241KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab2bef1799e951a147e55d45a422e51f

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

04:6d:12:c5:e0:81:64:c6:1c:ca:17:f4:ef:1d:b0:78Certificate

Extended Key Usages

Key Usages

b8:0d:0f:b9:28:80:ab:33:0c:25:20:00:6a:73:a4:1f:57:fb:f4:5cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

comctl32

ws2_32

crypt32

wininet

psapi

advapi32

gdiplus

ole32

kernel32

user32

gdi32

comdlg32

msimg32

imm32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 294KB - Virtual size: 293KB

.data Size: 241KB - Virtual size: 448KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 343KB - Virtual size: 343KB

.reloc Size: 138KB - Virtual size: 138KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

04:6d:12:c5:e0:81:64:c6:1c:ca:17:f4:ef:1d:b0:78
Certificate

b8:0d:0f:b9:28:80:ab:33:0c:25:20:00:6a:73:a4:1f:57:fb:f4:5c
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 294KB - Virtual size: 293KB

.data
Size: 241KB - Virtual size: 448KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 343KB - Virtual size: 343KB

.reloc
Size: 138KB - Virtual size: 138KB