2024-05-31_537f3d1059f671011910af63df322d9c_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-31_537f3d1059f671011910af63df322d9c_mafia
Size

1.3MB
MD5

537f3d1059f671011910af63df322d9c
SHA1

f6490d6abf81c51af256cbff37dd973caeb15332
SHA256

7bc6e95deb54940ddfbed85b1b27eb4063a9d3a44d4535b60f64dee2695ba209
SHA512

6c3760ddbe283376606e967b1dbfeb653a112b727b60a1e90aabc4ebb8f0053984cca228e7af705e2f15e07982fa83e0fb6ceafa00a6563de533be2daadcc19a
SSDEEP

24576:LMoZH565KC9hsb3Eh3kEWxaesBgZJPtfmc6e8NRTRa/6B:Lr6UCbqUODPtfmcL8fTRa/y

Score

1^/10

Malware Config

Signatures

Files

2024-05-31_537f3d1059f671011910af63df322d9c_mafia
.exe windows:5 windows x86 arch:x86

1c6e100ab9d9db0918d53bc587dae5f3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:24:3d:90:c8:1c:d8:fe:c7:0e:99:81:31:54:fb:64:59
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

13/03/2013, 07:15

Not After

14/03/2014, 07:15

Subject

CN=Taiwan Shui Mu Chih Ching Technology Limited,O=Taiwan Shui Mu Chih Ching Technology Limited,L=新北,ST=台湾,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

97:53:cc:1a:13:21:47:b7:14:09:18:be:62:aa:12:e1:95:27:d3:aa
Signer

Actual PE Digest

97:53:cc:1a:13:21:47:b7:14:09:18:be:62:aa:12:e1:95:27:d3:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Build\ecyber\trunk\sc\bin.32\eInstall.pdb

Imports

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW
PathRemoveExtensionW
SHGetValueW
PathIsURLW
PathFindExtensionW
PathFindFileNameW
PathRenameExtensionW
PathFileExistsW
PathCombineW
SHDeleteKeyW
PathAppendW

kernel32

GetProcessHeap
HeapFree
TlsGetValue
DecodePointer
EncodePointer
GetProfileIntW
GlobalSize
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
HeapAlloc
GetCurrentDirectoryW
SetCurrentDirectoryW
GetSystemTimeAsFileTime
TlsFree
TlsAlloc
InterlockedExchange
InterlockedIncrement
GetCurrentThreadId
CreateEventW
GetPrivateProfileStringW
WritePrivateProfileStringW
SetFilePointer
GetFileSize
lstrlenA
WriteFile
SetNamedPipeHandleState
WaitNamedPipeW
ReadFile
WideCharToMultiByte
GetPrivateProfileSectionW
DebugBreak
MulDiv
InitializeCriticalSectionAndSpinCount
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
MultiByteToWideChar
lstrcmpiW
Process32NextW
Process32FirstW
SetWaitableTimer
CreateWaitableTimerA
GetCommandLineW
HeapSetInformation
WaitForSingleObject
CreateProcessW
TerminateProcess
OpenProcess
GetStartupInfoW
ExitProcess
CreateToolhelp32Snapshot
CreateMutexW
ResumeThread
CreateThread
TerminateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
CreateDirectoryW
GetModuleFileNameW
GetSystemInfo
GetModuleHandleW
GetVersionExW
GetCurrentProcess
CreateFileW
InterlockedDecrement
LocalFree
GetSystemDefaultLCID
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CopyFileW
OutputDebugStringW
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
Sleep
MoveFileW
GetWindowsDirectoryW
DeleteFileW
SetEvent
CloseHandle
CreateEventA
GetLastError
GetCurrentProcessId
OpenEventA
ResetEvent
TlsSetValue
SystemTimeToFileTime
WaitForMultipleObjects
GetTickCount
FormatMessageA
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
SetLastError
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
VirtualProtect
VirtualAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
RtlUnwind
ExitThread
CompareStringW
GetCPInfo
LCMapStringW

user32

SetWindowTextW
SendMessageW
FindWindowW
GetWindowThreadProcessId
GetWindowRect
ScreenToClient
ExitWindowsEx
ShowWindow
IsIconic
GetParent
RegisterClassW
DestroyWindow
PostMessageW
CreateWindowExW
DefWindowProcW
CreateAcceleratorTableW
RegisterClipboardFormatW
FrameRect
DrawFocusRect
FillRect
PeekMessageW
GetCapture
EndPaint
BeginPaint
DrawTextW
CopyImage
TrackMouseEvent
MapWindowPoints
ReleaseDC
UpdateLayeredWindow
SetWindowRgn
GetUpdateRect
GetCursorPos
CallWindowProcW
ReleaseCapture
SetCapture
ClientToScreen
GetDesktopWindow
GetSystemMetrics
GetWindowLongW
SetWindowLongW
GetFocus
IsChild
wvsprintfW
CopyRect
IsRectEmpty
PtInRect
SetRect
SetRectEmpty
EqualRect
InflateRect
OffsetRect
IntersectRect
UnionRect
CharLowerW
CharNextW
GetKeyState
SetCursor
LoadCursorW
CreateCaret
ShowCaret
HideCaret
SetCaretPos
SetTimer
KillTimer
GetSysColor
SetWindowPos
SystemParametersInfoW
IsWindow
GetWindow
GetWindowTextW
PostThreadMessageW
GetForegroundWindow
InvalidateRgn
GetClientRect
GetDC
GetClassInfoExW
RegisterClassExW
EnableWindow
GetMessageW
SetFocus
TranslateMessage
DispatchMessageW
PostQuitMessage
GetLastActivePopup
SetPropW
GetPropW
InvalidateRect

gdi32

SetStretchBltMode
StretchBlt
SelectClipRgn
OffsetClipRgn
MoveToEx
LineTo
ArcTo
GetStockObject
Rectangle
Ellipse
Polygon
DeleteDC
CreateFontW
FillRgn
FrameRgn
GetRgnBox
CopyMetaFileW
EnumFontFamiliesW
CreatePen
SetDIBits
CreatePatternBrush
SetTextColor
SetPixel
GetPixel
SetWorldTransform
SetGraphicsMode
CreateCompatibleBitmap
CreateSolidBrush
GetObjectA
RestoreDC
SaveDC
GetClipBox
GetCharABCWidthsW
GetTextExtentPoint32W
CreateDIBSection
GetDIBits
CreateRectRgn
CreateRoundRectRgn
OffsetRgn
SetWindowOrgEx
BitBlt
CombineRgn
CreateRectRgnIndirect
SetBkMode
GetBkMode
CreateCompatibleDC
GetDeviceCaps
GetObjectW
DeleteObject
Polyline
AddFontResourceW
SelectObject

advapi32

OpenProcessToken
AdjustTokenPrivileges
GetTokenInformation
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
CloseServiceHandle
DeleteService
RegOpenKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyW
RegQueryValueExW
RegCreateKeyExW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
LookupPrivilegeValueW

shell32

ord43
SHAddToRecentDocs
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHGetPathFromIDListW
SHFileOperationW
ord680
SHGetFolderPathAndSubDirW
SHBrowseForFolderW
ord165
CommandLineToArgvW

ole32

CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
IIDFromString
DoDragDrop
OleLockRunning
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CLSIDFromString
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeSecurity
OleRun

oleaut32

VariantChangeType
VariantCopy
GetErrorInfo
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
DispCallFunc
SysStringLen
SysStringByteLen
VariantClear
VariantInit
SysAllocString
SysFreeString
SysAllocStringByteLen
LoadTypeLi
SysAllocStringLen

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW

riched20

ord4

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipDrawRectangleI
GdipDrawLineI
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetCompositingQuality
GdipCreateFromHDC
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipGraphicsClear
GdipFillRectangleI
GdipFillEllipseI
GdipDrawString
GdipMeasureString
GdipDrawImageI
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageFlags
GdipSaveImageToStream
GdipLoadImageFromStream
GdipGetFamily
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteFontFamily
GdipDrawImageRectRectI

winmm

timeKillEvent
timeSetEvent

ws2_32

gethostname
WSAStartup
WSACleanup
inet_ntoa
gethostbyname

urlmon

UrlMkGetSessionOption

comctl32

ord17

Sections

.text
Size: 917KB - Virtual size: 917KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c6e100ab9d9db0918d53bc587dae5f3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:24:3d:90:c8:1c:d8:fe:c7:0e:99:81:31:54:fb:64:59Certificate

Extended Key Usages

Key Usages

97:53:cc:1a:13:21:47:b7:14:09:18:be:62:aa:12:e1:95:27:d3:aaSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

riched20

msimg32

gdiplus

winmm

ws2_32

urlmon

comctl32

Sections

.text Size: 917KB - Virtual size: 917KB

.rdata Size: 266KB - Virtual size: 266KB

.data Size: 30KB - Virtual size: 46KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 96KB - Virtual size: 95KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:24:3d:90:c8:1c:d8:fe:c7:0e:99:81:31:54:fb:64:59
Certificate

97:53:cc:1a:13:21:47:b7:14:09:18:be:62:aa:12:e1:95:27:d3:aa
Signer

.text
Size: 917KB - Virtual size: 917KB

.rdata
Size: 266KB - Virtual size: 266KB

.data
Size: 30KB - Virtual size: 46KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 96KB - Virtual size: 95KB