2024-06-03_002a917b39cf6054ee165279637b8841_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-03_002a917b39cf6054ee165279637b8841_mafia
Size

913KB
MD5

002a917b39cf6054ee165279637b8841
SHA1

ade55cb29f75a2400a07660d4205529bf59e8cc9
SHA256

25ddfab90417d8dd8710282eb812e9026e6da20a187da08baf18f8c0bcc2ae92
SHA512

41abab33848d6d399a116fd840fec7f2383ab47e9ce6d15d56b591f648c740c535cc105391a8ba26f158a5e6eb736030d4412440f2bcbea3abb7e8fa86b2944a
SSDEEP

24576:uzSISo/vFOtMxd02jVKTGDFMfXv3i97QZ4mVaftAhx:VrSyMxdoiqZ4mVSAv

Score

1^/10

Malware Config

Signatures

Files

2024-06-03_002a917b39cf6054ee165279637b8841_mafia
.exe windows:5 windows x86 arch:x86

91cf1f2aa43340d0256a5260c89acaa9

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dd:e4:31:46:9f:44:ee:01:cd:42:b3:68:0a:b9:99:0d
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/03/2013, 00:00

Not After

26/03/2016, 23:59

Subject

CN=TRIORIS LLC,O=TRIORIS LLC,POSTALCODE=630000,STREET=Griboedova str.\, 34\, 5,L=Novosibirsk,ST=Novosibirsk region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:8e:b2:2b:20:8c:1e:4d:60:37:df:3e:9f:0c:42:62:8d:a7:f0:4e
Signer

Actual PE Digest

47:8e:b2:2b:20:8c:1e:4d:60:37:df:3e:9f:0c:42:62:8d:a7:f0:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Lambda\Documents\shinypageinstall\Release\shinyinstool.pdb

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

kernel32

GetLongPathNameW
CopyFileW
GetFileAttributesW
LoadLibraryA
FreeLibrary
OpenProcess
DebugBreak
OutputDebugStringW
GetVersionExW
GetVolumeInformationW
MoveFileExW
Sleep
FindResourceW
LoadLibraryExW
GlobalUnlock
GlobalLock
MulDiv
FindResourceExW
HeapReAlloc
GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
CreateMutexW
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
SystemTimeToFileTime
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
LoadLibraryW
FormatMessageW
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
ReadFile
CreateFileW
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetVersion
GetVersionExA
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
GetFileType
GetCurrentDirectoryW
DosDateTimeToFileTime
SetFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
DecodePointer
ExitProcess
VirtualProtect
VirtualQuery
GetCommandLineW
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
InterlockedExchange
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCPInfo
LocalAlloc
WTSGetActiveConsoleSessionId
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
LCMapStringW
RtlUnwind
GetConsoleCP
GetConsoleMode
SetHandleCount
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
InterlockedPopEntrySList
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
GlobalFree
CreateDirectoryW
ExpandEnvironmentStringsW
GlobalAlloc
LockResource
SizeofResource
LoadResource
TerminateProcess
lstrcmpW
DeleteFileW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
HeapFree
GetProcessHeap
HeapAlloc
LocalFree
WaitForSingleObject
CreateThread
GetProcAddress
GetModuleHandleW
CloseHandle
lstrcmpiW
InterlockedIncrement
GetCurrentThreadId
FlushInstructionCache
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
GetModuleFileNameW
SetLastError
GetLastError
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
CompareStringW
SetEnvironmentVariableA
GetFileAttributesExW
EncodePointer

user32

UnregisterClassA
SetFocus
GetClassNameW
GetSysColor
RedrawWindow
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
CallWindowProcW
InvalidateRect
IsChild
EndPaint
BeginPaint
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
DefWindowProcW
GetMessageW
TranslateMessage
DispatchMessageW
IsWindow
FindWindowW
AdjustWindowRectEx
GetMenu
IsWindowVisible
ShowWindow
SetMenuDefaultItem
GetMenuItemInfoW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
LoadImageW
LoadStringA
PostQuitMessage
GetKeyState
MessageBeep
PtInRect
CreatePopupMenu
DestroyMenu
TrackPopupMenuEx
AppendMenuW
GetMenuItemCount
RemoveMenu
MonitorFromPoint
SetMenuItemInfoW
CheckMenuRadioItem
CharNextW
PostMessageW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
GetDlgItem
GetDlgCtrlID
MessageBoxA
EndDialog
DialogBoxParamW
TranslateAcceleratorW
GetActiveWindow
SetWindowLongW
SendMessageW
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
LoadStringW
PeekMessageW
GetFocus

gdi32

CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
GetDeviceCaps
GetObjectW
DeleteDC
GetStockObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegSetValueExW
AllocateAndInitializeSid
RegQueryInfoKeyW
RegOpenKeyExA
RegQueryValueExA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
GetUserNameW
LookupAccountNameW
ConvertSidToStringSidW
LookupPrivilegeValueW
AdjustTokenPrivileges
CheckTokenMembership
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteKeyW
FreeSid

shell32

ShellExecuteW
ShellExecuteExW

ole32

OleInitialize
CLSIDFromString
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
OleUninitialize
CoSetProxyBlanket
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoUninitialize
CoInitialize
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

VariantCopy
SysFreeString
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VarUI4FromStr
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
SysStringByteLen
SysAllocString

shlwapi

StrDupA
StrCpyW

comctl32

InitCommonControlsEx

urlmon

CoInternetSetFeatureEnabled

ws2_32

WSAEventSelect
WSASetEvent
WSACreateEvent
WSARecv
WSAGetOverlappedResult
WSASend
WSAResetEvent
WSAEnumNetworkEvents
WSAConnect
WSAGetLastError
WSASocketW
WSACloseEvent
closesocket
WSAStartup
getaddrinfo
freeaddrinfo
WSASetLastError
WSACleanup

Sections

.text
Size: 695KB - Virtual size: 695KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AAA
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91cf1f2aa43340d0256a5260c89acaa9

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

01Certificate

Key Usages

dd:e4:31:46:9f:44:ee:01:cd:42:b3:68:0a:b9:99:0dCertificate

Extended Key Usages

Key Usages

47:8e:b2:2b:20:8c:1e:4d:60:37:df:3e:9f:0c:42:62:8d:a7:f0:4eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtsapi32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

urlmon

ws2_32

Sections

.text Size: 695KB - Virtual size: 695KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 36KB - Virtual size: 50KB

.AAA Size: 512B - Virtual size: 4B

.rsrc Size: 58KB - Virtual size: 58KB

.reloc Size: 32KB - Virtual size: 31KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

01
Certificate

dd:e4:31:46:9f:44:ee:01:cd:42:b3:68:0a:b9:99:0d
Certificate

47:8e:b2:2b:20:8c:1e:4d:60:37:df:3e:9f:0c:42:62:8d:a7:f0:4e
Signer

.text
Size: 695KB - Virtual size: 695KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 36KB - Virtual size: 50KB

.AAA
Size: 512B - Virtual size: 4B

.rsrc
Size: 58KB - Virtual size: 58KB

.reloc
Size: 32KB - Virtual size: 31KB