2024-06-04_c9f3394b842c5eb2d28774f4ef1d3998_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-04_c9f3394b842c5eb2d28774f4ef1d3998_mafia
Size

1.7MB
MD5

c9f3394b842c5eb2d28774f4ef1d3998
SHA1

0761529254ef1f20892ca6f4a7576906fa37055c
SHA256

ac94e16a789a3d82cacb85f06c344f6caf6c6cc41f345898a059640f417c0754
SHA512

22db6a74791ea91dbb2cc22a45852e2b664618dd256ce539e4fd696e52820a60399e55df410a88329715fc270a7ce821fe180efe0b05352076305e472fad5632
SSDEEP

24576:ppmjBbyrHRxwDTCTGuPZdZCSmwdxY2MaugVXyDANT4KoRFoRfMdM+i5SVp7M:pEMxw3CTXZCRyxpXesdGRVhM

Score

1^/10

Malware Config

Signatures

Files

2024-06-04_c9f3394b842c5eb2d28774f4ef1d3998_mafia
.exe windows:5 windows x86 arch:x86

5dc177c1b2306eb65d7fb5ceaaaa423a

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:bf:92:4e:a3:bb:36:4a:9c:02:78:c0:ba:68:28:79
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/05/2012, 00:00

Not After

24/07/2013, 23:59

Subject

CN=Beijing ELEX Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing ELEX Technology Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:db:66:bb:1d:4e:c5:af:29:ba:9f:c0:05:f9:9b:b3:21:d4:5e:56
Signer

Actual PE Digest

aa:db:66:bb:1d:4e:c5:af:29:ba:9f:c0:05:f9:9b:b3:21:d4:5e:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\soft365\MakerV2\Release\SoftStudio.pdb

Imports

ws2_32

gethostname
ioctlsocket
select
__WSAFDIsSet
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
WSASetLastError
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
socket
closesocket
WSAGetLastError
WSAStartup
WSACleanup

wldap32

ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46

kernel32

IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
FlushFileBuffers
SetStdHandle
GetFullPathNameA
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
HeapCreate
IsProcessorFeaturePresent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetEnvironmentVariableW
FreeResource
FindResourceW
LoadResource
CreateProcessW
CreateDirectoryW
WaitForSingleObject
WriteFile
WideCharToMultiByte
SizeofResource
GetFileAttributesW
GetModuleFileNameW
CreateFileW
GetStdHandle
GetLastError
LockResource
CloseHandle
GetStringTypeW
SetFilePointer
SystemTimeToFileTime
SetFileTime
ReadFile
MultiByteToWideChar
GetCurrentDirectoryW
LocalFileTimeToFileTime
CreateFileA
DeviceIoControl
GetVolumeInformationW
GetSystemDefaultLangID
ExitProcess
GetFileSize
GetModuleHandleW
GetVersionExW
GetProcAddress
FindClose
GetLocalTime
GetSystemInfo
lstrcmpiW
ExpandEnvironmentStringsA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
SetLastError
SleepEx
FormatMessageA
GetTickCount
PeekNamedPipe
WaitForMultipleObjects
GetFileType
FreeLibrary
LoadLibraryA
Sleep
TerminateProcess
GetCPInfo
LCMapStringW
LoadLibraryW
CompareStringW
SetEnvironmentVariableA
WriteConsoleW
GetDriveTypeW
SetEndOfFile
GetProcessHeap
GetFileInformationByHandle
CreateThread
GetCurrentThreadId
DeleteFileW
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapReAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
ExitThread

user32

GetSystemMetrics
wsprintfW

advapi32

RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

Sections

.text
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dc177c1b2306eb65d7fb5ceaaaa423a

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

27:bf:92:4e:a3:bb:36:4a:9c:02:78:c0:ba:68:28:79Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

aa:db:66:bb:1d:4e:c5:af:29:ba:9f:c0:05:f9:9b:b3:21:d4:5e:56Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

kernel32

user32

advapi32

shell32

Sections

.text Size: 392KB - Virtual size: 392KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 19KB - Virtual size: 19KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

27:bf:92:4e:a3:bb:36:4a:9c:02:78:c0:ba:68:28:79
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

aa:db:66:bb:1d:4e:c5:af:29:ba:9f:c0:05:f9:9b:b3:21:d4:5e:56
Signer

.text
Size: 392KB - Virtual size: 392KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 19KB - Virtual size: 19KB