2024-06-06_742697b2b227e399a1ad295182a1621a_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-06_742697b2b227e399a1ad295182a1621a_mafia
Size

2.1MB
MD5

742697b2b227e399a1ad295182a1621a
SHA1

e4c4198d4f8a928b56407ff61585ea383a508480
SHA256

a87f07bb702e4bc6f9f2157431dc083051b465bf055a851bab1c411ef2a3e3e6
SHA512

77f40c86c28ba2cdd80bcbe725248842f2e26e6caf0b1d975f9be6ab5041db9e2bf69ae25a955a7e7481f7ad46f5ea0e5896f8b8acfc414adc13e3d25bf692c8
SSDEEP

49152:Rel1q3E+pbzn2ddlVwFMLEotCsC5rPqaLJMZz0/Jc56LK3yPdq:2q3E+pbidjzLEoQsC5rPqaA0Rc56LK3Z

Score

1^/10

Malware Config

Signatures

Files

2024-06-06_742697b2b227e399a1ad295182a1621a_mafia
.exe windows:5 windows x86 arch:x86

e0d853a57826aeb7cd4e206adf2127b0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:20:bc:cf:87:33:b8:d4:72:91:41:5f:3c:98:66:b5
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/05/2016, 00:00

Not After

03/05/2017, 23:59

Subject

CN=Goodstory,OU=IT Team,O=Goodstory,L=Jeonju-si,ST=Jeonlabuk-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7a:7e:6b:96:f6:19:97:f2:d3:aa:c9:1e:7f:12:6b:f5:d8:6d:62:32
Signer

Actual PE Digest

7a:7e:6b:96:f6:19:97:f2:d3:aa:c9:1e:7f:12:6b:f5:d8:6d:62:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\100. STUDY\SOURCE\MFC\RealTimeMonitor_20170219\Release\rtmnt.pdb

Imports

kernel32

GetTimeZoneInformation
GetStringTypeW
LCMapStringW
WriteConsoleW
GetLocaleInfoA
EnumSystemLocalesA
IsValidCodePage
CreateFileA
SetEnvironmentVariableA
GetDriveTypeW
GetProcessHeap
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
HeapSize
HeapQueryInformation
GetFileType
SetStdHandle
CreateThread
ExitThread
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapReAlloc
DeleteFileA
ExitProcess
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
HeapAlloc
RtlUnwind
RaiseException
HeapFree
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
SearchPathW
GetProfileIntW
GetTickCount
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
SetErrorMode
GlobalFlags
GetSystemDirectoryW
GetCurrentDirectoryW
lstrlenA
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
GetFileTime
GetFileSizeEx
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
lstrcmpiW
GetThreadLocale
FindNextFileW
FindClose
GlobalFindAtomW
CompareStringW
ReleaseActCtx
CreateActCtxW
lstrcpyW
FreeResource
GlobalAddAtomW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
CreateEventW
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameW
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
lstrcmpW
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ActivateActCtx
DeactivateActCtx
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFree
CopyFileW
FormatMessageW
LocalFree
MulDiv
lstrlenW
SetLastError
GlobalUnlock
GlobalAlloc
GlobalLock
GlobalSize
FindFirstFileW
LoadLibraryW
GetLastError
GetSystemTime
DeleteFileW
RemoveDirectoryW
FreeLibrary
CreateDirectoryW
TerminateThread
InterlockedDecrement
OpenProcess
GetExitCodeProcess
TerminateProcess
LoadLibraryA
InterlockedIncrement
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
CloseHandle
GetCurrentProcessId
VirtualProtect
GetVersionExW
GetNativeSystemInfo
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
IsValidLocale
WideCharToMultiByte

user32

DestroyIcon
ReleaseCapture
WindowFromPoint
SetCapture
RealChildWindowFromPoint
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
DeleteMenu
LoadCursorW
GetSysColorBrush
CharUpperW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
PtInRect
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
CopyRect
GetSysColor
EndPaint
BeginPaint
CharNextW
ScreenToClient
GrayStringW
DrawTextExW
TabbedTextOutW
UnhookWindowsHookEx
GetClassNameW
InvalidateRect
UpdateWindow
FillRect
DrawStateW
SetWindowContextHelpId
MapDialogRect
SetWindowPos
RegisterWindowMessageW
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
GetActiveWindow
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
IsCharLowerW
GetDoubleClickTime
GetUpdateRect
GetSubMenu
RemoveMenu
IsClipboardFormatAvailable
wsprintfW
MessageBoxW
GetSystemMetrics
SetTimer
KillTimer
WaitMessage
PostMessageW
PeekMessageW
DispatchMessageW
DrawTextW
GetIconInfo
FindWindowW
EnableWindow
LoadIconW
ReleaseDC
GetWindowDC
GetDC
OffsetRect
CopyAcceleratorTableW
IntersectRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
UnregisterClassW
CopyImage
LoadMenuW
SetWindowRgn
NotifyWinEvent
GetAsyncKeyState
IsZoomed
GetClientRect
GetWindowRect
IsIconic
GetSystemMenu
SendMessageW
AppendMenuW
DrawIcon
SetRect
IsRectEmpty
EnumWindows
GetWindowThreadProcessId
GetWindowRgn
DestroyCursor
SubtractRect
GetKeyNameTextW
MapVirtualKeyExW
SetWindowsHookExW
SetWindowsHookExA
CreateMenu
TranslateMDISysAccel
DrawMenuBar
CallNextHookEx
GetDesktopWindow
IsWindowVisible
GetWindow
DefMDIChildProcW
DefFrameProcW
PostThreadMessageW
CharUpperBuffW
CopyIcon
FrameRect
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
RegisterClipboardFormatW
HideCaret
InvertRect
UnpackDDElParam
ReuseDDElParam
LoadImageW
InsertMenuItemW
TranslateAcceleratorW
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongW
DestroyAcceleratorTable
SetParent
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
ClientToScreen
UnionRect

gdi32

CreateRectRgn
CombineRgn
GetDeviceCaps
CopyMetaFileW
CreateDCW
CreateSolidBrush
SetPolyFillMode
SetROP2
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
CreatePatternBrush
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
GetTextExtentPoint32W
CreateDIBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
SetRectRgn
GetMapMode
DPtoLP
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
SetPixel
Rectangle
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
PatBlt
SetTextColor
DeleteDC
CreateDIBSection
CreateFontIndirectW
StretchBlt
GetDIBits
SetBkColor
CreateBitmap
SetBkMode
SelectObject
CreateRectRgnIndirect
SaveDC
RealizePalette
GetObjectW
GetClipBox
RectVisible
ExtSelectClipRgn
GetStockObject
RestoreDC
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCloseKey
RegEnumKeyExW
RegEnumValueW

shell32

DragFinish
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHAppBarMessage
DragQueryFileW
SHGetSpecialFolderPathA
ShellExecuteW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW

ole32

OleDuplicateData
CoCreateGuid
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoInitialize
CoUninitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoInitializeEx
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoTaskMemAlloc
ReleaseStgMedium
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoTaskMemFree

oleaut32

VariantChangeType
VariantInit
VariantCopy
VariantClear
SysFreeString
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
OleCreateFontIndirect
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
SysAllocString

oledlg

OleUIBusyW

gdiplus

GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown

ws2_32

closesocket
htonl
htons
accept
socket
select
bind
WSAGetLastError
WSASetLastError
connect
sendto
recvfrom
WSAAsyncSelect
send
recv
WSAStartup
gethostname
gethostbyname
inet_ntoa
inet_addr
ioctlsocket
WSACleanup

iphlpapi

DeleteIpForwardEntry
GetIpForwardTable
CreateIpForwardEntry

wininet

InternetQueryDataAvailable
HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 178KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0d853a57826aeb7cd4e206adf2127b0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

50:20:bc:cf:87:33:b8:d4:72:91:41:5f:3c:98:66:b5Certificate

Extended Key Usages

Key Usages

7a:7e:6b:96:f6:19:97:f2:d3:aa:c9:1e:7f:12:6b:f5:d8:6d:62:32Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

ws2_32

iphlpapi

wininet

oleacc

imm32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 308KB - Virtual size: 308KB

.data Size: 178KB - Virtual size: 228KB

.rsrc Size: 80KB - Virtual size: 80KB

.reloc Size: 179KB - Virtual size: 178KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

50:20:bc:cf:87:33:b8:d4:72:91:41:5f:3c:98:66:b5
Certificate

7a:7e:6b:96:f6:19:97:f2:d3:aa:c9:1e:7f:12:6b:f5:d8:6d:62:32
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 308KB - Virtual size: 308KB

.data
Size: 178KB - Virtual size: 228KB

.rsrc
Size: 80KB - Virtual size: 80KB

.reloc
Size: 179KB - Virtual size: 178KB