Static task
static1
Behavioral task
behavioral1
Sample
2024-06-10_3490f6d91abde438c478d63a7056e2a1_mafia.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-06-10_3490f6d91abde438c478d63a7056e2a1_mafia.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-06-10_3490f6d91abde438c478d63a7056e2a1_mafia
-
Size
1.8MB
-
MD5
3490f6d91abde438c478d63a7056e2a1
-
SHA1
cf3bce0bd4fddb1503fdf650706411b52ac89fb6
-
SHA256
6645b973e837e014541364a92ca106fb330580c387aca223e34012dcdbf84123
-
SHA512
212a4e29bc616602c22077a34838c3ac16644152bb48e8ddfa8517789abad2a01e7d1cd8b418c6431d46da46738a2300b96a8f352ecbc98599c9610f046a83e7
-
SSDEEP
49152:yJBW5Wju25QgecHOYDw+gO4sRSrq/2fJMj6uGLGNN2ZbO4BWiCLM7pm0rAhAca:sIcC2+gecHOn+g2RSeAJMj6uGLGNo3WC
Malware Config
Signatures
Files
-
2024-06-10_3490f6d91abde438c478d63a7056e2a1_mafia.exe windows:5 windows x86 arch:x86
9fb19575f7241f333d3018045d63b240
Code Sign
3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:beCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before29/01/1996, 00:00Not After02/08/2028, 23:59SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before08/11/2006, 00:00Not After07/11/2021, 23:59SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/11/2006, 00:00Not After16/07/2036, 23:59SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
22:e6:e1:d1:d2:70:b0:96:8d:f7:47:8a:8b:27:7b:ffCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before01/11/2014, 00:00Not After01/11/2015, 23:59SubjectCN=Smilegate Games Inc.,O=Smilegate Games Inc.,L=Seongnam-si,ST=Gyeonggi-do,C=KRExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
6d:17:ef:d4:b3:4c:7c:4f:f3:07:74:d1:ab:44:36:b0:4b:79:eb:98Signer
Actual PE Digest6d:17:ef:d4:b3:4c:7c:4f:f3:07:74:d1:ab:44:36:b0:4b:79:eb:98Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\SmileGate\GSS\SVN\DEV\AUTH\LoginLauncher\Deploy\LoginLauncher.pdb
Imports
iphlpapi
GetIpForwardTable
GetAdaptersInfo
ws2_32
WSAStartup
WSAGetLastError
WSAEnumNetworkEvents
WSAEventSelect
WSACleanup
WSACreateEvent
WSACloseEvent
closesocket
socket
setsockopt
send
recv
connect
gethostbyname
WSASetLastError
htons
inet_addr
htonl
WSAWaitForMultipleEvents
imagehlp
MakeSureDirectoryPathExists
kernel32
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
CompareStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
HeapCreate
IsValidLocale
EnumSystemLocalesA
GetStringTypeW
LCMapStringW
IsValidCodePage
GetLocaleInfoW
GetStdHandle
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapQueryInformation
HeapSize
GetSystemTimeAsFileTime
GetFileType
SetStdHandle
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitProcess
ExitThread
EncodePointer
DecodePointer
FindResourceExW
VirtualProtect
GetNumberFormatA
GetWindowsDirectoryA
SearchPathA
GetProfileIntA
GetTickCount
GetTempPathA
GetTempFileNameA
GetUserDefaultLCID
GetFileTime
GetFileSizeEx
GetFileAttributesA
GetFileAttributesExA
GetOEMCP
GetCPInfo
GetACP
GlobalFlags
GetCurrentDirectoryA
lstrcpyA
GetSystemDirectoryW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
FileTimeToLocalFileTime
FileTimeToSystemTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
SuspendThread
SetThreadPriority
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
lstrcmpA
GetModuleHandleW
InterlockedIncrement
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
MoveFileA
DeleteFileA
lstrcmpiA
GetThreadLocale
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryW
lstrcmpW
ActivateActCtx
DeactivateActCtx
GlobalSize
FormatMessageA
CreateThread
CreateDirectoryA
GetSystemTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CopyFileA
SetLastError
WriteFile
ReadFile
GetFileSize
LocalFree
LocalAlloc
FreeLibrary
ReleaseMutex
CreateMutexA
GetModuleHandleA
Process32Next
Process32First
CreateToolhelp32Snapshot
HeapFree
GetProcessHeap
HeapAlloc
lstrlenA
lstrlenW
ResetEvent
SetEvent
WaitForSingleObject
FreeResource
FindResourceA
GlobalAlloc
ResumeThread
GlobalFree
GlobalUnlock
GlobalLock
CreateEventA
Sleep
MulDiv
GetVersionExA
GetLastError
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
SetUnhandledExceptionFilter
SetErrorMode
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
GetModuleFileNameA
GetLocalTime
GetProcAddress
LoadLibraryA
OpenEventA
OpenProcess
IsProcessorFeaturePresent
GetExitCodeProcess
user32
GetSysColorBrush
MapVirtualKeyA
GetKeyNameTextA
LoadCursorW
IsRectEmpty
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
CharNextA
CharUpperA
IntersectRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowTextA
IsDialogMessageA
CheckDlgButton
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
ValidateRect
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
GetMenu
SetWindowPos
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
DestroyCursor
BeginPaint
SetRectEmpty
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetFocus
ScreenToClient
PtInRect
UpdateWindow
DrawStateA
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
SetCursor
GetMessageA
LoadIconA
TranslateMessage
SetWindowLongA
CreateWindowExA
DefWindowProcA
ShowWindow
DispatchMessageA
CallWindowProcA
LoadCursorA
RegisterClassA
MoveWindow
IsIconic
SetTimer
AppendMenuA
GetSystemMenu
LoadIconW
GetWindow
GetWindowThreadProcessId
IsWindow
SubtractRect
MapVirtualKeyExA
IsCharLowerA
RedrawWindow
DrawIcon
EnumDisplayMonitors
SetLayeredWindowAttributes
DeleteMenu
LoadMenuW
KillTimer
GetSystemMetrics
CopyRect
FillRect
ReleaseDC
SetRect
GetNextDlgGroupItem
IsWindowVisible
FindWindowA
ClientToScreen
GetDC
OffsetRect
DrawEdge
WindowFromPoint
GetCursorPos
GetCapture
GetWindowLongA
GetSysColor
GrayStringA
DrawTextExA
TabbedTextOutA
GetKeyState
GetParent
SetCapture
ReleaseCapture
InvalidateRect
DrawTextA
DrawFocusRect
MessageBeep
NotifyWinEvent
GetAsyncKeyState
IsZoomed
UnionRect
EnableScrollBar
UpdateLayeredWindow
MonitorFromPoint
IsMenu
CreatePopupMenu
SetMenuDefaultItem
GetMenuDefaultItem
RealChildWindowFromPoint
InflateRect
SendMessageA
GetClassNameA
PostMessageA
GetClientRect
SetWindowRgn
GetWindowRect
LoadBitmapW
LoadImageA
LoadBitmapA
EnableWindow
MessageBoxExW
CopyImage
GetWindowRgn
GetWindowDC
GetDoubleClickTime
GetUpdateRect
IsClipboardFormatAvailable
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
GetIconInfo
HideCaret
InvertRect
PostThreadMessageA
CharUpperBuffA
CopyIcon
FrameRect
RegisterClipboardFormatA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFrameControl
DrawIconEx
SetClassLongA
DestroyAcceleratorTable
SetParent
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
TranslateAcceleratorA
DestroyIcon
WaitMessage
InvalidateRgn
CopyAcceleratorTableA
EndPaint
UnregisterClassA
gdi32
SetROP2
SetStretchBltMode
SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
SetRectRgn
PatBlt
RestoreDC
GetTextExtentPoint32A
CreateEllipticRgn
SetPolyFillMode
CreateDIBSection
CreateDIBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
CreateRoundRectRgn
GetRgnBox
CreatePolygonRgn
Polyline
Polygon
OffsetRgn
SetDIBColorTable
RealizePalette
SetPixel
Rectangle
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExA
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceA
SetPixelV
Ellipse
SetBkMode
SaveDC
CopyMetaFileA
SetBkColor
CreateSolidBrush
SelectClipRgn
StretchBlt
DeleteDC
GetDeviceCaps
CreateDCA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateBitmap
CreateRectRgnIndirect
CreateFontIndirectA
GetBkColor
DPtoLP
GetViewportExtEx
GetWindowExtEx
GetMapMode
LPtoDP
SelectObject
GetPixel
CombineRgn
CreateRectRgn
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
GetObjectA
GetTextColor
GetStockObject
msimg32
TransparentBlt
AlphaBlend
comdlg32
GetFileTitleA
winspool.drv
OpenPrinterA
DocumentPropertiesA
ClosePrinter
advapi32
RegDeleteKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
shell32
ShellExecuteA
ShellExecuteExA
SHGetFileInfoA
SHAppBarMessage
DragQueryFileA
DragFinish
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
comctl32
_TrackMouseEvent
InitCommonControlsEx
ImageList_GetIconSize
shlwapi
PathIsUNCA
PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathRemoveFileSpecW
ole32
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateGuid
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoInitialize
CoUninitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
RevokeDragDrop
OleFlushClipboard
DoDragDrop
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoInitializeEx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CoLockObjectExternal
IsAccelerator
OleLockRunning
OleGetClipboard
RegisterDragDrop
CoTaskMemFree
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleTranslateAccelerator
CoRegisterMessageFilter
CoRevokeClassObject
oleaut32
OleCreateFontIndirect
SysAllocString
SysStringLen
VariantCopy
SysAllocStringLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
OleLoadPicture
SysFreeString
oledlg
ord8
gdiplus
GdipDrawImageI
GdiplusShutdown
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
wininet
InternetCanonicalizeUrlA
InternetQueryDataAvailable
HttpQueryInfoA
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
oleacc
AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject
imm32
ImmGetContext
ImmReleaseContext
ImmGetOpenStatus
winmm
PlaySoundA
psapi
GetModuleBaseNameA
EnumProcessModules
EnumProcesses
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 298KB - Virtual size: 298KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 179KB - Virtual size: 178KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ