2024-06-10_707a68236bfd1601865aa27a760aeba5_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-10_707a68236bfd1601865aa27a760aeba5_mafia
Size

2.2MB
MD5

707a68236bfd1601865aa27a760aeba5
SHA1

c972dc701709c2dea8c6daa0db5be873b5599b6f
SHA256

ce5ad0db5fbd3efb0f430a16ddaa58919d6477d126e7365dfc35a53393e7ed4d
SHA512

f2c1ce500f4d35b385ca80f01897903513377ea8c54bf50f30de13f79317e7ec4aa4cee0f34dacef5abb0e58d9b2ac9c941fd20f24df702cf22b079a7716b91c
SSDEEP

49152:Wjd0FpCxgrwFqFUAgGd7C6H10N9dxRvZ8vBnjQsc52XKepDUSICi0utBtX9l:WZ0uqFUAgGdB2N9dxRvZ8vBnjE2aeiSa

Score

1^/10

Malware Config

Signatures

Files

2024-06-10_707a68236bfd1601865aa27a760aeba5_mafia
.exe windows:5 windows x86 arch:x86

5dcdb2bb09391be37a8e0e6a0f1ca76f

Code Sign

0e:a1:46:39:54:7a:83:ea:1e:75:ba:f7:9b:85:4c:b4
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

05/09/2014, 00:00

Not After

09/11/2015, 12:00

Subject

SERIALNUMBER=C3105953,CN=Foxit Software Incorporated,O=Foxit Software Incorporated,POSTALCODE=94538,STREET=Suite 201+STREET=42840 Christy Street,L=Fremont,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:0f:42:b5:61:26:f3:9c:70:33:e7:a8:07:16:a3:c3:5a:ff:89:7e
Signer

Actual PE Digest

60:0f:42:b5:61:26:f3:9c:70:33:e7:a8:07:16:a3:c3:5a:ff:89:7e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\jobs\FoxitPhantom7_BIZ_ASUS\workspace\Plugin SDK\Plugins\ShareReview\Release\Track Review.pdb

Imports

kernel32

WriteConsoleW
SetEnvironmentVariableA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
LCMapStringW
LoadLibraryA
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GlobalLock
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapSize
HeapQueryInformation
RaiseException
RtlUnwind
ExitProcess
ExitThread
HeapReAlloc
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
GetNumberFormatW
GetWindowsDirectoryW
GetCurrentDirectoryW
GetTempFileNameW
GetUserDefaultLCID
GetFileTime
GetFileSizeEx
GetFileAttributesW
GetFileAttributesExW
SetErrorMode
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
GlobalGetAtomNameW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetUserDefaultUILanguage
ConvertDefaultLocale
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
SetThreadPriority
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
GetFullPathNameW
GetVolumeInformationW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiW
GetThreadLocale
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
CopyFileW
GlobalSize
FormatMessageW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
InitializeCriticalSectionAndSpinCount
lstrcmpW
lstrlenA
lstrcmpA
WaitForMultipleObjects
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetCurrentProcessId
CreateMutexW
GetCurrentThreadId
ReleaseMutex
TerminateThread
CreateThread
LocalFree
LocalAlloc
GetCurrentProcess
GetCurrentThread
Sleep
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GetSystemDirectoryW
CreateFileW
ResetEvent
SetEvent
WaitForSingleObject
ResumeThread
MulDiv
GlobalUnlock
CreateEventW
FindFirstFileW
GetTempPathW
ActivateActCtx
GetProcAddress
GetModuleHandleW
LoadLibraryW
DeactivateActCtx
SetLastError
FreeResource
GetModuleFileNameW
GetSystemDefaultUILanguage
GetVersionExW
HeapFree
HeapAlloc
WideCharToMultiByte
GlobalFree
MultiByteToWideChar
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
GetDriveTypeW
DeleteFileW
CreateDirectoryW
GetLastError
lstrcpynW
lstrcpyW
lstrlenW
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalAlloc

user32

GetKeyboardLayout
ToUnicodeEx
SetClassLongW
DestroyAcceleratorTable
SetParent
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsZoomed
GetAsyncKeyState
NotifyWinEvent
GetSystemMenu
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
WaitMessage
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
CharNextW
UnregisterClassW
SetLayeredWindowAttributes
EnumDisplayMonitors
CopyImage
GetSysColorBrush
RealChildWindowFromPoint
UnpackDDElParam
ReuseDDElParam
LoadImageW
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorW
DrawStateW
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMessageW
TranslateMessage
DestroyCursor
SetCursorPos
ReleaseCapture
SetCapture
SetWindowRgn
SystemParametersInfoW
OffsetRect
MapVirtualKeyW
GetKeyNameTextW
IntersectRect
InflateRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
CharUpperW
GetKeyboardState
RemoveMenu
ShowWindow
MoveWindow
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
GetUpdateRect
SendDlgItemMessageA
WinHelpW
SendMessageW
GetWindowRect
PtInRect
ClientToScreen
ScreenToClient
IsChild
GetCapture
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
RedrawWindow
ValidateRect
GetMenuItemID
CreateAcceleratorTableW
LockWindowUpdate
InvertRect
HideCaret
GetIconInfo
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
CopyIcon
GetDoubleClickTime
RegisterClipboardFormatW
FrameRect
CharUpperBuffW
PostThreadMessageW
CreateWindowExW
GetClassInfoExW
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowLongW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
InsertMenuW
EnableWindow
GetParent
GetSystemMetrics
GetDC
ReleaseDC
GetClientRect
FillRect
SetCursor
LoadCursorW
IsWindowVisible
IsWindow
EqualRect
SetRectEmpty
wsprintfW
EnumChildWindows
SetWindowTextW
SetDlgItemTextW
GetMenuItemInfoW
SetMenuItemInfoW
GetMenuItemCount
GetMenuStringW
GetSubMenu
GetDlgCtrlID
SetWindowPos
LoadIconW
IsCharLowerW
MapVirtualKeyExW
SubtractRect
GetWindowRgn
SendDlgItemMessageW
DestroyIcon
SetRect
InvalidateRect
GetSysColor
CopyRect
DrawIcon
UpdateWindow
DrawTextW
PostMessageW
UnhookWindowsHookEx
SetWindowsHookExW
MessageBoxW
FindWindowW
GetClassInfoW
RegisterClassW
IsIconic
SetTimer
KillTimer
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
SetActiveWindow
IsRectEmpty
LoadMenuW
DeleteMenu
AppendMenuW
DestroyMenu
IsWindowEnabled
WindowFromPoint
GetCursorPos
GetKeyState
TabbedTextOutW
DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetWindowLongW
GetWindow
SetMenuItemBitmaps

gdi32

SetPixel
SetDIBColorTable
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
Rectangle
OffsetRgn
GetSystemPaletteEntries
CreatePolygonRgn
GetTextColor
GetBkColor
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
CreateDIBitmap
CreateDIBSection
Ellipse
LPtoDP
CreateEllipticRgn
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateDCW
CopyMetaFileW
CreateHatchBrush
CreatePen
GetObjectType
SelectPalette
CreateBitmap
CreatePatternBrush
ExtSelectClipRgn
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
CreateRoundRectRgn
GetRgnBox
Polygon
Polyline
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
StretchBlt
CreateSolidBrush
GetTextExtentPoint32W
GetObjectW
CreateFontIndirectW
SelectObject
DeleteDC
DeleteObject
GetStockObject
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
OffsetWindowOrgEx
ScaleWindowExtEx
SetWindowExtEx
SetTextAlign
LineTo
MoveToEx

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegQueryValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
CredFree
CredGetTargetInfoW

shell32

SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderPathW
SHGetFileInfoW
ShellExecuteW
SHGetDesktopFolder
SHGetSpecialFolderLocation
DragFinish
SHAppBarMessage
SHBrowseForFolderW
DragQueryFileW

comctl32

ImageList_GetIconSize
InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFileExistsW
PathIsUNCW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
CoRevokeClassObject
CoRegisterMessageFilter
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitialize
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
CoInitializeEx
CoCreateInstance
CoUninitialize
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysStringLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
OleCreateFontIndirect
VariantInit
VariantChangeType
SysFreeString
SysAllocStringLen
VariantClear

oledlg

OleUIBusyW

gdiplus

GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdiplusShutdown
GdiplusStartup
GdipDrawImageI
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipReleaseDC
GdipBitmapUnlockBits

mpr

WNetCancelConnection2W
WNetAddConnection2W

winhttp

WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpCrackUrl
WinHttpQueryAuthSchemes
WinHttpQueryOption
WinHttpWriteData
WinHttpSendRequest
WinHttpSetOption
WinHttpSetCredentials
WinHttpCloseHandle

wininet

InternetGetConnectedState

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dcdb2bb09391be37a8e0e6a0f1ca76f

Code Sign

0e:a1:46:39:54:7a:83:ea:1e:75:ba:f7:9b:85:4c:b4Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

60:0f:42:b5:61:26:f3:9c:70:33:e7:a8:07:16:a3:c3:5a:ff:89:7eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

mpr

winhttp

wininet

oleacc

imm32

winmm

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 352KB - Virtual size: 351KB

.data Size: 30KB - Virtual size: 61KB

.rsrc Size: 127KB - Virtual size: 127KB

.reloc Size: 197KB - Virtual size: 196KB

0e:a1:46:39:54:7a:83:ea:1e:75:ba:f7:9b:85:4c:b4
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

60:0f:42:b5:61:26:f3:9c:70:33:e7:a8:07:16:a3:c3:5a:ff:89:7e
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 352KB - Virtual size: 351KB

.data
Size: 30KB - Virtual size: 61KB

.rsrc
Size: 127KB - Virtual size: 127KB

.reloc
Size: 197KB - Virtual size: 196KB