2024-06-14_d9e955b954d71d07d22a62f0dc64dba7_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-14_d9e955b954d71d07d22a62f0dc64dba7_mafia
Size

490KB
MD5

d9e955b954d71d07d22a62f0dc64dba7
SHA1

c5902af60053feec7d1136ddd7b75a2a1fcbf9da
SHA256

accf047ecd8b4304362d92bbacd69ae64447292c014d6f963ebf262aed31781a
SHA512

5ceeb81e80b80a4c6373011d2de21c17e136971b6ee43349266254f1c850ba5d36c15d9be47229ec6267d05b98ffb9cf9d7a3cd3cf861443bb526c92ed24e08c
SSDEEP

12288:Hv9ul1ajmXjttSEFw2b5Vm2XvOVjCIftK3Qb+3Ns+Ipd:Hv9U1hSucVOmBC9stz

Score

1^/10

Malware Config

Signatures

Files

2024-06-14_d9e955b954d71d07d22a62f0dc64dba7_mafia
.exe windows:5 windows x86 arch:x86

a7316bcf08050d6df5b33eeb88dee425

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:73:25:75:d9:f6:5a:aa:13:56:4d:e7:46:e2:32:12:59
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12/09/2013, 14:27

Not After

17/11/2016, 13:11

Subject

CN=ApexSQL\, LLC,O=ApexSQL\, LLC,L=Chapel Hill,ST=NC,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:32:40:9c:f5:7c:aa:38:5c:08:5e:58:1a:15:8e:aa:5d:d1:ca:fe
Signer

Actual PE Digest

00:32:40:9c:f5:7c:aa:38:5c:08:5e:58:1a:15:8e:aa:5d:d1:ca:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Source\LogEngine\Branches\2014.01\Build\temp\bin\Release\ApexSqlRecoverServerHelperx86.exe.pdb

Imports

ntdll

NtQueryVirtualMemory
RtlUnwind
NtQuerySystemInformation
_wcsicmp
_chkstk
_vsnprintf
strcspn
memchr
_vsnwprintf
memset
memmove
memcpy

psapi

GetMappedFileNameW

kernel32

CloseHandle
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
SetEvent
GetLastError
GetCurrentProcessId
WaitForSingleObject
GetCurrentThreadId
GetLocalTime
LocalFree
FormatMessageW
MoveFileW
DeleteFileW
Sleep
CreateEventW
GetTickCount
GetCurrentProcess
DuplicateHandle
EnterCriticalSection
OpenProcess
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
QueueUserWorkItem
FreeLibrary
GetProcAddress
LoadLibraryW
LocalAlloc
LocalReAlloc
GetModuleFileNameW
CreateDirectoryW
GetFileAttributesW
ProcessIdToSessionId
OpenFileMappingW
WriteFile
GetDiskFreeSpaceW
ReleaseMutex
OpenMutexW
CreateMutexW
CreateFileW
QueryPerformanceCounter
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
GetUserDefaultLCID
GetLocaleInfoA
SetEnvironmentVariableA
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
SetEndOfFile
GetProcessHeap
SetLastError
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
GetLocaleInfoW
AreFileApisANSI
FormatMessageA
HeapFree
RaiseException
GetCPInfo
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
LCMapStringW
GetTimeFormatA
GetDateFormatA
CompareStringW
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapCreate
ExitProcess
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW

advapi32

AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
FreeSid
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenServiceW
ControlService
DeleteService
OpenSCManagerW
EnumServicesStatusExW
CloseServiceHandle
OpenSCManagerA

Sections

.text
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7316bcf08050d6df5b33eeb88dee425

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate

Extended Key Usages

Key Usages

11:21:73:25:75:d9:f6:5a:aa:13:56:4d:e7:46:e2:32:12:59Certificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

00:32:40:9c:f5:7c:aa:38:5c:08:5e:58:1a:15:8e:aa:5d:d1:ca:feSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

psapi

kernel32

advapi32

Sections

.text Size: 368KB - Virtual size: 367KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 14KB - Virtual size: 24KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 33KB - Virtual size: 33KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

11:21:73:25:75:d9:f6:5a:aa:13:56:4d:e7:46:e2:32:12:59
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

00:32:40:9c:f5:7c:aa:38:5c:08:5e:58:1a:15:8e:aa:5d:d1:ca:fe
Signer

.text
Size: 368KB - Virtual size: 367KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 14KB - Virtual size: 24KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 33KB - Virtual size: 33KB