2024-06-14_70711b7df27134bf856190cf87c180e6_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-14_70711b7df27134bf856190cf87c180e6_mafia
Size

496KB
MD5

70711b7df27134bf856190cf87c180e6
SHA1

f94debd29da4832e97fc6743fac9bf602cd6b631
SHA256

ef59fd767dddd615d7afe963fcbbadcae81c0d2de8486ee63fe2a621ae3a9da1
SHA512

829f9494894fa75a85f9c242bd680c07abd35ff8c96da4f06a1e2f200c468553ff102f2a6d6ce9fc4839ccce91663d373982e842e0cfded3aec677f4b4144957
SSDEEP

12288:xIXQomOl0CQEwYyWPI+jzoFohYwX2rYfHhu7nZlEr2TXrVlxnQqM:xIXBmOl0CQEw7WPI+fTOwpHhAZlEsXr6

Score

1^/10

Malware Config

Signatures

Files

2024-06-14_70711b7df27134bf856190cf87c180e6_mafia
.exe windows:5 windows x86 arch:x86

10516499bdfe887e96f2f06faa9a501d

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:66:05:52:d4:65:b3:1f:42:9f:75:27:ea:6a:93:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/09/2010, 00:00

Not After

23/11/2013, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e2:c0:fb:25:f2:18:c1:8f:35:62:d1:cb:0e:96:d9:54:67:93:d3:53
Signer

Actual PE Digest

e2:c0:fb:25:f2:18:c1:8f:35:62:d1:cb:0e:96:d9:54:67:93:d3:53

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\SEP_12.1\Output\Install\Bin.iru\SylinkDrop.pdb

Imports

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

kernel32

TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetModuleHandleW
GetProcAddress
GetCurrentProcess
GetSystemDirectoryW
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetLastError
lstrlenA
CloseHandle
CreateFileW
ReadFile
InterlockedDecrement
LoadLibraryW
FreeLibrary
DeleteFileW
MoveFileW
WaitForSingleObject
GetModuleFileNameW
GetFileSize
WriteFile
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateProcessW
GetExitCodeProcess
GetFileAttributesW
Sleep
GetEnvironmentVariableW
SetFilePointer
CopyFileW
GetVersionExW
HeapFree
GetProcessHeap
VirtualFree
HeapSize
HeapAlloc
VirtualAlloc
GetSystemInfo
HeapReAlloc
InterlockedIncrement
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
TlsSetValue
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
OutputDebugStringW
InterlockedExchange
InterlockedCompareExchange
VerifyVersionInfoW
VerSetConditionMask
GetCurrentThread
LoadLibraryExW
GetWindowsDirectoryW
GetCurrentDirectoryW
GetShortPathNameW
GetLongPathNameW
GetCurrentProcessId
DuplicateHandle
ReleaseSemaphore
CreateSemaphoreW
OpenSemaphoreW
SetEvent
PulseEvent
ResetEvent
CreateEventW
OpenEventW
WaitForMultipleObjects
GetTickCount
WaitForMultipleObjectsEx
GetACP
GetCPInfo
HeapDestroy
HeapCreate
GetModuleHandleA
FlushFileBuffers
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetStdHandle
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetLocaleInfoW
VirtualQuery
GetSystemTimeAsFileTime
GlobalFree
FormatMessageA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetConsoleMode
GetConsoleCP
SetHandleCount
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetCurrentThreadId
SetLastError
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetFileType
RaiseException
LoadLibraryA
LocalFree
LocalAlloc
TlsFree

user32

GetMessageW
MessageBoxW
SetDlgItemTextW
FindWindowW
MessageBeep
EndDialog
GetDlgItemTextW
DialogBoxParamW
GetSystemMetrics
GetMessageA
IsWindowUnicode
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
TranslateMessage
DispatchMessageA

comdlg32

GetOpenFileNameW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
IIDFromString
OleLoadFromStream
CreateStreamOnHGlobal
GetHGlobalFromStream
OleSaveToStream
StringFromGUID2
CLSIDFromString

oleaut32

SafeArrayCreate
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnlock
SafeArrayRedim
VariantCopyInd
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantClear
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
GetErrorInfo
SafeArrayLock

Sections

.text
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10516499bdfe887e96f2f06faa9a501d

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

66:66:05:52:d4:65:b3:1f:42:9f:75:27:ea:6a:93:bfCertificate

Extended Key Usages

Key Usages

e2:c0:fb:25:f2:18:c1:8f:35:62:d1:cb:0e:96:d9:54:67:93:d3:53Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

comdlg32

ole32

oleaut32

Sections

.text Size: 372KB - Virtual size: 372KB

.rdata Size: 55KB - Virtual size: 55KB

.data Size: 22KB - Virtual size: 100KB

.data1 Size: 512B - Virtual size: 256B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 26KB - Virtual size: 26KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

66:66:05:52:d4:65:b3:1f:42:9f:75:27:ea:6a:93:bf
Certificate

e2:c0:fb:25:f2:18:c1:8f:35:62:d1:cb:0e:96:d9:54:67:93:d3:53
Signer

.text
Size: 372KB - Virtual size: 372KB

.rdata
Size: 55KB - Virtual size: 55KB

.data
Size: 22KB - Virtual size: 100KB

.data1
Size: 512B - Virtual size: 256B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 26KB - Virtual size: 26KB