2024-06-16_7310c8e27c26a92ad342981183b9ec18_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-16_7310c8e27c26a92ad342981183b9ec18_mafia
Size

623KB
MD5

7310c8e27c26a92ad342981183b9ec18
SHA1

7b03fbdc01421aa62506881e691d0af30240a1bb
SHA256

95f7f49fd3fc02a918f1f08ccb62ae8f2189d3cd78ad53dfd981a65bcfd2e06d
SHA512

9138e943685caa8c7ddc6534bdd0612d2e98f7774b0ac95cfb809606ab5c16993234c8086dab3952d7a759cdb8ca21b14c4daa7fcfe51e734f0645cf1900b40a
SSDEEP

12288:GO3abjb3ZZZgu6PLLrj8acm1QRffwiXbzIdIyKrsEWu7:GiAPZB6PfroAmV86fdn7

Score

1^/10

Malware Config

Signatures

Files

2024-06-16_7310c8e27c26a92ad342981183b9ec18_mafia
.exe windows:5 windows x86 arch:x86

14df37ac16eae09dbcf5d37c6b03de5f

Code Sign

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

01/01/2021, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1f:bc:6f:b2:6b:6e:1c:df:ac:7f:94:ca:be:aa:42:9a
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/05/2014, 00:00

Not After

13/05/2016, 23:59

Subject

CN=DaeGilSoft CO.\, LTD.,OU=IT Team,O=DaeGilSoft CO.\, LTD.,L=Dobong-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsSetValue
LocalReAlloc
TlsFree
GetTickCount
GetCPInfo
GetOEMCP
SetErrorMode
RtlUnwind
EncodePointer
DecodePointer
RaiseException
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapSetInformation
GetStartupInfoW
ExitThread
CreateThread
HeapReAlloc
ExitProcess
HeapQueryInformation
HeapSize
SetStdHandle
GetFileType
TlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsValidCodePage
LCMapStringW
IsProcessorFeaturePresent
Sleep
GetStdHandle
CompareStringW
HeapCreate
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetHandleCount
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetFileSizeEx
GetFileAttributesExA
GlobalFlags
GetThreadLocale
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
lstrcmpA
GetModuleHandleW
InterlockedExchange
GetCurrentProcessId
CreateEventA
SuspendThread
SetEvent
ResumeThread
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FindResourceA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
CompareStringA
lstrcmpW
DeleteFileA
InterlockedIncrement
InterlockedDecrement
GetSystemDefaultLangID
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcess
LocalAlloc
FormatMessageA
LocalFree
FindFirstFileA
FindClose
GetFileAttributesA
CreateDirectoryA
GetFileTime
OpenFile
CreateFileA
GetVersionExA
lstrcpyA
GetACP
FreeLibrary
GetProcAddress
GetSystemDirectoryW
LoadLibraryW
LoadLibraryA
ActivateActCtx
DeactivateActCtx
SetLastError
MulDiv
lstrlenA
WaitForSingleObject
WaitForMultipleObjects
CloseHandle
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleFileNameA
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
TerminateProcess
WideCharToMultiByte

user32

CharUpperA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
UnregisterClassA
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
ShowOwnedPopups
GetWindowThreadProcessId
GetWindowDC
ClientToScreen
FillRect
GetMessageA
TranslateMessage
IsWindowEnabled
ShowWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
RealChildWindowFromPoint
MonitorFromWindow
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
ValidateRect
GetClassInfoExA
RegisterClassA
GetScrollInfo
SetScrollInfo
CallWindowProcA
InvalidateRgn
IntersectRect
IsRectEmpty
GetSysColorBrush
AdjustWindowRectEx
SetWindowPos
TranslateAcceleratorA
GetMenuItemID
GetMenu
BringWindowToTop
EnumDisplayMonitors
DefWindowProcA
GetActiveWindow
GetSubMenu
GetMenuItemCount
CreateWindowExA
GetClassInfoA
SetRectEmpty
GetDlgCtrlID
PostMessageA
KillTimer
WindowFromPoint
PtInRect
IsChild
LoadIconA
DrawIcon
GetSystemMetrics
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
BeginDeferWindowPos
EndDeferWindowPos
GetWindowLongA
SetWindowLongA
SetCursor
MoveWindow
LoadCursorA
GetDCEx
ReleaseDC
GetDesktopWindow
GetMenuItemInfoA
SetWindowContextHelpId
MapDialogRect
CharNextA
UnionRect
IsZoomed
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
LoadAcceleratorsA
IsIconic
InsertMenuItemA
CreatePopupMenu
PeekMessageA
GetCursorPos
MapWindowPoints
GetClientRect
SetTimer
IsWindow
DestroyIcon
InflateRect
CopyRect
FrameRect
SendMessageA
GetWindowRect
InvalidateRect
GetCapture
SetCapture
GetTopWindow
EnableWindow
LoadImageA
ReleaseCapture
DrawIconEx
GetSysColor
MessageBoxA
GetParent
UpdateWindow
IsWindowVisible
RedrawWindow
GetFocus
GetWindow
SetForegroundWindow
LoadIconW
SystemParametersInfoA
GetMonitorInfoA
MonitorFromPoint
GetClassNameA
SetFocus
GetKeyState
PostThreadMessageA
PostQuitMessage
DestroyCursor
EndPaint
BeginPaint
ScreenToClient
EqualRect
OffsetRect
SetRect
DeferWindowPos

gdi32

ExtSelectClipRgn
DeleteDC
SetRectRgn
CombineRgn
GetMapMode
GetBkColor
GetCharWidthA
CreateFontA
StretchDIBits
GetTextExtentPoint32A
GetTextColor
SetWindowExtEx
ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
PatBlt
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetRgnBox
DeleteObject
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
GetTextMetricsA
CreateRectRgnIndirect
GetObjectA
CreateFontIndirectA
CreatePatternBrush
CreateSolidBrush
CreatePen
GetDeviceCaps
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumValueA
RegOpenKeyExW
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueA
RegCloseKey

shell32

SHGetSpecialFolderPathA
DragFinish
DragQueryFileA
ExtractIconA
SHGetFileInfoA
ShellExecuteExA

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathRemoveFileSpecW
PathFindExtensionA

ole32

CoCreateInstance
CoInitialize
CoRegisterMessageFilter
CoUninitialize
CoTaskMemFree
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
OleInitialize
StringFromCLSID
CoTaskMemAlloc
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
CoInitializeEx
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
VariantChangeType
SysAllocStringByteLen
SysStringLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
VariantInit
SysAllocStringLen
VariantClear
VariantCopy

oledlg

ord8

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

oleacc

LresultFromObject
CreateStdAccessibleObject

wininet

InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
HttpOpenRequestA
InternetCloseHandle
InternetErrorDlg
InternetQueryDataAvailable
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetGetLastResponseInfoA

Sections

.text
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14df37ac16eae09dbcf5d37c6b03de5f

Code Sign

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1f:bc:6f:b2:6b:6e:1c:df:ac:7f:94:ca:be:aa:42:9aCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

oledlg

version

oleacc

wininet

Sections

.text Size: 394KB - Virtual size: 394KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 15KB - Virtual size: 31KB

.rsrc Size: 54KB - Virtual size: 53KB

.reloc Size: 51KB - Virtual size: 50KB

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1f:bc:6f:b2:6b:6e:1c:df:ac:7f:94:ca:be:aa:42:9a
Certificate

.text
Size: 394KB - Virtual size: 394KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 15KB - Virtual size: 31KB

.rsrc
Size: 54KB - Virtual size: 53KB

.reloc
Size: 51KB - Virtual size: 50KB