2024-06-19_f518faae38e625bd7085d94d614cac1b_gazer_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-19_f518faae38e625bd7085d94d614cac1b_gazer_mafia
Size

3.4MB
MD5

f518faae38e625bd7085d94d614cac1b
SHA1

9cabb7fb1987c6ac2429801140ac0b276354417d
SHA256

57dd6e9ff6e6397fd0d810f5a7ae634069e32a54552ef865eb7e3b09b0abc03a
SHA512

4d5062f628e79dc8c0d78473b2512accdec33efdaff618375d1d660e0d8181c7aa0eb05b9f1c63a6874954b474f26a702da27094a00d90db9f62e505e5c757db
SSDEEP

98304:BWppcIj/c0cCA87covhSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSvSSSSSSSSSSSSq:Ip2OUtCh7pRtZ

Score

1^/10

Malware Config

Signatures

Files

2024-06-19_f518faae38e625bd7085d94d614cac1b_gazer_mafia
.exe windows:5 windows x86 arch:x86

e810c889d0045fe2cdfda561c53cd4a5

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2e:96:56:10:e2:e6:b7:40:25:c4:c0:91:02:0c:37:4a:64:06:f6:55:fc:33:98:d0:96:b6:c3:91:eb:80:a4:99
Signer

Actual PE Digest

2e:96:56:10:e2:e6:b7:40:25:c4:c0:91:02:0c:37:4a:64:06:f6:55:fc:33:98:d0:96:b6:c3:91:eb:80:a4:99

Digest Algorithm

sha256

PE Digest Matches

true

aa:af:fe:f7:01:0e:b9:67:53:e9:7c:8c:cd:91:ee:c4:17:da:c2:f6
Signer

Actual PE Digest

aa:af:fe:f7:01:0e:b9:67:53:e9:7c:8c:cd:91:ee:c4:17:da:c2:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\f477e70f45113db8\bin\Release_Win32\session.server.pdb

Imports

kernel32

SystemTimeToFileTime
HeapFree
GetProcessHeap
WideCharToMultiByte
CopyFileW
ReadFile
GetFileSizeEx
SetLastError
FindClose
lstrcpyW
ExpandEnvironmentStringsW
FreeLibrary
OpenThread
FormatMessageW
GetComputerNameW
SetThreadExecutionState
CreateProcessW
GetExitCodeProcess
WaitForMultipleObjects
SetNamedPipeHandleState
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
DuplicateHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
DisconnectNamedPipe
LocalAlloc
EncodePointer
DecodePointer
HeapSetInformation
GetStartupInfoW
RaiseException
UnhandledExceptionFilter
IsDebuggerPresent
HeapSize
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalMemoryStatusEx
InterlockedDecrement
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
GetStringTypeW
HeapReAlloc
InterlockedExchange
GetLocaleInfoW
RtlUnwind
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleW
MultiByteToWideChar
ReleaseSemaphore
SetThreadPriority
SetEnvironmentVariableA
CompareStringW
CreateProcessA
GetFileAttributesA
GetTimeZoneInformation
ExitThread
GlobalUnlock
GlobalLock
CreatePipe
SetHandleInformation
ReleaseMutex
CreateMutexW
SwitchToThread
ResumeThread
SuspendThread
GetFileAttributesExW
GetSystemTimes
GlobalAlloc
GetQueuedCompletionStatus
InterlockedCompareExchange
LoadLibraryA
GetSystemDirectoryA
InterlockedExchangeAdd
TryEnterCriticalSection
FreeConsole
CreateIoCompletionPort
QueryPerformanceFrequency
RemoveDirectoryW
MoveFileW
GetLogicalDriveStringsW
SetErrorMode
SetFileTime
SetFileAttributesW
CreateThread
CreateEventW
LCMapStringW
FreeResource
LockResource
ProcessIdToSessionId
CreateFileW
GetModuleFileNameW
GetFileAttributesW
GetVersionExW
SizeofResource
ResetEvent
SetEvent
GetProcessTimes
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
LoadResource
FindResourceW
FindResourceExW
LocalFree
CloseHandle
QueueUserWorkItem
lstrcmpW
GetCurrentThread
GetCurrentProcess
GetEnvironmentVariableW
GetModuleHandleW
SetEnvironmentVariableW
GetCommandLineW
Sleep
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetConsoleTextAttribute
FormatMessageA
WaitForSingleObjectEx
CreateSemaphoreW
GetNativeSystemInfo
WaitForSingleObject
lstrlenA
FindNextFileW
lstrcmpiW
GetLocalTime
FlushFileBuffers
FileTimeToSystemTime
WriteFile
CreateDirectoryW
SetFilePointer
FindFirstFileW
ExitProcess
GetSystemTime
DeleteFileW
GetCurrentThreadId
GetCurrentProcessId
RegisterWaitForSingleObject
GetProcAddress
GetLastError
lstrlenW
GetEnvironmentVariableA
TerminateProcess
LoadLibraryW
OpenProcess
UnregisterWait
InterlockedIncrement

user32

MessageBoxW
GetMessageW
OpenWindowStationW
CloseWindowStation
SetProcessWindowStation
CloseClipboard
IsClipboardFormatAvailable
EnumClipboardFormats
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
VkKeyScanExW
MapVirtualKeyW
GetKeyboardLayout
ToUnicodeEx
EnumDisplayMonitors
GetClipboardSequenceNumber
GetThreadDesktop
OpenDesktopW
SetThreadDesktop
GetUserObjectInformationW
UnregisterClassW
EnumChildWindows
GetClientRect
GetScrollInfo
DestroyIcon
InvalidateRect
GetWindowTextW
DialogBoxParamW
SetClassLongW
EndDialog
CreateDialogParamW
EnumDisplayDevicesW
LockWorkStation
ChangeDisplaySettingsExW
DrawIconEx
GetIconInfo
GetCursorInfo
MoveWindow
OpenInputDesktop
CloseDesktop
GetWindowInfo
WaitMessage
PeekMessageW
FindWindowExW
GetClassNameW
PostQuitMessage
TranslateMessage
IsDialogMessageW
RegisterClassW
GetDC
SendInput
GetForegroundWindow
DefWindowProcW
DispatchMessageW
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
ExitWindowsEx
LoadIconW
GetSystemMenu
EnableMenuItem
wsprintfA
SetTimer
KillTimer
DestroyWindow
ScreenToClient
GetKeyState
CreateMenu
SetFocus
AppendMenuW
CreateWindowExW
EnableWindow
CallWindowProcW
GetWindowRect
FindWindowW
wsprintfW
GetWindowLongW
SystemParametersInfoW
SetWindowLongW
SetWindowPos
ShowWindow
IsWindowVisible
SendMessageW
SetWindowTextW
GetDlgItem
TrackPopupMenu
RegisterWindowMessageW
PostMessageW
GetSubMenu
SetForegroundWindow
LoadMenuW
GetCursorPos
RemoveMenu
SetMenuDefaultItem
GetAsyncKeyState
EnumWindows
MapWindowPoints
GetSystemMetrics
GetWindowThreadProcessId
GetWindow

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wtsapi32

WTSQueryUserToken

psapi

GetModuleFileNameExW

crypt32

CryptUnprotectData
CryptProtectData

shlwapi

StrStrIA
StrStrIW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winmm

timeBeginPeriod
timeEndPeriod

ws2_32

gethostbyaddr
inet_ntoa
inet_addr
gethostname
ntohl
htonl
htons
ntohs
WSASetLastError
getpeername
getservbyname
WSARecv
WSASocketW
WSASend
ioctlsocket
connect
recvfrom
getaddrinfo
select
getsockname
shutdown
setsockopt
recv
bind
socket
WSAGetLastError
sendto
getservbyport
gethostbyname
WSAStringToAddressA
WSAAddressToStringA
WSASocketA
freeaddrinfo
__WSAFDIsSet
closesocket
accept
send
listen
WSAStartup
WSAIoctl
WSACleanup
getsockopt

secur32

GetUserNameExW

gdi32

ExtEscape
CreateDCW
GetBitmapBits
BitBlt
DeleteDC
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
CreateFontW
GetObjectW
GetDIBits
GetCurrentObject

advapi32

RegCreateKeyExW
ImpersonateNamedPipeClient
SetSecurityInfo
ControlService
QueryServiceStatusEx
StartServiceW
ChangeServiceConfig2W
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
CryptGenRandom
ChangeServiceConfigW
RegDeleteKeyW
RegEnumKeyW
CreateProcessAsUserW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
DuplicateTokenEx
RegOpenCurrentUser
CryptDecrypt
CryptDestroyKey
CryptImportKey
CryptReleaseContext
CryptSetKeyParam
CryptAcquireContextW
RegSetValueExW
CheckTokenMembership
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
RegDeleteValueW
RegQueryValueExW
EqualSid
GetTokenInformation
RegCloseKey
RevertToSelf
ImpersonateLoggedOnUser
DuplicateToken
GetUserNameW
GetLengthSid
ConvertStringSidToSidW
SetTokenInformation
OpenThreadToken
OpenProcessToken
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
CopySid

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
DragQueryFileW
ord680
DragAcceptFiles
Shell_NotifyIconW
DragFinish
SHCreateDirectoryExW
CommandLineToArgvW
SHGetFolderPathW

iphlpapi

GetAdaptersAddresses

comctl32

InitCommonControlsEx

ole32

CoUninitialize
CoInitialize
CoCreateGuid
CoCreateInstance

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e810c889d0045fe2cdfda561c53cd4a5

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ceCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ceCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

2e:96:56:10:e2:e6:b7:40:25:c4:c0:91:02:0c:37:4a:64:06:f6:55:fc:33:98:d0:96:b6:c3:91:eb:80:a4:99Signer

aa:af:fe:f7:01:0e:b9:67:53:e9:7c:8c:cd:91:ee:c4:17:da:c2:f6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

version

wtsapi32

psapi

crypt32

shlwapi

userenv

winmm

ws2_32

secur32

gdi32

advapi32

shell32

iphlpapi

comctl32

ole32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 43KB - Virtual size: 77KB

.rodata Size: 3KB - Virtual size: 2KB

.rsrc Size: 63KB - Virtual size: 63KB

.reloc Size: 112KB - Virtual size: 111KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

2e:96:56:10:e2:e6:b7:40:25:c4:c0:91:02:0c:37:4a:64:06:f6:55:fc:33:98:d0:96:b6:c3:91:eb:80:a4:99
Signer

aa:af:fe:f7:01:0e:b9:67:53:e9:7c:8c:cd:91:ee:c4:17:da:c2:f6
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 43KB - Virtual size: 77KB

.rodata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 63KB - Virtual size: 63KB

.reloc
Size: 112KB - Virtual size: 111KB