2024-06-20_ca60f91cd976175f1397484c67cf665c_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-20_ca60f91cd976175f1397484c67cf665c_mafia
Size

414KB
MD5

ca60f91cd976175f1397484c67cf665c
SHA1

4c01ca63b3d63653cc8f6b3da413aacfae1f9250
SHA256

f85d478ad881f432291743f45b98d03badf034cc77a0c11447f13fbb545ef59b
SHA512

9dd99dfc0ef511458927eb5876b93d54c16529cdace7c4f873f20823ef09e8bc74dbe4033039979d44d1eed2b2feccea52752172e4ce70bcb3bd2be216d46e8f
SSDEEP

12288:BfAj3CeFYqq8GgGNkQp9aFGYbrOLH2MTZOfYnyJOywc0Siuw:ZgrbrOLHnOzwdDuw

Score

1^/10

Malware Config

Signatures

Files

2024-06-20_ca60f91cd976175f1397484c67cf665c_mafia
.exe windows:5 windows x86 arch:x86

06470c96dca5441cfc626f5b2fe2ab6b

Code Sign

0c:fb:54:09:86:0d:c8:f6:85:2d:3d:4c:e2:10:9d:05
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/06/2020, 00:00

Not After

07/06/2021, 12:00

Subject

CN=ARQA Technologies LLC,O=ARQA Technologies LLC,L=Novosibirsk,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f5:c8:e7:78:b8:5d:ba:d8:2a:e1:43:f8:32:94:27:12:bd:a4:0e:6e:e8:3a:f0:87:5a:f1:fb:66:ae:43:ac:0c
Signer

Actual PE Digest

f5:c8:e7:78:b8:5d:ba:d8:2a:e1:43:f8:32:94:27:12:bd:a4:0e:6e:e8:3a:f0:87:5a:f1:fb:66:ae:43:ac:0c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\jenkins\workspace\Q_QMinReplicator\build\QMinReplicator.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

dwevs

util_init
event
SetDebugLevel
seh_translator
devent
error

kernel32

FindClose
DeleteFileA
FindNextFileA
FindFirstFileA
MoveFileExA
GetFileSize
SetFilePointer
WriteFile
ReadFile
CloseHandle
CreateFileA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
ResetEvent
CreateEventA
SetEvent
CreateDirectoryA
GetLastError
WaitForMultipleObjects
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetExitCodeThread
CreateThread
SetThreadPriority
ResumeThread
SuspendThread
InterlockedIncrement
InterlockedDecrement
Sleep
LocalFree
lstrlenA
FormatMessageA
SetConsoleCtrlHandler
GetFileAttributesA
GetModuleFileNameA
RemoveDirectoryA
SetCurrentDirectoryA
IsValidLocale
GetConsoleCP
GetConsoleMode
LoadLibraryW
FreeLibrary
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
FlushFileBuffers
CreateFileW
CompareStringW
WaitForSingleObject
GetLocaleInfoA
GetUserDefaultLCID
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
EncodePointer
DecodePointer
RtlUnwind
RaiseException
HeapFree
HeapAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
GetCommandLineA
HeapSetInformation
LCMapStringW
GetCPInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetCurrentThread
GetProcAddress
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
GetTimeZoneInformation
HeapCreate
HeapDestroy
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
HeapReAlloc
FatalAppExitA
EnumSystemLocalesA

advapi32

OpenServiceA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
LockServiceDatabase
CreateServiceA
CloseServiceHandle
UnlockServiceDatabase
RegisterEventSourceA
ReportEventA
DeregisterEventSource

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06470c96dca5441cfc626f5b2fe2ab6b

Code Sign

0c:fb:54:09:86:0d:c8:f6:85:2d:3d:4c:e2:10:9d:05Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

f5:c8:e7:78:b8:5d:ba:d8:2a:e1:43:f8:32:94:27:12:bd:a4:0e:6e:e8:3a:f0:87:5a:f1:fb:66:ae:43:ac:0cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

dwevs

kernel32

advapi32

shell32

Sections

.text Size: 326KB - Virtual size: 326KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 16KB - Virtual size: 15KB

0c:fb:54:09:86:0d:c8:f6:85:2d:3d:4c:e2:10:9d:05
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

f5:c8:e7:78:b8:5d:ba:d8:2a:e1:43:f8:32:94:27:12:bd:a4:0e:6e:e8:3a:f0:87:5a:f1:fb:66:ae:43:ac:0c
Signer

.text
Size: 326KB - Virtual size: 326KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 16KB - Virtual size: 15KB