2024-06-20_e6577891ceddbedf68058940a5af866a_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-20_e6577891ceddbedf68058940a5af866a_mafia
Size

2.3MB
MD5

e6577891ceddbedf68058940a5af866a
SHA1

9eac1879aa15bf5ed323323d5e5bbdd2644df136
SHA256

75cc45460fcca40b84227babdc2e51d821113632112b6082bfe232c0c168d310
SHA512

9dce465080fed8d477b839bf97f7a14a3b8cb9a33a2d29b40633fbb9b2a7b6109dd270908d20a837788f1296d8bc63f6877c5e5273ce64dae3e90a53db3e84e8
SSDEEP

49152:+a2WUUmNK26lr/ss2rvKjuKG4Jq83Ubiu9X4wypDy3jE/Crt9YYeWBiRM7Mpi1Tf:+asUmNK26lr/Jjun583Ubl14wypDyznz

Score

1^/10

Malware Config

Signatures

Files

2024-06-20_e6577891ceddbedf68058940a5af866a_mafia
.exe windows:5 windows x86 arch:x86

42ddf2f8a19c9675047247f2886f240e

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:86:50:ef:ee:e6:06:e0:fa:db:85:7f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

28-11-2023 02:24

Not After

27-01-2025 09:17

Subject

SERIALNUMBER=110111-7568962,CN=Webtree Co.\, Ltd.,O=Webtree Co.\, Ltd.,STREET=50 Digital-ro 33-gil,L=Guro-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c6:a5:3a:a9:fd:44:7d:a9:74:52:5a:c0:a2:e1:3f:24:f4:b3:63:5a
Signer

Actual PE Digest

c6:a5:3a:a9:fd:44:7d:a9:74:52:5a:c0:a2:e1:3f:24:f4:b3:63:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files (x86)\FileMong\Updater.pdb

Imports

shell32

SHGetFolderPathA
SHGetKnownFolderPath
SHGetSpecialFolderLocation
SHGetMalloc
SHGetSpecialFolderPathA
SHGetDesktopFolder
SHGetPathFromIDListA
SHBrowseForFolderA
DragFinish
DragQueryFileA
SHAppBarMessage
ShellExecuteA
SHGetFileInfoA
ShellExecuteExA

kernel32

GetEnvironmentStringsW
CompareStringW
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEnvironmentVariableA
GetCurrentDirectoryW
FreeEnvironmentStringsW
SetHandleCount
GetConsoleMode
GetConsoleCP
GetStdHandle
LCMapStringW
GetStringTypeW
IsValidCodePage
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetStdHandle
HeapQueryInformation
HeapSize
ExitProcess
HeapReAlloc
RtlUnwind
GetStartupInfoW
HeapSetInformation
VirtualQuery
GetSystemInfo
VirtualAlloc
GetFileType
FindFirstFileExA
CreateThread
ExitThread
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathA
GetProfileIntA
GetNumberFormatA
GetWindowsDirectoryA
GetTempFileNameA
GetCurrentDirectoryA
GetACP
GetSystemDirectoryW
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
GlobalFlags
SetErrorMode
ResumeThread
SetThreadPriority
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
GetModuleHandleW
InterlockedExchange
GetFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
CopyFileA
GlobalSize
FreeResource
GlobalGetAtomNameA
GetDriveTypeW
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LoadLibraryW
lstrcmpW
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DeleteFileA
lstrcmpiA
GetThreadLocale
FreeLibrary
GetVersionExA
HeapCreate
InitializeCriticalSectionAndSpinCount
GlobalHandle
GetCurrentThreadId
RaiseException
Sleep
TerminateProcess
GetCommandLineA
FindResourceA
DeleteCriticalSection
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
FlushInstructionCache
GetDriveTypeA
GetLogicalDrives
GetCurrentThread
GetFileAttributesA
GetExitCodeThread
CreateRemoteThread
DuplicateHandle
GetTickCount
GetTempPathA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CreateDirectoryA
GetCurrentProcess
OpenProcess
GetVersionExW
lstrlenW
HeapAlloc
WriteFile
SetFilePointer
ReadFile
CreateFileW
GetFileSize
CreateFileA
IsDBCSLeadByteEx
HeapFree
GetProcessHeap
FormatMessageA
MultiByteToWideChar
lstrcpynA
lstrlenA
ActivateActCtx
GetProcAddress
GetModuleHandleA
LoadLibraryA
DeactivateActCtx
SetLastError
MulDiv
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpyA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
CloseHandle
GetLastError
lstrcmpA
LocalAlloc
LocalFree
GetTimeZoneInformation
GetLocaleInfoW
GlobalAddAtomA
QueryPerformanceCounter
InterlockedCompareExchange
InterlockedPopEntrySList
InterlockedPushEntrySList
VirtualFree

user32

WaitMessage
SystemParametersInfoA
MessageBeep
IsZoomed
PostQuitMessage
IntersectRect
InflateRect
GetCursorPos
CreateDialogIndirectParamA
GetNextDlgTabItem
DrawStateA
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
GetWindowDC
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
IsWindowEnabled
IsDialogMessageA
CheckDlgButton
LoadIconA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
ValidateRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
GetMenu
MapVirtualKeyA
GetKeyNameTextA
CharUpperA
DestroyIcon
MapDialogRect
DrawIcon
FindWindowA
LoadIconW
RegisterWindowMessageA
DialogBoxIndirectParamA
DefWindowProcA
CreateAcceleratorTableA
GetDesktopWindow
DestroyAcceleratorTable
CharNextA
RegisterClassExA
LoadCursorA
GetClassInfoExA
GetClassNameA
SetWindowContextHelpId
IsChild
GetWindow
SetFocus
InvalidateRgn
ReleaseDC
EndPaint
BeginPaint
ScreenToClient
MoveWindow
IsIconic
GetWindowTextLengthA
GetWindowTextA
DestroyWindow
GetMessageA
ShowOwnedPopups
RealChildWindowFromPoint
GetMenuItemInfoA
CreateWindowExA
EndDialog
SetClassLongA
TranslateAcceleratorA
BringWindowToTop
InsertMenuItemA
LoadAcceleratorsA
WaitForInputIdle
EnumWindows
SetForegroundWindow
DispatchMessageA
TranslateMessage
PeekMessageA
GetWindowThreadProcessId
GetDlgItem
SendDlgItemMessageA
ShowWindow
SetWindowTextA
wsprintfA
IsWindow
SetWindowPos
SetWindowLongA
CallWindowProcA
MessageBoxA
GrayStringA
DrawTextExA
TabbedTextOutA
DrawFocusRect
GetFocus
FillRect
CopyRect
PostMessageA
GetSystemMetrics
SetWindowRgn
ReleaseCapture
WindowFromPoint
ClientToScreen
SetCapture
GetCapture
GetActiveWindow
PtInRect
SetRect
GetDC
GetWindowLongA
LoadBitmapW
GetWindowRect
SetCursor
UpdateWindow
SetTimer
KillTimer
OffsetRect
DrawTextA
GetParent
GetClientRect
DestroyMenu
CopyImage
GetSysColorBrush
SetRectEmpty
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadCursorW
UnregisterClassA
DeleteMenu
LoadMenuW
LoadImageA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
LockWindowUpdate
EnumChildWindows
RegisterClipboardFormatA
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
GetNextDlgGroupItem
DrawIconEx
DrawEdge
EnableWindow
SendMessageA
GetSysColor
RedrawWindow
InvalidateRect
DrawFrameControl
SetCursorPos
InvertRect
HideCaret
GetIconInfo
FrameRect
CopyIcon
CharUpperBuffA
IsCharLowerA
MapVirtualKeyExA
IsClipboardFormatAvailable
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
SetParent
GetUpdateRect
SubtractRect
CreateMenu
GetDoubleClickTime
DestroyCursor
GetWindowRgn
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
CopyAcceleratorTableA
PostThreadMessageA
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsRectEmpty
GetAsyncKeyState
NotifyWinEvent
GetSystemMenu

gdi32

SelectClipRgn
CreateRectRgn
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreateHatchBrush
CopyMetaFileA
CreateDCA
SetRectRgn
CreateDIBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
CreateRoundRectRgn
OffsetRgn
GetRgnBox
SetLayout
SetDIBColorTable
GetDIBits
RealizePalette
SetPixel
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
Rectangle
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
GetTextFaceA
SetPixelV
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetTextColor
PatBlt
CreateRectRgnIndirect
CreateFontA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
GetDeviceCaps
CreatePen
GetBkColor
GetViewportExtEx
GetWindowExtEx
LPtoDP
CombineRgn
CreateDIBSection
DeleteDC
SetBkColor
BitBlt
GetMapMode
SetMapMode
CreateBitmap
DPtoLP
StretchBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetStockObject
GetObjectA
GetTextColor
CreateFontIndirectA
CreateSolidBrush

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegDeleteValueA
GetUserNameA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindExtensionA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
StrFormatByteSize64A
PathGetArgsA
StrFormatByteSizeA
PathFindFileNameA

ole32

ReleaseStgMedium
OleDuplicateData
CoInitializeEx
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleGetClipboard
CoFreeUnusedLibraries
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
OleUninitialize
OleInitialize
OleLockRunning
StringFromGUID2
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateGuid

oleaut32

SysAllocStringLen
SysStringLen
LoadTypeLi
LoadRegTypeLi
VariantClear
VariantInit
OleCreateFontIndirect
SysFreeString
SysAllocString
VariantChangeType
SysAllocStringByteLen
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy

oledlg

ord8

gdiplus

GdipDrawImageRectI
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipSetInterpolationMode
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

ws2_32

WSASetLastError
WSACleanup
WSAStartup

wininet

InternetConnectA
HttpOpenRequestA
InternetSetOptionA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestA
HttpAddRequestHeadersA
InternetOpenA

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42ddf2f8a19c9675047247f2886f240e

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

15:86:50:ef:ee:e6:06:e0:fa:db:85:7fCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

c6:a5:3a:a9:fd:44:7d:a9:74:52:5a:c0:a2:e1:3f:24:f4:b3:63:5aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

ws2_32

wininet

oleacc

imm32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 311KB - Virtual size: 310KB

.data Size: 30KB - Virtual size: 61KB

.rsrc Size: 500KB - Virtual size: 500KB

.reloc Size: 183KB - Virtual size: 183KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

15:86:50:ef:ee:e6:06:e0:fa:db:85:7f
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

c6:a5:3a:a9:fd:44:7d:a9:74:52:5a:c0:a2:e1:3f:24:f4:b3:63:5a
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 311KB - Virtual size: 310KB

.data
Size: 30KB - Virtual size: 61KB

.rsrc
Size: 500KB - Virtual size: 500KB

.reloc
Size: 183KB - Virtual size: 183KB