2024-06-24_54620f674f0aba09b31878c48805385a_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-24_54620f674f0aba09b31878c48805385a_mafia
Size

18.1MB
MD5

54620f674f0aba09b31878c48805385a
SHA1

29e45784a7ed47854fa50b060abd2f4d30ebfba6
SHA256

5031b1ba5bb1b092471e03f9acad42f782e118399b6d8395871e297e828ab2e1
SHA512

68e2b025ef9d19fc7f4c2c3349c6be9def5ce96f07f3cbc87d3b714675b2bac564f964821630afbed5b742a5f5f37366fe35e9a956e559725b2671faa6ba30a4
SSDEEP

393216:BbmgoPok9LHTgm7KWhXezVeEzirPuj7/oo2g2ud8MvnBLm7:s1okdTf7fcirGj7/ooB22vB67

Score

1^/10

Malware Config

Signatures

Files

2024-06-24_54620f674f0aba09b31878c48805385a_mafia
.exe windows:5 windows x86 arch:x86

0bf20038aafa05d58377bb2e89987ba7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:35:b7:01:15:e2:57:5f:94:88:41:50:97:5b:04:c3:64
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

16/01/2013, 10:33

Not After

16/04/2016, 10:33

Subject

CN=Soluto,O=Soluto,ST=Tel-Aviv,C=IL,1.2.840.113549.1.9.1=#0c0f696e666f40736f6c75746f2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:d7:2e:4e:7d:d3:09:48:af:4c:02:1a:10:b7:9c:79:36:02:aa:75
Signer

Actual PE Digest

56:d7:2e:4e:7d:d3:09:48:af:4c:02:1a:10:b7:9c:79:36:02:aa:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ninite\Output\pdbs\Release\MultiGet.pdb

Imports

kernel32

GetExitCodeProcess
OpenFileMappingW
MapViewOfFile
GetCurrentThread
CreateFileMappingW
CreateMutexW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
ReleaseSemaphore
CreateSemaphoreW
CopyFileExW
WaitNamedPipeW
OpenJobObjectW
lstrcpynW
MulDiv
FlushInstructionCache
PeekNamedPipe
CreatePipe
IsDebuggerPresent
GetProcessHeap
ConnectNamedPipe
CreateNamedPipeW
SetProcessAffinityMask
WritePrivateProfileStringW
UnmapViewOfFile
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetCurrentThreadId
GetFileAttributesA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
UnhandledExceptionFilter
CompareStringW
GetCPInfo
LCMapStringW
RtlUnwind
GetStartupInfoW
HeapSetInformation
ExitThread
HeapCreate
ExitProcess
GetDateFormatA
GetTimeFormatA
DeleteFileA
CreateProcessA
MoveFileA
GetSystemInfo
VirtualProtect
DecodePointer
EncodePointer
InitializeCriticalSection
GetStringTypeW
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
AssignProcessToJobObject
ResumeThread
CreateJobObjectW
CreateIoCompletionPort
SetCurrentDirectoryW
ReleaseMutex
OpenMutexW
CreateProcessW
GetQueuedCompletionStatus
SystemTimeToFileTime
GetSystemTime
SetFilePointer
SetFilePointerEx
GetOverlappedResult
CancelIo
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetProcessShutdownParameters
GetProcessShutdownParameters
GetExitCodeThread
CreateThread
ResetEvent
WaitForMultipleObjects
RaiseException
SetEvent
CreateEventW
GetSystemWindowsDirectoryW
SetEnvironmentVariableW
GetPrivateProfileStringW
GetUserDefaultUILanguage
GetLocaleInfoW
GetCommandLineW
GetComputerNameW
SetLastError
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
SetUnhandledExceptionFilter
VirtualQuery
CloseHandle
FormatMessageW
LoadLibraryW
GetStdHandle
SetFileTime
lstrlenW
GetVersionExW
GetSystemTimeAsFileTime
GetFileSizeEx
CreateFileW
ReadFile
WriteFile
GetFileAttributesExW
CreateDirectoryW
MoveFileExW
CopyFileW
MoveFileW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
GetModuleFileNameW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetShortPathNameW
GetLongPathNameW
GetTempPathW
GetTickCount
LeaveCriticalSection
EnterCriticalSection
Sleep
GetModuleFileNameA
LoadLibraryA
FormatMessageA
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcessId
DuplicateHandle
LocalFree
LocalAlloc
IsProcessInJob
GetProcessId
WaitForSingleObject
SetInformationJobObject
QueryInformationJobObject
TerminateJobObject
TerminateProcess
GetModuleHandleW
GetProcAddress
OpenProcess
GetCurrentProcess
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
CreateFileA

user32

GetActiveWindow
EnumWindows
EnumChildWindows
GetWindowThreadProcessId
PostMessageW
CreateWindowExW
CreateDialogParamW
DialogBoxParamW
EndDialog
GetSubMenu
SetUserObjectSecurity
GetUserObjectSecurity
OpenWindowStationW
DefWindowProcW
LoadAcceleratorsW
TranslateAcceleratorW
SetTimer
SetFocus
GetSysColor
IsWindow
WaitForInputIdle
IsWindowEnabled
GetClientRect
GetMenuItemCount
RemoveMenu
GetMenuItemInfoW
SetMenuItemInfoW
GetClassNameW
DrawTextW
KillTimer
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetParent
SystemParametersInfoW
TrackPopupMenu
LoadMenuW
SendMessageW
GetWindowLongW
GetDlgCtrlID
IsWindowVisible
LoadStringW
GetKeyState
InvalidateRect
SetWindowTextW
PtInRect
MoveWindow
PostQuitMessage
DestroyWindow
ShowWindow
DispatchMessageW
GetDC
MapWindowPoints
TranslateMessage
GetMessageW
PeekMessageW
UnregisterClassA
GetWindowRect
SetWindowPos
SetWindowLongW
GetDlgItem
ScreenToClient
OffsetRect
RedrawWindow
GetWindowTextLengthW
DrawFrameControl
RegisterClassExW
GetWindowTextW
GetClassInfoExW
EnableWindow
GetMenu
AdjustWindowRectEx
IsDialogMessageW
GetProcessWindowStation
CloseDesktop
CloseWindowStation
DestroyCursor
DestroyMenu
CallWindowProcW
GetMessagePos
SetCursor
LoadCursorW
EndPaint
BeginPaint
SwitchDesktop
LoadImageW
MessageBoxW
GetAsyncKeyState
SetProcessWindowStation
CreateWindowStationW
GetSystemMetrics
CreateDesktopW
GetDesktopWindow
UserHandleGrantAccess
SetThreadDesktop
GetThreadDesktop
OpenDesktopW
GetUserObjectInformationW

gdi32

DPtoLP
GetDeviceCaps
CreateFontIndirectW
SetBkMode
SetTextColor
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
Rectangle
ExtTextOutW
DeleteObject
CreateSolidBrush
GetStockObject
SetBkColor
DeleteDC

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

SetThreadToken
RevertToSelf
LsaEnumerateAccountRights
OpenThreadToken
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorLength
GetSecurityDescriptorControl
MakeSelfRelativeSD
GetKernelObjectSecurity
GetTokenInformation
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
LsaNtStatusToWinError
LsaOpenPolicy
RegEnumKeyW
RegEnumValueW
RegEnumKeyExW
IsTokenRestricted
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
OpenServiceW
OpenSCManagerW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
IsValidSid
GetLengthSid
CopySid
CheckTokenMembership
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegDeleteKeyW
CloseServiceHandle
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
EqualSid
DeleteService
StartServiceW
CreateServiceW
GetSecurityInfo
CreateProcessAsUserW
ImpersonateSelf
DuplicateTokenEx
SetKernelObjectSecurity
MakeAbsoluteSD
InitializeSecurityDescriptor
InitializeAcl
GetAce
GetAclInformation
SetSecurityDescriptorDacl
AddAce

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
ord680
CommandLineToArgvW
SHChangeNotify

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

comctl32

ImageList_Create
ImageList_Add
ImageList_Replace
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_ReplaceIcon
InitCommonControlsEx

userenv

UnloadUserProfile
CreateEnvironmentBlock
DestroyEnvironmentBlock

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

wintrust

WinVerifyTrust

crypt32

CryptMsgClose
CertCloseStore
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertFreeCertificateContext

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

uxtheme

DrawThemeEdge
CloseThemeData
IsThemeActive
IsAppThemed
SetWindowTheme
OpenThemeData
DrawThemeBackground

urlmon

ObtainUserAgentString

activeds

ord3

wininet

InternetCrackUrlW
InternetQueryOptionW
InternetOpenW
InternetConnectW
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetCloseHandle

rpcrt4

UuidToStringW
UuidCreateSequential
RpcStringFreeW

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetCancelConnection2W
WNetAddConnection2W

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bf20038aafa05d58377bb2e89987ba7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:35:b7:01:15:e2:57:5f:94:88:41:50:97:5b:04:c3:64Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

56:d7:2e:4e:7d:d3:09:48:af:4c:02:1a:10:b7:9c:79:36:02:aa:75Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

userenv

psapi

wintrust

crypt32

version

uxtheme

urlmon

activeds

wininet

rpcrt4

wtsapi32

mpr

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 285KB - Virtual size: 284KB

.data Size: 20KB - Virtual size: 29KB

.rsrc Size: 313KB - Virtual size: 313KB

.reloc Size: 67KB - Virtual size: 67KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:35:b7:01:15:e2:57:5f:94:88:41:50:97:5b:04:c3:64
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

56:d7:2e:4e:7d:d3:09:48:af:4c:02:1a:10:b7:9c:79:36:02:aa:75
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 285KB - Virtual size: 284KB

.data
Size: 20KB - Virtual size: 29KB

.rsrc
Size: 313KB - Virtual size: 313KB

.reloc
Size: 67KB - Virtual size: 67KB