2024-06-24_4b69a82b8e2dbd24a89c59097cfa42b7_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-24_4b69a82b8e2dbd24a89c59097cfa42b7_mafia
Size

27.0MB
MD5

4b69a82b8e2dbd24a89c59097cfa42b7
SHA1

1923e0ba9aec276a6bbd96c2cd561cb7567ab519
SHA256

e1bd541e28ba55d22bf8f7f60b7aa3c9aecfdf72b548d89792742fbd66dd6be1
SHA512

8a34976b5cf5ee04400a468efff9b384a279867324ad864f905d5b6e54858d45e7953a3b86e13c8ff996bec789e8a5775efb04ae23913dcde55768c8a55a2d3a
SSDEEP

393216:aFBmzOjJciqLhC1Xj3NfwdWrFCzkVzvMddOAjPs45RkEgoZnxwxW7UAczgURz4P2:KqLhUF2WIkWrH8iqBAEqPj9Uh

Score

1^/10

Malware Config

Signatures

Files

2024-06-24_4b69a82b8e2dbd24a89c59097cfa42b7_mafia
.exe windows:5 windows x86 arch:x86

3528c1bc98d8164dc8cd97ccde9ac5f2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:35:b7:01:15:e2:57:5f:94:88:41:50:97:5b:04:c3:64
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

16/01/2013, 10:33

Not After

16/04/2016, 10:33

Subject

CN=Soluto,O=Soluto,ST=Tel-Aviv,C=IL,1.2.840.113549.1.9.1=#0c0f696e666f40736f6c75746f2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2d:11:04:84:5d:2b:3d:08:4c:e2:d3:a6:15:fe:eb:00:a5:9f:9a:65
Signer

Actual PE Digest

2d:11:04:84:5d:2b:3d:08:4c:e2:d3:a6:15:fe:eb:00:a5:9f:9a:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ninite\Output\pdbs\Release\MultiGet.pdb

Imports

kernel32

WriteProcessMemory
GetCurrentThread
CreateFileMappingW
CreateMutexW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
ReleaseSemaphore
CreateSemaphoreW
CopyFileExW
WaitNamedPipeW
OpenJobObjectW
lstrcpynW
MulDiv
FlushInstructionCache
PeekNamedPipe
CreatePipe
IsDebuggerPresent
GetProcessHeap
ConnectNamedPipe
CreateNamedPipeW
SetProcessAffinityMask
WritePrivateProfileStringW
GetBinaryTypeW
UnmapViewOfFile
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
MapViewOfFile
GetFileAttributesA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
UnhandledExceptionFilter
CompareStringW
GetCPInfo
LCMapStringW
RtlUnwind
GetStartupInfoW
HeapSetInformation
ExitThread
HeapCreate
ExitProcess
GetDateFormatA
GetTimeFormatA
DeleteFileA
CreateProcessA
MoveFileA
GetSystemInfo
VirtualProtect
DecodePointer
EncodePointer
InitializeCriticalSection
GetStringTypeW
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
OpenFileMappingW
GetCurrentThreadId
GetExitCodeProcess
AssignProcessToJobObject
ResumeThread
CreateJobObjectW
CreateIoCompletionPort
SetCurrentDirectoryW
ReleaseMutex
OpenMutexW
CreateProcessW
GetQueuedCompletionStatus
SystemTimeToFileTime
GetSystemTime
SetFilePointer
SetFilePointerEx
GetOverlappedResult
CancelIo
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetProcessShutdownParameters
GetProcessShutdownParameters
GetExitCodeThread
CreateThread
ResetEvent
WaitForMultipleObjects
RaiseException
SetEvent
CreateEventW
GetSystemWindowsDirectoryW
SetEnvironmentVariableW
GetPrivateProfileStringW
GetUserDefaultUILanguage
GetLocaleInfoW
GetCommandLineW
GetComputerNameW
SetLastError
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
SetUnhandledExceptionFilter
VirtualQuery
CloseHandle
FormatMessageW
LoadLibraryW
GetStdHandle
SetFileTime
lstrlenW
GetVersionExW
GetSystemTimeAsFileTime
GetFileSizeEx
GetFileAttributesExW
CreateDirectoryW
MoveFileExW
CopyFileW
MoveFileW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
GetModuleFileNameW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetShortPathNameW
GetLongPathNameW
GetTempPathW
GetTickCount
LeaveCriticalSection
EnterCriticalSection
Sleep
WriteFile
ReadFile
CreateFileW
GetModuleFileNameA
LoadLibraryA
FormatMessageA
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcessId
DuplicateHandle
LocalFree
LocalAlloc
IsProcessInJob
GetProcessId
WaitForSingleObject
SetInformationJobObject
QueryInformationJobObject
TerminateJobObject
TerminateProcess
GetModuleHandleW
GetProcAddress
OpenProcess
GetCurrentProcess
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
CreateFileA

user32

EnumWindows
EnumChildWindows
GetWindowThreadProcessId
PostMessageW
IsWindow
GetClassInfoExW
CreateWindowExW
CreateDialogParamW
DialogBoxParamW
EndDialog
GetSubMenu
DefWindowProcW
LoadAcceleratorsW
TranslateAcceleratorW
SetTimer
SetFocus
GetSysColor
KillTimer
GetWindow
MonitorFromWindow
WaitForInputIdle
IsWindowEnabled
GetClientRect
GetClassNameW
GetMenuItemCount
RemoveMenu
GetMenuItemInfoW
CloseDesktop
GetWindowTextW
SendMessageW
GetActiveWindow
GetParent
SystemParametersInfoW
TrackPopupMenu
LoadMenuW
GetDC
MapWindowPoints
GetMessagePos
GetWindowLongW
GetDlgCtrlID
IsWindowVisible
LoadStringW
GetKeyState
InvalidateRect
SetWindowTextW
PtInRect
MoveWindow
PostQuitMessage
DestroyWindow
ShowWindow
DispatchMessageW
TranslateMessage
SetCursor
LoadCursorW
GetMessageW
PeekMessageW
GetWindowRect
SetWindowPos
UnregisterClassA
SetWindowLongW
GetDlgItem
ScreenToClient
OffsetRect
RedrawWindow
GetWindowTextLengthW
EnableWindow
GetMenu
AdjustWindowRectEx
IsDialogMessageW
DrawTextW
DrawFrameControl
GetMonitorInfoW
RegisterClassExW
GetProcessWindowStation
GetUserObjectInformationW
OpenDesktopW
GetThreadDesktop
SetThreadDesktop
CloseWindowStation
DestroyCursor
DestroyMenu
CallWindowProcW
SetMenuItemInfoW
EndPaint
BeginPaint
SwitchDesktop
LoadImageW
MessageBoxW
GetAsyncKeyState
SetProcessWindowStation
CreateWindowStationW
SetUserObjectSecurity
GetUserObjectSecurity
OpenWindowStationW
GetSystemMetrics
CreateDesktopW
GetDesktopWindow
UserHandleGrantAccess

gdi32

DPtoLP
GetDeviceCaps
CreateFontIndirectW
SetTextColor
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
Rectangle
SetBkColor
SetBkMode
ExtTextOutW
GetStockObject
CreateSolidBrush
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorLength
GetSecurityDescriptorControl
MakeSelfRelativeSD
GetKernelObjectSecurity
DuplicateTokenEx
StartServiceW
CreateServiceW
EnumServicesStatusW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
DeleteService
GetTokenInformation
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
LsaNtStatusToWinError
LsaOpenPolicy
RegEnumKeyExW
RegDeleteKeyW
GetSecurityDescriptorGroup
CryptAcquireContextW
CryptReleaseContext
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
IsValidSid
GetLengthSid
CopySid
CheckTokenMembership
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
CryptGenRandom
CloseServiceHandle
GetSecurityInfo
GetSecurityDescriptorOwner
SetTokenInformation
CreateProcessAsUserW
ImpersonateSelf
SetKernelObjectSecurity
MakeAbsoluteSD
InitializeSecurityDescriptor
InitializeAcl
AddAce
SetSecurityDescriptorDacl
GetAclInformation
GetAce
EqualSid
IsTokenRestricted
OpenThreadToken
LsaEnumerateAccountRights
RevertToSelf
SetThreadToken

shell32

ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW
ord680
SHChangeNotify
ShellExecuteW

ole32

CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString

comctl32

ImageList_Create
ImageList_Add
ImageList_Replace
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_ReplaceIcon
InitCommonControlsEx

userenv

UnloadUserProfile
CreateEnvironmentBlock
DestroyEnvironmentBlock

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

wintrust

WinVerifyTrust

crypt32

CryptMsgClose
CertCloseStore
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertFreeCertificateContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

uxtheme

CloseThemeData
DrawThemeEdge
IsThemeActive
IsAppThemed
SetWindowTheme
OpenThemeData
DrawThemeBackground

urlmon

ObtainUserAgentString

activeds

ord3

wininet

InternetQueryOptionW
InternetCloseHandle
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
HttpSendRequestExW
InternetOpenW
HttpSendRequestW
InternetWriteFile
HttpEndRequestW
HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetSetOptionW

rpcrt4

UuidToStringW
UuidCreateSequential
RpcStringFreeW

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCancelConnection2W
WNetAddConnection2W
WNetCloseEnum

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3528c1bc98d8164dc8cd97ccde9ac5f2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:35:b7:01:15:e2:57:5f:94:88:41:50:97:5b:04:c3:64Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2d:11:04:84:5d:2b:3d:08:4c:e2:d3:a6:15:fe:eb:00:a5:9f:9a:65Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

userenv

psapi

wintrust

crypt32

version

uxtheme

urlmon

activeds

wininet

rpcrt4

wtsapi32

mpr

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 290KB - Virtual size: 289KB

.data Size: 21KB - Virtual size: 30KB

.rsrc Size: 320KB - Virtual size: 320KB

.reloc Size: 69KB - Virtual size: 68KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:35:b7:01:15:e2:57:5f:94:88:41:50:97:5b:04:c3:64
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2d:11:04:84:5d:2b:3d:08:4c:e2:d3:a6:15:fe:eb:00:a5:9f:9a:65
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 290KB - Virtual size: 289KB

.data
Size: 21KB - Virtual size: 30KB

.rsrc
Size: 320KB - Virtual size: 320KB

.reloc
Size: 69KB - Virtual size: 68KB